package org.openmdx.resource.pki.keystore;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.PKIXParameters;
import java.util.ArrayList;
import javax.resource.ResourceException;
import javax.resource.spi.CommException;
import javax.resource.spi.ConnectionManager;
import javax.resource.spi.ConnectionRequestInfo;
import javax.resource.spi.EISSystemException;
import javax.resource.spi.InvalidPropertyException;
import javax.resource.spi.ManagedConnection;
import javax.resource.spi.security.PasswordCredential;
import javax.security.auth.Subject;
import org.openmdx.resource.spi.AbstractManagedConnectionFactory;

/* loaded from: input_file:org/openmdx/resource/pki/keystore/ManagedConnectionFactory.class */
public class ManagedConnectionFactory extends AbstractManagedConnectionFactory {
    private static final long serialVersionUID = 8198549417001170970L;
    private static final char[][] NO_PASS_PHRASES = new char[0];
    private String keyStoreType;
    private String passPhraseSeparator;
    private String algorithm;
    private boolean revocationEnabled = false;
    private ConnectionType connectionType = ConnectionType.CERTIFICATE_PROVIDER;

    /* renamed from: createConnectionFactory, reason: merged with bridge method [inline-methods] */
    public org.openmdx.resource.cci.ConnectionFactory<KeyStoreConnection, GeneralSecurityException> m4createConnectionFactory(ConnectionManager connectionManager) throws ResourceException {
        return new ConnectionFactory(this, connectionManager);
    }

    /* renamed from: createConnectionFactory, reason: merged with bridge method [inline-methods] */
    public org.openmdx.resource.cci.ConnectionFactory<KeyStoreConnection, GeneralSecurityException> m3createConnectionFactory() throws ResourceException {
        return (org.openmdx.resource.cci.ConnectionFactory) super.createConnectionFactory();
    }

    /* JADX WARN: Type inference failed for: r0v31, types: [char[], char[][]] */
    /* JADX WARN: Type inference failed for: r0v33, types: [char[], char[][]] */
    protected final char[][] getPassPhrases(PasswordCredential passwordCredential) throws ResourceException {
        char[] password = passwordCredential.getPassword();
        if (this.passPhraseSeparator == null) {
            return new char[]{password};
        }
        switch (getPassPhraseSeparator().length()) {
            case 0:
                return new char[]{password};
            case 1:
                char charAt = getPassPhraseSeparator().charAt(0);
                ArrayList arrayList = new ArrayList();
                int i = 0;
                for (int i2 = 0; i2 <= password.length; i2++) {
                    if (i2 == password.length || password[i2] == charAt) {
                        char[] cArr = new char[i2 - i];
                        System.arraycopy(password, i, cArr, 0, cArr.length);
                        arrayList.add(cArr);
                        i = i2 + 1;
                    }
                }
                return (char[][]) arrayList.toArray((Object[]) new char[arrayList.size()]);
            default:
                throw log(new InvalidPropertyException("A pass phrase separator must be one character long: '" + getPassPhraseSeparator() + "'"), true);
        }
    }

    public String getKeyStoreType() {
        return this.keyStoreType;
    }

    public void setKeyStoreType(String str) {
        this.keyStoreType = str;
    }

    public String getPassPhraseSeparator() {
        return this.passPhraseSeparator;
    }

    public void setPassPhraseSeparator(String str) {
        this.passPhraseSeparator = str;
    }

    public String getConnectionType() {
        if (this.connectionType == null) {
            return null;
        }
        return this.connectionType.name();
    }

    public void setConnectionType(String str) {
        this.connectionType = str == null ? null : ConnectionType.valueOf(str.toUpperCase());
    }

    public String getAlgorithm() {
        return this.algorithm;
    }

    public void setAlgorithm(String str) {
        this.algorithm = str;
    }

    public boolean isRevocationEnabled() {
        return this.revocationEnabled;
    }

    public void setRevocationEnabled(boolean z) {
        this.revocationEnabled = z;
    }

    protected ManagedConnection newManagedConnection(Subject subject, ConnectionRequestInfo connectionRequestInfo) throws ResourceException {
        String userName;
        char[][] passPhrases;
        PasswordCredential passwordCredential = getPasswordCredential(subject);
        if (passwordCredential == null) {
            userName = null;
            passPhrases = NO_PASS_PHRASES;
        } else {
            userName = passwordCredential.getUserName();
            passPhrases = getPassPhrases(passwordCredential);
        }
        String keyStoreType = getKeyStoreType();
        String connectionURL = getConnectionURL();
        try {
            KeyStore keyStore = KeyStore.getInstance(keyStoreType);
            keyStore.load(new URL(connectionURL).openStream(), (passPhrases.length == 0 || passPhrases[0].length == 0) ? null : passPhrases[0]);
            if (this.connectionType != null) {
                switch (this.connectionType) {
                    case CERTIFICATE_VALIDATOR:
                        PKIXParameters pKIXParameters = new PKIXParameters(keyStore);
                        pKIXParameters.setRevocationEnabled(isRevocationEnabled());
                        log("Creating managed {0} connection with algorithm {1}", new Object[]{this.connectionType, getAlgorithm()});
                        return new ManagedKeyStoreConnection(this, this.connectionType, passwordCredential, pKIXParameters, getAlgorithm());
                    case CERTIFICATE_PROVIDER:
                    case SIGNATURE_VERIFIER:
                        if (passwordCredential == null) {
                            throw new ResourceException("Missing BasicPassword credential, which is required to determine the certificate alias");
                        }
                        if (userName == null) {
                            throw new ResourceException("Missing 'UserName' in BasicPassword credential, which is used as certificate alias");
                        }
                        log("Creating managed {0} connection for certificate with alias {1} and algorithm {2}", new Object[]{this.connectionType, userName, getAlgorithm()});
                        return new ManagedKeyStoreConnection(this, this.connectionType, passwordCredential, userName, keyStore.getCertificate(userName), null, getAlgorithm());
                    case SIGNATURE_PROVIDER:
                        if (passwordCredential == null) {
                            throw new ResourceException("Missing BasicPassword credential, which is required to determine the certificate and key alias");
                        }
                        if (userName == null) {
                            throw new ResourceException("Missing 'UserName' in UserName/Password credential, which is used as certificate and key alias");
                        }
                        log("Creating managed {0} connection for key with alias {1} and algorithm {2}", new Object[]{this.connectionType, userName, getAlgorithm()});
                        return new ManagedKeyStoreConnection(this, this.connectionType, passwordCredential, userName, keyStore.getCertificate(userName), keyStore.getKey(userName, passPhrases[1]), getAlgorithm());
                }
            }
            throw new ResourceException("Missing 'ConnectionType'");
        } catch (NoSuchAlgorithmException e) {
            throw log(new EISSystemException("Unable to to retrieve a " + this.connectionType + " with algorithm '" + getAlgorithm() + "'").initCause(e), true);
        } catch (ResourceException e2) {
            throw log(e2, true);
        } catch (MalformedURLException e3) {
            throw log((ResourceException) new InvalidPropertyException("Invalid key store URL  '" + connectionURL + "'").initCause(e3), true);
        } catch (IOException e4) {
            throw log((ResourceException) new CommException("Unable to load key store from " + connectionURL).initCause(e4), true);
        } catch (GeneralSecurityException e5) {
            throw log(new EISSystemException("Unable to load " + keyStoreType + " key store from " + connectionURL).initCause(e5), true);
        }
    }

    public boolean equals(Object obj) {
        return super.equals(obj);
    }

    public int hashCode() {
        return super.hashCode();
    }
}
