package de.tk.opensource.secon;

import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.Optional;
import java.util.concurrent.Callable;
import java.util.stream.Stream;

/* loaded from: input_file:de/tk/opensource/secon/KeyStoreIdentity.class */
final class KeyStoreIdentity implements Identity {
    private final KeyStore ks;
    private final String alias;
    private final Callable<char[]> password;

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStoreIdentity(KeyStore keyStore, String str, Callable<char[]> callable) {
        this.ks = keyStore;
        this.alias = str;
        this.password = callable;
    }

    @Override // de.tk.opensource.secon.Identity
    public PrivateKey privateKey() throws Exception {
        char[] call = this.password.call();
        try {
            return (PrivateKey) Optional.ofNullable((PrivateKey) this.ks.getKey(this.alias, call)).orElseThrow(PrivateKeyNotFoundException::new);
        } finally {
            Arrays.fill(call, (char) 0);
        }
    }

    @Override // de.tk.opensource.secon.Identity
    public X509Certificate certificate() throws Exception {
        return (X509Certificate) Optional.ofNullable((X509Certificate) this.ks.getCertificate(this.alias)).orElseThrow(CertificateNotFoundException::new);
    }

    @Override // de.tk.opensource.secon.Identity
    public final Optional<PrivateKey> privateKey(X509CertSelector x509CertSelector) throws Exception {
        return Collections.list(this.ks.aliases()).stream().flatMap(this::privateKeyEntryStream).filter(privateKeyEntry -> {
            return x509CertSelector.match(privateKeyEntry.getCertificate());
        }).map((v0) -> {
            return v0.getPrivateKey();
        }).findFirst();
    }

    private Stream<KeyStore.PrivateKeyEntry> privateKeyEntryStream(String str) {
        try {
            if (this.ks.isKeyEntry(str)) {
                char[] call = this.password.call();
                try {
                    KeyStore.Entry entry = this.ks.getEntry(str, new KeyStore.PasswordProtection(call));
                    Arrays.fill(call, (char) 0);
                    if (entry instanceof KeyStore.PrivateKeyEntry) {
                        return Stream.of((KeyStore.PrivateKeyEntry) entry);
                    }
                } catch (Throwable th) {
                    Arrays.fill(call, (char) 0);
                    throw th;
                }
            }
            return Stream.empty();
        } catch (Exception e) {
            throw new IllegalStateException("Cannot get keystore entry with alias `" + str + "`:", e);
        }
    }
}
