package org.seedstack.seed.crypto.internal;

import com.google.common.collect.Lists;
import com.google.inject.Key;
import io.nuun.kernel.api.plugin.InitState;
import io.nuun.kernel.api.plugin.context.InitContext;
import io.nuun.kernel.core.AbstractPlugin;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.apache.commons.configuration.Configuration;
import org.seedstack.seed.SeedException;
import org.seedstack.seed.core.internal.application.ApplicationPlugin;
import org.seedstack.seed.core.utils.ConfigurationUtils;
import org.seedstack.seed.crypto.EncryptionService;
import org.seedstack.seed.crypto.spi.SSLConfiguration;
import org.seedstack.seed.crypto.spi.SSLProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/seedstack/seed/crypto/internal/CryptoPlugin.class */
public class CryptoPlugin extends AbstractPlugin implements SSLProvider {
    public static final String CONFIG_PREFIX = "org.seedstack.seed.crypto";
    public static final String TRUSTSTORE = "truststore";
    public static final String ALIAS = "alias";
    public static final String SSL = "ssl";
    public static final String DEFAULT_KEY_NAME = "default";
    public static final String MASTER_KEY_NAME = "seed";
    public static final String KEYSTORES = "keystores";
    public static final String PASSWORD = "password";
    public static final String CERT = "cert";
    public static final String CERT_FILE = "file";
    public static final String CERT_RESOURCE = "resource";
    public static final String QUALIFIER = "qualifier";
    private final Map<Key<EncryptionService>, EncryptionService> encryptionServices = new HashMap();
    private final Map<String, KeyStore> keyStores = new HashMap();
    private final Map<String, KeyStoreConfig> keyStoreConfigs = new HashMap();
    private final List<KeyPairConfig> keyPairConfigs = new ArrayList();
    private SSLConfiguration sslConfiguration;
    private SSLContext sslContext;
    private static final Logger LOGGER = LoggerFactory.getLogger(CryptoPlugin.class);
    public static final String KEYSTORE = "keystore";
    public static final String MASTER_KEYSTORE_NAME = "master";
    public static final String MASTER_KEYSTORE_PATH = ConfigurationUtils.buildKey(new String[]{KEYSTORE, MASTER_KEYSTORE_NAME, "path"});

    public String name() {
        return "seed-crypto-plugin";
    }

    public Object nativeUnitModule() {
        return new CryptoModule(this.encryptionServices, this.keyStores);
    }

    public InitState init(InitContext initContext) {
        Configuration subset = ((ApplicationPlugin) initContext.dependency(ApplicationPlugin.class)).getApplication().getConfiguration().subset(CONFIG_PREFIX);
        this.keyStoreConfigs.putAll(getKeyStoreConfigs(subset));
        KeyStoreLoader keyStoreLoader = new KeyStoreLoader();
        for (Map.Entry<String, KeyStoreConfig> entry : this.keyStoreConfigs.entrySet()) {
            this.keyStores.put(entry.getKey(), keyStoreLoader.load(entry.getValue()));
        }
        KeyPairConfigFactory keyPairConfigFactory = new KeyPairConfigFactory(subset);
        for (Map.Entry<String, KeyStore> entry2 : this.keyStores.entrySet()) {
            this.keyPairConfigs.addAll(keyPairConfigFactory.create(entry2.getKey(), entry2.getValue()));
        }
        this.encryptionServices.putAll(new EncryptionServiceBindingFactory().createBindings(subset, this.keyPairConfigs, this.keyStores));
        LOGGER.debug("Registered {} cryptographic key(s)", Integer.valueOf(this.encryptionServices.size()));
        Configuration subset2 = subset.subset(SSL);
        if (subset2.containsKey(KEYSTORE)) {
            configureSSL(subset2);
        }
        return InitState.INITIALIZED;
    }

    private void configureSSL(Configuration configuration) {
        SSLLoader sSLLoader = new SSLLoader();
        KeyManager[] configureKeyManagers = configureKeyManagers(configuration);
        TrustManager[] trustManagerArr = null;
        if (configuration.containsKey(TRUSTSTORE)) {
            KeyStore keyStore = this.keyStores.get(configuration.getString(TRUSTSTORE));
            if (keyStore == null) {
                throw SeedException.createNew(CryptoErrorCodes.MISSING_SSL_TRUST_STORE_CONFIGURATION);
            }
            trustManagerArr = sSLLoader.getTrustManager(keyStore);
        }
        this.sslConfiguration = new SSLConfigFactory().createSSLConfiguration(configuration);
        this.sslContext = sSLLoader.getSSLContext(this.sslConfiguration.getProtocol(), configureKeyManagers, trustManagerArr);
    }

    private KeyManager[] configureKeyManagers(Configuration configuration) {
        SSLLoader sSLLoader = new SSLLoader();
        if (!configuration.containsKey(KEYSTORE)) {
            throw SeedException.createNew(CryptoErrorCodes.MISSING_SSL_KEY_STORE_CONFIGURATION);
        }
        String string = configuration.getString(KEYSTORE);
        KeyStore keyStore = this.keyStores.get(string);
        if (keyStore == null) {
            throw SeedException.createNew(CryptoErrorCodes.MISSING_SSL_KEY_STORE_CONFIGURATION).put("ksName", string);
        }
        String string2 = configuration.containsKey(ALIAS) ? configuration.getString(ALIAS) : SSL;
        String str = this.keyStoreConfigs.get(string).getAliasPasswords().get(string2);
        if (str == null || "".equals(str)) {
            throw SeedException.createNew(CryptoErrorCodes.MISSING_ALIAS_PASSWORD).put(ALIAS, string2).put("ksName", string);
        }
        return sSLLoader.getKeyManagers(keyStore, str.toCharArray());
    }

    private Map<String, KeyStoreConfig> getKeyStoreConfigs(Configuration configuration) {
        HashMap hashMap = new HashMap();
        KeyStoreConfigFactory keyStoreConfigFactory = new KeyStoreConfigFactory(configuration);
        for (String str : getKeyStoreNames(configuration, keyStoreConfigFactory)) {
            hashMap.put(str, keyStoreConfigFactory.create(str));
        }
        return hashMap;
    }

    private List<String> getKeyStoreNames(Configuration configuration, KeyStoreConfigFactory keyStoreConfigFactory) {
        String[] stringArray = configuration.getStringArray(KEYSTORES);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(Arrays.asList(stringArray));
        if (keyStoreConfigFactory.isKeyStoreConfigured(MASTER_KEYSTORE_NAME)) {
            arrayList.add(MASTER_KEYSTORE_NAME);
        }
        if (keyStoreConfigFactory.isKeyStoreConfigured(DEFAULT_KEY_NAME)) {
            arrayList.add(DEFAULT_KEY_NAME);
        }
        return arrayList;
    }

    @Override // org.seedstack.seed.crypto.spi.SSLProvider
    public SSLContext sslContext() {
        return this.sslContext;
    }

    @Override // org.seedstack.seed.crypto.spi.SSLProvider
    public SSLConfiguration sslConfig() {
        return this.sslConfiguration;
    }

    public Collection<Class<?>> requiredPlugins() {
        return Lists.newArrayList(new Class[]{ApplicationPlugin.class});
    }
}
