package pl.edu.icm.yadda.aas.keystore.impl;

import java.security.KeyPair;
import java.util.HashMap;
import java.util.Map;
import org.opensaml.lite.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.lite.security.Credential;
import org.opensaml.lite.security.TrustLevel;
import pl.edu.icm.yadda.aas.credential.builder.CredentialDTO;
import pl.edu.icm.yadda.aas.credential.builder.ICredentialBuilder;
import pl.edu.icm.yadda.aas.credential.cloner.ICloner;
import pl.edu.icm.yadda.aas.extractor.IExtractor;
import pl.edu.icm.yadda.aas.keystore.IInternalKeyStore;
import pl.edu.icm.yadda.aas.keystore.KeyQueryRequest;
import pl.edu.icm.yadda.aas.keystore.KeyQueryResponse;
import pl.edu.icm.yadda.aas.keystore.KeyStoreException;
import pl.edu.icm.yadda.aas.utils.SecurityUtils;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-1.10.0-RC3.jar:pl/edu/icm/yadda/aas/keystore/impl/SimpleInternalKeystore.class */
public class SimpleInternalKeystore<C> implements IInternalKeyStore<C> {
    private static final String ALIAS_NAME_PREFIX = "SIKS#";
    private String encryptionKeyAlgName = SecurityUtils.DEFAULT_ASYM_ALGORITHM;
    private int encryptionKeySize = 512;
    private String signingKeyAlgName = "DSA";
    private int signingKeySize = 512;
    private boolean useSignKeyPairForEncryption = false;
    private C signingCredential = null;
    private C encryptionCredential = null;
    private C signingNoPrivKeyCredential = null;
    private C encryptionNoPrivKeyCredential = null;
    protected TrustLevel localTrustLevel = TrustLevel.OWN_TRUST;
    private ICredentialBuilder<C> trustAwareCredentialBuilder;
    private IExtractor<C, String> credentialIdExtractor;
    private ICloner<C> trustAwareCredentialCloner;

    public void init() throws Exception {
        SecureRandomIdentifierGenerator secureRandomIdentifierGenerator = new SecureRandomIdentifierGenerator();
        if (this.useSignKeyPairForEncryption) {
            CredentialDTO credentialDTO = new CredentialDTO(ALIAS_NAME_PREFIX + secureRandomIdentifierGenerator.generateIdentifier());
            KeyPair generateKeyPair = SecurityUtils.generateKeyPair(this.signingKeyAlgName, this.signingKeySize);
            credentialDTO.setPrivateKey(generateKeyPair.getPrivate());
            credentialDTO.setPublicKey(generateKeyPair.getPublic());
            credentialDTO.setUsageType(Credential.UsageType.UNSPECIFIED);
            credentialDTO.setTrustLevel(this.localTrustLevel);
            this.signingCredential = this.trustAwareCredentialBuilder.build(credentialDTO);
            this.encryptionCredential = this.signingCredential;
        } else {
            CredentialDTO credentialDTO2 = new CredentialDTO(ALIAS_NAME_PREFIX + secureRandomIdentifierGenerator.generateIdentifier());
            KeyPair generateKeyPair2 = SecurityUtils.generateKeyPair(this.signingKeyAlgName, this.signingKeySize);
            credentialDTO2.setPrivateKey(generateKeyPair2.getPrivate());
            credentialDTO2.setPublicKey(generateKeyPair2.getPublic());
            credentialDTO2.setUsageType(Credential.UsageType.SIGNING);
            credentialDTO2.setTrustLevel(this.localTrustLevel);
            this.signingCredential = this.trustAwareCredentialBuilder.build(credentialDTO2);
            CredentialDTO credentialDTO3 = new CredentialDTO(ALIAS_NAME_PREFIX + secureRandomIdentifierGenerator.generateIdentifier());
            KeyPair generateKeyPair3 = SecurityUtils.generateKeyPair(this.encryptionKeyAlgName, this.encryptionKeySize);
            credentialDTO3.setPrivateKey(generateKeyPair3.getPrivate());
            credentialDTO3.setPublicKey(generateKeyPair3.getPublic());
            credentialDTO3.setUsageType(Credential.UsageType.ENCRYPTION);
            credentialDTO3.setTrustLevel(this.localTrustLevel);
            this.encryptionCredential = this.trustAwareCredentialBuilder.build(credentialDTO3);
        }
        this.signingNoPrivKeyCredential = this.trustAwareCredentialCloner.clone(this.signingCredential, false);
        this.encryptionNoPrivKeyCredential = this.trustAwareCredentialCloner.clone(this.encryptionCredential, false);
    }

    @Override // pl.edu.icm.yadda.aas.keystore.IInternalKeyStore
    public C getInternalEncryptionCredential() {
        return this.encryptionCredential;
    }

    @Override // pl.edu.icm.yadda.aas.keystore.IInternalKeyStore
    public C getInternalSigningCredential() {
        return this.signingCredential;
    }

    @Override // pl.edu.icm.yadda.aas.keystore.IInternalKeyStore
    public C getInternalEncryptionCredentialNoPrivKey() {
        return this.encryptionNoPrivKeyCredential;
    }

    @Override // pl.edu.icm.yadda.aas.keystore.IInternalKeyStore
    public C getInternalSigningCredentialNoPrivKey() {
        return this.signingNoPrivKeyCredential;
    }

    @Override // pl.edu.icm.yadda.aas.keystore.IKeyStore
    public KeyQueryResponse<C> queryKeys(KeyQueryRequest keyQueryRequest) throws KeyStoreException {
        if (keyQueryRequest != null && keyQueryRequest.getAlias() != null) {
            if (this.encryptionNoPrivKeyCredential != null && keyQueryRequest.getAlias().equals(this.credentialIdExtractor.extract(this.encryptionNoPrivKeyCredential))) {
                return new KeyQueryResponse<>(this.encryptionNoPrivKeyCredential);
            }
            if (this.signingNoPrivKeyCredential != null && keyQueryRequest.getAlias().equals(this.credentialIdExtractor.extract(this.signingNoPrivKeyCredential))) {
                return new KeyQueryResponse<>(this.signingNoPrivKeyCredential);
            }
        }
        return new KeyQueryResponse<>();
    }

    @Override // pl.edu.icm.yadda.aas.keystore.IKeyStore
    public Map<String, C> getAllCredentials() {
        HashMap hashMap = new HashMap();
        if (this.signingNoPrivKeyCredential != null) {
            hashMap.put(this.credentialIdExtractor.extract(this.signingNoPrivKeyCredential), this.signingNoPrivKeyCredential);
        }
        if (this.encryptionNoPrivKeyCredential != null) {
            hashMap.put(this.credentialIdExtractor.extract(this.encryptionNoPrivKeyCredential), this.encryptionNoPrivKeyCredential);
        }
        return hashMap;
    }

    public void setEncryptionKeyAlgName(String str) {
        this.encryptionKeyAlgName = str;
    }

    public void setEncryptionKeySize(int i) {
        this.encryptionKeySize = i;
    }

    public void setSigningKeyAlgName(String str) {
        this.signingKeyAlgName = str;
    }

    public void setSigningKeySize(int i) {
        this.signingKeySize = i;
    }

    public void setUseSignKeyPairForEncryption(boolean z) {
        this.useSignKeyPairForEncryption = z;
    }

    public void setTrustAwareCredentialBuilder(ICredentialBuilder<C> iCredentialBuilder) {
        this.trustAwareCredentialBuilder = iCredentialBuilder;
    }

    public void setCredentialIdExtractor(IExtractor<C, String> iExtractor) {
        this.credentialIdExtractor = iExtractor;
    }

    public void setTrustAwareCredentialCloner(ICloner<C> iCloner) {
        this.trustAwareCredentialCloner = iCloner;
    }
}
