package org.n52.security.common.crypto;

import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;

/* loaded from: input_file:org/n52/security/common/crypto/KeystoreKeyPairProvider.class */
public class KeystoreKeyPairProvider implements KeyPairProvider {
    private KeyStore m_keyStore;

    public KeystoreKeyPairProvider(KeyStore keyStore) {
        this.m_keyStore = keyStore;
    }

    public KeystoreKeyPairProvider(String str, InputStream inputStream, char[] cArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(inputStream, cArr);
            this.m_keyStore = keyStore;
        } catch (IOException e) {
            throw new KeyPairResolvingException("Keystore type could not be loaded", e);
        } catch (KeyStoreException e2) {
            throw new KeyPairResolvingException("Keystore type <" + str + "> not provided", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new KeyPairResolvingException("Certificate or key encryption algorithm not supported", e3);
        } catch (CertificateException e4) {
            throw new KeyPairResolvingException("Certificate could not be loaded", e4);
        }
    }

    public KeyStore getKeyStore() {
        return this.m_keyStore;
    }

    @Override // org.n52.security.common.crypto.KeyPairProvider
    public KeyPair resolveByAlias(String str, char[] cArr) throws KeyPairResolvingException {
        try {
            DefaultKeyPair defaultKeyPair = new DefaultKeyPair();
            defaultKeyPair.setAlias(str == null ? "" : str);
            KeyStore keyStore = getKeyStore();
            if (cArr != null && keyStore.isKeyEntry(str)) {
                try {
                    defaultKeyPair.setPrivateKey(keyStore.getKey(str, cArr));
                } catch (NoSuchAlgorithmException e) {
                    throw new KeyPairResolvingException("Private key cannot be loaded", e);
                } catch (UnrecoverableKeyException e2) {
                    throw new KeyPairResolvingException("Private key cannot be recovered (wrong password)", e2);
                }
            }
            if (keyStore.isKeyEntry(str) || keyStore.isCertificateEntry(str)) {
                defaultKeyPair.setCertificate(keyStore.getCertificate(str));
                defaultKeyPair.setCertificateChain(keyStore.getCertificateChain(str));
            }
            if (defaultKeyPair.isPrivateKeySet() || defaultKeyPair.isPublicKeySet()) {
                return defaultKeyPair;
            }
            throw new KeyPairResolvingException("Key pair with alias <" + str + "> can't be found");
        } catch (KeyStoreException e3) {
            throw new KeyPairResolvingException("Keystore not accessible", e3);
        }
    }

    @Override // org.n52.security.common.crypto.KeyPairProvider
    public KeyPair resolveBySerialIssuer(String str, BigInteger bigInteger, char[] cArr) throws KeyPairResolvingException {
        KeyStore keyStore = getKeyStore();
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement)) {
                    Certificate certificate = keyStore.getCertificate(nextElement);
                    if ((certificate instanceof X509Certificate) && equalIssuerDN(((X509Certificate) certificate).getIssuerDN(), str) && ((X509Certificate) certificate).getSerialNumber().equals(bigInteger)) {
                        return resolveByAlias(nextElement, cArr);
                    }
                }
            }
            throw new KeyPairResolvingException("KeyPair for IssuerDN <" + str + "> and serial <" + bigInteger + "> not found");
        } catch (KeyStoreException e) {
            throw new KeyPairResolvingException("Keystore not accessible", e);
        }
    }

    @Override // org.n52.security.common.crypto.KeyPairProvider
    public KeyPair resolveByCertificate(Certificate certificate, char[] cArr) throws KeyPairResolvingException {
        try {
            return resolveByAlias(getKeyStore().getCertificateAlias(certificate), cArr);
        } catch (KeyStoreException e) {
            throw new KeyPairResolvingException("Certificate not found in keystore", e);
        }
    }

    private boolean equalIssuerDN(Principal principal, String str) {
        return new X509Name(principal.getName()).equals(new X509Name(str));
    }
}
