package xades4j.providers.impl;

import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import java.util.stream.Collectors;
import javax.security.auth.callback.PasswordCallback;
import xades4j.providers.KeyingDataProvider;
import xades4j.providers.SigningCertChainException;
import xades4j.providers.SigningKeyException;
import xades4j.verification.UnexpectedJCAException;

/* loaded from: input_file:xades4j/providers/impl/KeyStoreKeyingDataProvider.class */
public abstract class KeyStoreKeyingDataProvider implements KeyingDataProvider {
    private final KeyStoreBuilderCreator builderCreator;
    private final SigningCertificateSelector certificateSelector;
    private final KeyStorePasswordProvider storePasswordProvider;
    private final KeyEntryPasswordProvider entryPasswordProvider;
    private final boolean returnFullChain;
    private KeyStore keyStore;
    private final Object lockObj = new Object();
    private boolean initialized = false;

    /* loaded from: input_file:xades4j/providers/impl/KeyStoreKeyingDataProvider$KeyEntryPasswordProvider.class */
    public interface KeyEntryPasswordProvider {
        char[] getPassword(String str, X509Certificate x509Certificate);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:xades4j/providers/impl/KeyStoreKeyingDataProvider$KeyStoreBuilderCreator.class */
    public interface KeyStoreBuilderCreator {
        KeyStore.Builder getBuilder(KeyStore.ProtectionParameter protectionParameter);
    }

    /* loaded from: input_file:xades4j/providers/impl/KeyStoreKeyingDataProvider$KeyStorePasswordProvider.class */
    public interface KeyStorePasswordProvider {
        char[] getPassword();
    }

    /* loaded from: input_file:xades4j/providers/impl/KeyStoreKeyingDataProvider$SigningCertificateSelector.class */
    public interface SigningCertificateSelector {

        /* loaded from: input_file:xades4j/providers/impl/KeyStoreKeyingDataProvider$SigningCertificateSelector$Entry.class */
        public static class Entry {
            private final String alias;
            private final X509Certificate certificate;

            private Entry(String str, X509Certificate x509Certificate) {
                this.alias = str;
                this.certificate = x509Certificate;
            }

            public String getAlias() {
                return this.alias;
            }

            public X509Certificate getCertificate() {
                return this.certificate;
            }
        }

        Entry selectCertificate(List<Entry> list);

        static SigningCertificateSelector single() {
            return list -> {
                if (list.size() != 1) {
                    throw new IllegalStateException("Key store has more than one private key entry");
                }
                return (Entry) list.get(0);
            };
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyStoreKeyingDataProvider(KeyStoreBuilderCreator keyStoreBuilderCreator, SigningCertificateSelector signingCertificateSelector, KeyStorePasswordProvider keyStorePasswordProvider, KeyEntryPasswordProvider keyEntryPasswordProvider, boolean z) {
        this.builderCreator = keyStoreBuilderCreator;
        this.certificateSelector = signingCertificateSelector;
        this.storePasswordProvider = keyStorePasswordProvider;
        this.entryPasswordProvider = keyEntryPasswordProvider;
        this.returnFullChain = z;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v4, types: [boolean] */
    /* JADX WARN: Type inference failed for: r0v9, types: [xades4j.providers.impl.KeyStoreKeyingDataProvider] */
    private void ensureInitialized() throws UnexpectedJCAException {
        ?? r0 = this.lockObj;
        synchronized (r0) {
            r0 = this.initialized;
            if (r0 == 0) {
                try {
                    r0 = this;
                    r0.keyStore = this.builderCreator.getBuilder(this.storePasswordProvider != null ? new KeyStore.CallbackHandlerProtection(callbackArr -> {
                        ((PasswordCallback) callbackArr[0]).setPassword(this.storePasswordProvider.getPassword());
                    }) : new KeyStore.CallbackHandlerProtection(callbackArr2 -> {
                        throw new UnsupportedOperationException("No KeyStorePasswordProvider");
                    })).getKeyStore();
                    this.initialized = true;
                } catch (KeyStoreException e) {
                    throw new UnexpectedJCAException("The keystore couldn't be initialized", e);
                }
            }
        }
    }

    @Override // xades4j.providers.KeyingDataProvider
    public List<X509Certificate> getSigningCertificateChain() throws SigningCertChainException, UnexpectedJCAException {
        ensureInitialized();
        try {
            ArrayList arrayList = new ArrayList(this.keyStore.size());
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.keyStore.entryInstanceOf(nextElement, KeyStore.PrivateKeyEntry.class)) {
                    Certificate certificate = this.keyStore.getCertificate(nextElement);
                    if (certificate instanceof X509Certificate) {
                        arrayList.add(new SigningCertificateSelector.Entry(nextElement, (X509Certificate) certificate));
                    }
                }
            }
            if (arrayList.isEmpty()) {
                throw new SigningCertChainException("No certificates available in the key store");
            }
            Certificate[] certificateChain = this.keyStore.getCertificateChain(this.certificateSelector.selectCertificate(arrayList).getAlias());
            if (certificateChain == null) {
                throw new SigningCertChainException("Selected certificate doesn't match a key and corresponding certificate chain");
            }
            return this.returnFullChain ? (List) Arrays.stream(certificateChain).map(certificate2 -> {
                return (X509Certificate) certificate2;
            }).collect(Collectors.toList()) : Collections.singletonList((X509Certificate) certificateChain[0]);
        } catch (KeyStoreException e) {
            throw new UnexpectedJCAException(e.getMessage(), e);
        }
    }

    @Override // xades4j.providers.KeyingDataProvider
    public PrivateKey getSigningKey(X509Certificate x509Certificate) throws SigningKeyException, UnexpectedJCAException {
        ensureInitialized();
        try {
            String certificateAlias = this.keyStore.getCertificateAlias(x509Certificate);
            return ((KeyStore.PrivateKeyEntry) this.keyStore.getEntry(certificateAlias, getKeyProtection(certificateAlias, x509Certificate, this.entryPasswordProvider))).getPrivateKey();
        } catch (UnrecoverableKeyException e) {
            throw new SigningKeyException("Invalid key entry password", e);
        } catch (GeneralSecurityException e2) {
            throw new UnexpectedJCAException(e2.getMessage(), e2);
        }
    }

    protected abstract KeyStore.ProtectionParameter getKeyProtection(String str, X509Certificate x509Certificate, KeyEntryPasswordProvider keyEntryPasswordProvider);
}
