package net.jini.jeri.ssl;

import java.math.BigInteger;
import java.security.Key;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import javax.security.auth.x500.X500PrivateCredential;
import net.jini.security.Security;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:net/jini/jeri/ssl/SubjectCredentials.class */
public class SubjectCredentials extends Utilities {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/jini/jeri/ssl/SubjectCredentials$CertificateMatcher.class */
    public static class CertificateMatcher {
        private final BigInteger serialNumber;
        private final String issuerName;

        static CertificateMatcher create(String str) {
            int indexOf;
            if (str == null || (indexOf = str.indexOf(64)) < 0) {
                return null;
            }
            try {
                return new CertificateMatcher(new BigInteger(str.substring(0, indexOf), 16), str.substring(indexOf + 1));
            } catch (NumberFormatException e) {
                return null;
            }
        }

        private CertificateMatcher(BigInteger bigInteger, String str) {
            this.serialNumber = bigInteger;
            this.issuerName = str;
        }

        static String getName(X509Certificate x509Certificate) {
            return x509Certificate.getSerialNumber().toString(16) + "@" + getIssuerName(x509Certificate);
        }

        boolean matches(X509Certificate x509Certificate) {
            return x509Certificate.getSerialNumber().equals(this.serialNumber) && getIssuerName(x509Certificate).equals(this.issuerName);
        }

        private static String getIssuerName(X509Certificate x509Certificate) {
            return x509Certificate.getIssuerX500Principal().getName("CANONICAL");
        }
    }

    /* loaded from: input_file:net/jini/jeri/ssl/SubjectCredentials$GetAllPrivateCredentialsAction.class */
    static class GetAllPrivateCredentialsAction implements PrivilegedAction {
        private final Subject subject;

        /* JADX INFO: Access modifiers changed from: package-private */
        public GetAllPrivateCredentialsAction(Subject subject) {
            this.subject = subject;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            Set<Object> privateCredentials = this.subject.getPrivateCredentials();
            ArrayList arrayList = new ArrayList(privateCredentials.size());
            synchronized (privateCredentials) {
                for (Object obj : privateCredentials) {
                    if (obj instanceof X500PrivateCredential) {
                        arrayList.add(obj);
                    }
                }
            }
            return arrayList.toArray(new X500PrivateCredential[arrayList.size()]);
        }
    }

    /* loaded from: input_file:net/jini/jeri/ssl/SubjectCredentials$GetPrivateCredentialAction.class */
    static class GetPrivateCredentialAction implements PrivilegedAction {
        private final Subject subject;
        private final X509Certificate cert;

        /* JADX INFO: Access modifiers changed from: package-private */
        public GetPrivateCredentialAction(Subject subject, X509Certificate x509Certificate) {
            this.subject = subject;
            this.cert = x509Certificate;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            return SubjectCredentials.getPrivateCredential(this.subject, this.cert);
        }
    }

    private SubjectCredentials() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static CertPath getCertificateChain(Subject subject, String str) {
        CertificateMatcher create;
        if (subject == null || (create = CertificateMatcher.create(str)) == null) {
            return null;
        }
        Set<Object> publicCredentials = subject.getPublicCredentials();
        synchronized (publicCredentials) {
            for (Object obj : publicCredentials) {
                if (isX509CertificateChain(obj)) {
                    CertPath certPath = (CertPath) obj;
                    if (create.matches(firstX509Cert(certPath))) {
                        return certPath;
                    }
                }
            }
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getCertificateName(X509Certificate x509Certificate) {
        return CertificateMatcher.getName(x509Certificate);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List getCertificateChains(Subject subject) {
        ArrayList arrayList = null;
        if (subject != null) {
            Set<Object> publicCredentials = subject.getPublicCredentials();
            synchronized (publicCredentials) {
                for (Object obj : publicCredentials) {
                    if (isX509CertificateChain(obj)) {
                        if (arrayList == null) {
                            arrayList = new ArrayList(publicCredentials.size());
                        }
                        arrayList.add(obj);
                    }
                }
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static CertPath getCertificateChain(Subject subject, X509Certificate x509Certificate) {
        if (subject == null) {
            return null;
        }
        Principal principal = null;
        PublicKey publicKey = null;
        Set<Object> publicCredentials = subject.getPublicCredentials();
        synchronized (publicCredentials) {
            for (Object obj : publicCredentials) {
                if (isX509CertificateChain(obj)) {
                    CertPath certPath = (CertPath) obj;
                    X509Certificate firstX509Cert = firstX509Cert(certPath);
                    if (x509Certificate.equals(firstX509Cert)) {
                        return certPath;
                    }
                    if (principal == null) {
                        principal = x509Certificate.getSubjectDN();
                        publicKey = x509Certificate.getPublicKey();
                    }
                    if (principal.equals(firstX509Cert.getSubjectDN()) && publicKey.equals(firstX509Cert.getPublicKey())) {
                        return certPath;
                    }
                }
            }
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Set getPrincipals(Subject subject, int i, X500PrivateCredential[] x500PrivateCredentialArr) {
        X500Principal principal;
        HashSet hashSet = new HashSet(subject.getPrincipals().size());
        List certificateChains = getCertificateChains(subject);
        if (certificateChains != null) {
            int size = certificateChains.size();
            while (true) {
                size--;
                if (size < 0) {
                    break;
                }
                X509Certificate firstX509Cert = firstX509Cert((CertPath) certificateChains.get(size));
                if (permittedKeyAlgorithm(firstX509Cert.getPublicKey().getAlgorithm(), i) && (principal = getPrincipal(subject, firstX509Cert)) != null) {
                    boolean z = x500PrivateCredentialArr == null;
                    if (!z) {
                        int length = x500PrivateCredentialArr.length;
                        while (true) {
                            length--;
                            if (length < 0) {
                                break;
                            }
                            if (firstX509Cert.equals(x500PrivateCredentialArr[length].getCertificate())) {
                                z = true;
                                break;
                            }
                        }
                    }
                    if (z) {
                        hashSet.add(principal);
                    }
                }
            }
        }
        return hashSet;
    }

    static X500PrivateCredential getPrivateCredential(Subject subject, X509Certificate x509Certificate) {
        X500PrivateCredential x500PrivateCredential = null;
        Set<Object> privateCredentials = subject.getPrivateCredentials();
        synchronized (privateCredentials) {
            Iterator<Object> it = privateCredentials.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Object next = it.next();
                if (next instanceof X500PrivateCredential) {
                    X500PrivateCredential x500PrivateCredential2 = (X500PrivateCredential) next;
                    if (x509Certificate.equals(x500PrivateCredential2.getCertificate())) {
                        x500PrivateCredential = x500PrivateCredential2;
                        break;
                    }
                }
            }
        }
        return x500PrivateCredential;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X500Principal getPrincipal(Subject subject, X509Certificate x509Certificate) {
        String name = x509Certificate.getSubjectX500Principal().getName("CANONICAL");
        Set<Principal> principals = subject.getPrincipals();
        synchronized (principals) {
            for (Principal principal : principals) {
                if (principal instanceof X500Principal) {
                    X500Principal x500Principal = (X500Principal) principal;
                    if (x500Principal.getName("CANONICAL").equals(name)) {
                        return x500Principal;
                    }
                }
            }
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String credentialsString(Subject subject) {
        List certificateChains = getCertificateChains(subject);
        if (certificateChains == null) {
            return "";
        }
        StringBuffer stringBuffer = new StringBuffer();
        int size = certificateChains.size();
        while (true) {
            size--;
            if (size < 0) {
                return stringBuffer.toString();
            }
            X509Certificate firstX509Cert = firstX509Cert((CertPath) certificateChains.get(size));
            X500Principal principal = getPrincipal(subject, firstX509Cert);
            if (principal != null) {
                stringBuffer.append("  Principal: ").append(principal).append('\n');
                stringBuffer.append("    Public key: ");
                appendKeyString(firstX509Cert.getPublicKey(), stringBuffer);
                stringBuffer.append('\n');
                stringBuffer.append("    Private key: ");
                try {
                    X500PrivateCredential x500PrivateCredential = (X500PrivateCredential) Security.doPrivileged(new GetPrivateCredentialAction(subject, firstX509Cert));
                    PrivateKey privateKey = x500PrivateCredential != null ? x500PrivateCredential.getPrivateKey() : null;
                    if (privateKey == null) {
                        stringBuffer.append("Not found");
                    } else {
                        appendKeyString(privateKey, stringBuffer);
                    }
                } catch (SecurityException e) {
                    stringBuffer.append("No permission");
                }
            }
        }
    }

    private static void appendKeyString(Key key, StringBuffer stringBuffer) {
        String name = key.getClass().getName();
        stringBuffer.append(name.substring(name.lastIndexOf(46) + 1));
        stringBuffer.append('@');
        stringBuffer.append(Integer.toHexString(System.identityHashCode(key)));
    }

    private static boolean isX509CertificateChain(Object obj) {
        if (!(obj instanceof CertPath)) {
            return false;
        }
        CertPath certPath = (CertPath) obj;
        return !certPath.getCertificates().isEmpty() && certPath.getType().equals("X.509");
    }
}
