package se.arkalix.security.identity;

import java.io.File;
import java.io.IOException;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Iterator;
import java.util.Objects;

/* loaded from: input_file:se/arkalix/security/identity/OwnedIdentity.class */
public class OwnedIdentity extends SystemIdentity {
    private final PrivateKey privateKey;

    /* loaded from: input_file:se/arkalix/security/identity/OwnedIdentity$Loader.class */
    public static final class Loader {
        private KeyStore keyStore;
        private Path keyStorePath;
        private char[] keyStorePassword;
        private String keyAlias;
        private char[] keyPassword;

        public Loader keyStore(KeyStore keyStore) {
            this.keyStore = keyStore;
            return this;
        }

        public Loader keyStorePath(Path path) {
            this.keyStorePath = path;
            return this;
        }

        public Loader keyStorePath(String str) {
            return keyStorePath(Path.of(str, new String[0]));
        }

        public Loader keyStorePassword(char[] cArr) {
            this.keyStorePassword = cArr;
            return this;
        }

        public Loader keyAlias(String str) {
            this.keyAlias = str;
            return this;
        }

        public Loader keyPassword(char[] cArr) {
            this.keyPassword = cArr;
            return this;
        }

        public OwnedIdentity load() throws GeneralSecurityException, IOException {
            if (this.keyStore == null && this.keyStorePath == null) {
                throw new NullPointerException("Expected keyStore or keyStorePath");
            }
            if (this.keyStore != null && this.keyStorePath != null) {
                throw new IllegalStateException("Provided both keyStore and keyStorePath");
            }
            if (this.keyStore == null) {
                File file = this.keyStorePath.toFile();
                this.keyStore = this.keyStorePassword != null ? KeyStore.getInstance(file, this.keyStorePassword) : KeyStore.getInstance(file, (KeyStore.LoadStoreParameter) null);
            }
            if (this.keyAlias == null) {
                StringBuilder sb = new StringBuilder(0);
                Iterator it = Collections.list(this.keyStore.aliases()).iterator();
                while (it.hasNext()) {
                    String str = (String) it.next();
                    if (this.keyStore.isKeyEntry(str)) {
                        if (this.keyAlias == null) {
                            this.keyAlias = str;
                        } else {
                            sb.append(str).append(", ");
                        }
                    }
                }
                if (this.keyAlias == null) {
                    throw new KeyStoreException("No alias in provided key store is associated with a private key " + (this.keyPassword != null ? "accessible with the provided password" : "without a password"));
                }
                if (sb.length() > 0) {
                    throw new KeyStoreException("The following aliases are associated with private keys in the provided keystore " + sb + this.keyAlias + "; specify which of them to use");
                }
            }
            KeyStore.Entry entry = this.keyStore.getEntry(this.keyAlias, this.keyPassword != null ? new KeyStore.PasswordProtection(this.keyPassword) : null);
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                throw new KeyStoreException("Alias \"" + this.keyAlias + "\" is not associated with a private key; cannot load key store");
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            return new OwnedIdentity(privateKeyEntry.getCertificateChain(), privateKeyEntry.getPrivateKey());
        }
    }

    public OwnedIdentity(Certificate[] certificateArr, PrivateKey privateKey) {
        super(certificateArr);
        this.privateKey = (PrivateKey) Objects.requireNonNull(privateKey, "Expected privateKey");
        verify();
    }

    public OwnedIdentity(X509Certificate[] x509CertificateArr, PrivateKey privateKey) {
        super(x509CertificateArr);
        this.privateKey = (PrivateKey) Objects.requireNonNull(privateKey, "Expected privateKey");
        verify();
    }

    public OwnedIdentity(SystemIdentity systemIdentity, PrivateKey privateKey) {
        super(systemIdentity);
        this.privateKey = (PrivateKey) Objects.requireNonNull(privateKey, "Expected privateKey");
        verify();
    }

    public OwnedIdentity(TrustedIdentity trustedIdentity, PrivateKey privateKey) {
        super(trustedIdentity);
        this.privateKey = (PrivateKey) Objects.requireNonNull(privateKey, "Expected privateKey");
        verify();
    }

    private void verify() {
        try {
            String commonName = cloud().commonName();
            String commonName2 = commonName();
            int length = name().length() + 1;
            if (!commonName2.regionMatches(length, commonName, 0, Math.min(commonName2.length() - length, commonName.length()))) {
                throw new IllegalArgumentException("Cloud certificate common name expected to be \"" + commonName2.substring(length) + "\"; found \"" + commonName + "\"");
            }
        } catch (IllegalStateException e) {
            throw new IllegalArgumentException("Cloud certificate does not contain a subject common name", e);
        }
    }

    public PrivateKey privateKey() {
        return this.privateKey;
    }
}
