package org.seedstack.seed.core.internal.crypto;

import com.google.common.base.Strings;
import com.google.inject.Key;
import io.nuun.kernel.api.plugin.InitState;
import io.nuun.kernel.api.plugin.context.InitContext;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.seedstack.seed.SeedException;
import org.seedstack.seed.core.internal.AbstractSeedPlugin;
import org.seedstack.seed.crypto.CryptoConfig;
import org.seedstack.seed.crypto.EncryptionService;
import org.seedstack.seed.crypto.spi.SSLProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/seedstack/seed/core/internal/crypto/CryptoPlugin.class */
public class CryptoPlugin extends AbstractSeedPlugin implements SSLProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(CryptoPlugin.class);
    private static final String ALIAS = "alias";
    static final String MASTER_KEYSTORE_NAME = "master";
    static final String MASTER_KEY_NAME = "seed";
    private final Map<Key<EncryptionService>, EncryptionService> encryptionServices = new HashMap();
    private final Map<String, KeyStore> keyStores = new HashMap();
    private final Map<String, CryptoConfig.KeyStoreConfig> keyStoreConfigs = new HashMap();
    private final List<KeyPairConfig> keyPairConfigs = new ArrayList();
    private CryptoConfig.SSLConfig sslConfig;
    private SSLContext sslContext;

    public String name() {
        return "crypto";
    }

    public Object nativeUnitModule() {
        return new CryptoModule(this.encryptionServices, this.keyStores);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.seedstack.seed.core.internal.AbstractSeedPlugin
    public InitState initialize(InitContext initContext) {
        CryptoConfig cryptoConfig = (CryptoConfig) getConfiguration(CryptoConfig.class, new String[0]);
        KeyStoreLoader keyStoreLoader = new KeyStoreLoader();
        for (Map.Entry entry : cryptoConfig.keyStores().entrySet()) {
            this.keyStores.put(entry.getKey(), keyStoreLoader.load((String) entry.getKey(), (CryptoConfig.KeyStoreConfig) entry.getValue()));
            this.keyStoreConfigs.put(entry.getKey(), entry.getValue());
        }
        KeyPairConfigFactory keyPairConfigFactory = new KeyPairConfigFactory(cryptoConfig);
        for (Map.Entry<String, KeyStore> entry2 : this.keyStores.entrySet()) {
            this.keyPairConfigs.addAll(keyPairConfigFactory.create(entry2.getKey(), entry2.getValue()));
        }
        this.encryptionServices.putAll(new EncryptionServiceBindingFactory().createBindings(cryptoConfig, this.keyPairConfigs, this.keyStores));
        LOGGER.debug("Registered {} cryptographic key(s)", Integer.valueOf(this.encryptionServices.size()));
        this.sslConfig = cryptoConfig.ssl();
        this.sslContext = configureSSL(this.sslConfig);
        return InitState.INITIALIZED;
    }

    private SSLContext configureSSL(CryptoConfig.SSLConfig sSLConfig) {
        SSLLoader sSLLoader = new SSLLoader();
        KeyStore keyStore = this.keyStores.get(sSLConfig.getTrustStore());
        if (keyStore == null) {
            return null;
        }
        TrustManager[] trustManager = sSLLoader.getTrustManager(keyStore);
        KeyManager[] configureKeyManagers = configureKeyManagers(sSLConfig);
        if (configureKeyManagers != null) {
            return sSLLoader.getSSLContext(this.sslConfig.getProtocol(), configureKeyManagers, trustManager);
        }
        return null;
    }

    private KeyManager[] configureKeyManagers(CryptoConfig.SSLConfig sSLConfig) {
        String keyStore = sSLConfig.getKeyStore();
        CryptoConfig.KeyStoreConfig keyStoreConfig = this.keyStoreConfigs.get(keyStore);
        if (keyStoreConfig == null) {
            return null;
        }
        String alias = sSLConfig.getAlias();
        CryptoConfig.KeyStoreConfig.AliasConfig aliasConfig = (CryptoConfig.KeyStoreConfig.AliasConfig) keyStoreConfig.getAliases().get(alias);
        if (aliasConfig == null || Strings.isNullOrEmpty(aliasConfig.getPassword())) {
            throw SeedException.createNew(CryptoErrorCode.MISSING_ALIAS_PASSWORD).put(ALIAS, alias).put("ksName", keyStore);
        }
        return new SSLLoader().getKeyManagers(this.keyStores.get(keyStore), aliasConfig.getPassword().toCharArray());
    }

    public Optional<SSLContext> sslContext() {
        return Optional.ofNullable(this.sslContext);
    }

    public CryptoConfig.SSLConfig sslConfig() {
        return this.sslConfig;
    }
}
