package org.wildfly.security.auth.client;

import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.concurrent.ThreadLocalRandom;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.security.auth.x500.X500Principal;
import org.wildfly.security.credential.X509CertificateChainPrivateCredential;
import org.wildfly.security.x500.X500PrincipalUtil;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:lib/wildfly-elytron-1.1.7.Final.jar:org/wildfly/security/auth/client/ConfigurationKeyManager.class */
public final class ConfigurationKeyManager extends X509ExtendedKeyManager {
    private final Map<String, Map<X500Principal, String>> credentialAliasesByKeyTypeAndIssuer;
    private final Map<String, X509CertificateChainPrivateCredential> credentialsByAlias;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:lib/wildfly-elytron-1.1.7.Final.jar:org/wildfly/security/auth/client/ConfigurationKeyManager$Builder.class */
    public static final class Builder {
        private final Map<String, Map<X500Principal, String>> credentialAliasesByKeyTypeAndIssuer = new HashMap();
        private final Map<String, X509CertificateChainPrivateCredential> credentialsByAlias = new HashMap();

        /* JADX INFO: Access modifiers changed from: package-private */
        public void addCredential(X509CertificateChainPrivateCredential x509CertificateChainPrivateCredential) {
            String randomString;
            PrivateKey privateKey = x509CertificateChainPrivateCredential.getPrivateKey();
            X509Certificate[] certificateChain = x509CertificateChainPrivateCredential.getCertificateChain();
            String algorithm = privateKey.getAlgorithm();
            do {
                randomString = randomString();
            } while (this.credentialsByAlias.containsKey(randomString));
            this.credentialsByAlias.put(randomString, x509CertificateChainPrivateCredential);
            Map<X500Principal, String> map = this.credentialAliasesByKeyTypeAndIssuer.get(algorithm);
            if (map == null) {
                Map<String, Map<X500Principal, String>> map2 = this.credentialAliasesByKeyTypeAndIssuer;
                HashMap hashMap = new HashMap(1);
                map = hashMap;
                map2.put(algorithm, hashMap);
            }
            for (X509Certificate x509Certificate : certificateChain) {
                map.put(x509Certificate.getIssuerX500Principal(), randomString);
            }
        }

        private String randomString() {
            char[] cArr = new char[12];
            ThreadLocalRandom current = ThreadLocalRandom.current();
            for (int i = 0; i < cArr.length; i++) {
                int nextInt = current.nextInt() & 63;
                cArr[i] = (char) (nextInt < 26 ? 65 + nextInt : nextInt < 52 ? (97 + nextInt) - 26 : nextInt == 62 ? 43 : 95);
            }
            return new String(cArr);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ConfigurationKeyManager build() {
            return new ConfigurationKeyManager(this.credentialAliasesByKeyTypeAndIssuer, this.credentialsByAlias);
        }
    }

    ConfigurationKeyManager(Map<String, Map<X500Principal, String>> map, Map<String, X509CertificateChainPrivateCredential> map2) {
        this.credentialAliasesByKeyTypeAndIssuer = map;
        this.credentialsByAlias = map2;
    }

    private String getCredentialAlias(String str, Principal[] principalArr) {
        String str2;
        Map<X500Principal, String> map = this.credentialAliasesByKeyTypeAndIssuer.get(str);
        if (map == null) {
            return null;
        }
        if (principalArr == null) {
            Iterator<String> it = map.values().iterator();
            if (it.hasNext()) {
                return it.next();
            }
            return null;
        }
        for (Principal principal : principalArr) {
            X500Principal asX500Principal = X500PrincipalUtil.asX500Principal(principal);
            if (asX500Principal != null && (str2 = map.get(asX500Principal)) != null) {
                return str2;
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        String str2;
        Map<X500Principal, String> map = this.credentialAliasesByKeyTypeAndIssuer.get(str);
        LinkedHashSet linkedHashSet = null;
        if (map != null) {
            if (principalArr != null) {
                for (Principal principal : principalArr) {
                    X500Principal asX500Principal = X500PrincipalUtil.asX500Principal(principal);
                    if (asX500Principal != null && (str2 = map.get(asX500Principal)) != null) {
                        if (linkedHashSet == null) {
                            linkedHashSet = new LinkedHashSet(3);
                        }
                        linkedHashSet.add(str2);
                    }
                }
            } else {
                for (String str3 : map.values()) {
                    if (str3 != null) {
                        if (linkedHashSet == null) {
                            linkedHashSet = new LinkedHashSet(3);
                        }
                        linkedHashSet.add(str3);
                    }
                }
            }
        }
        if (linkedHashSet == null) {
            return null;
        }
        return (String[]) linkedHashSet.toArray(new String[linkedHashSet.size()]);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        for (String str : strArr) {
            String credentialAlias = getCredentialAlias(str, principalArr);
            if (credentialAlias != null) {
                return credentialAlias;
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        for (String str : strArr) {
            String credentialAlias = getCredentialAlias(str, principalArr);
            if (credentialAlias != null) {
                return credentialAlias;
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        X509CertificateChainPrivateCredential x509CertificateChainPrivateCredential = this.credentialsByAlias.get(str);
        if (x509CertificateChainPrivateCredential == null) {
            return null;
        }
        return x509CertificateChainPrivateCredential.getCertificateChain();
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        X509CertificateChainPrivateCredential x509CertificateChainPrivateCredential = this.credentialsByAlias.get(str);
        if (x509CertificateChainPrivateCredential == null) {
            return null;
        }
        return x509CertificateChainPrivateCredential.getPrivateKey();
    }

    public static Builder builder() {
        return new Builder();
    }
}
