package org.apache.tsik.xmlenc;

import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import org.apache.tsik.datatypes.HashedByteArray;
import org.apache.tsik.xmlsig.KeyInfo;

/* loaded from: input_file:org/apache/tsik/xmlenc/X509KeyResolver.class */
public class X509KeyResolver implements KeyResolver {
    private Map bySki;
    private Map byCert;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/tsik/xmlenc/X509KeyResolver$Info.class */
    public static class Info {
        private X509Certificate[] chain;
        private Key key;

        Info(Key key, X509Certificate[] x509CertificateArr) {
            this.key = key;
            this.chain = x509CertificateArr;
        }

        final X509Certificate[] getChain() {
            return this.chain;
        }

        final Key getKey() {
            return this.key;
        }
    }

    public X509KeyResolver(boolean z) {
        this.bySki = new HashMap();
        this.byCert = new HashMap();
        if (z) {
            this.bySki = Collections.synchronizedMap(this.bySki);
            this.byCert = Collections.synchronizedMap(this.byCert);
        }
    }

    public void putCertificate(X509Certificate x509Certificate) throws GeneralSecurityException {
        put(x509Certificate, new Info(null, new X509Certificate[]{x509Certificate}));
    }

    public void putKey(Key key, X509Certificate[] x509CertificateArr) throws GeneralSecurityException {
        put(x509CertificateArr[0], new Info(key, x509CertificateArr));
    }

    private void put(X509Certificate x509Certificate, Info info) throws GeneralSecurityException {
        byte[] sKIExtension = KeyInfo.getSKIExtension(x509Certificate);
        if (sKIExtension != null) {
            HashedByteArray hashedByteArray = new HashedByteArray(sKIExtension);
            if (!this.bySki.containsKey(hashedByteArray)) {
                this.bySki.put(hashedByteArray, info);
            } else if (((Info) this.bySki.get(hashedByteArray)).key == null || info.key != null) {
                this.bySki.put(hashedByteArray, info);
            }
        }
        this.byCert.put(new HashedByteArray(x509Certificate.getEncoded()), info);
    }

    public boolean putKey(KeyStore keyStore, String str, char[] cArr) throws GeneralSecurityException {
        Certificate[] certificateChain;
        Key key = keyStore.getKey(str, cArr);
        if (key == null || (certificateChain = keyStore.getCertificateChain(str)) == null || certificateChain.length <= 0) {
            return false;
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
        System.arraycopy(certificateChain, 0, x509CertificateArr, 0, certificateChain.length);
        putKey(key, x509CertificateArr);
        return true;
    }

    public void putAllKeys(KeyStore keyStore, char[] cArr) throws GeneralSecurityException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isKeyEntry(nextElement)) {
                putKey(keyStore, nextElement, cArr);
            }
        }
    }

    public boolean putCertificate(KeyStore keyStore, String str) throws GeneralSecurityException {
        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str);
        if (x509Certificate == null) {
            return false;
        }
        putCertificate(x509Certificate);
        return true;
    }

    public void putAllCertificates(KeyStore keyStore) throws GeneralSecurityException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                putCertificate(keyStore, nextElement);
            }
        }
    }

    @Override // org.apache.tsik.xmlenc.KeyResolver
    public Key resolve(KeyInfo keyInfo) {
        X509Certificate certificate;
        Info info = null;
        byte[] keyIdentifier = keyInfo.getKeyIdentifier();
        if (keyIdentifier != null) {
            info = (Info) this.bySki.get(new HashedByteArray(keyIdentifier));
        }
        if (info == null && (certificate = keyInfo.getCertificate()) != null) {
            try {
                info = (Info) this.byCert.get(new HashedByteArray(certificate.getEncoded()));
            } catch (Exception e) {
            }
        }
        if (info == null) {
            return null;
        }
        if (keyInfo.getCertificateChain() == null) {
            keyInfo.setCertificateChain(info.getChain());
        }
        return info.getKey();
    }
}
