package org.openziti.identity;

import java.net.URI;
import java.net.URLDecoder;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Iterator;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.sequences.SequencesKt;
import kotlin.text.Charsets;
import org.jetbrains.annotations.NotNull;
import org.openziti.util.AliasKeyManager;

/* compiled from: Identity.kt */
@Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��,\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0010\u0019\n\u0002\b\u0004\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\b��\u0018��2\u00020\u0001B\u001f\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\b\b\u0002\u0010\u0006\u001a\u00020\u0007¢\u0006\u0002\u0010\bJ\b\u0010\t\u001a\u00020\u0005H\u0016J\b\u0010\n\u001a\u00020\u0005H\u0016J\b\u0010\u000f\u001a\u00020\fH\u0016J\b\u0010\u0010\u001a\u00020\u000eH\u0016R\u000e\u0010\t\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\n\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u000b\u001a\u00020\fX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\r\u001a\u00020\u000eX\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0011"}, d2 = {"Lorg/openziti/identity/KeyStoreIdentity;", "Lorg/openziti/identity/Identity;", "ks", "Ljava/security/KeyStore;", "alias", "", "pw", "", "(Ljava/security/KeyStore;Ljava/lang/String;[C)V", "controller", "name", "ssl", "Ljavax/net/ssl/SSLContext;", "tm", "Ljavax/net/ssl/X509TrustManager;", "sslContext", "trustManager", "ziti"})
@SourceDebugExtension({"SMAP\nIdentity.kt\nKotlin\n*S Kotlin\n*F\n+ 1 Identity.kt\norg/openziti/identity/KeyStoreIdentity\n+ 2 fake.kt\nkotlin/jvm/internal/FakeKt\n*L\n1#1,78:1\n1#2:79\n*E\n"})
/* loaded from: input_file:org/openziti/identity/KeyStoreIdentity.class */
public final class KeyStoreIdentity implements Identity {

    @NotNull
    private final KeyStore ks;

    @NotNull
    private final String controller;

    @NotNull
    private final String name;

    @NotNull
    private final SSLContext ssl;

    @NotNull
    private final X509TrustManager tm;

    public KeyStoreIdentity(@NotNull KeyStore keyStore, @NotNull String str, @NotNull char[] cArr) {
        Object obj;
        Intrinsics.checkNotNullParameter(keyStore, "ks");
        Intrinsics.checkNotNullParameter(str, "alias");
        Intrinsics.checkNotNullParameter(cArr, "pw");
        this.ks = keyStore;
        if (!this.ks.isKeyEntry(str)) {
            throw new IllegalStateException("alias entry is not of correct type".toString());
        }
        URI create = URI.create(str);
        this.controller = "https://" + create.getHost() + ":" + create.getPort();
        String rawPath = create.getRawPath();
        Intrinsics.checkNotNullExpressionValue(rawPath, "getRawPath(...)");
        String substring = rawPath.substring(1);
        Intrinsics.checkNotNullExpressionValue(substring, "substring(...)");
        String decode = URLDecoder.decode(substring, Charsets.UTF_8.name());
        Intrinsics.checkNotNullExpressionValue(decode, "decode(...)");
        this.name = decode;
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(this.ks, cArr);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        Enumeration<String> aliases = this.ks.aliases();
        Intrinsics.checkNotNullExpressionValue(aliases, "aliases(...)");
        Iterator it = SequencesKt.asSequence(CollectionsKt.iterator(aliases)).iterator();
        while (true) {
            if (!it.hasNext()) {
                obj = null;
                break;
            }
            Object next = it.next();
            if (this.ks.isCertificateEntry((String) next)) {
                obj = next;
                break;
            }
        }
        if (((String) obj) != null) {
            trustManagerFactory.init(this.ks);
        } else {
            trustManagerFactory.init((KeyStore) null);
        }
        TrustManager trustManager = trustManagerFactory.getTrustManagers()[0];
        Intrinsics.checkNotNull(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
        this.tm = (X509TrustManager) trustManager;
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        AliasKeyManager.Companion companion = AliasKeyManager.Companion;
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        Intrinsics.checkNotNullExpressionValue(keyManagers, "getKeyManagers(...)");
        sSLContext.init(companion.from(str, keyManagers), trustManagerFactory.getTrustManagers(), new SecureRandom());
        Intrinsics.checkNotNullExpressionValue(sSLContext, "apply(...)");
        this.ssl = sSLContext;
    }

    public /* synthetic */ KeyStoreIdentity(KeyStore keyStore, String str, char[] cArr, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this(keyStore, str, (i & 4) != 0 ? new char[0] : cArr);
    }

    @Override // org.openziti.identity.Identity
    @NotNull
    public String controller() {
        return this.controller;
    }

    @Override // org.openziti.identity.Identity
    @NotNull
    public String name() {
        return this.name;
    }

    @Override // org.openziti.identity.Identity
    @NotNull
    public SSLContext sslContext() {
        return this.ssl;
    }

    @Override // org.openziti.identity.Identity
    @NotNull
    public X509TrustManager trustManager() {
        return this.tm;
    }
}
