package se.swedenconnect.security.credential.pkcs11;

import jakarta.annotation.Nonnull;
import jakarta.annotation.Nullable;
import jakarta.annotation.PreDestroy;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.swedenconnect.security.credential.AbstractReloadablePkiCredential;
import se.swedenconnect.security.credential.monitoring.DefaultCredentialTestFunction;

/* loaded from: input_file:se/swedenconnect/security/credential/pkcs11/Pkcs11Credential.class */
public class Pkcs11Credential extends AbstractReloadablePkiCredential {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(Pkcs11Credential.class);
    private final Pkcs11Configuration configuration;
    private final Pkcs11PrivateKeyAccessor privateKeyAccessor;
    private final Pkcs11CertificatesAccessor certificatesAccessor;
    private final String alias;
    private final char[] pin;
    private PrivateKey privateKey;
    private final List<X509Certificate> certificates;

    /* loaded from: input_file:se/swedenconnect/security/credential/pkcs11/Pkcs11Credential$StaticCertificateAccessor.class */
    private static class StaticCertificateAccessor implements Pkcs11CertificatesAccessor {
        private final X509Certificate[] chain;

        public StaticCertificateAccessor(@Nullable List<X509Certificate> list) {
            this.chain = (X509Certificate[]) ((List) Objects.requireNonNull(list, "certificates must not be null")).toArray(new X509Certificate[0]);
            if (this.chain.length == 0) {
                throw new IllegalArgumentException("At least one certificate must be provided");
            }
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // se.swedenconnect.security.credential.pkcs11.Pkcs11CertificatesAccessor, se.swedenconnect.security.credential.pkcs11.Pkcs11ObjectAccessor
        @Nullable
        public X509Certificate[] get(@Nonnull Provider provider, @Nonnull String str, @Nonnull char[] cArr) throws SecurityException {
            return this.chain;
        }
    }

    public Pkcs11Credential(@Nonnull Pkcs11Configuration pkcs11Configuration, @Nonnull String str, @Nonnull char[] cArr, @Nonnull Pkcs11PrivateKeyAccessor pkcs11PrivateKeyAccessor, @Nonnull Pkcs11CertificatesAccessor pkcs11CertificatesAccessor) throws Pkcs11ConfigurationException {
        this.configuration = (Pkcs11Configuration) Objects.requireNonNull(pkcs11Configuration, "configuration must not be null");
        this.alias = (String) Objects.requireNonNull(str, "alias must not be null");
        this.pin = new char[((char[]) Objects.requireNonNull(cArr, "pin must not be null")).length];
        System.arraycopy(cArr, 0, this.pin, 0, cArr.length);
        this.privateKeyAccessor = (Pkcs11PrivateKeyAccessor) Objects.requireNonNull(pkcs11PrivateKeyAccessor, "privateKeyAccessor must not be null");
        this.certificatesAccessor = (Pkcs11CertificatesAccessor) Objects.requireNonNull(pkcs11CertificatesAccessor, "certificatesAccessor must not be null");
        Provider provider = pkcs11Configuration.getProvider();
        this.privateKey = this.privateKeyAccessor.get(provider, this.alias, this.pin);
        this.certificates = (List) Optional.ofNullable(this.certificatesAccessor.get(provider, this.alias, this.pin)).filter(x509CertificateArr -> {
            return x509CertificateArr.length > 0;
        }).map((v0) -> {
            return Arrays.asList(v0);
        }).orElseThrow(() -> {
            return new Pkcs11ConfigurationException("No certificates available");
        });
        DefaultCredentialTestFunction defaultCredentialTestFunction = new DefaultCredentialTestFunction();
        defaultCredentialTestFunction.setProvider(provider.getName());
        setTestFunction(defaultCredentialTestFunction);
        updateMetadataValidityProperties();
    }

    public Pkcs11Credential(@Nonnull Pkcs11Configuration pkcs11Configuration, @Nonnull String str, @Nonnull char[] cArr, @Nonnull Pkcs11PrivateKeyAccessor pkcs11PrivateKeyAccessor, @Nonnull List<X509Certificate> list) throws Pkcs11ConfigurationException {
        this(pkcs11Configuration, str, cArr, pkcs11PrivateKeyAccessor, new StaticCertificateAccessor(list));
    }

    @Override // se.swedenconnect.security.credential.PkiCredential
    @Nonnull
    public synchronized PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    @Override // se.swedenconnect.security.credential.PkiCredential
    @Nonnull
    public List<X509Certificate> getCertificateChain() {
        return this.certificates;
    }

    @Override // se.swedenconnect.security.credential.PkiCredential
    public boolean isHardwareCredential() {
        return true;
    }

    @Override // se.swedenconnect.security.credential.ReloadablePkiCredential
    public synchronized void reload() throws Exception {
        Provider provider = this.configuration.getProvider();
        log.trace("Reloading private key under alias '{}' for provider '{}' ...", this.alias, provider.getName());
        this.privateKey = this.privateKeyAccessor.get(provider, this.alias, this.pin);
        log.trace("Private key under alias '{}' for provider '{}' was reloaded", this.alias, provider.getName());
    }

    @Override // se.swedenconnect.security.credential.PkiCredential
    @PreDestroy
    public void destroy() {
        if (this.pin != null) {
            Arrays.fill(this.pin, (char) 0);
        }
    }

    @Override // se.swedenconnect.security.credential.AbstractPkiCredential
    @Nonnull
    protected String getDefaultName() {
        String str;
        try {
            str = this.configuration.getProvider().getName();
        } catch (Exception e) {
            str = "pkcs11";
        }
        return "%s-%s".formatted(str, this.alias);
    }
}
