package es.gob.afirma.keystores.dnie;

import es.gob.afirma.keystores.AOKeyStore;
import es.gob.afirma.keystores.AOKeyStoreManager;
import es.gob.afirma.keystores.AOKeyStoreManagerFactory;
import es.gob.afirma.keystores.callbacks.NullPasswordCallback;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Logger;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:es/gob/afirma/keystores/dnie/DnieUnifiedKeyStoreManager.class */
public class DnieUnifiedKeyStoreManager extends AOKeyStoreManager {
    private static X509Certificate a;
    private static final List b;
    private final String[] c;
    private static final X500Principal d;
    private final AOKeyStoreManager e;
    private AOKeyStoreManager f;

    public DnieUnifiedKeyStoreManager(AOKeyStoreManager aOKeyStoreManager, Object obj) {
        this.f = null;
        if (aOKeyStoreManager == null) {
            throw new IllegalArgumentException("Es necesario un almacen al que anadir los certificados de DNIe, no puede ser nulo");
        }
        this.e = aOKeyStoreManager;
        boolean z = true;
        String[] aliases = aOKeyStoreManager.getAliases();
        int length = aliases.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (aOKeyStoreManager.getCertificate(aliases[i]).getIssuerX500Principal().equals(d)) {
                z = false;
                break;
            }
            i++;
        }
        if (z) {
            try {
                this.f = AOKeyStoreManagerFactory.getAOKeyStoreManager(AOKeyStore.DNIEJAVA, null, aOKeyStoreManager.getType() + "_PLUS_DNIE", NullPasswordCallback.getInstance(), obj);
            } catch (Exception e) {
                Logger.getLogger("es.gob.afirma").info("No se puede usar DNIe con controlador 100% Java: " + e);
            }
        }
        String[] aliases2 = aOKeyStoreManager.getAliases();
        this.c = new String[aliases2.length + (this.f != null ? 2 : 0)];
        System.arraycopy(aliases2, 0, this.c, 0, aliases2.length);
        if (this.f != null) {
            this.c[this.c.length - 1] = (String) b.get(0);
            this.c[this.c.length - 2] = (String) b.get(1);
        }
    }

    @Override // es.gob.afirma.keystores.AOKeyStoreManager
    public String[] getAliases() {
        return this.c;
    }

    @Override // es.gob.afirma.keystores.AOKeyStoreManager
    public X509Certificate getCertificate(String str) {
        return (!b.contains(str) || this.f == null) ? this.e.getCertificate(str) : this.f.getCertificate(str);
    }

    @Override // es.gob.afirma.keystores.AOKeyStoreManager
    public X509Certificate[] getCertificateChain(String str) {
        if (!b.contains(str) || this.f == null) {
            return this.e.getCertificateChain(str);
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[2];
        X509Certificate[] certificateChain = this.f.getCertificateChain(str);
        x509CertificateArr[0] = certificateChain[0];
        x509CertificateArr[1] = certificateChain[1];
        x509CertificateArr[2] = a;
        return x509CertificateArr;
    }

    @Override // es.gob.afirma.keystores.AOKeyStoreManager
    public KeyStore.PrivateKeyEntry getKeyEntry(String str, PasswordCallback passwordCallback) {
        return (!b.contains(str) || this.f == null) ? this.e.getKeyEntry(str, passwordCallback) : new KeyStore.PrivateKeyEntry(this.f.getKeyEntry(str, null).getPrivateKey(), getCertificateChain(str));
    }

    @Override // es.gob.afirma.keystores.AOKeyStoreManager
    public AOKeyStore getType() {
        return this.e.getType();
    }

    public List init(AOKeyStore aOKeyStore, InputStream inputStream, PasswordCallback passwordCallback, Object[] objArr) {
        throw new UnsupportedOperationException();
    }

    static {
        try {
            a = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(ClassLoader.getSystemResourceAsStream("ACRAIZ-SHA2.crt"));
        } catch (CertificateException e) {
            Logger.getLogger("es.gob.afirma").warning("No se ha podido cargal el certificado raiz del DNIe, la cadena de confianza puede estar incompleta: " + e);
            a = null;
        }
        b = new ArrayList(2);
        b.add("CertAutenticacion");
        b.add("CertFirmaDigital");
        d = new X500Principal("CN=AC DNIE 001, OU=DNIE, O=DIRECCION GENERAL DE LA POLICIA, C=ES");
    }
}
