package com.buildforge.services.common.ssl.core;

import com.buildforge.services.common.dbo.MessageDBO;
import com.buildforge.services.common.dbo.UserDBO;
import com.buildforge.services.common.ssl.config.SSLConfig;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;

/* loaded from: input_file:com/buildforge/services/common/ssl/core/BFX509KeyManager.class */
public final class BFX509KeyManager extends X509ExtendedKeyManager {
    private static final Logger log = Logger.getLogger(BFX509KeyManager.class.getName());
    private SSLConfig config;
    private KeyStore ks;
    private KeyManager[] kmList;
    private X509KeyManager km;
    private String clientAlias;
    private String serverAlias;

    public BFX509KeyManager(KeyManagerFactory keyManagerFactory, SSLConfig sSLConfig, KeyStore keyStore) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
        this.config = null;
        this.ks = null;
        this.kmList = null;
        this.km = null;
        this.clientAlias = null;
        this.serverAlias = null;
        this.config = sSLConfig;
        this.clientAlias = this.config.getClientCertAlias();
        this.serverAlias = this.config.getServerCertAlias();
        this.ks = keyStore;
        this.kmList = keyManagerFactory.getKeyManagers();
        if (log.isLoggable(Level.FINE) && this.ks != null) {
            Enumeration<String> aliases = this.ks.aliases();
            while (aliases.hasMoreElements()) {
                log.log(Level.FINE, "Cert in keystore: " + this.ks.getCertificate(aliases.nextElement()));
            }
        }
        if (this.kmList != null) {
            this.km = (X509KeyManager) this.kmList[0];
            if (!log.isLoggable(Level.FINE) || this.km == null) {
                return;
            }
            log.log(Level.FINE, "Key manager: " + this.km.toString());
        }
    }

    public void setClientAlias(String str) throws Exception {
        if (!this.ks.containsAlias(str)) {
            throw new IllegalArgumentException(new MessageDBO(MessageDBO.Severity.WARNING, "SSLCertAliasNotFound", str, this.config.getKeyStoreId()).translate());
        }
        this.clientAlias = str;
    }

    public void setServerAlias(String str) throws Exception {
        if (!this.ks.containsAlias(str)) {
            throw new IllegalArgumentException(new MessageDBO(MessageDBO.Severity.WARNING, "SSLCertAliasNotFound", str, this.config.getKeyStoreId()).translate());
        }
        this.serverAlias = str;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return chooseClientAlias(strArr[0], principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return chooseServerAlias(str, principalArr);
    }

    public String chooseClientAlias(String str, Principal[] principalArr) {
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, "chooseClientAlias", new Object[]{str, principalArr});
        }
        if (this.clientAlias == null || this.clientAlias.equals(UserDBO.UID_SYSTEM)) {
            String chooseClientAlias = this.km.chooseClientAlias(new String[]{str}, principalArr, null);
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Alias returned from default key manager: " + chooseClientAlias);
            }
            if (chooseClientAlias != null) {
                return chooseClientAlias.toLowerCase();
            }
            return null;
        }
        String[] clientAliases = this.km.getClientAliases(str, principalArr);
        String str2 = UserDBO.UID_SYSTEM;
        if (clientAliases != null) {
            boolean z = false;
            for (int i = 0; i < clientAliases.length; i++) {
                str2 = str2 + clientAliases[i] + " ";
                if (this.clientAlias.equalsIgnoreCase(clientAliases[i])) {
                    z = true;
                }
            }
            if (!z) {
                MessageDBO messageDBO = new MessageDBO(MessageDBO.Severity.WARNING, "SSLCertAliasNotFound", this.clientAlias, this.config.getKeyStoreId());
                if (log.isLoggable(Level.WARNING)) {
                    log.log(Level.WARNING, messageDBO.translate());
                }
            }
        }
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, "Alias returned from selection: " + this.clientAlias);
        }
        if (this.clientAlias != null) {
            return this.clientAlias.toLowerCase();
        }
        return null;
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseServerAlias(str, principalArr);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseClientAlias(strArr[0], principalArr);
    }

    public String chooseServerAlias(String str, Principal[] principalArr) {
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, "chooseServerAlias", new Object[]{str, principalArr});
        }
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, "Key type: " + str);
        }
        if (log.isLoggable(Level.FINE) && principalArr != null) {
            for (int i = 0; i < principalArr.length; i++) {
                log.log(Level.FINE, "Issuer[" + i + "]: " + principalArr[i]);
            }
        }
        if (this.serverAlias == null || this.serverAlias.equals(UserDBO.UID_SYSTEM)) {
            String chooseServerAlias = this.km.chooseServerAlias(str, principalArr, null);
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Alias returned from default key manager: " + chooseServerAlias);
            }
            if (chooseServerAlias != null) {
                return chooseServerAlias.toLowerCase();
            }
            return null;
        }
        String[] serverAliases = this.km.getServerAliases(str, principalArr);
        String str2 = UserDBO.UID_SYSTEM;
        if (serverAliases != null) {
            boolean z = false;
            for (int i2 = 0; i2 < serverAliases.length; i2++) {
                str2 = str2 + serverAliases[i2] + " ";
                if (this.serverAlias.equalsIgnoreCase(serverAliases[i2])) {
                    z = true;
                }
            }
            if (!z) {
                MessageDBO messageDBO = new MessageDBO(MessageDBO.Severity.WARNING, "SSLCertAliasNotFound", this.serverAlias, this.config.getKeyStoreId());
                if (log.isLoggable(Level.WARNING)) {
                    log.log(Level.WARNING, messageDBO.translate());
                }
            }
        }
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, "Alias returned from selection: " + this.serverAlias);
        }
        if (this.serverAlias != null) {
            return this.serverAlias.toLowerCase();
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return this.km.getClientAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return this.km.getServerAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        return this.km.getPrivateKey(str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        return this.km.getCertificateChain(str);
    }

    public X509KeyManager getX509KeyManager() {
        return this.km;
    }
}
