package org.forgerock.opendj.ldap;

import java.io.FileInputStream;
import java.io.IOException;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import org.forgerock.util.Reject;
import org.opends.server.util.CertificateManager;

/* loaded from: input_file:org/forgerock/opendj/ldap/KeyManagers.class */
public final class KeyManagers {
    private static final String KEY_STORE_PROVIDER = "javax.net.ssl.keyStoreProvider";
    private static final String KEY_STORE_TYPE = "javax.net.ssl.keyStoreType";
    private static final String KEY_STORE_FILE = "javax.net.ssl.keyStore";
    private static final String KEY_STORE_PASSWORD = "javax.net.ssl.keyStorePassword";
    private static volatile X509KeyManager jvmKeyManager;

    /* loaded from: input_file:org/forgerock/opendj/ldap/KeyManagers$SelectCertificate.class */
    private static final class SelectCertificate extends X509ExtendedKeyManager {
        private final String alias;
        private final X509KeyManager keyManager;

        private SelectCertificate(X509KeyManager x509KeyManager, String str) {
            this.keyManager = x509KeyManager;
            this.alias = str;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            for (String str : strArr) {
                String[] clientAliases = this.keyManager.getClientAliases(str, principalArr);
                if (clientAliases != null) {
                    for (String str2 : clientAliases) {
                        if (str2.equals(this.alias)) {
                            return this.alias;
                        }
                    }
                }
            }
            return null;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
            for (String str : strArr) {
                String[] clientAliases = this.keyManager.getClientAliases(str, principalArr);
                if (clientAliases != null) {
                    for (String str2 : clientAliases) {
                        if (str2.equals(this.alias)) {
                            return this.alias;
                        }
                    }
                }
            }
            return null;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
            String[] serverAliases = this.keyManager.getServerAliases(str, principalArr);
            if (serverAliases == null) {
                return null;
            }
            for (String str2 : serverAliases) {
                if (str2.equalsIgnoreCase(this.alias)) {
                    return str2;
                }
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            String[] serverAliases = this.keyManager.getServerAliases(str, principalArr);
            if (serverAliases == null) {
                return null;
            }
            for (String str2 : serverAliases) {
                if (str2.equals(this.alias)) {
                    return this.alias;
                }
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.keyManager.getCertificateChain(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return this.keyManager.getClientAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.keyManager.getPrivateKey(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return this.keyManager.getServerAliases(str, principalArr);
        }
    }

    public static X509KeyManager useKeyStoreFile(String str) throws GeneralSecurityException, IOException {
        return useKeyStoreFile(str, null, null);
    }

    public static X509KeyManager useKeyStoreFile(String str, char[] cArr, String str2) throws GeneralSecurityException, IOException {
        return useKeyStoreFile(str, cArr, str2, null);
    }

    public static X509KeyManager useKeyStoreFile(String str, char[] cArr, String str2, String str3) throws GeneralSecurityException, IOException {
        Reject.ifNull(str);
        String defaultType = str2 != null ? str2 : KeyStore.getDefaultType();
        KeyStore keyStore = str3 != null ? KeyStore.getInstance(defaultType, str3) : KeyStore.getInstance(defaultType);
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            keyStore.load(fileInputStream, cArr);
            fileInputStream.close();
            return getX509KeyManager(keyStore, cArr);
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static X509KeyManager usePKCS11Token(char[] cArr) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(CertificateManager.KEY_STORE_TYPE_PKCS11);
        keyStore.load(null, cArr);
        return getX509KeyManager(keyStore, cArr);
    }

    private static X509KeyManager getX509KeyManager(KeyStore keyStore, char[] cArr) throws GeneralSecurityException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, cArr);
        for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new NoSuchAlgorithmException();
    }

    public static X509KeyManager useJvmDefaultKeyStore() throws GeneralSecurityException, IOException {
        String property;
        if (jvmKeyManager == null && (property = System.getProperty("javax.net.ssl.keyStore")) != null) {
            synchronized (KeyManagers.class) {
                if (jvmKeyManager == null) {
                    String property2 = System.getProperty("javax.net.ssl.keyStoreProvider");
                    String property3 = System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType());
                    String property4 = System.getProperty("javax.net.ssl.keyStorePassword");
                    jvmKeyManager = useKeyStoreFile(property, property4 != null ? property4.toCharArray() : null, property3, property2);
                }
            }
        }
        return jvmKeyManager;
    }

    public static X509KeyManager useSingleCertificate(String str, X509KeyManager x509KeyManager) {
        Reject.ifNull(str, x509KeyManager);
        return new SelectCertificate(x509KeyManager, str);
    }

    private KeyManagers() {
    }
}
