package com.ibm.cics.core.comm;

import com.ibm.cics.common.util.Debug;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;

/* loaded from: input_file:com/ibm/cics/core/comm/ExplorerKeyStore.class */
public class ExplorerKeyStore {
    private static final Debug debug = new Debug(ExplorerKeyStore.class);
    private String source;
    private KeyStore ks;
    private X509KeyManager keyManager;

    public ExplorerKeyStore(String str, KeyStore keyStore, String str2) throws GeneralSecurityException {
        this.source = str;
        this.ks = keyStore;
        this.keyManager = initialiseKeyStore(keyStore, str2);
    }

    public X509KeyManager getKeyManager() {
        return this.keyManager;
    }

    private X509KeyManager initialiseKeyStore(KeyStore keyStore, String str) throws GeneralSecurityException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, str != null ? str.toCharArray() : null);
        for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
            if (keyManager instanceof X509KeyManager) {
                debug.exit("initialiseKeyStore", keyManager);
                return (X509KeyManager) keyManager;
            }
        }
        debug.event("initialiseKeyStore", keyStore, KeyManagerFactory.getDefaultAlgorithm(), keyManagerFactory.getKeyManagers());
        throw new GeneralSecurityException("No X509 key manager available for " + KeyManagerFactory.getDefaultAlgorithm());
    }

    private static CertificateDetails getCertificateDetails(String str, Certificate certificate, String str2) {
        if (!(certificate instanceof X509Certificate)) {
            return new CertificateDetails("unknown subject", "unknown issuer", str, str2, null);
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        String name = x509Certificate.getSubjectX500Principal().getName();
        try {
            name = getCn(new LdapName(name));
        } catch (InvalidNameException e) {
        }
        String name2 = x509Certificate.getIssuerX500Principal().getName();
        try {
            name2 = getCn(new LdapName(name2));
        } catch (InvalidNameException e2) {
        }
        return new CertificateDetails(name, name2, str, str2, x509Certificate.getNotAfter());
    }

    private static String getCn(LdapName ldapName) {
        for (Rdn rdn : ldapName.getRdns()) {
            if (rdn.getType().equalsIgnoreCase("CN")) {
                return rdn.getValue().toString();
            }
        }
        return ldapName.toString();
    }

    public List<CertificateDetails> getKeyStoreCertificates() throws KeyStoreException {
        ArrayList arrayList = new ArrayList();
        Enumeration<String> aliases = this.ks.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            Certificate certificate = this.ks.getCertificate(nextElement);
            if (certificate != null) {
                arrayList.add(getCertificateDetails(nextElement, certificate, this.source));
            }
        }
        return arrayList;
    }

    public X509ExtendedKeyManager getKeyManagerForCertificate(final CertificateDetails certificateDetails) {
        return new X509ExtendedKeyManager() { // from class: com.ibm.cics.core.comm.ExplorerKeyStore.1
            @Override // javax.net.ssl.X509KeyManager
            public String[] getServerAliases(String str, Principal[] principalArr) {
                ExplorerKeyStore.debug.enter("getServerAliases", str, principalArr);
                String[] serverAliases = ExplorerKeyStore.this.getKeyManager().getServerAliases(str, principalArr);
                ExplorerKeyStore.debug.exit("getServerAliases", serverAliases);
                return serverAliases;
            }

            @Override // javax.net.ssl.X509KeyManager
            public PrivateKey getPrivateKey(String str) {
                ExplorerKeyStore.debug.enter("getPrivateKey", str);
                PrivateKey privateKey = null;
                if (str.equals(certificateDetails.getAlias())) {
                    privateKey = ExplorerKeyStore.this.getKeyManager().getPrivateKey(str);
                }
                ExplorerKeyStore.debug.exit("getPrivateKey", privateKey);
                return privateKey;
            }

            @Override // javax.net.ssl.X509KeyManager
            public String[] getClientAliases(String str, Principal[] principalArr) {
                ExplorerKeyStore.debug.enter("getClientAliases", str, principalArr);
                String[] clientAliases = ExplorerKeyStore.this.getKeyManager().getClientAliases(str, principalArr);
                ExplorerKeyStore.debug.exit("getClientAliases", clientAliases);
                return clientAliases;
            }

            @Override // javax.net.ssl.X509KeyManager
            public X509Certificate[] getCertificateChain(String str) {
                ExplorerKeyStore.debug.enter("getCertificateChain", str, certificateDetails.getAlias());
                X509Certificate[] certificateChain = ExplorerKeyStore.this.getKeyManager().getCertificateChain(str);
                if (!str.equals(certificateDetails.getAlias()) || certificateChain == null) {
                    ExplorerKeyStore.debug.event("getCertificateChain", "No matching certificate available for alias " + str + " (available: " + printableCertificateAliasList() + ")");
                    throw new MissingCertificateException("No matching certificate available for alias " + str + " (available: " + printableCertificateAliasList() + ")");
                }
                ExplorerKeyStore.debug.exit("getCertificateChain", certificateChain);
                return certificateChain;
            }

            @Override // javax.net.ssl.X509KeyManager
            public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
                ExplorerKeyStore.debug.enter("chooseServerAlias", str, principalArr);
                String chooseServerAlias = ExplorerKeyStore.this.getKeyManager().chooseServerAlias(str, principalArr, socket);
                ExplorerKeyStore.debug.exit("chooseServerAlias", chooseServerAlias);
                return chooseServerAlias;
            }

            @Override // javax.net.ssl.X509KeyManager
            public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
                ExplorerKeyStore.debug.enter("chooseClientAlias", strArr, principalArr);
                ExplorerKeyStore.debug.info("chooseClientAlias", new Object[]{"JVM would have chosen the alias: " + ExplorerKeyStore.this.getKeyManager().chooseClientAlias(strArr, principalArr, socket), "available aliases: " + printableCertificateAliasList()});
                String alias = certificateDetails.getAlias();
                ExplorerKeyStore.debug.exit("chooseClientAlias", alias);
                return alias;
            }

            private String printableCertificateAliasList() {
                String str = "";
                try {
                    Iterator<CertificateDetails> it = ExplorerKeyStore.this.getKeyStoreCertificates().iterator();
                    while (it.hasNext()) {
                        str = String.valueOf(str) + it.next().getAlias() + ", ";
                    }
                    return str;
                } catch (KeyStoreException e) {
                    return e.getMessage();
                }
            }
        };
    }
}
