package com.unboundid.util.ssl;

import com.unboundid.ldap.sdk.DN;
import com.unboundid.util.CryptoHelper;
import com.unboundid.util.Debug;
import com.unboundid.util.DebugType;
import com.unboundid.util.NotMutable;
import com.unboundid.util.NotNull;
import com.unboundid.util.Nullable;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.Validator;
import com.unboundid.util.ssl.cert.CertException;
import com.unboundid.util.ssl.cert.PKCS8PEMFileReader;
import com.unboundid.util.ssl.cert.PKCS8PrivateKey;
import java.io.File;
import java.io.IOException;
import java.io.Serializable;
import java.net.Socket;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.logging.Level;
import javax.net.ssl.X509KeyManager;

@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
@NotMutable
/* loaded from: input_file:com/unboundid/util/ssl/PEMFileKeyManager.class */
public final class PEMFileKeyManager implements X509KeyManager, Serializable {
    private static final long serialVersionUID = 1973401278035832777L;

    @NotNull
    private static final String ALIAS_FINGERPRINT_ALGORITHM = "SHA-256";

    @NotNull
    private final X509Certificate[] certificateChain;

    @NotNull
    private final PrivateKey privateKey;

    @NotNull
    private final String alias;

    public PEMFileKeyManager(@NotNull File file, @NotNull File file2) throws KeyStoreException {
        this((List<File>) Collections.singletonList(file), file2);
    }

    public PEMFileKeyManager(@NotNull File[] fileArr, @NotNull File file) throws KeyStoreException {
        this((List<File>) StaticUtils.toList(fileArr), file);
    }

    public PEMFileKeyManager(@NotNull List<File> list, @NotNull File file) throws KeyStoreException {
        Validator.ensureNotNullWithMessage(list, "PEMFileKeyManager.certificateChainPEMFiles must not be null.");
        Validator.ensureFalse(list.isEmpty(), "PEMFileKeyManager.certificateChainPEMFiles must not be empty.");
        Validator.ensureNotNullWithMessage(file, "PEMFileKeyManager.privateKeyPEMFile must not be null.");
        this.certificateChain = readCertificateChain(list);
        this.privateKey = readPrivateKey(file);
        try {
            this.alias = StaticUtils.toHex(CryptoHelper.getMessageDigest("SHA-256").digest(this.certificateChain[0].getEncoded()));
        } catch (Exception e) {
            Debug.debugException(e);
            throw new KeyStoreException(SSLMessages.ERR_PEM_FILE_KEY_MANAGER_CANNOT_COMPUTE_ALIAS.get("SHA-256", StaticUtils.getExceptionMessage(e)), e);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:29:0x0066, code lost:
    
        if (r13 != false) goto L28;
     */
    /* JADX WARN: Code restructure failed: missing block: B:31:0x0112, code lost:
    
        if (r0 == null) goto L75;
     */
    /* JADX WARN: Code restructure failed: missing block: B:33:0x0117, code lost:
    
        if (0 == 0) goto L35;
     */
    /* JADX WARN: Code restructure failed: missing block: B:34:0x012e, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:38:0x011a, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:41:0x0122, code lost:
    
        r16 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:42:0x0124, code lost:
    
        r0.addSuppressed(r16);
     */
    /* JADX WARN: Code restructure failed: missing block: B:47:0x0082, code lost:
    
        throw new java.security.KeyStoreException(com.unboundid.util.ssl.SSLMessages.ERR_PEM_FILE_KEY_MANAGER_EMPTY_CERT_FILE.get(r0.getAbsolutePath()));
     */
    @com.unboundid.util.NotNull
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.security.cert.X509Certificate[] readCertificateChain(@com.unboundid.util.NotNull java.util.List<java.io.File> r8) throws java.security.KeyStoreException {
        /*
            Method dump skipped, instructions count: 482
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.unboundid.util.ssl.PEMFileKeyManager.readCertificateChain(java.util.List):java.security.cert.X509Certificate[]");
    }

    @NotNull
    private static PrivateKey readPrivateKey(@NotNull File file) throws KeyStoreException {
        if (!file.exists()) {
            throw new KeyStoreException(SSLMessages.ERR_PEM_FILE_KEY_MANAGER_NO_SUCH_KEY_FILE.get(file.getAbsolutePath()));
        }
        try {
            PKCS8PEMFileReader pKCS8PEMFileReader = new PKCS8PEMFileReader(file);
            Throwable th = null;
            try {
                PKCS8PrivateKey readPrivateKey = pKCS8PEMFileReader.readPrivateKey();
                if (readPrivateKey == null) {
                    throw new KeyStoreException(SSLMessages.ERR_PEM_FILE_KEY_MANAGER_EMPTY_KEY_FILE.get(file.getAbsolutePath()));
                }
                if (pKCS8PEMFileReader.readPrivateKey() != null) {
                    throw new KeyStoreException(SSLMessages.ERR_PEM_FILE_KEY_MANAGER_MULTIPLE_KEYS_IN_FILE.get(file.getAbsolutePath()));
                }
                try {
                    PrivateKey privateKey = readPrivateKey.toPrivateKey();
                    if (pKCS8PEMFileReader != null) {
                        if (0 != 0) {
                            try {
                                pKCS8PEMFileReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            pKCS8PEMFileReader.close();
                        }
                    }
                    return privateKey;
                } catch (Exception e) {
                    Debug.debugException(e);
                    throw new KeyStoreException(SSLMessages.ERR_PEM_FILE_KEY_MANAGER_CANNOT_DECODE_KEY.get(file.getAbsolutePath(), StaticUtils.getExceptionMessage(e)), e);
                }
            } catch (Throwable th3) {
                if (pKCS8PEMFileReader != null) {
                    if (0 != 0) {
                        try {
                            pKCS8PEMFileReader.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        pKCS8PEMFileReader.close();
                    }
                }
                throw th3;
            }
        } catch (CertException e2) {
            Debug.debugException(e2);
            throw new KeyStoreException(SSLMessages.ERR_PEM_FILE_KEY_MANAGER_ERROR_READING_KEY.get(file.getAbsolutePath(), e2.getMessage()), e2);
        } catch (IOException e3) {
            Debug.debugException(e3);
            throw new KeyStoreException(SSLMessages.ERR_PEM_FILE_KEY_MANAGER_ERROR_READING_FROM_FILE.get(file.getAbsolutePath(), StaticUtils.getExceptionMessage(e3)), e3);
        } catch (KeyStoreException e4) {
            Debug.debugException(e4);
            throw e4;
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    @Nullable
    public String[] getClientAliases(@Nullable String str, @Nullable Principal[] principalArr) {
        return getAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    @Nullable
    public String[] getServerAliases(@Nullable String str, @Nullable Principal[] principalArr) {
        return getAliases(str, principalArr);
    }

    @Nullable
    private String[] getAliases(@Nullable String str, @Nullable Principal[] principalArr) {
        if (!hasKeyType(str)) {
            Debug.debug(Level.WARNING, DebugType.OTHER, "PEMFileKeyManager.getAliases returning null because the requested keyType is '" + str + "' but the private key uses an algorithm of '" + this.privateKey.getAlgorithm() + "'.");
            return null;
        }
        if (hasAnyIssuer(principalArr)) {
            return new String[]{this.alias};
        }
        Debug.debug(Level.WARNING, DebugType.OTHER, "PEMFileKeyManager.getAliases returning null because certificate chain " + Arrays.toString(this.certificateChain) + " does not use any of the allowed issuers " + Arrays.toString(principalArr));
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    @Nullable
    public String chooseClientAlias(@Nullable String[] strArr, @Nullable Principal[] principalArr, @Nullable Socket socket) {
        return chooseAlias(strArr, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    @Nullable
    public String chooseServerAlias(@Nullable String str, @Nullable Principal[] principalArr, @Nullable Socket socket) {
        return str == null ? chooseAlias(null, principalArr) : chooseAlias(new String[]{str}, principalArr);
    }

    @Nullable
    public String chooseAlias(@Nullable String[] strArr, @Nullable Principal[] principalArr) {
        if (strArr != null && strArr.length > 0) {
            boolean z = false;
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (hasKeyType(strArr[i])) {
                    z = true;
                    break;
                }
                i++;
            }
            if (!z) {
                Debug.debug(Level.WARNING, DebugType.OTHER, "PEMFileKeyManager.chooseAlias returning null because certificate chain " + Arrays.toString(this.certificateChain) + " uses a key type of " + this.privateKey.getAlgorithm() + ", which does not match any of the allowed key types of " + Arrays.toString(strArr));
                return null;
            }
        }
        if (hasAnyIssuer(principalArr)) {
            return this.alias;
        }
        Debug.debug(Level.WARNING, DebugType.OTHER, "PEMFileKeyManager.chooseAlias returning null because certificate chain " + Arrays.toString(this.certificateChain) + " does not use any of the allowed issuers " + Arrays.toString(principalArr));
        return null;
    }

    private boolean hasKeyType(@Nullable String str) {
        return str == null || this.privateKey.getAlgorithm().equalsIgnoreCase(str);
    }

    private boolean hasAnyIssuer(@Nullable Principal[] principalArr) {
        if (principalArr == null || principalArr.length == 0) {
            return true;
        }
        for (Principal principal : principalArr) {
            String principal2 = principal.toString();
            for (X509Certificate x509Certificate : this.certificateChain) {
                try {
                } catch (Exception e) {
                    Debug.debugException(e);
                }
                if (DN.equals(x509Certificate.getIssuerDN().toString(), principal2)) {
                    return true;
                }
            }
        }
        String principal3 = this.certificateChain[0].getSubjectDN().toString();
        for (Principal principal4 : principalArr) {
            try {
            } catch (Exception e2) {
                Debug.debugException(e2);
            }
            if (DN.equals(principal3, principal4.toString())) {
                return true;
            }
        }
        return false;
    }

    @Override // javax.net.ssl.X509KeyManager
    @NotNull
    public X509Certificate[] getCertificateChain(@Nullable String str) {
        return (X509Certificate[]) Arrays.copyOf(this.certificateChain, this.certificateChain.length);
    }

    @Override // javax.net.ssl.X509KeyManager
    @NotNull
    public PrivateKey getPrivateKey(@Nullable String str) {
        return this.privateKey;
    }
}
