package com.sun.net.ssl.internal.ssl;

import java.lang.ref.Reference;
import java.lang.ref.SoftReference;
import java.net.Socket;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;

/* loaded from: input_file:118668-04/SUNWj5rt/reloc/jdk/instances/jdk1.5.0/jre/lib/jsse.jar:com/sun/net/ssl/internal/ssl/X509KeyManagerImpl.class */
final class X509KeyManagerImpl extends X509ExtendedKeyManager implements X509KeyManager {
    private static final Debug debug = Debug.getInstance("ssl");
    private static final boolean useDebug;
    private static Date verificationDate;
    private final List<KeyStore.Builder> builders;
    private final AtomicLong uidCounter;
    private final Map<String, Reference<KeyStore.PrivateKeyEntry>> entryCacheMap;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:118668-04/SUNWj5rt/reloc/jdk/instances/jdk1.5.0/jre/lib/jsse.jar:com/sun/net/ssl/internal/ssl/X509KeyManagerImpl$CheckResult.class */
    public enum CheckResult {
        OK,
        EXPIRED,
        EXTENSION_MISMATCH;

        public static CheckResult valueOf(String str) {
            for (CheckResult checkResult : values()) {
                if (checkResult.name().equals(str)) {
                    return checkResult;
                }
            }
            throw new IllegalArgumentException(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:118668-04/SUNWj5rt/reloc/jdk/instances/jdk1.5.0/jre/lib/jsse.jar:com/sun/net/ssl/internal/ssl/X509KeyManagerImpl$CheckType.class */
    public enum CheckType {
        NONE(Collections.emptySet()),
        CLIENT(new HashSet(Arrays.asList("2.5.29.37.0", "1.3.6.1.5.5.7.3.2"))),
        SERVER(new HashSet(Arrays.asList("2.5.29.37.0", "1.3.6.1.5.5.7.3.1", "2.16.840.1.113730.4.1", "1.3.6.1.4.1.311.10.3.3")));

        final Set<String> validEku;

        public static CheckType valueOf(String str) {
            for (CheckType checkType : values()) {
                if (checkType.name().equals(str)) {
                    return checkType;
                }
            }
            throw new IllegalArgumentException(str);
        }

        CheckType(Set set) {
            this.validEku = set;
        }

        private static boolean getBit(boolean[] zArr, int i) {
            return i < zArr.length && zArr[i];
        }

        CheckResult check(X509Certificate x509Certificate, Date date) {
            if (this == NONE) {
                return CheckResult.OK;
            }
            try {
                List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
                if (extendedKeyUsage != null && Collections.disjoint(this.validEku, extendedKeyUsage)) {
                    return CheckResult.EXTENSION_MISMATCH;
                }
                boolean[] keyUsage = x509Certificate.getKeyUsage();
                if (keyUsage != null) {
                    String algorithm = x509Certificate.getPublicKey().getAlgorithm();
                    boolean bit = getBit(keyUsage, 0);
                    if (algorithm.equals("RSA")) {
                        if (!bit && (this == CLIENT || !getBit(keyUsage, 2))) {
                            return CheckResult.EXTENSION_MISMATCH;
                        }
                    } else if (algorithm.equals("DSA")) {
                        if (!bit) {
                            return CheckResult.EXTENSION_MISMATCH;
                        }
                    } else if (algorithm.equals("DH") && !getBit(keyUsage, 4)) {
                        return CheckResult.EXTENSION_MISMATCH;
                    }
                }
                try {
                    x509Certificate.checkValidity(date);
                    return CheckResult.OK;
                } catch (CertificateException e) {
                    return CheckResult.EXPIRED;
                }
            } catch (CertificateException e2) {
                return CheckResult.EXTENSION_MISMATCH;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:118668-04/SUNWj5rt/reloc/jdk/instances/jdk1.5.0/jre/lib/jsse.jar:com/sun/net/ssl/internal/ssl/X509KeyManagerImpl$EntryStatus.class */
    public static class EntryStatus implements Comparable<EntryStatus> {
        final int builderIndex;
        final String alias;
        final CheckResult checkResult;

        EntryStatus(int i, String str, Certificate[] certificateArr, CheckResult checkResult) {
            this.builderIndex = i;
            this.alias = str;
            this.checkResult = checkResult;
        }

        @Override // java.lang.Comparable
        public int compareTo(EntryStatus entryStatus) {
            return this.checkResult.compareTo(entryStatus.checkResult);
        }

        public String toString() {
            String str = this.alias + " (verified: " + ((Object) this.checkResult) + ")";
            return this.builderIndex == 0 ? str : "Builder #" + this.builderIndex + ", alias: " + str;
        }
    }

    /* loaded from: input_file:118668-04/SUNWj5rt/reloc/jdk/instances/jdk1.5.0/jre/lib/jsse.jar:com/sun/net/ssl/internal/ssl/X509KeyManagerImpl$SizedMap.class */
    private static class SizedMap<K, V> extends LinkedHashMap<K, V> {
        private SizedMap() {
        }

        @Override // java.util.LinkedHashMap
        protected boolean removeEldestEntry(Map.Entry<K, V> entry) {
            return size() > 10;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509KeyManagerImpl(KeyStore.Builder builder) {
        this((List<KeyStore.Builder>) Collections.singletonList(builder));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509KeyManagerImpl(List<KeyStore.Builder> list) {
        this.builders = list;
        this.uidCounter = new AtomicLong();
        this.entryCacheMap = Collections.synchronizedMap(new SizedMap());
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        return (X509Certificate[]) getEntry(str).getCertificateChain();
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        return getEntry(str).getPrivateKey();
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return chooseAlias(getKeyTypes(strArr), principalArr, CheckType.CLIENT);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseAlias(getKeyTypes(strArr), principalArr, CheckType.CLIENT);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return chooseAlias(getKeyTypes(str), principalArr, CheckType.SERVER);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseAlias(getKeyTypes(str), principalArr, CheckType.SERVER);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return getAliases(str, principalArr, CheckType.CLIENT);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return getAliases(str, principalArr, CheckType.SERVER);
    }

    private String makeAlias(EntryStatus entryStatus) {
        return this.uidCounter.incrementAndGet() + "." + entryStatus.builderIndex + "." + entryStatus.alias;
    }

    private KeyStore.PrivateKeyEntry getEntry(String str) {
        Reference<KeyStore.PrivateKeyEntry> reference = this.entryCacheMap.get(str);
        KeyStore.PrivateKeyEntry privateKeyEntry = reference != null ? reference.get() : null;
        if (privateKeyEntry != null) {
            return privateKeyEntry;
        }
        int indexOf = str.indexOf(46);
        int indexOf2 = str.indexOf(46, indexOf + 1);
        if (indexOf == -1 || indexOf2 == indexOf) {
            throw new ProviderException("Invalid alias " + str);
        }
        try {
            int parseInt = Integer.parseInt(str.substring(indexOf + 1, indexOf2));
            String substring = str.substring(indexOf2 + 1);
            KeyStore.Builder builder = this.builders.get(parseInt);
            KeyStore.Entry entry = builder.getKeyStore().getEntry(substring, builder.getProtectionParameter(str));
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                throw new ProviderException("Unexpected type of entry: " + ((Object) entry));
            }
            KeyStore.PrivateKeyEntry privateKeyEntry2 = (KeyStore.PrivateKeyEntry) entry;
            this.entryCacheMap.put(str, new SoftReference(privateKeyEntry2));
            return privateKeyEntry2;
        } catch (ProviderException e) {
            throw e;
        } catch (Exception e2) {
            throw new ProviderException(e2);
        }
    }

    private static Collection<String> getKeyTypes(String str) {
        return str.startsWith("DH_") ? Collections.singleton("DH") : Collections.singleton(str);
    }

    private static Collection<String> getKeyTypes(String[] strArr) {
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            arrayList.add(str.startsWith("DH_") ? "DH" : str);
        }
        return arrayList;
    }

    private String chooseAlias(Collection<String> collection, Principal[] principalArr, CheckType checkType) {
        Set<Principal> issuerSet = getIssuerSet(principalArr);
        ArrayList arrayList = null;
        int size = this.builders.size();
        for (int i = 0; i < size; i++) {
            try {
                List<EntryStatus> aliases = getAliases(i, collection, issuerSet, false, checkType);
                if (aliases != null) {
                    EntryStatus entryStatus = aliases.get(0);
                    if (entryStatus.checkResult == CheckResult.OK) {
                        if (useDebug) {
                            debug.println("KeyMgr: choosing key: " + ((Object) entryStatus));
                        }
                        return makeAlias(entryStatus);
                    }
                    if (arrayList == null) {
                        arrayList = new ArrayList();
                    }
                    arrayList.addAll(aliases);
                }
            } catch (Exception e) {
            }
        }
        if (arrayList == null) {
            if (!useDebug) {
                return null;
            }
            debug.println("KeyMgr: no matching key found");
            return null;
        }
        Collections.sort(arrayList);
        if (useDebug) {
            debug.println("KeyMgr: no good matching key found, returning best match out of:");
            debug.println(arrayList.toString());
        }
        return makeAlias((EntryStatus) arrayList.get(0));
    }

    public String[] getAliases(String str, Principal[] principalArr, CheckType checkType) {
        Set<Principal> issuerSet = getIssuerSet(principalArr);
        Collection<String> keyTypes = getKeyTypes(str);
        ArrayList arrayList = new ArrayList();
        int size = this.builders.size();
        for (int i = 0; i < size; i++) {
            try {
                List<EntryStatus> aliases = getAliases(i, keyTypes, issuerSet, true, checkType);
                if (aliases != null) {
                    arrayList.addAll(aliases);
                }
            } catch (Exception e) {
            }
        }
        Collections.sort(arrayList);
        if (useDebug) {
            debug.println("KeyMgr: getting aliases: " + ((Object) arrayList));
        }
        return toAliases(arrayList);
    }

    private String[] toAliases(List<EntryStatus> list) {
        String[] strArr = new String[list.size()];
        int i = 0;
        Iterator<EntryStatus> it = list.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            strArr[i2] = makeAlias(it.next());
        }
        return strArr;
    }

    private Set<Principal> getIssuerSet(Principal[] principalArr) {
        if (principalArr == null || principalArr.length == 0) {
            return null;
        }
        return new HashSet(Arrays.asList(principalArr));
    }

    private List<EntryStatus> getAliases(int i, Collection<String> collection, Set<Principal> set, boolean z, CheckType checkType) throws Exception {
        Certificate[] certificateChain;
        KeyStore keyStore = this.builders.get(i).getKeyStore();
        ArrayList arrayList = null;
        Date date = verificationDate;
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement2 = aliases.nextElement2();
            if (keyStore.isKeyEntry(nextElement2) && (certificateChain = keyStore.getCertificateChain(nextElement2)) != null && certificateChain.length != 0) {
                if (collection.contains(certificateChain[0].getPublicKey().getAlgorithm())) {
                    if (set != null) {
                        boolean z2 = false;
                        int length = certificateChain.length;
                        int i2 = 0;
                        while (true) {
                            if (i2 >= length) {
                                break;
                            }
                            Certificate certificate = certificateChain[i2];
                            if (!(certificate instanceof X509Certificate)) {
                                break;
                            }
                            if (set.contains(((X509Certificate) certificate).getIssuerX500Principal())) {
                                z2 = true;
                                break;
                            }
                            i2++;
                        }
                        if (!z2) {
                            if (useDebug) {
                                debug.println("Ignoring alias " + nextElement2 + ": issuers do not match");
                            }
                        }
                    }
                    if (date == null) {
                        date = new Date();
                    }
                    CheckResult check = checkType.check((X509Certificate) certificateChain[0], date);
                    EntryStatus entryStatus = new EntryStatus(i, nextElement2, certificateChain, check);
                    if (check == CheckResult.OK && !z) {
                        return Collections.singletonList(entryStatus);
                    }
                    if (arrayList == null) {
                        arrayList = new ArrayList();
                    }
                    arrayList.add(entryStatus);
                } else if (useDebug) {
                    debug.println("Ignoring alias " + nextElement2 + ": key algorithm does not match");
                }
            }
        }
        return arrayList;
    }

    static {
        useDebug = debug != null && Debug.isOn("keymanager");
    }
}
