package de.adorsys.datasafe.directory.impl.profile.keys;

import com.google.common.io.ByteStreams;
import de.adorsys.datasafe.directory.api.config.DFSConfig;
import de.adorsys.datasafe.directory.api.profile.dfs.BucketAccessService;
import de.adorsys.datasafe.directory.api.profile.keys.PrivateKeyService;
import de.adorsys.datasafe.directory.api.profile.operations.ProfileRetrievalService;
import de.adorsys.datasafe.encrypiton.api.keystore.KeyStoreService;
import de.adorsys.datasafe.encrypiton.api.types.UserIDAuth;
import de.adorsys.datasafe.encrypiton.api.types.keystore.KeyStoreCreationConfig;
import de.adorsys.datasafe.encrypiton.api.types.keystore.ReadKeyPassword;
import de.adorsys.datasafe.encrypiton.api.types.keystore.SecretKeyIDWithKey;
import de.adorsys.datasafe.storage.api.actions.StorageReadService;
import de.adorsys.datasafe.types.api.context.annotations.RuntimeDelegate;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStore;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.crypto.SecretKey;
import javax.inject.Inject;

@RuntimeDelegate
/* loaded from: input_file:de/adorsys/datasafe/directory/impl/profile/keys/DFSPrivateKeyServiceImpl.class */
public class DFSPrivateKeyServiceImpl implements PrivateKeyService {
    private final KeyStoreCache keystoreCache;
    private final KeyStoreService keyStoreService;
    private final DFSConfig dfsConfig;
    private final BucketAccessService bucketAccessService;
    private final ProfileRetrievalService profile;
    private final StorageReadService readService;

    @Inject
    public DFSPrivateKeyServiceImpl(KeyStoreCache keyStoreCache, KeyStoreService keyStoreService, DFSConfig dFSConfig, BucketAccessService bucketAccessService, ProfileRetrievalService profileRetrievalService, StorageReadService storageReadService) {
        this.keystoreCache = keyStoreCache;
        this.keyStoreService = keyStoreService;
        this.dfsConfig = dFSConfig;
        this.bucketAccessService = bucketAccessService;
        this.profile = profileRetrievalService;
        this.readService = storageReadService;
    }

    public SecretKeyIDWithKey pathEncryptionSecretKey(UserIDAuth userIDAuth) {
        return new SecretKeyIDWithKey(KeyStoreCreationConfig.PATH_KEY_ID, (SecretKey) keyById(userIDAuth, KeyStoreCreationConfig.PATH_KEY_ID.getValue()));
    }

    public SecretKeyIDWithKey documentEncryptionSecretKey(UserIDAuth userIDAuth) {
        return new SecretKeyIDWithKey(KeyStoreCreationConfig.SYMM_KEY_ID, (SecretKey) keyById(userIDAuth, KeyStoreCreationConfig.SYMM_KEY_ID.getValue()));
    }

    public Map<String, Key> keysByIds(UserIDAuth userIDAuth, Set<String> set) {
        KeyStore computeIfAbsent = this.keystoreCache.getKeystore().computeIfAbsent(userIDAuth.getUserID(), userID -> {
            return keystore(userIDAuth);
        });
        return (Map) set.stream().filter(str -> {
            return containsAlias(computeIfAbsent, str);
        }).collect(Collectors.toMap(str2 -> {
            return str2;
        }, str3 -> {
            return getKey(computeIfAbsent, str3, userIDAuth.getReadKeyPassword());
        }));
    }

    private Key keyById(UserIDAuth userIDAuth, String str) {
        return keysByIds(userIDAuth, Collections.singleton(str)).get(str);
    }

    private KeyStore keystore(UserIDAuth userIDAuth) {
        InputStream read = this.readService.read(this.bucketAccessService.privateAccessFor(userIDAuth, this.profile.privateProfile(userIDAuth).getKeystore().getResource()));
        Throwable th = null;
        try {
            byte[] byteArray = ByteStreams.toByteArray(read);
            if (read != null) {
                if (0 != 0) {
                    try {
                        read.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    read.close();
                }
            }
            return this.keyStoreService.deserialize(byteArray, userIDAuth.getUserID().getValue(), this.dfsConfig.privateKeyStoreAuth(userIDAuth).getReadStorePassword());
        } finally {
        }
    }

    private boolean containsAlias(KeyStore keyStore, String str) {
        return keyStore.containsAlias(str);
    }

    private Key getKey(KeyStore keyStore, String str, ReadKeyPassword readKeyPassword) {
        return keyStore.getKey(str, readKeyPassword.getValue().toCharArray());
    }
}
