package org.xipki.ca.server;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.LinkedList;
import java.util.List;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.jcajce.interfaces.XDHKey;
import org.bouncycastle.util.encoders.Base64;
import org.xipki.security.DHSigStaticKeyCertPair;
import org.xipki.security.SecurityFactory;
import org.xipki.security.X509Cert;
import org.xipki.security.XiSecurityException;
import org.xipki.security.util.KeyUtil;
import org.xipki.util.ConfPairs;
import org.xipki.util.StringUtil;

/* loaded from: input_file:org/xipki/ca/server/DhpocControl.class */
public class DhpocControl {
    private final List<DHSigStaticKeyCertPair> keyAndCerts = new ArrayList(1);
    private final X509Cert[] certs;

    public DhpocControl(String str, SecurityFactory securityFactory) throws XiSecurityException {
        ConfPairs confPairs = new ConfPairs(str);
        String value = confPairs.value("type");
        String value2 = confPairs.value("password");
        String value3 = confPairs.value("keystore");
        if (StringUtil.isBlank(value)) {
            throw new IllegalArgumentException("no type is definied in conf");
        }
        if (StringUtil.isBlank(value3)) {
            throw new IllegalArgumentException("no keystore is definied in conf");
        }
        if (StringUtil.isBlank(value2)) {
            throw new IllegalArgumentException("no password is definied in conf");
        }
        if (!value3.startsWith("base64:")) {
            throw new IllegalArgumentException("keystore not start with 'base64:'");
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decode(value3.substring("base64:".length())));
        try {
            char[] charArray = value2.toCharArray();
            KeyStore keyStore = KeyUtil.getKeyStore(value);
            keyStore.load(byteArrayInputStream, charArray);
            Enumeration<String> aliases = keyStore.aliases();
            LinkedList linkedList = new LinkedList();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement)) {
                    PrivateKey privateKey = (PrivateKey) keyStore.getKey(nextElement, charArray);
                    if (privateKey instanceof XDHKey) {
                        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                        this.keyAndCerts.add(new DHSigStaticKeyCertPair(privateKey, x509Certificate));
                        linkedList.add(new X509Cert(x509Certificate));
                    }
                }
            }
            this.certs = (X509Cert[]) linkedList.toArray(new X509Cert[0]);
        } catch (IOException | ClassCastException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new XiSecurityException(e.getMessage(), e);
        }
    }

    public X509Cert[] getCertificates() {
        if (this.certs == null || this.certs.length == 0) {
            return null;
        }
        return (X509Cert[]) Arrays.copyOf(this.certs, this.certs.length);
    }

    public DHSigStaticKeyCertPair getKeyCertPair(X500Name x500Name, BigInteger bigInteger, String str) {
        for (DHSigStaticKeyCertPair dHSigStaticKeyCertPair : this.keyAndCerts) {
            if (dHSigStaticKeyCertPair.getIssuer().equals(x500Name) && dHSigStaticKeyCertPair.getSerialNumber().equals(bigInteger) && dHSigStaticKeyCertPair.getPrivateKey().getAlgorithm().equalsIgnoreCase(str)) {
                return dHSigStaticKeyCertPair;
            }
        }
        return null;
    }
}
