package org.jivesoftware.openfire.spi;

import java.lang.ref.Reference;
import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import org.apache.commons.lang3.StringUtils;
import org.directtruststandards.timplus.common.cert.CertStoreUtils;
import org.directtruststandards.timplus.common.cert.X509CertificateEx;
import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.certificate.Certificate;
import org.jivesoftware.openfire.certificate.CertificateManager;
import org.jivesoftware.util.ReferenceIDUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jivesoftware/openfire/spi/ServerConnectionKeyManager.class */
public class ServerConnectionKeyManager extends X509ExtendedKeyManager implements X509KeyManager {
    private static final Logger Log = LoggerFactory.getLogger(ServerConnectionKeyManager.class);
    private static final int DNSName_TYPE = 2;
    private final CertificateManager mgr;
    private final Map<String, Reference<X509CertificateEx>> entryCacheMap = Collections.synchronizedMap(new SizedMap());

    /* loaded from: input_file:org/jivesoftware/openfire/spi/ServerConnectionKeyManager$SizedMap.class */
    private static class SizedMap<K, V> extends LinkedHashMap<K, V> {
        private static final long serialVersionUID = 397198051333345918L;

        private SizedMap() {
        }

        @Override // java.util.LinkedHashMap
        protected boolean removeEldestEntry(Map.Entry<K, V> entry) {
            return size() > 10;
        }
    }

    public ServerConnectionKeyManager(CertificateManager certificateManager) {
        this.mgr = certificateManager;
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        for (String str : strArr) {
            String chooseEngineServerAlias = chooseEngineServerAlias(str, principalArr, sSLEngine);
            if (!StringUtils.isEmpty(chooseEngineServerAlias)) {
                return chooseEngineServerAlias;
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        Collection<Certificate> certificatesByDomain;
        String sessionReferenceId = ReferenceIDUtil.getSessionReferenceId(sSLEngine.getSession());
        if (StringUtils.isEmpty(sessionReferenceId)) {
            return null;
        }
        try {
            certificatesByDomain = this.mgr.getCertificatesByDomain(sessionReferenceId);
        } catch (Exception e) {
            Log.warn("Could not get a certificate for reference id " + sessionReferenceId, e);
        }
        if (certificatesByDomain == null || certificatesByDomain.isEmpty()) {
            return null;
        }
        for (Certificate certificate : certificatesByDomain) {
            X509Certificate asX509Certificate = certificate.asX509Certificate();
            if (asX509Certificate.getPublicKey().getAlgorithm().equals(str)) {
                Collection<List<?>> subjectAlternativeNames = asX509Certificate.getSubjectAlternativeNames();
                if (subjectAlternativeNames != null) {
                    for (List<?> list : subjectAlternativeNames) {
                        if (((Integer) list.get(0)).intValue() == 2) {
                            if (sessionReferenceId.toLowerCase().equals(((String) list.get(1)).toLowerCase())) {
                                return certificate.getThumbprint();
                            }
                        }
                    }
                }
            }
        }
        if (StringUtils.isEmpty(sessionReferenceId)) {
            Log.warn("Can not lookup a certificate for an empty reference id");
            return null;
        }
        Log.debug("Could not get a certificate for reference id " + sessionReferenceId + " and key type " + str);
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        if (str == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        try {
            for (Certificate certificate : this.mgr.getCertificates()) {
                if (certificate.asX509Certificate().getPublicKey().getAlgorithm().equals(str)) {
                    arrayList.add(certificate.getThumbprint());
                }
            }
        } catch (Exception e) {
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return getClientAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        X509Certificate entry = getEntry(str);
        if (entry == null) {
            return null;
        }
        return new X509Certificate[]{entry};
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        X509CertificateEx entry = getEntry(str);
        if (entry == null) {
            return null;
        }
        return entry.getPrivateKey();
    }

    private X509CertificateEx getEntry(String str) {
        if (StringUtils.isEmpty(str)) {
            Log.warn("Cannot get a certificate entry for an empty thumbprint");
            return null;
        }
        Reference<X509CertificateEx> reference = this.entryCacheMap.get(str);
        X509CertificateEx x509CertificateEx = reference != null ? reference.get() : null;
        if (x509CertificateEx != null) {
            return x509CertificateEx;
        }
        try {
            X509CertificateEx certFromData = CertStoreUtils.certFromData(XMPPServer.getInstance().getKeyStoreProtectionManager(), this.mgr.getCertificateByThumbprint(str).getCertData());
            if (certFromData instanceof X509CertificateEx) {
                return certFromData;
            }
        } catch (Exception e) {
            Log.warn("Error trying to retrive a certrificate for thumprint " + str, e);
        }
        Log.warn("Could not get a certificate entry for thumbprint " + str);
        return null;
    }
}
