package net.jini.jeri.ssl;

import com.sun.jini.logging.Levels;
import java.lang.ref.WeakReference;
import java.security.GeneralSecurityException;
import java.security.KeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.logging.Logger;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import javax.security.auth.x500.X500PrivateCredential;

/* JADX INFO: Access modifiers changed from: package-private */
/* JADX WARN: Classes with same name are omitted:
  input_file:jini-ext.jar:net/jini/jeri/ssl/AuthManager.class
 */
/* loaded from: input_file:jsk-platform.jar:net/jini/jeri/ssl/AuthManager.class */
public abstract class AuthManager extends FilterX509TrustManager implements X509KeyManager {
    private final WeakReference subjectRef;
    final boolean subjectIsReadOnly;
    private final Set permittedLocalPrincipals;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthManager(Subject subject, Set set, Set set2) throws NoSuchAlgorithmException {
        super(set2);
        this.subjectRef = new WeakReference(subject);
        this.subjectIsReadOnly = subject == null || subject.isReadOnly();
        this.permittedLocalPrincipals = set == null ? null : new HashSet(set);
    }

    abstract X500PrivateCredential getPrivateCredential(X509Certificate x509Certificate);

    abstract Logger getLogger();

    /* JADX INFO: Access modifiers changed from: package-private */
    public Subject getSubject() {
        return (Subject) this.subjectRef.get();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Removed duplicated region for block: B:25:0x0080 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:28:0x0019 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String[] getAliases(java.lang.String r11, java.security.Principal[] r12) {
        /*
            r10 = this;
            r0 = r10
            javax.security.auth.Subject r0 = r0.getSubject()
            java.util.List r0 = net.jini.jeri.ssl.SubjectCredentials.getCertificateChains(r0)
            r13 = r0
            r0 = r13
            if (r0 != 0) goto Le
            r0 = 0
            return r0
        Le:
            r0 = 0
            r14 = r0
            r0 = r13
            int r0 = r0.size()
            r15 = r0
        L19:
            int r15 = r15 + (-1)
            r0 = r15
            if (r0 < 0) goto La3
            r0 = r13
            r1 = r15
            java.lang.Object r0 = r0.get(r1)
            java.security.cert.CertPath r0 = (java.security.cert.CertPath) r0
            r16 = r0
            r0 = r10
            r1 = r16
            r2 = r11
            r3 = r12
            javax.security.auth.x500.X500PrivateCredential r0 = r0.checkChain(r1, r2, r3)     // Catch: java.security.GeneralSecurityException -> L60 java.lang.SecurityException -> L69
            if (r0 == 0) goto L5d
            r0 = r14
            if (r0 != 0) goto L4d
            java.util.ArrayList r0 = new java.util.ArrayList     // Catch: java.security.GeneralSecurityException -> L60 java.lang.SecurityException -> L69
            r1 = r0
            r2 = r13
            int r2 = r2.size()     // Catch: java.security.GeneralSecurityException -> L60 java.lang.SecurityException -> L69
            r1.<init>(r2)     // Catch: java.security.GeneralSecurityException -> L60 java.lang.SecurityException -> L69
            r14 = r0
        L4d:
            r0 = r14
            r1 = r16
            java.security.cert.X509Certificate r1 = firstX509Cert(r1)     // Catch: java.security.GeneralSecurityException -> L60 java.lang.SecurityException -> L69
            java.lang.String r1 = net.jini.jeri.ssl.SubjectCredentials.getCertificateName(r1)     // Catch: java.security.GeneralSecurityException -> L60 java.lang.SecurityException -> L69
            boolean r0 = r0.add(r1)     // Catch: java.security.GeneralSecurityException -> L60 java.lang.SecurityException -> L69
        L5d:
            goto L19
        L60:
            r18 = move-exception
            r0 = r18
            r17 = r0
            goto L6f
        L69:
            r18 = move-exception
            r0 = r18
            r17 = r0
        L6f:
            r0 = r10
            java.util.logging.Logger r0 = r0.getLogger()
            r18 = r0
            r0 = r18
            java.util.logging.Level r1 = com.sun.jini.logging.Levels.HANDLED
            boolean r0 = r0.isLoggable(r1)
            if (r0 == 0) goto La0
            r0 = r18
            java.util.logging.Level r1 = com.sun.jini.logging.Levels.HANDLED
            java.lang.Class<net.jini.jeri.ssl.AuthManager> r2 = net.jini.jeri.ssl.AuthManager.class
            java.lang.String r3 = "getAliases"
            java.lang.String r4 = "get aliases for key type {0}\nand issuers {1}\ncaught exception"
            r5 = 2
            java.lang.Object[] r5 = new java.lang.Object[r5]
            r6 = r5
            r7 = 0
            r8 = r11
            r6[r7] = r8
            r6 = r5
            r7 = 1
            r8 = r12
            java.lang.String r8 = toString(r8)
            r6[r7] = r8
            r6 = r17
            logThrow(r0, r1, r2, r3, r4, r5, r6)
        La0:
            goto L19
        La3:
            r0 = r14
            if (r0 != 0) goto Laa
            r0 = 0
            return r0
        Laa:
            r0 = r14
            r1 = r14
            int r1 = r1.size()
            java.lang.String[] r1 = new java.lang.String[r1]
            java.lang.Object[] r0 = r0.toArray(r1)
            java.lang.String[] r0 = (java.lang.String[]) r0
            java.lang.String[] r0 = (java.lang.String[]) r0
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: net.jini.jeri.ssl.AuthManager.getAliases(java.lang.String, java.security.Principal[]):java.lang.String[]");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:24:0x0057  */
    /* JADX WARN: Removed duplicated region for block: B:27:0x007b A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:30:0x0019 A[SYNTHETIC] */
    /* JADX WARN: Type inference failed for: r18v2, types: [java.lang.SecurityException] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public javax.security.auth.x500.X500PrivateCredential chooseCredential(java.lang.String r11, java.security.Principal[] r12) throws java.security.GeneralSecurityException {
        /*
            Method dump skipped, instructions count: 282
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: net.jini.jeri.ssl.AuthManager.chooseCredential(java.lang.String, java.security.Principal[]):javax.security.auth.x500.X500PrivateCredential");
    }

    private X500PrivateCredential checkChain(CertPath certPath, String str, Principal[] principalArr) throws GeneralSecurityException {
        X509Certificate firstX509Cert = firstX509Cert(certPath);
        if (!firstX509Cert.getPublicKey().getAlgorithm().equals(str)) {
            return null;
        }
        X500Principal principal = SubjectCredentials.getPrincipal(getSubject(), firstX509Cert);
        if (principal == null) {
            throw new GeneralSecurityException("Principal not found: " + firstX509Cert.getSubjectDN());
        }
        if (this.permittedLocalPrincipals != null && !this.permittedLocalPrincipals.contains(principal)) {
            throw new GeneralSecurityException("Local principal not permitted: " + firstX509Cert.getSubjectDN());
        }
        X500Principal[] x500PrincipalArr = null;
        if (principalArr != null) {
            x500PrincipalArr = new X500Principal[principalArr.length];
            int length = principalArr.length;
            while (true) {
                length--;
                if (length < 0) {
                    break;
                }
                x500PrincipalArr[length] = principalArr[length] instanceof X500Principal ? (X500Principal) principalArr[length] : new X500Principal(principalArr[length].getName());
            }
        }
        checkValidity(certPath, x500PrincipalArr);
        boolean[] keyUsage = firstX509Cert.getKeyUsage();
        if (keyUsage != null && keyUsage.length > 0 && !keyUsage[0]) {
            throw new CertificateException("Certificate not permitted for digital signatures: " + firstX509Cert);
        }
        X500PrivateCredential privateCredential = getPrivateCredential(firstX509Cert);
        if (privateCredential == null) {
            throw new KeyException("Private key not found for certificate: " + firstX509Cert);
        }
        return privateCredential;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long certificatesValidUntil(CertPath certPath) {
        long j = Long.MAX_VALUE;
        List<? extends Certificate> certificates = certPath.getCertificates();
        int size = certificates.size();
        while (true) {
            size--;
            if (size < 0) {
                return j;
            }
            long time = ((X509Certificate) certificates.get(size)).getNotAfter().getTime();
            if (time < j) {
                j = time;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long certificatesValidUntil(X509Certificate[] x509CertificateArr) {
        long j = Long.MAX_VALUE;
        int length = x509CertificateArr.length;
        while (true) {
            length--;
            if (length < 0) {
                return j;
            }
            long time = x509CertificateArr[length].getNotAfter().getTime();
            if (time < j) {
                j = time;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean equalPrivateCredentials(X500PrivateCredential x500PrivateCredential, X500PrivateCredential x500PrivateCredential2) {
        PrivateKey privateKey;
        if (x500PrivateCredential == null || x500PrivateCredential2 == null) {
            return false;
        }
        X509Certificate certificate = x500PrivateCredential.getCertificate();
        X509Certificate certificate2 = x500PrivateCredential2.getCertificate();
        return (certificate == null || certificate2 == null || !safeEquals(certificate.getSubjectDN(), certificate2.getSubjectDN()) || (privateKey = x500PrivateCredential.getPrivateKey()) == null || !privateKey.equals(x500PrivateCredential2.getPrivateKey())) ? false : true;
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        List<? extends Certificate> certificates = SubjectCredentials.getCertificateChain(getSubject(), str).getCertificates();
        return (X509Certificate[]) certificates.toArray(new X509Certificate[certificates.size()]);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        CertPath certificateChain = SubjectCredentials.getCertificateChain(getSubject(), str);
        if (certificateChain == null) {
            return null;
        }
        try {
            X500PrivateCredential privateCredential = getPrivateCredential(firstX509Cert(certificateChain));
            if (privateCredential != null) {
                return privateCredential.getPrivateKey();
            }
            return null;
        } catch (SecurityException e) {
            Logger logger = getLogger();
            if (!logger.isLoggable(Levels.HANDLED)) {
                return null;
            }
            logThrow(logger, Levels.HANDLED, AuthManager.class, "getPrivateKey", "get private key for alias {0}\ncaught exception", new Object[]{str}, e);
            return null;
        }
    }
}
