package com.yahoo.vespa.hosted.athenz.instanceproviderservice;

import com.google.inject.Inject;
import com.yahoo.config.provision.Zone;
import com.yahoo.container.jdisc.secretstore.SecretStore;
import com.yahoo.security.KeyUtils;
import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.Map;

/* loaded from: input_file:com/yahoo/vespa/hosted/athenz/instanceproviderservice/CkmsKeyProvider.class */
public class CkmsKeyProvider implements KeyProvider {
    private final SecretStore secretStore;
    private final String secretName;
    private final Map<Integer, KeyPair> secrets = new HashMap();

    @Inject
    public CkmsKeyProvider(SecretStore secretStore, Zone zone, AthenzProviderServiceConfig athenzProviderServiceConfig) {
        this.secretStore = secretStore;
        this.secretName = athenzProviderServiceConfig.secretName();
    }

    @Override // com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider
    public PrivateKey getPrivateKey(int i) {
        return getKeyPair(i).getPrivate();
    }

    @Override // com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider
    public PublicKey getPublicKey(int i) {
        return getKeyPair(i).getPublic();
    }

    @Override // com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider
    public KeyPair getKeyPair(int i) {
        KeyPair keyPair;
        synchronized (this.secrets) {
            KeyPair keyPair2 = this.secrets.get(Integer.valueOf(i));
            if (keyPair2 == null) {
                keyPair2 = readKeyPair(i);
                this.secrets.put(Integer.valueOf(i), keyPair2);
            }
            keyPair = keyPair2;
        }
        return keyPair;
    }

    private KeyPair readKeyPair(int i) {
        PrivateKey fromPemEncodedPrivateKey = KeyUtils.fromPemEncodedPrivateKey(this.secretStore.getSecret(this.secretName, i));
        return new KeyPair(KeyUtils.extractPublicKey(fromPemEncodedPrivateKey), fromPemEncodedPrivateKey);
    }
}
