package de.betterform.connector.http.ssl;

import java.io.IOException;
import java.io.InputStream;
import java.net.Socket;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Vector;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509KeyManager;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:WEB-INF/lib/betterform-exist-5.1-SNAPSHOT-20160615.jar:de/betterform/connector/http/ssl/BetterFORMKeyStoreManager.class */
public class BetterFORMKeyStoreManager implements X509KeyManager {
    private static Log LOGGER = LogFactory.getLog(BetterFORMKeyStoreManager.class);
    private Vector<X509KeyManager> customX509KeyManagers;
    private X509KeyManager javaDefaultKeyManager;

    public BetterFORMKeyStoreManager() throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        initBetterFORMKeyStoreManager();
    }

    private void initBetterFORMKeyStoreManager() throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        this.customX509KeyManagers = new Vector<>();
        this.javaDefaultKeyManager = getJavaDefaultKeyManager();
    }

    public void addCustomX509KeyManager(URL url, String str) throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException, UnrecoverableKeyException {
        X509KeyManager customX509KeyManager = getCustomX509KeyManager(url, str);
        if (customX509KeyManager != null) {
            this.customX509KeyManagers.add(customX509KeyManager);
        } else {
            LOGGER.warn("BetterFORMKeyStoreManager.addCustomX509KeyManager: Keystore: " + url.getFile() + " not usable!");
        }
    }

    private X509KeyManager getCustomX509KeyManager(URL url, String str) throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException, UnrecoverableKeyException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        if (url == null) {
            throw new IllegalArgumentException("BetterFORMKeyStoreManager: Keystore url may not be null");
        }
        LOGGER.debug("BetterFORMKeyStoreManager: initializing custom key store");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        InputStream inputStream = null;
        try {
            inputStream = url.openStream();
            keyStore.load(inputStream, str != null ? str.toCharArray() : null);
            if (inputStream != null) {
                inputStream.close();
            }
            if (LOGGER.isTraceEnabled()) {
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    LOGGER.trace("Trusted certificate '" + nextElement + "':");
                    Certificate certificate = keyStore.getCertificate(nextElement);
                    if (certificate != null && (certificate instanceof X509Certificate)) {
                        X509Certificate x509Certificate = (X509Certificate) certificate;
                        LOGGER.trace("  Subject DN: " + x509Certificate.getSubjectDN());
                        LOGGER.trace("  Signature Algorithm: " + x509Certificate.getSigAlgName());
                        LOGGER.trace("  Valid from: " + x509Certificate.getNotBefore());
                        LOGGER.trace("  Valid until: " + x509Certificate.getNotAfter());
                        LOGGER.trace("  Issuer: " + x509Certificate.getIssuerDN());
                    }
                }
            }
            keyManagerFactory.init(keyStore, str.toCharArray());
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            if (keyManagers == null || keyManagers.length <= 0) {
                return null;
            }
            for (int i = 0; i < keyManagers.length; i++) {
                if (keyManagers[i] instanceof X509KeyManager) {
                    return (X509KeyManager) keyManagers[i];
                }
            }
            return null;
        } catch (Throwable th) {
            if (inputStream != null) {
                inputStream.close();
            }
            throw th;
        }
    }

    private X509KeyManager getJavaDefaultKeyManager() throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(null, null);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (keyManagers != null && keyManagers.length > 0) {
            for (int i = 0; i < keyManagers.length; i++) {
                if (keyManagers[i] instanceof X509KeyManager) {
                    return (X509KeyManager) keyManagers[i];
                }
            }
        }
        LOGGER.warn("BetterFORMKeyStoreManager: No key managers available for default algorithm.");
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        Iterator<X509KeyManager> it = this.customX509KeyManagers.iterator();
        while (it.hasNext()) {
            X509KeyManager next = it.next();
            if (next.chooseClientAlias(strArr, principalArr, socket) != null) {
                LOGGER.trace("BetterFORMKeyStoreManager.chooseClientAlias: Found client alias in custom keystore: " + next.toString());
                return next.chooseClientAlias(strArr, principalArr, socket);
            }
        }
        return this.javaDefaultKeyManager.chooseClientAlias(strArr, principalArr, socket);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        Iterator<X509KeyManager> it = this.customX509KeyManagers.iterator();
        while (it.hasNext()) {
            X509KeyManager next = it.next();
            if (next.chooseServerAlias(str, principalArr, socket) != null) {
                LOGGER.trace("BetterFORMKeyStoreManager.chooseServerAlias: Found server alias in custom keystore: " + next.toString());
                return next.chooseServerAlias(str, principalArr, socket);
            }
        }
        return this.javaDefaultKeyManager.chooseServerAlias(str, principalArr, socket);
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        Iterator<X509KeyManager> it = this.customX509KeyManagers.iterator();
        while (it.hasNext()) {
            X509KeyManager next = it.next();
            X509Certificate[] certificateChain = next.getCertificateChain(str);
            if (certificateChain != null && certificateChain.length > 0) {
                LOGGER.trace("BetterFORMKeyStoreManager.getCertificateChain: Certificate chain found for " + str + " in custom keystore: " + next.toString());
                return next.getCertificateChain(str);
            }
        }
        return this.javaDefaultKeyManager.getCertificateChain(str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        String[] strArr = null;
        Iterator<X509KeyManager> it = this.customX509KeyManagers.iterator();
        while (it.hasNext()) {
            strArr = (String[]) ArrayUtils.addAll(strArr, it.next().getClientAliases(str, principalArr));
        }
        return (String[]) ArrayUtils.addAll(strArr, this.javaDefaultKeyManager.getClientAliases(str, principalArr));
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        Iterator<X509KeyManager> it = this.customX509KeyManagers.iterator();
        while (it.hasNext()) {
            X509KeyManager next = it.next();
            if (next.getPrivateKey(str) != null) {
                LOGGER.trace("BetterFORMKeyStoreManager.getPrivateKey: Private key found for " + str + " in custom keystore: " + next.toString());
                return next.getPrivateKey(str);
            }
        }
        return this.javaDefaultKeyManager.getPrivateKey(str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        String[] strArr = null;
        Iterator<X509KeyManager> it = this.customX509KeyManagers.iterator();
        while (it.hasNext()) {
            strArr = (String[]) ArrayUtils.addAll(strArr, it.next().getServerAliases(str, principalArr));
        }
        return (String[]) ArrayUtils.addAll(strArr, this.javaDefaultKeyManager.getServerAliases(str, principalArr));
    }
}
