package ch.cyberduck.core.ssl;

import ch.cyberduck.core.CertificateStore;
import ch.cyberduck.core.Host;
import ch.cyberduck.core.LocaleFactory;
import ch.cyberduck.core.exception.ConnectionCanceledException;
import ch.cyberduck.core.preferences.Preferences;
import ch.cyberduck.core.preferences.PreferencesFactory;
import java.io.IOException;
import java.net.Socket;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:ch/cyberduck/core/ssl/CertificateStoreX509KeyManager.class */
public class CertificateStoreX509KeyManager extends AbstractX509KeyManager {
    private static final Logger log = Logger.getLogger(CertificateStoreX509KeyManager.class);
    private final Host bookmark;
    private final CertificateStore callback;
    private KeyStore _keystore;

    public CertificateStoreX509KeyManager(CertificateStore certificateStore, Host host) {
        this(host, certificateStore, null);
    }

    public CertificateStoreX509KeyManager(Host host, CertificateStore certificateStore, KeyStore keyStore) {
        this.bookmark = host;
        this.callback = certificateStore;
        this._keystore = keyStore;
    }

    @Override // ch.cyberduck.core.ssl.X509KeyManager
    public CertificateStoreX509KeyManager init() throws IOException {
        return this;
    }

    private synchronized KeyStore getKeystore() throws IOException {
        String str = null;
        try {
            if (null == this._keystore) {
                Preferences preferences = PreferencesFactory.get();
                str = preferences.getProperty("connection.ssl.keystore.type");
                if (log.isInfoEnabled()) {
                    log.info(String.format("Load default store of type %s", str));
                }
                if (null == str) {
                    str = KeyStore.getDefaultType();
                }
                String property = preferences.getProperty("connection.ssl.keystore.provider");
                if (StringUtils.isBlank(property)) {
                    this._keystore = KeyStore.getInstance(str);
                } else {
                    this._keystore = KeyStore.getInstance(str, property);
                }
                this._keystore.load(null, null);
            }
        } catch (Exception e) {
            try {
                log.error(String.format("Could not load default store of type %s", str), e);
                if (log.isInfoEnabled()) {
                    log.info("Load default store of default type");
                }
                this._keystore = KeyStore.getInstance(KeyStore.getDefaultType());
                this._keystore.load(null, null);
            } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
                log.error(String.format("Initialization of key store failed. %s", e.getMessage()));
                throw new IOException(e);
            }
        }
        return this._keystore;
    }

    @Override // ch.cyberduck.core.ssl.AbstractX509KeyManager, ch.cyberduck.core.ssl.X509KeyManager
    public List<String> list() {
        ArrayList arrayList = new ArrayList();
        try {
            try {
                KeyStore keystore = getKeystore();
                Enumeration<String> aliases = keystore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (log.isDebugEnabled()) {
                        log.debug(String.format("Alias in Keychain %s", nextElement));
                    }
                    if (keystore.isKeyEntry(nextElement)) {
                        if (log.isInfoEnabled()) {
                            log.info(String.format("Found private key for %s", nextElement));
                        }
                        arrayList.add(nextElement);
                    } else {
                        log.warn(String.format("Missing private key for alias %s", nextElement));
                    }
                }
            } catch (IOException e) {
                log.warn(String.format("Failure listing aliases. %s", e.getMessage()));
                return Collections.emptyList();
            }
        } catch (KeyStoreException e2) {
            log.error(String.format("Keystore not loaded %s", e2.getMessage()));
        }
        return arrayList;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return getClientAliases(new String[]{str}, principalArr);
    }

    public String[] getClientAliases(String[] strArr, Principal[] principalArr) {
        ArrayList arrayList = new ArrayList();
        for (String str : list()) {
            X509Certificate certificate = getCertificate(str, strArr, principalArr);
            if (null == certificate) {
                log.warn(String.format("Failed to retrieve certificate for alias %s", str));
            } else {
                log.info(String.format("Add X509 certificate entry %s to list", certificate));
                arrayList.add(str);
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    @Override // ch.cyberduck.core.ssl.X509KeyManager
    public X509Certificate getCertificate(String str, String[] strArr, Principal[] principalArr) {
        KeyStore keystore;
        Certificate certificate;
        try {
            try {
                keystore = getKeystore();
                certificate = keystore.getCertificate(str);
            } catch (IOException e) {
                return null;
            }
        } catch (KeyStoreException e2) {
            log.error(String.format("Keystore not loaded %s", e2.getMessage()));
        }
        if (matches(certificate, strArr, principalArr)) {
            return (X509Certificate) certificate;
        }
        for (Certificate certificate2 : keystore.getCertificateChain(str)) {
            if ((certificate2 instanceof X509Certificate) && matches(certificate2, strArr, principalArr)) {
                return (X509Certificate) certificate;
            }
        }
        if (!log.isInfoEnabled()) {
            return null;
        }
        log.info(String.format("No matching certificate found for alias %s and issuers %s", str, Arrays.toString(principalArr)));
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        try {
            String hostName = socket.getInetAddress().getHostName();
            try {
                String certificate = this.bookmark.getCredentials().getCertificate();
                if (StringUtils.isNotBlank(certificate)) {
                    log.info(String.format("Return saved certificate alias %s for host %s", certificate, this.bookmark));
                    return certificate;
                }
                X509Certificate choose = this.callback.choose(strArr, principalArr, this.bookmark, MessageFormat.format(LocaleFactory.localizedString("The server requires a certificate to validate your identity. Select the certificate to authenticate yourself to {0}."), hostName));
                if (null == choose) {
                    if (!log.isInfoEnabled()) {
                        return null;
                    }
                    log.info(String.format("No certificate selected for socket %s", socket));
                    return null;
                }
                String[] clientAliases = getClientAliases(strArr, principalArr);
                if (null != clientAliases) {
                    try {
                        KeyStore keystore = getKeystore();
                        for (String str : clientAliases) {
                            if (keystore.getCertificate(str).equals(choose)) {
                                if (log.isInfoEnabled()) {
                                    log.info(String.format("Selected certificate alias %s for certificate %s", str, choose));
                                }
                                this.bookmark.getCredentials().setCertificate(str);
                                return str;
                            }
                        }
                    } catch (IOException e) {
                        return null;
                    }
                }
                log.warn(String.format("No matching alias found for selected certificate %s", choose));
                return null;
            } catch (ConnectionCanceledException e2) {
                if (!log.isInfoEnabled()) {
                    return null;
                }
                log.info(String.format("No certificate selected for socket %s", socket));
                return null;
            }
        } catch (KeyStoreException e3) {
            log.error(String.format("Keystore not loaded %s", e3.getMessage()));
            return null;
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        try {
            try {
                KeyStore keystore = getKeystore();
                ArrayList arrayList = new ArrayList();
                Certificate[] certificateChain = keystore.getCertificateChain(str);
                if (null == certificateChain) {
                    log.warn(String.format("No certificate chain for alias %s", str));
                    return null;
                }
                for (Certificate certificate : certificateChain) {
                    if (certificate instanceof X509Certificate) {
                        arrayList.add((X509Certificate) certificate);
                    }
                }
                if (arrayList.isEmpty()) {
                    log.warn(String.format("No certificate chain for alias %s", str));
                    Certificate certificate2 = keystore.getCertificate(str);
                    if (null == certificate2) {
                        return null;
                    }
                    if (certificate2 instanceof X509Certificate) {
                        arrayList.add((X509Certificate) certificate2);
                    }
                }
                return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
            } catch (IOException e) {
                return null;
            }
        } catch (KeyStoreException e2) {
            log.error(String.format("Keystore not loaded %s", e2.getMessage()));
            return null;
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        try {
            try {
                KeyStore keystore = getKeystore();
                if (keystore.isKeyEntry(str)) {
                    Key key = keystore.getKey(str, "null".toCharArray());
                    if (key instanceof PrivateKey) {
                        return (PrivateKey) key;
                    }
                    log.warn(String.format("Key %s for alias %s is not a private key", key, str));
                } else {
                    log.warn(String.format("Alias %s is not a key entry", str));
                }
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                log.error(String.format("Keystore not loaded %s", e.getMessage()));
            }
            log.warn(String.format("No private key for alias %s", str));
            return null;
        } catch (IOException e2) {
            return null;
        }
    }
}
