package org.seedstack.seed.core.internal.crypto;

import com.google.common.base.Strings;
import com.google.inject.Key;
import io.nuun.kernel.api.plugin.InitState;
import io.nuun.kernel.api.plugin.context.InitContext;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509KeyManager;
import org.seedstack.seed.SeedException;
import org.seedstack.seed.core.internal.AbstractSeedPlugin;
import org.seedstack.seed.crypto.CryptoConfig;
import org.seedstack.seed.crypto.EncryptionService;
import org.seedstack.seed.crypto.spi.SSLProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/seedstack/seed/core/internal/crypto/CryptoPlugin.class */
public class CryptoPlugin extends AbstractSeedPlugin implements SSLProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(CryptoPlugin.class);
    private final Map<Key<EncryptionService>, EncryptionService> encryptionServices = new HashMap();
    private final Map<String, KeyStore> keyStores = new HashMap();
    private KeyStore trustStore;
    private SSLContext sslContext;
    private List<KeyManagerAdapter> keyManagerAdapters;
    private Class<? extends X509KeyManager> keyManagerClass;

    public String name() {
        return "crypto";
    }

    @Override // org.seedstack.seed.core.internal.AbstractSeedPlugin
    public InitState initialize(InitContext initContext) {
        CryptoConfig cryptoConfig = (CryptoConfig) getConfiguration(CryptoConfig.class, new String[0]);
        KeyStoreLoader keyStoreLoader = new KeyStoreLoader();
        this.trustStore = loadTrustStore(cryptoConfig, keyStoreLoader);
        this.keyStores.putAll(loadKeyStores(cryptoConfig, keyStoreLoader));
        this.encryptionServices.putAll(configEncryptionServices(cryptoConfig));
        SSLBuilder sSLBuilder = new SSLBuilder(this.trustStore, this.keyStores);
        this.sslContext = sSLBuilder.getSSLContext(cryptoConfig);
        this.keyManagerAdapters = sSLBuilder.getKeyManagerAdapters();
        this.keyManagerClass = cryptoConfig.ssl().getX509KeyManager();
        return InitState.INITIALIZED;
    }

    private KeyStore loadTrustStore(CryptoConfig cryptoConfig, KeyStoreLoader keyStoreLoader) {
        CryptoConfig.StoreConfig trustStore = cryptoConfig.getTrustStore();
        if (trustStore == null) {
            return null;
        }
        LOGGER.info("Loading truststore from {}", trustStore.getPath());
        return keyStoreLoader.load("<truststore>", trustStore);
    }

    private Map<String, KeyStore> loadKeyStores(CryptoConfig cryptoConfig, KeyStoreLoader keyStoreLoader) {
        HashMap hashMap = new HashMap();
        cryptoConfig.keyStores().entrySet().stream().peek(entry -> {
            LOGGER.info("Loading keystore '{}' from {}", entry.getKey(), ((CryptoConfig.KeyStoreConfig) entry.getValue()).getPath());
        }).forEach(entry2 -> {
            hashMap.put((String) entry2.getKey(), keyStoreLoader.load((String) entry2.getKey(), (CryptoConfig.StoreConfig) entry2.getValue()));
        });
        return hashMap;
    }

    private Map<Key<EncryptionService>, EncryptionService> configEncryptionServices(CryptoConfig cryptoConfig) {
        ArrayList arrayList = new ArrayList();
        KeyPairConfigFactory keyPairConfigFactory = new KeyPairConfigFactory(cryptoConfig);
        for (Map.Entry<String, KeyStore> entry : this.keyStores.entrySet()) {
            Stream<KeyPairConfig> peek = keyPairConfigFactory.create(entry.getKey(), entry.getValue()).stream().peek(keyPairConfig -> {
                LOGGER.debug("Encryption service '{}' defined from keystore '{}'", keyPairConfig.getAlias(), entry.getKey());
            });
            Objects.requireNonNull(arrayList);
            peek.forEach((v1) -> {
                r1.add(v1);
            });
        }
        return new EncryptionServiceBindingFactory().createBindings(arrayList, this.keyStores);
    }

    public Object nativeUnitModule() {
        return new CryptoModule(this.encryptionServices, this.keyStores, this.trustStore, this.sslContext, this.keyManagerAdapters, this.keyManagerClass);
    }

    public Optional<SSLContext> sslContext() {
        return Optional.ofNullable(this.sslContext);
    }

    public CryptoConfig.SSLConfig sslConfig() {
        return (CryptoConfig.SSLConfig) getConfiguration(CryptoConfig.SSLConfig.class, new String[0]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static EncryptionService getMasterEncryptionService(EncryptionServiceFactory encryptionServiceFactory, CryptoConfig.KeyStoreConfig keyStoreConfig, String str) {
        CryptoConfig.KeyStoreConfig.AliasConfig aliasConfig = (CryptoConfig.KeyStoreConfig.AliasConfig) keyStoreConfig.getAliases().get(str);
        if (aliasConfig == null || Strings.isNullOrEmpty(aliasConfig.getPassword())) {
            throw SeedException.createNew(CryptoErrorCode.MISSING_MASTER_KEY_PASSWORD);
        }
        return encryptionServiceFactory.create(str, aliasConfig.getPassword().toCharArray());
    }
}
