package org.opends.server.util;

import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.SortedSet;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import org.forgerock.i18n.LocalizableMessageDescriptor;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.opends.messages.ExtensionMessages;
import org.opends.server.types.PublicAPI;
import org.opends.server.types.StabilityLevel;

@PublicAPI(stability = StabilityLevel.UNCOMMITTED, mayInstantiate = true, mayExtend = false, mayInvoke = true)
/* loaded from: input_file:org/opends/server/util/SelectableCertificateKeyManager.class */
public final class SelectableCertificateKeyManager extends X509ExtendedKeyManager {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private final SortedSet<String> aliases;
    private final X509KeyManager keyManager;
    private final String componentName;

    private SelectableCertificateKeyManager(X509KeyManager x509KeyManager, SortedSet<String> sortedSet, String str) {
        this.keyManager = x509KeyManager;
        this.aliases = sortedSet;
        this.componentName = str;
    }

    private SelectableCertificateKeyManager(X509KeyManager x509KeyManager, String str) {
        this.keyManager = x509KeyManager;
        this.aliases = CollectionUtils.newTreeSet(str);
        this.componentName = "[unkown]";
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return findClientAlias(strArr, principalArr);
    }

    private String findClientAlias(String[] strArr, Principal[] principalArr) {
        for (String str : strArr) {
            String findAlias = findAlias(this.keyManager.getClientAliases(str, principalArr));
            if (findAlias != null) {
                return findAlias;
            }
        }
        logger.debug((LocalizableMessageDescriptor.Arg3<LocalizableMessageDescriptor.Arg3<Object, Object, Object>, String, String>) ExtensionMessages.INFO_MISSING_KEY_TYPE_IN_ALIASES, (LocalizableMessageDescriptor.Arg3<Object, Object, Object>) this.componentName, this.aliases.toString(), Arrays.toString(strArr));
        return null;
    }

    private String findAlias(String[] strArr) {
        if (strArr == null) {
            return null;
        }
        for (String str : strArr) {
            Iterator<String> it = this.aliases.iterator();
            while (it.hasNext()) {
                if (it.next().equalsIgnoreCase(str)) {
                    return str;
                }
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return findClientAlias(strArr, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return findServerAlias(new String[]{str}, principalArr);
    }

    private String findServerAlias(String[] strArr, Principal[] principalArr) {
        for (String str : strArr) {
            String findAlias = findAlias(this.keyManager.getServerAliases(str, principalArr));
            if (findAlias != null) {
                return findAlias;
            }
        }
        logger.debug((LocalizableMessageDescriptor.Arg3<LocalizableMessageDescriptor.Arg3<Object, Object, Object>, String, String>) ExtensionMessages.INFO_MISSING_KEY_TYPE_IN_ALIASES, (LocalizableMessageDescriptor.Arg3<Object, Object, Object>) this.componentName, this.aliases.toString(), Arrays.toString(strArr));
        return null;
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return findServerAlias(new String[]{str}, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        return this.keyManager.getCertificateChain(str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return this.keyManager.getClientAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        return this.keyManager.getPrivateKey(str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return this.keyManager.getServerAliases(str, principalArr);
    }

    public static KeyManager[] wrap(KeyManager[] keyManagerArr, SortedSet<String> sortedSet, String str) {
        KeyManager[] keyManagerArr2 = new KeyManager[keyManagerArr.length];
        for (int i = 0; i < keyManagerArr.length; i++) {
            keyManagerArr2[i] = new SelectableCertificateKeyManager((X509KeyManager) keyManagerArr[i], sortedSet, str);
        }
        return keyManagerArr2;
    }

    public static KeyManager[] wrap(KeyManager[] keyManagerArr, SortedSet<String> sortedSet) {
        return wrap(keyManagerArr, sortedSet, "[unknown]");
    }
}
