package org.eclipse.edc.connector.transfer.dataplane.security;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.gen.ECKeyGenerator;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Optional;
import java.util.UUID;
import org.eclipse.edc.spi.EdcException;
import org.eclipse.edc.spi.result.Result;
import org.eclipse.edc.spi.security.PrivateKeyResolver;
import org.eclipse.edc.spi.security.Vault;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:org/eclipse/edc/connector/transfer/dataplane/security/ConsumerPullKeyPairFactory.class */
public class ConsumerPullKeyPairFactory {
    private final PrivateKeyResolver privateKeyResolver;
    private final Vault vault;

    public ConsumerPullKeyPairFactory(PrivateKeyResolver privateKeyResolver, Vault vault) {
        this.privateKeyResolver = privateKeyResolver;
        this.vault = vault;
    }

    public Result<KeyPair> fromConfig(@NotNull String str, @NotNull String str2) {
        return publicKey(str).compose(publicKey -> {
            return privateKey(str2).map(privateKey -> {
                return new KeyPair(publicKey, privateKey);
            });
        });
    }

    public KeyPair defaultKeyPair() {
        try {
            return new ECKeyGenerator(Curve.P_256).keyUse(KeyUse.SIGNATURE).keyID(UUID.randomUUID().toString()).generate().toKeyPair();
        } catch (JOSEException e) {
            throw new EdcException(e);
        }
    }

    @NotNull
    private Result<PublicKey> publicKey(String str) {
        return (Result) Optional.ofNullable(this.vault.resolveSecret(str)).map(ConsumerPullKeyPairFactory::convertPemToPublicKey).orElse(Result.failure("Failed to resolve public key with alias: " + str));
    }

    @NotNull
    private Result<PrivateKey> privateKey(String str) {
        return (Result) Optional.ofNullable((PrivateKey) this.privateKeyResolver.resolvePrivateKey(str, PrivateKey.class)).map((v0) -> {
            return Result.success(v0);
        }).orElse(Result.failure("Failed to resolve private key with alias: " + str));
    }

    @NotNull
    private static Result<PublicKey> convertPemToPublicKey(String str) {
        try {
            JWK parseFromPEMEncodedObjects = JWK.parseFromPEMEncodedObjects(str);
            return parseFromPEMEncodedObjects instanceof RSAKey ? Result.success(parseFromPEMEncodedObjects.toRSAKey().toPublicKey()) : parseFromPEMEncodedObjects instanceof ECKey ? Result.success(parseFromPEMEncodedObjects.toECKey().toPublicKey()) : Result.failure(String.format("Public key algorithm %s is not supported", parseFromPEMEncodedObjects.getAlgorithm().toString()));
        } catch (JOSEException e) {
            return Result.failure("Failed to parse private key: " + e.getMessage());
        }
    }
}
