package es.gob.afirma.keystores;

import es.gob.afirma.core.keystores.KeyStoreManager;
import es.gob.afirma.core.misc.AOUtil;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.logging.Logger;
import javax.security.auth.callback.PasswordCallback;

/* loaded from: input_file:es/gob/afirma/keystores/AOKeyStoreManager.class */
public class AOKeyStoreManager implements KeyStoreManager {
    protected static final Logger LOGGER = Logger.getLogger("es.gob.afirma");
    private AOKeyStore e;
    private KeyStore f;
    private InputStream g;
    private PasswordCallback h;
    private Object[] j;
    private Object a = null;
    private final Set b = new HashSet();
    private String[] c = null;
    private boolean d = false;
    private PasswordCallback i = null;

    /* JADX INFO: Access modifiers changed from: protected */
    public Object getParentComponent() {
        return this.a;
    }

    @Override // es.gob.afirma.core.keystores.KeyStoreManager
    public void setParentComponent(Object obj) {
        this.a = obj;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void resetCachedAliases() {
        this.c = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String[] getCachedAliases() {
        return this.c;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setCachedAliases(String[] strArr) {
        this.c = (String[]) strArr.clone();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isPreferred() {
        return this.d;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(boolean z) {
        this.d = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setKeyStore(KeyStore keyStore) {
        if (keyStore == null) {
            throw new IllegalArgumentException("El almacen no puede ser nulo");
        }
        this.f = keyStore;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyStore getKeyStore() {
        return this.f;
    }

    @Override // es.gob.afirma.core.keystores.KeyStoreManager
    public void refresh() {
        resetCachedAliases();
        try {
            init(this.e, this.g, this.h, this.j, true);
        } catch (AOKeyStoreManagerException e) {
            throw new IOException("Error al refrescar el almacen: " + e, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean lacksKeyStores() {
        return this.f == null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setKeyStoreType(AOKeyStore aOKeyStore) {
        this.e = aOKeyStore;
    }

    public AOKeyStore getType() {
        return this.e;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AOKeyStore getType(String str) {
        return getType();
    }

    @Override // es.gob.afirma.core.keystores.KeyStoreManager
    public void setEntryPasswordCallBack(PasswordCallback passwordCallback) {
        this.i = passwordCallback;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PasswordCallback getEntryPasswordCallBack() {
        return this.i;
    }

    public void init(AOKeyStore aOKeyStore, InputStream inputStream, PasswordCallback passwordCallback, Object[] objArr, boolean z) {
        if (aOKeyStore == null) {
            throw new IllegalArgumentException("Se ha solicitado inicializar un AOKeyStore nulo");
        }
        LOGGER.info("Inicializamos el almacen de tipo: " + aOKeyStore);
        resetCachedAliases();
        this.e = aOKeyStore;
        this.g = inputStream;
        this.h = passwordCallback;
        if (objArr == null) {
            this.j = null;
        } else {
            this.j = new Object[objArr.length];
            System.arraycopy(objArr, 0, this.j, 0, objArr.length);
        }
        switch (a.a[this.e.ordinal()]) {
            case 1:
                this.f = f.a(inputStream, passwordCallback);
                return;
            case 2:
                setParentComponent((objArr == null || objArr.length <= 0) ? null : objArr[0]);
                this.f = c.a(getParentComponent());
                return;
            case 3:
                setParentComponent((objArr == null || objArr.length <= 0) ? null : objArr[0]);
                this.f = c.b(getParentComponent());
                return;
            case 4:
            case 5:
                this.f = d.a(inputStream, passwordCallback, this.e);
                return;
            case 6:
            case 7:
                this.f = b.a(this.e);
                return;
            case 8:
                Object[] objArr2 = null;
                if (objArr != null) {
                    objArr2 = new Object[objArr.length];
                    System.arraycopy(objArr, 0, objArr2, 0, objArr.length);
                }
                this.f = e.a(passwordCallback, objArr2);
                return;
            default:
                throw new UnsupportedOperationException("Tipo de almacen no soportado: " + inputStream);
        }
    }

    @Override // es.gob.afirma.core.keystores.KeyStoreManager
    public KeyStore.PrivateKeyEntry getKeyEntry(String str) {
        KeyStore.PasswordProtection passwordProtection;
        if (this.f == null) {
            throw new IllegalStateException("Se han pedido claves a un almacen no inicializado");
        }
        if (str == null) {
            throw new IllegalArgumentException("El alias no puede ser nulo");
        }
        if (this.i != null) {
            passwordProtection = new KeyStore.PasswordProtection(this.i.getPassword());
        } else {
            PasswordCallback certificatePasswordCallback = getType(str).getCertificatePasswordCallback(getParentComponent());
            passwordProtection = certificatePasswordCallback != null ? new KeyStore.PasswordProtection(certificatePasswordCallback.getPassword()) : null;
        }
        return (KeyStore.PrivateKeyEntry) this.f.getEntry(str, passwordProtection);
    }

    @Override // es.gob.afirma.core.keystores.KeyStoreManager
    public X509Certificate getCertificate(String str) {
        if (str == null) {
            LOGGER.warning("El alias del certificado es nulo, se devolvera null");
            return null;
        }
        if (this.f == null) {
            LOGGER.warning("No se ha podido recuperar el certificado con alias '" + str + "' porque el KeyStore no estaba inicializado, se devolvera null");
            return null;
        }
        try {
            return (X509Certificate) this.f.getCertificate(str);
        } catch (Exception e) {
            if ("es.gob.jmulticard.card.AuthenticationModeLockedException".equals(e.getClass().getName())) {
                LOGGER.severe("Tarjeta bloqueada: " + e);
                throw new SmartCardLockedException("Tarjeta inteligente bloqueada", e);
            }
            LOGGER.severe("Error intentando recuperar el certificado con el alias '" + str + "', se devolvera null: " + e);
            return null;
        }
    }

    @Override // es.gob.afirma.core.keystores.KeyStoreManager
    public X509Certificate[] getCertificateChain(String str) {
        if (str == null) {
            LOGGER.warning("El alias del certificado es nulo, se devolvera una cadena vacia");
            return new X509Certificate[0];
        }
        if (this.f == null) {
            LOGGER.warning("No se ha podido recuperar el certificado con alias '" + str + "' porque el KeyStore no estaba inicializado, se devolvera una cadena vacia");
            return new X509Certificate[0];
        }
        try {
            Certificate[] certificateChain = this.f.getCertificateChain(str);
            if (certificateChain == null) {
                return new X509Certificate[0];
            }
            ArrayList arrayList = new ArrayList();
            for (Certificate certificate : certificateChain) {
                if (certificate instanceof X509Certificate) {
                    arrayList.add((X509Certificate) certificate);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
        } catch (Exception e) {
            LOGGER.severe("Error intentando recuperar la cadena del certificado con alias '" + str + "', se continuara con el siguiente almacen: " + e);
            LOGGER.warning("El almacen no contiene ningun certificado con el alias '" + str + "', se devolvera una cadena vacia");
            return new X509Certificate[0];
        }
    }

    @Override // es.gob.afirma.core.keystores.KeyStoreManager
    public String[] getAliases() {
        if (this.f == null) {
            throw new IllegalStateException("Se han pedido alias a un almacen no inicializado");
        }
        if (this.c != null) {
            return this.c;
        }
        try {
            this.c = cleanDeactivatedAliases((String[]) Collections.list(this.f.aliases()).toArray(new String[0]));
            return this.c;
        } catch (KeyStoreException e) {
            LOGGER.severe("Error intentando recuperar los alias, se devolvera una lista vacia: " + e);
            return new String[0];
        }
    }

    public String toString() {
        StringBuilder sb = new StringBuilder("Gestor de almacenes de claves");
        if (this.e != null) {
            String name = this.e.getName();
            if (name != null) {
                sb.append(" de tipo ");
                sb.append(name);
            }
            String name2 = this.e.getName();
            if (name2 != null) {
                sb.append(" con nombre ");
                sb.append(name2);
            }
            sb.append(" de clase ");
            sb.append(this.e.toString());
        }
        return sb.toString();
    }

    @Override // es.gob.afirma.core.keystores.KeyStoreManager
    public boolean isKeyEntry(String str) {
        return getKeyStore().isKeyEntry(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String[] cleanDeactivatedAliases(String[] strArr) {
        if (this.b.isEmpty()) {
            return strArr;
        }
        ArrayList arrayList = new ArrayList();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
            for (String str : strArr) {
                try {
                    if (!this.b.contains(AOUtil.hexify(messageDigest.digest(getCertificate(str).getEncoded()), false))) {
                        arrayList.add(str);
                    }
                } catch (CertificateEncodingException e) {
                    LOGGER.severe("No se ha obtener la huela del certificado '" + str + "', pueden aparecer duplicados en la lista de certificados: " + e);
                }
            }
            return (String[]) arrayList.toArray(new String[0]);
        } catch (NoSuchAlgorithmException e2) {
            LOGGER.severe("No se ha podido instanciar el generador de huellas digitales SHA1, pueden aparecer duplicados en la lista de certificados: " + e2);
            return strArr;
        }
    }

    @Override // es.gob.afirma.core.keystores.KeyStoreManager
    public void deactivateEntry(String str) {
        if (str != null) {
            this.b.add(str);
        }
        resetCachedAliases();
    }
}
