package mitm.common.security;

import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertSelector;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashSet;
import mitm.common.security.certificate.X509CertificateInspector;
import mitm.common.security.certstore.CertificateAlreadyExistsException;
import mitm.common.security.certstore.Expired;
import mitm.common.security.certstore.MissingKeyAlias;
import mitm.common.security.certstore.X509CertStoreEntry;
import mitm.common.security.certstore.X509CertStoreExt;
import mitm.common.security.certstore.X509StoreEventListener;
import mitm.common.security.password.PasswordException;
import mitm.common.security.password.PasswordProvider;
import mitm.common.util.Check;
import mitm.common.util.CloseableIterator;
import mitm.common.util.CloseableIteratorException;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class KeyAndCertStoreImpl implements KeyAndCertStore {
    private static Logger logger = LoggerFactory.getLogger((Class<?>) KeyAndCertStoreImpl.class);
    private final X509CertStoreExt certStore;
    private final KeyStore keyStore;
    private final PasswordProvider passwordProvider;

    public KeyAndCertStoreImpl(X509CertStoreExt x509CertStoreExt, KeyStore keyStore, PasswordProvider passwordProvider) {
        Check.notNull(x509CertStoreExt, "certStore");
        this.certStore = x509CertStoreExt;
        this.keyStore = keyStore;
        this.passwordProvider = passwordProvider;
    }

    private char[] getPassword() throws KeyStoreException {
        try {
            PasswordProvider passwordProvider = this.passwordProvider;
            if (passwordProvider != null) {
                return passwordProvider.getPassword();
            }
            return null;
        } catch (PasswordException e) {
            throw new KeyStoreException("Error getting password from passwordProvider", e);
        }
    }

    private PrivateKey getPrivateKey(X509CertStoreEntry x509CertStoreEntry) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException {
        if (this.keyStore == null) {
            logger.warn("keyStore is null.");
            return null;
        }
        if (x509CertStoreEntry == null) {
            return null;
        }
        String keyAlias = x509CertStoreEntry.getKeyAlias();
        if (keyAlias == null) {
            logger.debug("keyAlias is null.");
            return null;
        }
        Key key = this.keyStore.getKey(keyAlias, getPassword());
        if (key instanceof PrivateKey) {
            return (PrivateKey) key;
        }
        if (key != null) {
            logger.warn("Key with alias '" + keyAlias + "' is not a private key. Skipping this key.");
            return null;
        }
        logger.warn("Key with alias '" + keyAlias + "' does not exist. Skipping this key.");
        return null;
    }

    @Override // mitm.common.security.certstore.X509CertStoreExt
    public X509CertStoreEntry addCertificate(X509Certificate x509Certificate) throws CertStoreException, CertificateAlreadyExistsException {
        return this.certStore.addCertificate(x509Certificate);
    }

    @Override // mitm.common.security.certstore.X509CertStoreExt
    public X509CertStoreEntry addCertificate(X509Certificate x509Certificate, String str) throws CertStoreException, CertificateAlreadyExistsException {
        return this.certStore.addCertificate(x509Certificate, str);
    }

    @Override // mitm.common.security.KeyAndCertStore
    public boolean addKeyAndCertificate(KeyAndCertificate keyAndCertificate) throws CertStoreException, KeyStoreException {
        String str;
        Check.notNull(keyAndCertificate, "keyAndCertificate");
        X509Certificate certificate = keyAndCertificate.getCertificate();
        PrivateKey privateKey = keyAndCertificate.getPrivateKey();
        Check.notNull(certificate, "certificate");
        if (logger.isDebugEnabled()) {
            logger.debug("Adding KeyAndCertificate: {}", certificate);
        }
        if (this.keyStore == null || privateKey == null) {
            str = null;
        } else {
            try {
                str = X509CertificateInspector.getThumbprint(certificate);
                if (logger.isDebugEnabled()) {
                    logger.debug("Setting Key entry with alias: {}", str);
                }
                this.keyStore.setKeyEntry(str, privateKey, getPassword(), new Certificate[]{certificate});
            } catch (NoSuchAlgorithmException e) {
                throw new CertStoreException(e);
            } catch (NoSuchProviderException e2) {
                throw new CertStoreException(e2);
            } catch (CertificateEncodingException e3) {
                throw new CertStoreException(e3);
            }
        }
        X509CertStoreEntry byCertificate = this.certStore.getByCertificate(keyAndCertificate.getCertificate());
        if (byCertificate == null) {
            this.certStore.addCertificate(certificate, str);
        } else {
            if (str == null || str.equals(byCertificate.getKeyAlias())) {
                return false;
            }
            byCertificate.setKeyAlias(str);
            this.certStore.update(byCertificate);
        }
        return true;
    }

    @Override // mitm.common.security.certstore.X509CertStoreExt
    public boolean contains(X509Certificate x509Certificate) throws CertStoreException {
        return this.certStore.contains(x509Certificate);
    }

    @Override // mitm.common.security.certstore.X509CertStoreExt
    public X509CertStoreEntry getByCertificate(X509Certificate x509Certificate) throws CertStoreException {
        return this.certStore.getByCertificate(x509Certificate);
    }

    @Override // mitm.common.security.certstore.X509CertStoreExt
    public CloseableIterator<? extends X509CertStoreEntry> getByEmail(String str, Expired expired, MissingKeyAlias missingKeyAlias, Integer num, Integer num2) throws CertStoreException {
        return this.certStore.getByEmail(str, expired, missingKeyAlias, num, num2);
    }

    @Override // mitm.common.security.certstore.X509CertStoreExt
    public X509CertStoreEntry getByThumbprint(String str) throws CertStoreException {
        return this.certStore.getByThumbprint(str);
    }

    @Override // mitm.common.security.certstore.X509CertStoreExt
    public CloseableIterator<? extends X509CertStoreEntry> getCertStoreIterator(CertSelector certSelector, MissingKeyAlias missingKeyAlias, Integer num, Integer num2) throws CertStoreException {
        return this.certStore.getCertStoreIterator(certSelector, missingKeyAlias, num, num2);
    }

    @Override // mitm.common.security.certstore.X509CertStoreExt, mitm.common.security.certstore.X509BasicCertStore, mitm.common.security.certstore.BasicCertStore
    public CloseableIterator<X509Certificate> getCertificateIterator(CertSelector certSelector) throws CertStoreException {
        return this.certStore.getCertificateIterator(certSelector);
    }

    @Override // mitm.common.security.certstore.X509CertStoreExt, mitm.common.security.certstore.X509BasicCertStore, mitm.common.security.certstore.BasicCertStore
    public Collection<X509Certificate> getCertificates(CertSelector certSelector) throws CertStoreException {
        return this.certStore.getCertificates(certSelector);
    }

    @Override // mitm.common.security.KeyAndCertStore
    public KeyAndCertificate getKeyAndCertificate(X509CertStoreEntry x509CertStoreEntry) throws CertStoreException, KeyStoreException {
        if (x509CertStoreEntry == null) {
            return null;
        }
        try {
            return new KeyAndCertificateImpl(getPrivateKey(x509CertStoreEntry), x509CertStoreEntry.getCertificate());
        } catch (NoSuchAlgorithmException e) {
            throw new KeyStoreException(e);
        } catch (UnrecoverableKeyException e2) {
            throw new KeyStoreException(e2);
        }
    }

    @Override // mitm.common.security.KeyAndCertStore, mitm.common.security.keystore.BasicKeyStore
    public Collection<? extends PrivateKey> getMatchingKeys(KeyIdentifier keyIdentifier) throws KeyStoreException {
        return getMatchingKeys(keyIdentifier, null, null);
    }

    @Override // mitm.common.security.KeyAndCertStore
    public Collection<? extends PrivateKey> getMatchingKeys(KeyIdentifier keyIdentifier, Integer num, Integer num2) throws KeyStoreException {
        CertSelector certSelector;
        HashSet hashSet = new HashSet();
        if (keyIdentifier == null) {
            logger.debug("null keyIdentifier.");
            return hashSet;
        }
        try {
            if (keyIdentifier instanceof CertSelectorKeyIdentifier) {
                certSelector = ((CertSelectorKeyIdentifier) keyIdentifier).getSelector();
            } else {
                logger.warn("Unsupported KeyIdentifier '" + keyIdentifier.getClass().getCanonicalName() + "'");
                certSelector = null;
            }
            CloseableIterator<? extends X509CertStoreEntry> certStoreIterator = this.certStore.getCertStoreIterator(certSelector, MissingKeyAlias.NOT_ALLOWED, num, num2);
            while (certStoreIterator.hasNext()) {
                try {
                    PrivateKey privateKey = getPrivateKey(certStoreIterator.next());
                    if (privateKey != null) {
                        hashSet.add(privateKey);
                    }
                } finally {
                    certStoreIterator.close();
                }
            }
            return hashSet;
        } catch (IOException e) {
            throw new KeyStoreException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new KeyStoreException(e2);
        } catch (UnrecoverableKeyException e3) {
            throw new KeyStoreException(e3);
        } catch (CertStoreException e4) {
            throw new KeyStoreException(e4);
        } catch (CloseableIteratorException e5) {
            throw new KeyStoreException(e5);
        }
    }

    @Override // mitm.common.security.certstore.X509CertStoreExt
    public void removeAllEntries() throws CertStoreException {
        this.certStore.removeAllEntries();
        KeyStore keyStore = this.keyStore;
        if (keyStore != null) {
            try {
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    this.keyStore.deleteEntry(aliases.nextElement());
                }
            } catch (KeyStoreException e) {
                throw new CertStoreException(e);
            }
        }
    }

    @Override // mitm.common.security.certstore.X509CertStoreExt
    public void removeCertificate(X509Certificate x509Certificate) throws CertStoreException {
        if (logger.isDebugEnabled()) {
            logger.debug("Removing certificate: {}", x509Certificate);
        }
        X509CertStoreEntry byCertificate = getByCertificate(x509Certificate);
        if (byCertificate == null) {
            throw new CertStoreException("CertStore entry not found.");
        }
        if (this.keyStore != null && byCertificate.getKeyAlias() != null) {
            if (logger.isDebugEnabled()) {
                logger.debug("Deleting associated key with alias: {}", byCertificate.getKeyAlias());
            }
            try {
                this.keyStore.deleteEntry(byCertificate.getKeyAlias());
            } catch (KeyStoreException e) {
                logger.error("Unable to remove associated key for certificate: " + x509Certificate, (Throwable) e);
            }
        }
        this.certStore.removeCertificate(x509Certificate);
    }

    @Override // mitm.common.security.certstore.X509CertStoreExt
    public CloseableIterator<? extends X509CertStoreEntry> searchBySubject(String str, Expired expired, MissingKeyAlias missingKeyAlias, Integer num, Integer num2) throws CertStoreException {
        return this.certStore.searchBySubject(str, expired, missingKeyAlias, num, num2);
    }

    @Override // mitm.common.security.certstore.X509CertStoreExt
    public void setStoreEventListener(X509StoreEventListener x509StoreEventListener) {
        this.certStore.setStoreEventListener(x509StoreEventListener);
    }

    @Override // mitm.common.security.certstore.X509CertStoreExt
    public int size() throws CertStoreException {
        return this.certStore.size();
    }

    @Override // mitm.common.security.KeyAndCertStore
    public void sync(SyncMode syncMode) throws KeyStoreException, CertStoreException {
        if (this.keyStore == null) {
            logger.warn("keyStore is null.");
            return;
        }
        if (syncMode == SyncMode.CERT_STORE || syncMode == SyncMode.ALL) {
            logger.info("Syncing Key store --> Certificate store");
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate certificate = this.keyStore.getCertificate(nextElement);
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    try {
                        String str = this.keyStore.isKeyEntry(nextElement) ? nextElement : null;
                        X509CertStoreEntry byCertificate = getByCertificate(x509Certificate);
                        if (byCertificate == null) {
                            logger.info("Adding certificate with thumbprint {} and key alias: {}", X509CertificateInspector.getThumbprint(certificate), str);
                            addCertificate(x509Certificate, str);
                        } else if (!StringUtils.equals(byCertificate.getKeyAlias(), str)) {
                            logger.info("Certificate with thumbprint {} already exist. Setting new key alias: {}", X509CertificateInspector.getThumbprint(certificate), str);
                            byCertificate.setKeyAlias(str);
                            this.certStore.update(byCertificate);
                        }
                    } catch (Exception e) {
                        logger.error("Error syncing the item with alias: " + nextElement, (Throwable) e);
                    }
                }
            }
        }
        if (syncMode == SyncMode.KEY_STORE || syncMode == SyncMode.ALL) {
            logger.info("Syncing Certificate store --> Key store");
            CloseableIterator<? extends X509CertStoreEntry> certStoreIterator = this.certStore.getCertStoreIterator(null, MissingKeyAlias.NOT_ALLOWED, null, null);
            while (certStoreIterator.hasNext()) {
                try {
                    try {
                        X509CertStoreEntry next = certStoreIterator.next();
                        String keyAlias = next.getKeyAlias();
                        if (keyAlias != null && !this.keyStore.isKeyEntry(keyAlias)) {
                            logger.warn("Key with alias {} cannot be found. Removing key alias.", keyAlias);
                            next.setKeyAlias(null);
                            this.certStore.update(next);
                        }
                    } catch (CloseableIteratorException e2) {
                        throw new CertStoreException(e2);
                    }
                } finally {
                    certStoreIterator.close();
                }
            }
        }
        logger.info("Syncing finished");
    }

    @Override // mitm.common.security.certstore.X509CertStoreExt
    public void update(X509CertStoreEntry x509CertStoreEntry) throws CertStoreException {
        this.certStore.update(x509CertStoreEntry);
    }
}
