package se.swedenconnect.security.credential;

import java.security.KeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Optional;
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Assert;
import se.swedenconnect.security.credential.monitoring.DefaultCredentialTestFunction;
import se.swedenconnect.security.credential.pkcs11conf.DefaultPkcs11Configuration;
import se.swedenconnect.security.credential.pkcs11conf.Pkcs11Configuration;
import se.swedenconnect.security.credential.pkcs11conf.Pkcs11ConfigurationException;

/* loaded from: input_file:se/swedenconnect/security/credential/Pkcs11Credential.class */
public class Pkcs11Credential extends AbstractReloadablePkiCredential {
    private static final Logger log = LoggerFactory.getLogger(Pkcs11Credential.class);
    private Pkcs11Configuration configuration;
    private String alias;
    private char[] pin;
    private boolean loaded;

    public Pkcs11Credential() {
        this.loaded = false;
    }

    public Pkcs11Credential(Pkcs11Configuration pkcs11Configuration, String str, char[] cArr) throws IllegalArgumentException, SecurityException {
        this(pkcs11Configuration, str, cArr, null);
    }

    public Pkcs11Credential(Pkcs11Configuration pkcs11Configuration, String str, char[] cArr, X509Certificate x509Certificate) {
        this.loaded = false;
        setConfiguration(pkcs11Configuration);
        setAlias(str);
        setPin(cArr);
        setCertificate(x509Certificate);
    }

    @Override // se.swedenconnect.security.credential.AbstractPkiCredential
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.configuration, "'configuration' must not be null");
        Assert.hasText(this.alias, "'alias' must be set");
        Assert.notNull(this.pin, "'pin' must not be null");
        load();
    }

    @Override // se.swedenconnect.security.credential.AbstractPkiCredential
    public void destroy() {
        if (this.pin != null) {
            Arrays.fill(this.pin, (char) 0);
        }
    }

    private synchronized void load() throws IllegalArgumentException, SecurityException {
        if (this.loaded) {
            return;
        }
        this.loaded = true;
        PrivateKey privateKey = null;
        X509Certificate certificate = super.getCertificate();
        if (certificate != null) {
            privateKey = this.configuration.getPrivateKeyProvider().get(this.configuration.getProvider(), this.alias, this.pin);
        } else {
            PkiCredential pkiCredential = this.configuration.getCredentialProvider().get(this.configuration.getProvider(), this.alias, this.pin);
            if (pkiCredential != null) {
                privateKey = pkiCredential.getPrivateKey();
                certificate = pkiCredential.getCertificate();
            }
        }
        if (privateKey == null) {
            throw new IllegalArgumentException(String.format("No private key found under alias '%s'", this.alias));
        }
        if (certificate == null) {
            throw new IllegalArgumentException(String.format("No certificate supplied and none found under alias '%s'", this.alias));
        }
        super.setPrivateKey(privateKey);
        setCertificate(certificate);
        if (getTestFunction() == null) {
            DefaultCredentialTestFunction defaultCredentialTestFunction = new DefaultCredentialTestFunction();
            defaultCredentialTestFunction.setProvider(this.configuration.getProvider().getName());
            setTestFunction(defaultCredentialTestFunction);
        }
    }

    @Override // se.swedenconnect.security.credential.AbstractPkiCredential, se.swedenconnect.security.credential.PkiCredential
    public synchronized PrivateKey getPrivateKey() {
        if (!this.loaded) {
            log.warn("Pkcs11Credential '{}' has not been loaded ...", getName());
            try {
                load();
            } catch (Exception e) {
                log.error("Failed to load Pkcs11Credential '{}'", getName(), e);
                throw new SecurityException("Failed to load Pkcs11Credential - " + e.getMessage(), e);
            }
        }
        return super.getPrivateKey();
    }

    @Override // se.swedenconnect.security.credential.AbstractPkiCredential
    public void setPrivateKey(PrivateKey privateKey) {
        throw new IllegalArgumentException("Assigning the private key for a Pkcs11Credential is not allowed");
    }

    @Override // se.swedenconnect.security.credential.AbstractPkiCredential, se.swedenconnect.security.credential.PkiCredential
    public PublicKey getPublicKey() {
        return (PublicKey) Optional.ofNullable(getCertificate()).map((v0) -> {
            return v0.getPublicKey();
        }).orElse(super.getPublicKey());
    }

    @Override // se.swedenconnect.security.credential.AbstractPkiCredential
    public void setPublicKey(PublicKey publicKey) {
        throw new IllegalArgumentException("Assigning the public key for a Pkcs11Credential is not allowed");
    }

    @Override // se.swedenconnect.security.credential.AbstractPkiCredential, se.swedenconnect.security.credential.PkiCredential
    public synchronized X509Certificate getCertificate() {
        if (!this.loaded) {
            log.warn("Pkcs11Credential '{}' has not been loaded ...", getName());
            try {
                load();
            } catch (Exception e) {
                log.error("Failed to load Pkcs11Credential '{}'", getName(), e);
                throw new SecurityException("Failed to load Pkcs11Credential - " + e.getMessage(), e);
            }
        }
        return super.getCertificate();
    }

    public void setConfiguration(Pkcs11Configuration pkcs11Configuration) {
        this.configuration = pkcs11Configuration;
    }

    public void setConfigurationFile(String str) throws Pkcs11ConfigurationException {
        DefaultPkcs11Configuration defaultPkcs11Configuration = new DefaultPkcs11Configuration(str);
        defaultPkcs11Configuration.afterPropertiesSet();
        this.configuration = defaultPkcs11Configuration;
    }

    public void setAlias(String str) {
        this.alias = (String) Optional.ofNullable(str).map(str2 -> {
            return str2.trim();
        }).orElse(null);
    }

    public void setPin(char[] cArr) {
        this.pin = (char[]) Optional.ofNullable(cArr).map(cArr2 -> {
            return Arrays.copyOf(cArr2, cArr2.length);
        }).orElse(null);
    }

    @Override // se.swedenconnect.security.credential.ReloadablePkiCredential
    public synchronized void reload() throws Exception {
        if (this.configuration == null || this.alias == null || this.pin == null) {
            throw new SecurityException("Error in reload - Pkcs11Credential has not been initialized yet");
        }
        log.trace("Reloading private key under alias '{}' for provider '{}' ...", this.alias, this.configuration.getProvider().getName());
        PrivateKey privateKey = this.configuration.getPrivateKeyProvider().get(this.configuration.getProvider(), this.alias, this.pin);
        if (privateKey == null) {
            String format = String.format("No private key found under alias '%s' for provider '%s'", this.alias, this.configuration.getProvider().getName());
            log.trace("{}", format);
            throw new KeyException(format);
        }
        super.setPrivateKey(privateKey);
        log.trace("Private key under alias '{}' for provider '{}' was reloaded", this.alias, this.configuration.getProvider().getName());
    }

    @Override // se.swedenconnect.security.credential.AbstractPkiCredential
    protected String getDefaultName() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(this.configuration != null ? this.configuration.getProvider().getName() : "Pkcs11Credential").append("-").append(this.alias != null ? this.alias : UUID.randomUUID().toString());
        return stringBuffer.toString();
    }
}
