package com.sun.identity.security.keystore;

import com.sun.identity.security.SecurityDebug;
import com.sun.identity.shared.Constants;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.locale.AMResourceBundleCache;
import java.io.File;
import java.net.Socket;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Locale;
import java.util.ResourceBundle;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.KeyStoreBuilderParameters;
import javax.net.ssl.X509KeyManager;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.0.jar:com/sun/identity/security/keystore/AMX509KeyManagerImpl.class */
public class AMX509KeyManagerImpl implements AMX509KeyManager {
    static final String bundleName = "amSecurity";
    private String keyStoreType;
    private String keyStoreFile;
    private String keyStoreProvider;
    private X509KeyManager sunX509KeyManager;
    private KeyStore keyStore;
    KeyStore.Builder builder;
    static String provider;
    static String algorithm;
    static ResourceBundle bundle = null;
    static AMResourceBundleCache amCache = AMResourceBundleCache.getInstance();
    public static Debug debug = SecurityDebug.debug;
    private static String certAlias = System.getProperty(Constants.CLIENT_CERTIFICATE_ALIAS, null);

    public AMX509KeyManagerImpl() {
        this.keyStoreType = System.getProperty("javax.net.ssl.keyStoreType", "JKS");
        this.keyStoreFile = System.getProperty("javax.net.ssl.keyStore", null);
        this.keyStoreProvider = System.getProperty("javax.net.ssl.keyStoreProvider", null);
        this.sunX509KeyManager = null;
        this.keyStore = null;
        this.builder = null;
        this.sunX509KeyManager = initX509KeyManager(this.keyStoreType, this.keyStoreFile, this.keyStoreProvider, null);
    }

    public AMX509KeyManagerImpl(String str, String str2, String str3, AMCallbackHandler aMCallbackHandler) {
        this.keyStoreType = System.getProperty("javax.net.ssl.keyStoreType", "JKS");
        this.keyStoreFile = System.getProperty("javax.net.ssl.keyStore", null);
        this.keyStoreProvider = System.getProperty("javax.net.ssl.keyStoreProvider", null);
        this.sunX509KeyManager = null;
        this.keyStore = null;
        this.builder = null;
        this.keyStoreType = str;
        this.keyStoreFile = str2;
        this.keyStoreProvider = str3;
        this.sunX509KeyManager = initX509KeyManager(this.keyStoreType, this.keyStoreFile, this.keyStoreProvider, aMCallbackHandler);
    }

    public X509KeyManager initX509KeyManager(String str, String str2, String str3, AMCallbackHandler aMCallbackHandler) {
        KeyManagerFactory keyManagerFactory = null;
        try {
            bundle = amCache.getResBundle(bundleName, Locale.getDefault());
            KeyStore.CallbackHandlerProtection callbackHandlerProtection = aMCallbackHandler != null ? new KeyStore.CallbackHandlerProtection(aMCallbackHandler) : new KeyStore.CallbackHandlerProtection(new AMCallbackHandler(bundle.getString("KeyStorePrompt")));
            if (str.equalsIgnoreCase("JKS") || str.equalsIgnoreCase("PKCS12")) {
                this.builder = KeyStore.Builder.newInstance(str, Security.getProvider(str3), new File(str2), callbackHandlerProtection);
            } else if (this.keyStoreType.equalsIgnoreCase("PKCS11")) {
                this.builder = KeyStore.Builder.newInstance(str, Security.getProvider(str3), callbackHandlerProtection);
            }
            KeyStoreBuilderParameters keyStoreBuilderParameters = new KeyStoreBuilderParameters(this.builder);
            keyManagerFactory = KeyManagerFactory.getInstance(algorithm, provider);
            keyManagerFactory.init(keyStoreBuilderParameters);
        } catch (Exception e) {
            debug.error(e.toString());
        }
        return (X509KeyManager) keyManagerFactory.getKeyManagers()[0];
    }

    @Override // com.sun.identity.security.keystore.AMX509KeyManager
    public void setAlias(String str) {
        certAlias = str;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return (certAlias == null || certAlias.length() <= 0) ? this.sunX509KeyManager.chooseClientAlias(strArr, principalArr, socket) : certAlias;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return this.sunX509KeyManager.chooseServerAlias(str, principalArr, socket);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return this.sunX509KeyManager.getClientAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return this.sunX509KeyManager.getServerAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        X509Certificate[] x509CertificateArr = null;
        try {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.builder.getKeyStore().getEntry(str, this.builder.getProtectionParameter(str));
            x509CertificateArr = privateKeyEntry != null ? (X509Certificate[]) privateKeyEntry.getCertificateChain() : this.sunX509KeyManager.getCertificateChain(str);
        } catch (Exception e) {
            debug.error("Error in getting certificate chain from keystore." + e.toString());
        }
        return x509CertificateArr;
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        PrivateKey privateKey = null;
        try {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.builder.getKeyStore().getEntry(str, this.builder.getProtectionParameter(str));
            privateKey = privateKeyEntry != null ? privateKeyEntry.getPrivateKey() : this.sunX509KeyManager.getPrivateKey(str);
        } catch (Exception e) {
            debug.error("Error in getting private key from keystore." + e.toString());
        }
        return privateKey;
    }

    static {
        provider = null;
        algorithm = null;
        for (Provider provider2 : Security.getProviders()) {
            if (provider2.getName().equalsIgnoreCase("IBMJSSE2")) {
                provider = "IBMJSSE2";
                algorithm = "NewIbmX509";
            }
        }
        if (provider == null) {
            provider = "SunJSSE";
            algorithm = "NewSunX509";
        }
    }
}
