package com.ghc.ssl;

import com.ghc.identity.IdentityObject;
import com.ghc.identity.IdentityStoreResource;
import com.ghc.security.nls.GHMessages;
import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;

/* loaded from: input_file:com/ghc/ssl/SSLKeyManager.class */
public class SSLKeyManager extends X509ExtendedKeyManager {
    private final IdentityStoreResource m_keyStore;
    private final String m_keyAlias;
    private final boolean m_specifyProvided;

    public SSLKeyManager(IdentityStoreResource identityStoreResource, String str, boolean z) {
        this.m_keyStore = identityStoreResource;
        this.m_keyAlias = str;
        this.m_specifyProvided = z;
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseClientAlias(strArr, principalArr, null);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseServerAlias(str, principalArr, null);
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        if (this.m_keyStore == null) {
            throw new IllegalStateException(GHMessages.SSLKeyManager_noKeystoreConfigured);
        }
        IdentityObject identityObject = this.m_keyStore.getIdentityObject(str);
        if (identityObject != null) {
            return identityObject.getCertificateChain();
        }
        throw new IllegalStateException(generateAliasNotFound(str));
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        if (this.m_keyStore == null) {
            throw new IllegalStateException(GHMessages.SSLKeyManager_noKeystoreConfigured);
        }
        IdentityObject identityObject = this.m_keyStore.getIdentityObject(str);
        if (identityObject != null) {
            return (PrivateKey) identityObject.getKey();
        }
        throw new IllegalStateException(generateAliasNotFound(str));
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return this.m_specifyProvided ? new String[]{this.m_keyAlias} : chooseAlias(new String[]{str}, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return this.m_specifyProvided ? new String[]{this.m_keyAlias} : chooseAlias(new String[]{str}, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        if (this.m_specifyProvided) {
            return this.m_keyAlias;
        }
        if (this.m_keyStore == null) {
            throw new IllegalStateException(GHMessages.SSLKeyManager_noClientIdentityStoreConfigured);
        }
        String[] chooseAlias = chooseAlias(strArr, principalArr);
        if (chooseAlias == null || chooseAlias.length <= 0) {
            throw new IllegalStateException(MessageFormat.format(GHMessages.SSLKeyManager_noClientIdentityFound, this.m_keyStore.getName()));
        }
        return chooseAlias[0];
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        if (this.m_specifyProvided) {
            return this.m_keyAlias;
        }
        return null;
    }

    private String[] chooseAlias(String[] strArr, Principal[] principalArr) {
        String substring;
        if (strArr == null || strArr.length == 0) {
            return null;
        }
        List asList = principalArr == null ? null : Arrays.asList(principalArr);
        ArrayList arrayList = new ArrayList();
        Iterator<IdentityObject> identityObjects = this.m_keyStore.getIdentityObjects();
        while (identityObjects.hasNext()) {
            IdentityObject next = identityObjects.next();
            if (next.isPasswordCorrect() && !next.entryType().equals(KeyIdObject.TRUSTED_CERTIFICATE_ENTRY)) {
                String alias = next.getAlias();
                X509Certificate[] certificateChain = next.getCertificateChain();
                X509Certificate x509Certificate = certificateChain[0];
                String algorithm = x509Certificate.getPublicKey().getAlgorithm();
                String upperCase = x509Certificate instanceof X509Certificate ? x509Certificate.getSigAlgName().toUpperCase(Locale.US) : null;
                int length = strArr.length;
                for (int i = 0; i < length; i++) {
                    String str = strArr[i];
                    if (str != null) {
                        int indexOf = str.indexOf(95);
                        if (indexOf == -1) {
                            substring = null;
                        } else {
                            substring = str.substring(indexOf + 1);
                            str = str.substring(0, indexOf);
                        }
                        if (algorithm.equals(str) && (substring == null || upperCase == null || upperCase.contains(substring))) {
                            if (principalArr == null || principalArr.length == 0) {
                                arrayList.add(alias);
                            } else {
                                for (X509Certificate x509Certificate2 : certificateChain) {
                                    if ((x509Certificate2 instanceof X509Certificate) && asList.contains(x509Certificate2.getIssuerX500Principal())) {
                                        arrayList.add(alias);
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private final String generateAliasNotFound(String str) {
        return MessageFormat.format(GHMessages.SSLKeyManager_aliasNotFound, str, this.m_keyStore.getName());
    }
}
