package net.savignano.cryptography.util;

import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.AbstractMap;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import javax.security.auth.Destroyable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/savignano/cryptography/util/KeyStoreContentFetcher.class */
public class KeyStoreContentFetcher implements Destroyable {
    private static final Logger log = LoggerFactory.getLogger(KeyStoreContentFetcher.class);
    private KeyStore keyStore;
    private char[] password;

    public KeyStoreContentFetcher(KeyStore keyStore) {
        this.keyStore = keyStore;
        if (keyStore == null) {
            throw new IllegalArgumentException("Key Store must not be null.");
        }
    }

    public void keyPassword(char[] cArr) {
        this.password = cArr == null ? null : Arrays.copyOf(cArr, cArr.length);
    }

    public Optional<X509Certificate> getCertFor(Predicate<X509Certificate> predicate) throws KeyStoreException {
        if (predicate == null) {
            return Optional.empty();
        }
        Set<X509Certificate> certsFor = getCertsFor(predicate, true);
        return certsFor.isEmpty() ? Optional.empty() : Optional.of(certsFor.iterator().next());
    }

    public Set<X509Certificate> getCertsFor(Predicate<X509Certificate> predicate) throws KeyStoreException {
        return predicate == null ? Collections.emptySet() : getCertsFor(predicate, false);
    }

    public Optional<PrivateKey> getPrivateKeyFor(Predicate<X509Certificate> predicate) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        if (predicate == null) {
            return Optional.empty();
        }
        Set<Map.Entry<X509Certificate, PrivateKey>> entriesFor = getEntriesFor(predicate, true);
        return entriesFor.isEmpty() ? Optional.empty() : Optional.ofNullable(entriesFor.iterator().next().getValue());
    }

    public Set<PrivateKey> getPrivateKeysFor(Predicate<X509Certificate> predicate) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        return predicate == null ? Collections.emptySet() : (Set) getEntriesFor(predicate, false).stream().map(entry -> {
            return (PrivateKey) entry.getValue();
        }).filter(privateKey -> {
            return privateKey != null;
        }).collect(Collectors.toSet());
    }

    public Optional<Map.Entry<X509Certificate, PrivateKey>> getEntryFor(Predicate<X509Certificate> predicate) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        if (predicate == null) {
            return Optional.empty();
        }
        Set<Map.Entry<X509Certificate, PrivateKey>> entriesFor = getEntriesFor(predicate, true);
        return entriesFor.isEmpty() ? Optional.empty() : Optional.of(entriesFor.iterator().next());
    }

    public Set<Map.Entry<X509Certificate, PrivateKey>> getEntriesFor(Predicate<X509Certificate> predicate) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        return predicate == null ? Collections.emptySet() : getEntriesFor(predicate, false);
    }

    private Set<X509Certificate> getCertsFor(Predicate<X509Certificate> predicate, boolean z) throws KeyStoreException {
        log.trace("Checking key store with {} entries.", Integer.valueOf(this.keyStore.size()));
        HashSet hashSet = new HashSet(z ? 1 : 5);
        Enumeration<String> aliases = this.keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            log.trace("Checking alias: {}", nextElement);
            X509Certificate certForAlias = getCertForAlias(nextElement);
            if (certForAlias != null && predicate.test(certForAlias)) {
                hashSet.add(certForAlias);
                if (z) {
                    break;
                }
            }
        }
        return hashSet;
    }

    private Set<Map.Entry<X509Certificate, PrivateKey>> getEntriesFor(Predicate<X509Certificate> predicate, boolean z) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        log.trace("Checking key store with {} entries.", Integer.valueOf(this.keyStore.size()));
        HashSet hashSet = new HashSet(z ? 1 : 5);
        Enumeration<String> aliases = this.keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (this.keyStore.isKeyEntry(nextElement)) {
                log.trace("Checking alias: {}", nextElement);
                X509Certificate certForAlias = getCertForAlias(nextElement);
                if (certForAlias != null && predicate.test(certForAlias)) {
                    Key key = this.keyStore.getKey(nextElement, this.password);
                    if (key instanceof PrivateKey) {
                        hashSet.add(new AbstractMap.SimpleEntry(certForAlias, (PrivateKey) key));
                        if (z) {
                            break;
                        }
                    } else {
                        log.warn("Private key for alias \"{}\" is not the expected type. Encountered class: {}", nextElement, key == null ? null : key.getClass());
                    }
                }
            }
        }
        return hashSet;
    }

    private X509Certificate getCertForAlias(String str) throws KeyStoreException {
        Certificate certificate = this.keyStore.getCertificate(str);
        if (certificate == null || (certificate instanceof X509Certificate)) {
            return (X509Certificate) certificate;
        }
        log.warn("Certificate found for alias \"{}\" is not a X509Certificate. It cannot be used. Found certificate: {}", str, certificate);
        return null;
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() {
        this.keyStore = null;
        SecurityUtil.clearPassword(this.password);
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return this.keyStore == null;
    }
}
