package arc.network.secure;

import java.net.Socket;
import java.security.Key;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.TreeSet;
import javax.net.ssl.X509KeyManager;

/* loaded from: input_file:arc/network/secure/IdentityRepository.class */
public class IdentityRepository implements KeyManagerProvider {
    private final EqualityChecker<X509Certificate> _certificateChecker = new CertificateEquality();
    private final KeyStoreManager _keyStoreManager;
    private X509KeyManager _keyManager;

    /* loaded from: input_file:arc/network/secure/IdentityRepository$DelegatingX509KeyManager.class */
    private static class DelegatingX509KeyManager implements X509KeyManager {
        private final KeyStoreManager _keyStoreManager;

        public DelegatingX509KeyManager(KeyStoreManager keyStoreManager) {
            this._keyStoreManager = keyStoreManager;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return this._keyStoreManager.keyManager().getClientAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return this._keyStoreManager.keyManager().chooseClientAlias(strArr, principalArr, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return this._keyStoreManager.keyManager().getServerAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return this._keyStoreManager.keyManager().chooseServerAlias(str, principalArr, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this._keyStoreManager.keyManager().getCertificateChain(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this._keyStoreManager.keyManager().getPrivateKey(str);
        }
    }

    public IdentityRepository(KeyStoreManager keyStoreManager) {
        this._keyStoreManager = keyStoreManager;
        this._keyManager = new DelegatingX509KeyManager(this._keyStoreManager);
    }

    @Override // arc.network.secure.KeyManagerProvider
    public X509KeyManager keyManager() {
        return this._keyManager;
    }

    @Override // arc.network.secure.KeyManagerProvider
    public boolean isEmpty() {
        return !this._keyStoreManager.hasPrivateKeys();
    }

    public Key defaultEncryptionKey() {
        Enumeration<String> aliases = this._keyStoreManager.aliases();
        while (aliases.hasMoreElements()) {
            KeyStore.Entry findEntry = this._keyStoreManager.findEntry(aliases.nextElement());
            if (findEntry instanceof KeyStore.PrivateKeyEntry) {
                return ((KeyStore.PrivateKeyEntry) findEntry).getPrivateKey();
            }
        }
        return null;
    }

    public X509Certificate defaultCertificate() {
        SecureIdentity firstIdentity = firstIdentity();
        if (firstIdentity == null) {
            return null;
        }
        return firstIdentity.certificate();
    }

    public SecureIdentity firstIdentity() {
        Enumeration<String> aliases = this._keyStoreManager.aliases();
        if (aliases.hasMoreElements()) {
            return identity(aliases.nextElement());
        }
        return null;
    }

    public SecureIdentity identity(String str) {
        return createIdentity(str, getKeyEntry(str));
    }

    public SecureIdentity findMatching(Key key, X509Certificate[] x509CertificateArr) {
        String findMatchingEntry = findMatchingEntry(key, x509CertificateArr);
        if (findMatchingEntry == null) {
            return null;
        }
        return createIdentity(findMatchingEntry, getKeyEntry(findMatchingEntry));
    }

    public Collection<SecureIdentity> identities() {
        TreeSet treeSet = new TreeSet();
        Enumeration<String> aliases = this._keyStoreManager.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            KeyStore.Entry findEntry = this._keyStoreManager.findEntry(nextElement);
            if (findEntry instanceof KeyStore.PrivateKeyEntry) {
                treeSet.add(createIdentity(nextElement, (KeyStore.PrivateKeyEntry) findEntry));
            }
        }
        return treeSet;
    }

    public SecureIdentity add(Key key, X509Certificate[] x509CertificateArr, boolean z) {
        if (z) {
            CertificateUtil.validateCertificate(x509CertificateArr);
        }
        String findMatchingEntry = findMatchingEntry(key, x509CertificateArr);
        if (findMatchingEntry != null) {
            throw new ExIdentityAlreadyExists(findMatchingEntry);
        }
        String allocateNextAlias = this._keyStoreManager.allocateNextAlias();
        KeyStore.PrivateKeyEntry createKeyEntry = createKeyEntry(key, x509CertificateArr);
        this._keyStoreManager.setPrivateKeyEntry(allocateNextAlias, createKeyEntry);
        try {
            this._keyStoreManager.save();
            return createIdentity(allocateNextAlias, createKeyEntry);
        } catch (RuntimeException e) {
            this._keyStoreManager.deleteEntry(allocateNextAlias);
            throw e;
        }
    }

    public SecureIdentity replace(String str, Key key, X509Certificate[] x509CertificateArr, boolean z) {
        if (z) {
            CertificateUtil.validateCertificate(x509CertificateArr);
        }
        KeyStore.PrivateKeyEntry keyEntry = getKeyEntry(str);
        if (keyEntry == null) {
            throw new ExIdentityNotFound(str);
        }
        KeyStore.PrivateKeyEntry createKeyEntry = createKeyEntry(key, x509CertificateArr);
        this._keyStoreManager.setPrivateKeyEntry(str, createKeyEntry);
        try {
            this._keyStoreManager.save();
            return createIdentity(str, createKeyEntry);
        } catch (RuntimeException e) {
            this._keyStoreManager.setPrivateKeyEntry(str, keyEntry);
            throw e;
        }
    }

    public SecureIdentity replaceMatching(Key key, X509Certificate[] x509CertificateArr, boolean z) {
        SecureIdentity findMatching = findMatching(key, x509CertificateArr);
        if (findMatching == null) {
            throw new ExIdentityNotFound(x509CertificateArr[0]);
        }
        return replace(findMatching.id(), findMatching.key(), findMatching.certificateChain(), z);
    }

    public void remove(String str) {
        KeyStore.PrivateKeyEntry keyEntry = getKeyEntry(str);
        this._keyStoreManager.deleteEntry(str);
        try {
            this._keyStoreManager.save();
        } catch (RuntimeException e) {
            this._keyStoreManager.setPrivateKeyEntry(str, keyEntry);
            throw e;
        }
    }

    private SecureIdentity createIdentity(String str, KeyStore.PrivateKeyEntry privateKeyEntry) {
        PrivateKey privateKey = privateKeyEntry.getPrivateKey();
        X509Certificate[] asX509CertificateChain = CertificateUtil.asX509CertificateChain(privateKeyEntry.getCertificateChain());
        return new DefaultSecureIdentity(str, CertificateUtil.contextFor(asX509CertificateChain), privateKey, asX509CertificateChain);
    }

    private KeyStore.PrivateKeyEntry createKeyEntry(Key key, X509Certificate[] x509CertificateArr) {
        return new KeyStore.PrivateKeyEntry((PrivateKey) key, x509CertificateArr);
    }

    private KeyStore.PrivateKeyEntry getKeyEntry(String str) {
        KeyStore.Entry findEntry = this._keyStoreManager.findEntry(str);
        if (findEntry == null) {
            throw new ExIdentityNotFound(str);
        }
        if (findEntry instanceof KeyStore.PrivateKeyEntry) {
            return (KeyStore.PrivateKeyEntry) findEntry;
        }
        throw new ExIdentityInvalidType(str, findEntry);
    }

    private String findMatchingEntry(Key key, X509Certificate[] x509CertificateArr) {
        X509Certificate x509Certificate = x509CertificateArr[0];
        ArrayList arrayList = new ArrayList();
        Enumeration<String> aliases = this._keyStoreManager.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            X509Certificate findCertificate = this._keyStoreManager.findCertificate(nextElement);
            if (findCertificate != null && this._certificateChecker.equals(findCertificate, x509Certificate)) {
                arrayList.add(nextElement);
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        if (arrayList.size() > 1) {
            throw new ExIdentityMultipleFound(arrayList);
        }
        return (String) arrayList.get(0);
    }
}
