package org.openmdx.resource.pki.keystore;

import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.Certificate;
import java.security.cert.PKIXParameters;
import javax.resource.ResourceException;
import javax.resource.spi.ConnectionRequestInfo;
import javax.resource.spi.security.PasswordCredential;
import javax.security.auth.Subject;
import org.openmdx.resource.spi.AbstractManagedConnection;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/openmdx/resource/pki/keystore/ManagedKeyStoreConnection.class */
public class ManagedKeyStoreConnection extends AbstractManagedConnection<ManagedConnectionFactory> {
    private final ConnectionType connectionType;
    private Certificate certificate;
    private Key key;
    private PKIXParameters parameters;
    private CertPathValidator validator;
    private String algorithm;
    private String alias;

    private ManagedKeyStoreConnection(ManagedConnectionFactory managedConnectionFactory, ConnectionType connectionType, PasswordCredential passwordCredential, ConnectionRequestInfo connectionRequestInfo) {
        super(managedConnectionFactory, "KeyStore", "1.0", passwordCredential, connectionRequestInfo);
        this.connectionType = connectionType;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ManagedKeyStoreConnection(ManagedConnectionFactory managedConnectionFactory, ConnectionType connectionType, PasswordCredential passwordCredential, String str, Certificate certificate, Key key, String str2) {
        this(managedConnectionFactory, connectionType, passwordCredential, null);
        this.alias = str;
        this.certificate = certificate;
        this.key = key;
        this.algorithm = str2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ManagedKeyStoreConnection(ManagedConnectionFactory managedConnectionFactory, ConnectionType connectionType, PasswordCredential passwordCredential, PKIXParameters pKIXParameters, String str) throws NoSuchAlgorithmException {
        this(managedConnectionFactory, connectionType, passwordCredential, null);
        this.alias = null;
        this.certificate = null;
        this.key = null;
        this.parameters = pKIXParameters;
        this.validator = CertPathValidator.getInstance(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Certificate getCertificate() {
        return this.certificate;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Signature getSignature(ConnectionType connectionType) throws GeneralSecurityException {
        Signature signature = Signature.getInstance(this.algorithm);
        switch (connectionType) {
            case SIGNATURE_PROVIDER:
                if (this.connectionType != ConnectionType.SIGNATURE_PROVIDER) {
                    throw new SignatureException("The signatures provided by this key store connection can be used for verification only");
                }
                signature.initSign((PrivateKey) this.key);
                return signature;
            case SIGNATURE_VERIFIER:
                signature.initVerify(this.certificate);
                return signature;
            default:
                throw new IllegalArgumentException("Signature cnnection type expected: " + connectionType);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getAlias() {
        return this.alias;
    }

    String getAlgorithm() {
        return this.algorithm;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertPathValidatorResult validate(CertPath certPath) throws CertPathValidatorException, InvalidAlgorithmParameterException {
        return this.validator.validate(certPath, this.parameters);
    }

    public void destroy() throws ResourceException {
        this.certificate = null;
        this.key = null;
        super.destroy();
    }

    protected Object newConnection(Subject subject, ConnectionRequestInfo connectionRequestInfo) throws ResourceException {
        switch (this.connectionType) {
            case SIGNATURE_PROVIDER:
            case SIGNATURE_VERIFIER:
                return new SignatureConnection();
            case CERTIFICATE_PROVIDER:
                return new CertificateConnection();
            case CERTIFICATE_VALIDATOR:
                return new ValidatorConnection();
            default:
                return null;
        }
    }

    protected boolean matches(Object obj, ConnectionRequestInfo connectionRequestInfo) {
        return false;
    }
}
