package se.swedenconnect.security.credential.factory;

import jakarta.annotation.Nonnull;
import jakarta.annotation.Nullable;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.cert.CertificateException;
import java.util.Collections;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.swedenconnect.security.credential.config.ConfigurationResourceLoader;
import se.swedenconnect.security.credential.config.DefaultConfigurationResourceLoader;
import se.swedenconnect.security.credential.config.StoreConfiguration;
import se.swedenconnect.security.credential.pkcs11.AbstractSunPkcs11Configuration;
import se.swedenconnect.security.credential.pkcs11.CustomPkcs11Configuration;
import se.swedenconnect.security.credential.pkcs11.FilePkcs11Configuration;
import se.swedenconnect.security.credential.pkcs11.Pkcs11Configuration;
import se.swedenconnect.security.credential.pkcs11.Pkcs11ConfigurationException;
import se.swedenconnect.security.credential.pkcs11.StaticPkcs11Configuration;

/* loaded from: input_file:se/swedenconnect/security/credential/factory/KeyStoreFactory.class */
public class KeyStoreFactory {
    private static final Logger log = LoggerFactory.getLogger(KeyStoreFactory.class);
    public static final String PKCS11_KEYSTORE_TYPE = "PKCS11";

    @Nonnull
    public static KeyStore loadKeyStore(@Nullable InputStream inputStream, @Nullable char[] cArr, @Nullable String str, @Nullable String str2) throws KeyStoreException, NoSuchProviderException {
        if (PKCS11_KEYSTORE_TYPE.equalsIgnoreCase(str)) {
            log.error("Attempt to create PKCS11 KeyStore using createKeyStore - use createPkcs11KeyStore instead");
            throw new IllegalArgumentException("PKCS11 keystore type not supported by createKeyStore");
        }
        String str3 = (String) Optional.ofNullable(str).orElseGet(KeyStore::getDefaultType);
        KeyStore keyStore = str2 != null ? KeyStore.getInstance(str3, str2) : KeyStore.getInstance(str3);
        try {
            keyStore.load(inputStream, cArr);
            return keyStore;
        } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
            throw new KeyStoreException(e.getMessage(), e);
        }
    }

    @Nonnull
    public static KeyStore loadPkcs11KeyStore(@Nonnull Pkcs11Configuration pkcs11Configuration, @Nonnull char[] cArr) throws KeyStoreException {
        Provider provider = pkcs11Configuration.getProvider();
        log.debug("Loading PKCS#11 KeyStore using provider '{}'", Optional.ofNullable(provider.getName()).orElse("-"));
        try {
            KeyStore keyStore = KeyStore.getInstance(PKCS11_KEYSTORE_TYPE, provider);
            keyStore.load(null, cArr);
            log.debug("Loaded PKCS#11 KeyStore. Aliases: {}", Optional.ofNullable(keyStore.aliases()).map(Collections::list).orElse(null));
            return keyStore;
        } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
            throw new KeyStoreException(e.getMessage(), e);
        }
    }

    @Nonnull
    public static KeyStore loadKeyStore(@Nonnull StoreConfiguration storeConfiguration, @Nullable ConfigurationResourceLoader configurationResourceLoader) throws IllegalArgumentException, KeyStoreException, NoSuchProviderException, IOException, Pkcs11ConfigurationException {
        char[] cArr = (char[]) Optional.ofNullable(storeConfiguration.password()).map((v0) -> {
            return v0.toCharArray();
        }).orElseThrow(() -> {
            return new IllegalArgumentException("password must be set");
        });
        if (!storeConfiguration.location().isEmpty()) {
            return loadKeyStore(((ConfigurationResourceLoader) Optional.ofNullable(configurationResourceLoader).orElseGet(DefaultConfigurationResourceLoader::new)).getStream(storeConfiguration.location().get()), cArr, storeConfiguration.type().orElse(null), storeConfiguration.provider().orElse(null));
        }
        if (PKCS11_KEYSTORE_TYPE.equals(storeConfiguration.type().orElseGet(() -> {
            if (storeConfiguration.pkcs11().isPresent()) {
                return PKCS11_KEYSTORE_TYPE;
            }
            return null;
        }))) {
            return loadPkcs11KeyStore(buildPkcs11Configuration(storeConfiguration), cArr);
        }
        throw new IllegalArgumentException("location must be set");
    }

    @Nonnull
    private static Pkcs11Configuration buildPkcs11Configuration(@Nonnull StoreConfiguration storeConfiguration) throws IllegalArgumentException, Pkcs11ConfigurationException {
        AbstractSunPkcs11Configuration customPkcs11Configuration;
        if (storeConfiguration.pkcs11().isEmpty()) {
            if (storeConfiguration.provider().isEmpty()) {
                log.info("No PKCS#11 configuration supplied - assuming that SunPKCS11 provider is statically configured");
            }
            customPkcs11Configuration = new StaticPkcs11Configuration(storeConfiguration.provider().orElse(null));
        } else {
            StoreConfiguration.Pkcs11Configuration pkcs11Configuration = storeConfiguration.pkcs11().get();
            if (pkcs11Configuration.configurationFile().isPresent()) {
                customPkcs11Configuration = new FilePkcs11Configuration(pkcs11Configuration.configurationFile().get(), storeConfiguration.provider().orElse(null));
            } else {
                if (!pkcs11Configuration.settings().isPresent()) {
                    throw new IllegalArgumentException("Invalid PKCS#11 configuration - could not create provider");
                }
                StoreConfiguration.Pkcs11Configuration.Pkcs11Settings pkcs11Settings = pkcs11Configuration.settings().get();
                if (pkcs11Settings.name() == null || pkcs11Settings.library() == null) {
                    throw new IllegalArgumentException("Invalid custom PKCS#11 configuration - name and library must be supplied");
                }
                customPkcs11Configuration = new CustomPkcs11Configuration(pkcs11Settings.library(), pkcs11Settings.name(), pkcs11Settings.slot().orElse(null), pkcs11Settings.slotListIndex().orElse(null), storeConfiguration.provider().orElse(null));
            }
        }
        customPkcs11Configuration.init();
        return customPkcs11Configuration;
    }
}
