package com.unboundid.util.ssl;

import com.unboundid.util.CryptoHelper;
import com.unboundid.util.Debug;
import com.unboundid.util.NotMutable;
import com.unboundid.util.NotNull;
import com.unboundid.util.Nullable;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.Validator;
import java.io.File;
import java.io.FileInputStream;
import java.io.Serializable;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;

@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
@NotMutable
/* loaded from: input_file:BOOT-INF/lib/unboundid-ldapsdk-6.0.8.jar:com/unboundid/util/ssl/KeyStoreKeyManager.class */
public final class KeyStoreKeyManager extends WrapperKeyManager implements Serializable {
    private static final long serialVersionUID = -5202641256733094253L;

    @NotNull
    private final String keyStoreFile;

    @NotNull
    private final String keyStoreFormat;

    public KeyStoreKeyManager(@NotNull File file, @Nullable char[] cArr) throws KeyStoreException {
        this(file.getAbsolutePath(), cArr, (String) null, (String) null);
    }

    public KeyStoreKeyManager(@NotNull String str, @Nullable char[] cArr) throws KeyStoreException {
        this(str, cArr, (String) null, (String) null);
    }

    public KeyStoreKeyManager(@NotNull File file, @Nullable char[] cArr, @Nullable String str, @Nullable String str2) throws KeyStoreException {
        this(file.getAbsolutePath(), cArr, str, str2);
    }

    public KeyStoreKeyManager(@NotNull String str, @Nullable char[] cArr, @Nullable String str2, @Nullable String str3) throws KeyStoreException {
        this(str, cArr, str2, str3, false);
    }

    public KeyStoreKeyManager(@NotNull File file, @Nullable char[] cArr, @Nullable String str, @Nullable String str2, boolean z) throws KeyStoreException {
        this(file.getAbsolutePath(), cArr, str, str2, z);
    }

    public KeyStoreKeyManager(@NotNull String str, @Nullable char[] cArr, @Nullable String str2, @Nullable String str3, boolean z) throws KeyStoreException {
        super(getKeyManagers(str, cArr, str2, str3, z), str3);
        this.keyStoreFile = str;
        if (str2 == null) {
            this.keyStoreFormat = CryptoHelper.getDefaultKeyStoreType();
        } else {
            this.keyStoreFormat = str2;
        }
    }

    @NotNull
    private static KeyManager[] getKeyManagers(@NotNull String str, @Nullable char[] cArr, @Nullable String str2, @Nullable String str3, boolean z) throws KeyStoreException {
        Validator.ensureNotNull(str);
        String str4 = str2;
        if (str4 == null) {
            str4 = CryptoHelper.getDefaultKeyStoreType();
        }
        File file = new File(str);
        if (!file.exists()) {
            throw new KeyStoreException(SSLMessages.ERR_KEYSTORE_NO_SUCH_FILE.get(str));
        }
        KeyStore keyStore = CryptoHelper.getKeyStore(str4);
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(file);
                keyStore.load(fileInputStream, cArr);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e) {
                        Debug.debugException(e);
                    }
                }
                if (z) {
                    validateKeyStore(keyStore, file, cArr, str3);
                }
                try {
                    KeyManagerFactory keyManagerFactory = CryptoHelper.getKeyManagerFactory();
                    keyManagerFactory.init(keyStore, cArr);
                    return keyManagerFactory.getKeyManagers();
                } catch (Exception e2) {
                    Debug.debugException(e2);
                    throw new KeyStoreException(SSLMessages.ERR_KEYSTORE_CANNOT_GET_KEY_MANAGERS.get(str, str2, StaticUtils.getExceptionMessage(e2)), e2);
                }
            } catch (Exception e3) {
                Debug.debugException(e3);
                throw new KeyStoreException(SSLMessages.ERR_KEYSTORE_CANNOT_LOAD.get(str, str4, String.valueOf(e3)), e3);
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (Exception e4) {
                    Debug.debugException(e4);
                }
            }
            throw th;
        }
    }

    private static void validateKeyStore(@NotNull KeyStore keyStore, @NotNull File file, @Nullable char[] cArr, @Nullable String str) throws KeyStoreException {
        KeyStore.PasswordProtection passwordProtection = cArr == null ? null : new KeyStore.PasswordProtection(cArr);
        try {
            if (str != null) {
                if (!keyStore.containsAlias(str)) {
                    throw new KeyStoreException(SSLMessages.ERR_KEYSTORE_NO_ENTRY_WITH_ALIAS.get(file.getAbsolutePath(), str));
                }
                if (!keyStore.isKeyEntry(str)) {
                    throw new KeyStoreException(SSLMessages.ERR_KEYSTORE_ENTRY_NOT_PRIVATE_KEY.get(str, file.getAbsolutePath()));
                }
                ensureAllCertificatesInChainAreValid(str, (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, passwordProtection));
                return;
            }
            StringBuilder sb = new StringBuilder();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement)) {
                    try {
                        ensureAllCertificatesInChainAreValid(nextElement, (KeyStore.PrivateKeyEntry) keyStore.getEntry(nextElement, passwordProtection));
                        return;
                    } catch (Exception e) {
                        Debug.debugException(e);
                        if (sb.length() > 0) {
                            sb.append("  ");
                        }
                        sb.append(e.getMessage());
                    }
                }
            }
            if (sb.length() <= 0) {
                throw new KeyStoreException(SSLMessages.ERR_KEYSTORE_NO_PRIVATE_KEY_ENTRIES.get(file.getAbsolutePath()));
            }
            throw new KeyStoreException(SSLMessages.ERR_KEYSTORE_NO_VALID_PRIVATE_KEY_ENTRIES.get(file.getAbsolutePath(), sb.toString()));
        } catch (KeyStoreException e2) {
            Debug.debugException(e2);
            throw e2;
        } catch (Exception e3) {
            Debug.debugException(e3);
            throw new KeyStoreException(SSLMessages.ERR_KEYSTORE_CANNOT_VALIDATE.get(file.getAbsolutePath(), StaticUtils.getExceptionMessage(e3)), e3);
        }
    }

    private static void ensureAllCertificatesInChainAreValid(@NotNull String str, @NotNull KeyStore.PrivateKeyEntry privateKeyEntry) throws KeyStoreException {
        Date date = new Date();
        for (Certificate certificate : privateKeyEntry.getCertificateChain()) {
            if (certificate instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) certificate;
                if (date.before(x509Certificate.getNotBefore())) {
                    throw new KeyStoreException(SSLMessages.ERR_KEYSTORE_CERT_NOT_YET_VALID.get(str, x509Certificate.getSubjectX500Principal().getName("RFC2253"), String.valueOf(x509Certificate.getNotBefore())));
                }
                if (date.after(x509Certificate.getNotAfter())) {
                    throw new KeyStoreException(SSLMessages.ERR_KEYSTORE_CERT_EXPIRED.get(str, x509Certificate.getSubjectX500Principal().getName("RFC2253"), String.valueOf(x509Certificate.getNotAfter())));
                }
            }
        }
    }

    @NotNull
    public String getKeyStoreFile() {
        return this.keyStoreFile;
    }

    @NotNull
    public String getKeyStoreFormat() {
        return this.keyStoreFormat;
    }
}
