package se.swedenconnect.security.credential.monitoring;

import java.security.KeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.util.Optional;
import java.util.function.Function;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.swedenconnect.security.credential.ReloadablePkiCredential;

/* loaded from: input_file:se/swedenconnect/security/credential/monitoring/DefaultCredentialTestFunction.class */
public class DefaultCredentialTestFunction implements Function<ReloadablePkiCredential, Exception> {
    private String provider;
    private String rsaSignatureAlgorithm = "SHA256withRSA";
    private String dsaSignatureAlgorithm = "SHA256withDSA";
    private String ecSignatureAlgorithm = "SHA256withECDSA";
    private static final Logger log = LoggerFactory.getLogger(DefaultCredentialTestFunction.class);
    private static final byte[] TEST_DATA = "testdata".getBytes();

    @Override // java.util.function.Function
    public Exception apply(ReloadablePkiCredential reloadablePkiCredential) {
        String str;
        try {
            PrivateKey privateKey = reloadablePkiCredential.getPrivateKey();
            if (privateKey == null) {
                return new KeyException(String.format("No private key available for credential '%s'", reloadablePkiCredential.getName()));
            }
            if ("RSA".equals(privateKey.getAlgorithm())) {
                str = this.rsaSignatureAlgorithm;
            } else if ("DSA".equals(privateKey.getAlgorithm())) {
                str = this.dsaSignatureAlgorithm;
            } else {
                if (!"EC".equals(privateKey.getAlgorithm())) {
                    String format = String.format("Unknown private key algorithm (%s) - Cannot perform test of credential '%s'", privateKey.getAlgorithm(), reloadablePkiCredential.getName());
                    log.warn("{}", format);
                    return new NoSuchAlgorithmException(format);
                }
                str = this.ecSignatureAlgorithm;
            }
            Signature signature = this.provider != null ? Signature.getInstance(str, this.provider) : Signature.getInstance(str);
            signature.initSign(privateKey);
            signature.update(TEST_DATA);
            signature.sign();
            log.trace("Test of credential '{}' was successful", reloadablePkiCredential.getName());
            return null;
        } catch (Exception e) {
            log.debug("Test of credential '{}' failed - {}", Optional.ofNullable(reloadablePkiCredential).map((v0) -> {
                return v0.getName();
            }).orElse("null"), e.getMessage());
            return e;
        }
    }

    public void setProvider(String str) {
        this.provider = str;
    }

    public void setRsaSignatureAlgorithm(String str) {
        if (str != null) {
            this.rsaSignatureAlgorithm = str;
        }
    }

    public void setDsaSignatureAlgorithm(String str) {
        if (str != null) {
            this.dsaSignatureAlgorithm = str;
        }
    }

    public void setEcSignatureAlgorithm(String str) {
        if (str != null) {
            this.ecSignatureAlgorithm = str;
        }
    }
}
