package org.kaazing.gateway.transport.ssl;

import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import org.kaazing.gateway.transport.ssl.bridge.filter.SslCertificateSelectionFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/kaazing/gateway/transport/ssl/SslKeyManager.class */
public class SslKeyManager extends X509ExtendedKeyManager {
    private static final Logger LOGGER = LoggerFactory.getLogger(SslKeyManager.class);
    X509KeyManager keyManager;

    private void handleException(String str, Exception exc) {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug(String.format("Unexpected exception while %s", str), exc);
        }
        if (exc instanceof RuntimeException) {
            throw ((RuntimeException) exc);
        }
    }

    public SslKeyManager(X509KeyManager x509KeyManager) {
        this.keyManager = x509KeyManager;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        String[] strArr = null;
        try {
            strArr = this.keyManager.getServerAliases(str, principalArr);
        } catch (RuntimeException e) {
            handleException(String.format("getting server aliases for keyType %s, issuers %s", str, Arrays.toString(principalArr)), e);
        }
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace(String.format("provided server aliases %s for keyType %s, issuers %s", Arrays.toString(strArr), str, Arrays.toString(principalArr)));
        }
        return strArr;
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        return this.keyManager.getPrivateKey(str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        String[] strArr = null;
        try {
            strArr = this.keyManager.getClientAliases(str, principalArr);
        } catch (Exception e) {
            handleException(String.format("getting client aliases for keyType %s, issuers %s", str, Arrays.toString(principalArr)), e);
        }
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace(String.format("provided client aliases %s for keyType %s, issuers %s", Arrays.toString(strArr), str, Arrays.toString(principalArr)));
        }
        return strArr;
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        return this.keyManager.getCertificateChain(str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return chooseEngineClientAlias(strArr, principalArr, null);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        Collection<String> availableClientCertAliases;
        try {
            availableClientCertAliases = SslCertificateSelectionFilter.getAvailableClientCertAliases();
        } catch (RuntimeException e) {
            handleException(String.format("choosing client alias for keyTypes %s, issuers %s, engine %s", Arrays.toString(strArr), Arrays.toString(principalArr), sSLEngine), e);
        }
        if (availableClientCertAliases == null) {
            return this.keyManager.chooseClientAlias(strArr, principalArr, null);
        }
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace(String.format("available client aliases: %s", availableClientCertAliases));
        }
        for (String str : strArr) {
            String[] clientAliases = getClientAliases(str, principalArr);
            if (clientAliases != null) {
                for (String str2 : clientAliases) {
                    if (availableClientCertAliases.contains(str2)) {
                        if (LOGGER.isTraceEnabled()) {
                            LOGGER.trace(String.format("chose client alias '%s' for keyTypes %s, issuers %s, engine %s", str2, Arrays.toString(strArr), Arrays.toString(principalArr), sSLEngine));
                        }
                        return str2;
                    }
                }
            }
        }
        return this.keyManager.chooseClientAlias(strArr, principalArr, null);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return chooseEngineServerAlias(str, principalArr, null);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        try {
            Collection<String> availableServerCertAliases = SslCertificateSelectionFilter.getAvailableServerCertAliases();
            if (availableServerCertAliases == null) {
                return null;
            }
            if (LOGGER.isTraceEnabled()) {
                LOGGER.trace(String.format("available server aliases: %s", availableServerCertAliases));
            }
            String[] serverAliases = getServerAliases(str, principalArr);
            if (serverAliases != null) {
                for (String str2 : serverAliases) {
                    if (availableServerCertAliases.contains(str2)) {
                        if (LOGGER.isTraceEnabled()) {
                            LOGGER.trace(String.format("chose server alias '%s' for keyType %s, issuers %s, engine %s", str2, str, Arrays.toString(principalArr), sSLEngine));
                        }
                        return str2;
                    }
                }
            }
            return null;
        } catch (RuntimeException e) {
            handleException(String.format("choosing server alias for keyType %s, issuers %s, engine %s", str, Arrays.toString(principalArr), sSLEngine), e);
            return null;
        }
    }
}
