package de.adorsys.datasafe_0_6_1_0_6_1.directory.impl.profile.keys;

import de.adorsys.datasafe_0_6_1_0_6_1.directory.api.profile.dfs.BucketAccessService;
import de.adorsys.datasafe_0_6_1_0_6_1.directory.api.profile.keys.StorageKeyStoreOperations;
import de.adorsys.datasafe_0_6_1_0_6_1.directory.api.profile.operations.ProfileRetrievalService;
import de.adorsys.datasafe_0_6_1_0_6_1.directory.api.types.StorageCredentials;
import de.adorsys.datasafe_0_6_1_0_6_1.directory.impl.profile.serde.GsonSerde;
import de.adorsys.datasafe_0_6_1_0_6_1.encrypiton.api.keystore.KeyStoreService;
import de.adorsys.datasafe_0_6_1_0_6_1.encrypiton.api.types.S061_UserIDAuth;
import de.adorsys.datasafe_0_6_1_0_6_1.encrypiton.api.types.keystore.KeyStoreAccess;
import de.adorsys.datasafe_0_6_1_0_6_1.encrypiton.api.types.keystore.S061_ReadKeyPassword;
import de.adorsys.datasafe_0_6_1_0_6_1.types.api.context.annotations.RuntimeDelegate;
import de.adorsys.datasafe_0_6_1_0_6_1.types.api.resource.AbsoluteLocation;
import de.adorsys.datasafe_0_6_1_0_6_1.types.api.resource.PrivateResource;
import de.adorsys.datasafe_0_6_1_0_6_1.types.api.resource.StorageIdentifier;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.util.Collections;
import java.util.Set;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import javax.inject.Inject;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@RuntimeDelegate
/* loaded from: input_file:de/adorsys/datasafe_0_6_1_0_6_1/directory/impl/profile/keys/StorageKeyStoreOperationsImpl.class */
public class StorageKeyStoreOperationsImpl implements StorageKeyStoreOperations {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(StorageKeyStoreOperationsImpl.class);
    private final GsonSerde gson;
    private final KeyStoreService keyStoreService;
    private final GenericKeystoreOperations genericOper;
    private final ProfileRetrievalService profile;
    private final BucketAccessService access;
    private final KeyStoreCache keystoreCache;

    @Inject
    public StorageKeyStoreOperationsImpl(GsonSerde gsonSerde, KeyStoreService keyStoreService, GenericKeystoreOperations genericKeystoreOperations, ProfileRetrievalService profileRetrievalService, BucketAccessService bucketAccessService, KeyStoreCache keyStoreCache) {
        this.gson = gsonSerde;
        this.keyStoreService = keyStoreService;
        this.genericOper = genericKeystoreOperations;
        this.profile = profileRetrievalService;
        this.access = bucketAccessService;
        this.keystoreCache = keyStoreCache;
    }

    @Override // de.adorsys.datasafe_0_6_1_0_6_1.directory.api.profile.keys.StorageKeyStoreOperations
    public StorageCredentials getStorageCredentials(S061_UserIDAuth s061_UserIDAuth, StorageIdentifier storageIdentifier) {
        if (null == storageKeystoreLocation(s061_UserIDAuth)) {
            return null;
        }
        return deserialize(new String(this.genericOper.getKey(() -> {
            return keyStore(s061_UserIDAuth);
        }, s061_UserIDAuth, storageIdentifier.getId()).getEncoded(), StandardCharsets.UTF_8).toCharArray());
    }

    @Override // de.adorsys.datasafe_0_6_1_0_6_1.directory.api.profile.keys.StorageKeyStoreOperations
    public Set<StorageIdentifier> readAliases(S061_UserIDAuth s061_UserIDAuth) {
        return null == storageKeystoreLocation(s061_UserIDAuth) ? Collections.emptySet() : (Set) this.genericOper.readAliases(keyStore(s061_UserIDAuth)).stream().map(StorageIdentifier::new).collect(Collectors.toSet());
    }

    @Override // de.adorsys.datasafe_0_6_1_0_6_1.directory.api.profile.keys.StorageKeyStoreOperations
    public void updateReadKeyPassword(S061_UserIDAuth s061_UserIDAuth, S061_ReadKeyPassword s061_ReadKeyPassword) {
        if (null == storageKeystoreLocation(s061_UserIDAuth)) {
            return;
        }
        log.debug("Updating users' '{}' storage keystore ReadKeyPassword", s061_UserIDAuth.getUserID());
        this.genericOper.updateReadKeyPassword(keyStore(s061_UserIDAuth), keystoreLocationWithAccess(s061_UserIDAuth), s061_UserIDAuth, s061_ReadKeyPassword);
    }

    @Override // de.adorsys.datasafe_0_6_1_0_6_1.directory.api.profile.keys.StorageKeyStoreOperations
    public void createAndWriteKeystore(S061_UserIDAuth s061_UserIDAuth) {
        this.genericOper.writeKeystore(s061_UserIDAuth.getUserID(), this.genericOper.keystoreAuth(s061_UserIDAuth), keystoreLocationWithAccess(s061_UserIDAuth), newKeystore(s061_UserIDAuth));
    }

    @Override // de.adorsys.datasafe_0_6_1_0_6_1.directory.api.profile.keys.StorageKeyStoreOperations
    public void addStorageCredentials(S061_UserIDAuth s061_UserIDAuth, StorageIdentifier storageIdentifier, StorageCredentials storageCredentials) {
        modifyAndStoreKeystore(s061_UserIDAuth, keyStoreAccess -> {
            this.keyStoreService.addPasswordBasedSecretKey(keyStoreAccess, storageIdentifier.getId(), serialize(storageCredentials));
        });
    }

    @Override // de.adorsys.datasafe_0_6_1_0_6_1.directory.api.profile.keys.StorageKeyStoreOperations
    public void removeStorageCredentials(S061_UserIDAuth s061_UserIDAuth, StorageIdentifier storageIdentifier) {
        modifyAndStoreKeystore(s061_UserIDAuth, keyStoreAccess -> {
            this.keyStoreService.removeKey(keyStoreAccess, storageIdentifier.getId());
        });
    }

    @Override // de.adorsys.datasafe_0_6_1_0_6_1.directory.api.profile.keys.StorageKeyStoreOperations
    public void invalidateCache(S061_UserIDAuth s061_UserIDAuth) {
        this.keystoreCache.getStorageAccess().remove(s061_UserIDAuth.getUserID());
    }

    private void modifyAndStoreKeystore(S061_UserIDAuth s061_UserIDAuth, Consumer<KeyStoreAccess> consumer) {
        log.debug("Modifying users' '{}' keystore", s061_UserIDAuth.getUserID());
        AbsoluteLocation keystoreLocationWithAccess = keystoreLocationWithAccess(s061_UserIDAuth);
        KeyStoreAccess keyStoreAccess = new KeyStoreAccess(this.genericOper.readKeyStore(s061_UserIDAuth, keystoreLocationWithAccess), this.genericOper.keystoreAuth(s061_UserIDAuth));
        consumer.accept(keyStoreAccess);
        this.genericOper.writeKeystore(s061_UserIDAuth.getUserID(), this.genericOper.keystoreAuth(s061_UserIDAuth), keystoreLocationWithAccess, keyStoreAccess.getKeyStore());
        invalidateCache(s061_UserIDAuth);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyStore newKeystore(S061_UserIDAuth s061_UserIDAuth) {
        return this.genericOper.createEmptyKeystore(s061_UserIDAuth);
    }

    private StorageCredentials deserialize(char[] cArr) {
        return (StorageCredentials) this.gson.fromJson(new String(cArr), StorageCredentials.class);
    }

    private char[] serialize(StorageCredentials storageCredentials) {
        return this.gson.toJson(storageCredentials).toCharArray();
    }

    private AbsoluteLocation keystoreLocationWithAccess(S061_UserIDAuth s061_UserIDAuth) {
        AbsoluteLocation<PrivateResource> storageKeystoreLocation = storageKeystoreLocation(s061_UserIDAuth);
        if (null == storageKeystoreLocation) {
            throw new IllegalStateException("Profile does not have associated storage keystore");
        }
        return this.access.withSystemAccess(storageKeystoreLocation);
    }

    private AbsoluteLocation<PrivateResource> storageKeystoreLocation(S061_UserIDAuth s061_UserIDAuth) {
        return this.profile.privateProfile(s061_UserIDAuth).getStorageCredentialsKeystore();
    }

    private KeyStore keyStore(S061_UserIDAuth s061_UserIDAuth) {
        return this.keystoreCache.getStorageAccess().computeIfAbsent(s061_UserIDAuth.getUserID(), s061_UserID -> {
            return this.genericOper.readKeyStore(s061_UserIDAuth, keystoreLocationWithAccess(s061_UserIDAuth));
        });
    }
}
