package org.metastatic.jessie.provider;

import java.io.FileInputStream;
import java.io.IOException;
import java.net.Socket;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactorySpi;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.X509KeyManager;
import org.metastatic.jessie.NullManagerParameters;
import org.metastatic.jessie.PrivateCredentials;

/* loaded from: input_file:org/metastatic/jessie/provider/X509KeyManagerFactory.class */
public class X509KeyManagerFactory extends KeyManagerFactorySpi {
    private Manager current;

    /* loaded from: input_file:org/metastatic/jessie/provider/X509KeyManagerFactory$Manager.class */
    private class Manager implements X509KeyManager {
        private final Map privateKeys;
        private final Map certChains;
        private final X509KeyManagerFactory this$0;

        Manager(X509KeyManagerFactory x509KeyManagerFactory, Map map, Map map2) {
            this.this$0 = x509KeyManagerFactory;
            this.privateKeys = map;
            this.certChains = map2;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            for (String str : strArr) {
                String[] clientAliases = getClientAliases(str, principalArr);
                if (clientAliases.length > 0) {
                    return clientAliases[0];
                }
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return getAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            String[] serverAliases = getServerAliases(str, principalArr);
            if (serverAliases.length > 0) {
                return serverAliases[0];
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return getAliases(str, principalArr);
        }

        private String[] getAliases(String str, Principal[] principalArr) {
            PrivateKey privateKey;
            LinkedList linkedList = new LinkedList();
            for (String str2 : this.privateKeys.keySet()) {
                X509Certificate[] certificateChain = getCertificateChain(str2);
                if (certificateChain.length != 0 && (privateKey = getPrivateKey(str2)) != null) {
                    PublicKey publicKey = certificateChain[0].getPublicKey();
                    if ((!str.equals("RSA") && !str.equals("DHE_RSA") && !str.equals("SRP_RSA") && !str.equals("rsa_sign")) || ((privateKey instanceof RSAPrivateKey) && (publicKey instanceof RSAPublicKey))) {
                        if ((!str.equals("DHE_DSS") && !str.equals("dss_sign") && !str.equals("SRP_DSS")) || ((privateKey instanceof DSAPrivateKey) && (publicKey instanceof DSAPublicKey))) {
                            if ((!str.equals("DH_RSA") && !str.equals("rsa_fixed_dh")) || ((privateKey instanceof DHPrivateKey) && (publicKey instanceof DHPublicKey) && certificateChain[0].getSigAlgName().equalsIgnoreCase("RSA"))) {
                                if ((!str.equals("DH_DSS") && !str.equals("dss_fixed_dh")) || ((privateKey instanceof DHPrivateKey) && (publicKey instanceof DHPublicKey) && certificateChain[0].getSigAlgName().equalsIgnoreCase("DSA"))) {
                                    if (principalArr == null || principalArr.length == 0) {
                                        linkedList.add(str2);
                                    } else {
                                        int i = 0;
                                        while (true) {
                                            if (i >= principalArr.length) {
                                                break;
                                            }
                                            if (certificateChain[0].getIssuerDN().equals(principalArr[i])) {
                                                linkedList.add(str2);
                                                break;
                                            }
                                            i++;
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
            return (String[]) linkedList.toArray(new String[linkedList.size()]);
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) this.certChains.get(str);
            if (x509CertificateArr != null) {
                return (X509Certificate[]) x509CertificateArr.clone();
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return (PrivateKey) this.privateKeys.get(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.KeyManagerFactorySpi
    public KeyManager[] engineGetKeyManagers() {
        if (this.current == null) {
            throw new IllegalStateException();
        }
        return new KeyManager[]{this.current};
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.KeyManagerFactorySpi
    public void engineInit(ManagerFactoryParameters managerFactoryParameters) throws InvalidAlgorithmParameterException {
        if (managerFactoryParameters instanceof NullManagerParameters) {
            this.current = new Manager(this, Collections.EMPTY_MAP, Collections.EMPTY_MAP);
            return;
        }
        if (!(managerFactoryParameters instanceof PrivateCredentials)) {
            throw new InvalidAlgorithmParameterException();
        }
        List certChains = ((PrivateCredentials) managerFactoryParameters).getCertChains();
        List privateKeys = ((PrivateCredentials) managerFactoryParameters).getPrivateKeys();
        int i = 0;
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        Iterator it = certChains.iterator();
        Iterator it2 = privateKeys.iterator();
        while (it.hasNext() && it2.hasNext()) {
            hashMap.put(String.valueOf(i), it.next());
            hashMap2.put(String.valueOf(i), it2.next());
            i++;
        }
        this.current = new Manager(this, hashMap2, hashMap);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.KeyManagerFactorySpi
    public void engineInit(KeyStore keyStore, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        java.security.cert.Certificate[] certificateChain;
        if (keyStore == null) {
            String property = Util.getProperty("javax.net.ssl.keyStoreType");
            if (property == null) {
                property = KeyStore.getDefaultType();
            }
            keyStore = KeyStore.getInstance(property);
            String property2 = Util.getProperty("javax.net.ssl.keyStore");
            if (property2 == null) {
                return;
            }
            String property3 = Util.getProperty("javax.net.ssl.keyStorePassword");
            try {
                keyStore.load(new FileInputStream(property2), property3 != null ? property3.toCharArray() : null);
            } catch (IOException e) {
                throw new KeyStoreException(e.toString());
            } catch (CertificateException e2) {
                throw new KeyStoreException(e2.toString());
            }
        }
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        Enumeration<String> aliases = keyStore.aliases();
        UnrecoverableKeyException unrecoverableKeyException = null;
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isKeyEntry(nextElement) && (certificateChain = keyStore.getCertificateChain(nextElement)) != null && certificateChain.length > 0 && (certificateChain[0] instanceof X509Certificate)) {
                X509Certificate[] x509Chain = toX509Chain(certificateChain);
                try {
                    PrivateKey privateKey = (PrivateKey) keyStore.getKey(nextElement, cArr);
                    if (privateKey != null) {
                        hashMap.put(nextElement, privateKey);
                        hashMap2.put(nextElement, x509Chain);
                    }
                } catch (UnrecoverableKeyException e3) {
                    unrecoverableKeyException = e3;
                }
            }
        }
        if (!hashMap.isEmpty() || !hashMap2.isEmpty()) {
            this.current = new Manager(this, hashMap, hashMap2);
        } else {
            if (unrecoverableKeyException == null) {
                throw new KeyStoreException("no private credentials found");
            }
            throw unrecoverableKeyException;
        }
    }

    private static X509Certificate[] toX509Chain(java.security.cert.Certificate[] certificateArr) {
        if (certificateArr instanceof X509Certificate[]) {
            return (X509Certificate[]) certificateArr;
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
        for (int i = 0; i < certificateArr.length; i++) {
            x509CertificateArr[i] = (X509Certificate) certificateArr[i];
        }
        return x509CertificateArr;
    }
}
