package org.forgerock.openidm.security.impl;

import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import org.apache.commons.lang3.tuple.Pair;
import org.forgerock.json.fluent.JsonValue;
import org.forgerock.json.resource.NotFoundException;
import org.forgerock.openidm.repo.RepositoryService;
import org.forgerock.openidm.security.KeyStoreHandler;
import org.forgerock.openidm.security.KeyStoreManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/forgerock/openidm/security/impl/PrivateKeyResourceProvider.class */
public class PrivateKeyResourceProvider extends EntryResourceProvider {
    private static final Logger logger = LoggerFactory.getLogger(PrivateKeyResourceProvider.class);

    public PrivateKeyResourceProvider(String str, KeyStoreHandler keyStoreHandler, KeyStoreManager keyStoreManager, RepositoryService repositoryService) {
        super(str, keyStoreHandler, keyStoreManager, repositoryService);
    }

    @Override // org.forgerock.openidm.security.impl.EntryResourceProvider
    protected void storeEntry(JsonValue jsonValue, String str) throws Exception {
        String asString = jsonValue.get("type").defaultTo(SecurityResourceProvider.DEFAULT_CERTIFICATE_TYPE).asString();
        String asString2 = jsonValue.get("privateKey").asString();
        PrivateKey privateKey = asString2 == null ? getKeyPair(str).getPrivate() : ((KeyPair) fromPem(asString2)).getPrivate();
        if (privateKey == null) {
            throw new NotFoundException("No private key exists for the supplied signed certificate");
        }
        Certificate[] readCertificateChain = readCertificateChain(jsonValue.get("certs").required().asList(String.class), asString);
        verify(privateKey, readCertificateChain[0]);
        this.store.getStore().setEntry(str, new KeyStore.PrivateKeyEntry(privateKey, readCertificateChain), new KeyStore.PasswordProtection(this.store.getPassword().toCharArray()));
        this.store.store();
    }

    @Override // org.forgerock.openidm.security.impl.EntryResourceProvider
    protected JsonValue readEntry(String str) throws Exception {
        Key key = this.store.getStore().getKey(str, this.store.getPassword().toCharArray());
        if (key == null) {
            throw new NotFoundException("Alias does not correspond to a key entry in " + this.resourceName);
        }
        return returnKey(str, key);
    }

    @Override // org.forgerock.openidm.security.impl.EntryResourceProvider
    public void createDefaultEntry(String str) throws Exception {
        Pair<X509Certificate, PrivateKey> generateCertificate = generateCertificate("localhost", "OpenIDM Self-Signed Certificate", "None", "None", "None", "None", SecurityResourceProvider.DEFAULT_ALGORITHM, SecurityResourceProvider.DEFAULT_KEY_SIZE, SecurityResourceProvider.DEFAULT_SIGNATURE_ALGORITHM, null, null);
        Certificate certificate = (Certificate) generateCertificate.getKey();
        this.store.getStore().setEntry(str, new KeyStore.PrivateKeyEntry((PrivateKey) generateCertificate.getValue(), new Certificate[]{certificate}), new KeyStore.PasswordProtection(this.store.getPassword().toCharArray()));
        this.store.store();
    }
}
