package com.appiancorp.security.ssl;

import com.appiancorp.security.ssl.CertificateData;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509KeyManager;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/appiancorp/security/ssl/ServiceBackedKeyManager.class */
public class ServiceBackedKeyManager implements X509KeyManager {
    private static Logger LOG = Logger.getLogger(ServiceBackedKeyManager.class);
    private static final String DEFAULT_KEY_MANAGER_ERROR_MESSAGE = "Default key manager failed.";
    private X509KeyManager fallbackKeyManager;
    private ClientAndTrustedCertificateService clientAndTrustedCertificateService;

    public ServiceBackedKeyManager(ClientAndTrustedCertificateService clientAndTrustedCertificateService) {
        this.clientAndTrustedCertificateService = clientAndTrustedCertificateService;
    }

    public X509KeyManager getOrCreateJVMDefaultKeyManager() throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException, UnrecoverableKeyException {
        if (this.fallbackKeyManager != null) {
            return this.fallbackKeyManager;
        }
        String property = System.getProperty("javax.net.ssl.keyStore");
        FileInputStream fileInputStream = null;
        if (StringUtils.isNotEmpty(property)) {
            fileInputStream = new FileInputStream(new File(property));
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance("jks");
        String property2 = System.getProperty("javax.net.ssl.keyStorePassword");
        keyStore.load(fileInputStream, property2 != null ? property2.toCharArray() : null);
        keyManagerFactory.init(keyStore, property2 != null ? property2.toCharArray() : "".toCharArray());
        return (X509KeyManager) keyManagerFactory.getKeyManagers()[0];
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        String[] aliases = this.clientAndTrustedCertificateService.getAliases(strArr, principalArr);
        String str = ArrayUtils.isEmpty(aliases) ? "" : aliases[0];
        if (StringUtils.isEmpty(str)) {
            try {
                str = getOrCreateJVMDefaultKeyManager().chooseClientAlias(strArr, principalArr, socket);
            } catch (Exception e) {
                LOG.warn(DEFAULT_KEY_MANAGER_ERROR_MESSAGE, e);
            }
        }
        return str;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        String[] aliases = this.clientAndTrustedCertificateService.getAliases(new String[]{str}, principalArr);
        if (ArrayUtils.isEmpty(aliases)) {
            try {
                return getOrCreateJVMDefaultKeyManager().getClientAliases(str, principalArr);
            } catch (Exception e) {
                LOG.warn(DEFAULT_KEY_MANAGER_ERROR_MESSAGE, e);
            }
        }
        return aliases;
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        X509Certificate[] certificateChain = this.clientAndTrustedCertificateService.getCertificateChain(str, CertificateData.CertificateType.CLIENT);
        if (ArrayUtils.isEmpty(certificateChain)) {
            try {
                certificateChain = getOrCreateJVMDefaultKeyManager().getCertificateChain(str);
            } catch (Exception e) {
                LOG.warn(DEFAULT_KEY_MANAGER_ERROR_MESSAGE, e);
            }
        }
        return certificateChain;
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        PrivateKey privateKey = null;
        try {
            privateKey = this.clientAndTrustedCertificateService.getPrivateKey(str);
            if (privateKey == null) {
                try {
                    privateKey = getOrCreateJVMDefaultKeyManager().getPrivateKey(str);
                } catch (Exception e) {
                    LOG.warn(DEFAULT_KEY_MANAGER_ERROR_MESSAGE, e);
                }
            }
        } catch (Exception e2) {
            LOG.warn(String.format("Failed to retrieve PrivateKey for [alias=%s]", str), e2);
        }
        return privateKey;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        throw new UnsupportedOperationException();
    }
}
