package es.gob.afirma.keystores;

import com.itextpdf.text.pdf.security.SecurityConstants;
import es.gob.afirma.core.AOCancelledOperationException;
import es.gob.afirma.core.keystores.KeyStoreManager;
import es.gob.afirma.core.misc.AOUtil;
import es.gob.jmulticard.CancelledOperationException;
import es.gob.jmulticard.card.AuthenticationModeLockedException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.logging.Logger;
import javax.security.auth.callback.PasswordCallback;

/* loaded from: classes.dex */
public class AOKeyStoreManager implements KeyStoreManager {
    protected static final Logger LOGGER = Logger.getLogger("es.gob.afirma");
    private KeyStore ks;
    private AOKeyStore ksType;
    private InputStream storeIs;
    private Object[] storeParams;
    private PasswordCallback storePasswordCallBack;
    private Object parentComponent = null;
    private final Set<String> deactivatedCertificatesThumbprints = new HashSet();
    private String[] cachedAliases = null;
    private boolean preferred = false;
    private PasswordCallback entryPasswordCallBack = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: es.gob.afirma.keystores.AOKeyStoreManager$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$es$gob$afirma$keystores$AOKeyStore;

        static {
            int[] iArr = new int[AOKeyStore.values().length];
            $SwitchMap$es$gob$afirma$keystores$AOKeyStore = iArr;
            try {
                iArr[AOKeyStore.SINGLE.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$es$gob$afirma$keystores$AOKeyStore[AOKeyStore.SMARTCAFE.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$es$gob$afirma$keystores$AOKeyStore[AOKeyStore.CERES.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$es$gob$afirma$keystores$AOKeyStore[AOKeyStore.CERES_430.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$es$gob$afirma$keystores$AOKeyStore[AOKeyStore.DNIEJAVA.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                $SwitchMap$es$gob$afirma$keystores$AOKeyStore[AOKeyStore.JAVACE.ordinal()] = 6;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                $SwitchMap$es$gob$afirma$keystores$AOKeyStore[AOKeyStore.JCEKS.ordinal()] = 7;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                $SwitchMap$es$gob$afirma$keystores$AOKeyStore[AOKeyStore.WINCA.ordinal()] = 8;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                $SwitchMap$es$gob$afirma$keystores$AOKeyStore[AOKeyStore.WINADDRESSBOOK.ordinal()] = 9;
            } catch (NoSuchFieldError unused9) {
            }
            try {
                $SwitchMap$es$gob$afirma$keystores$AOKeyStore[AOKeyStore.PKCS11.ordinal()] = 10;
            } catch (NoSuchFieldError unused10) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String[] cleanDeactivatedAliases(String[] strArr) {
        if (this.deactivatedCertificatesThumbprints.isEmpty()) {
            return strArr;
        }
        ArrayList arrayList = new ArrayList();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(SecurityConstants.SHA1);
            for (String str : strArr) {
                try {
                    if (!this.deactivatedCertificatesThumbprints.contains(AOUtil.hexify(messageDigest.digest(getCertificate(str).getEncoded()), false))) {
                        arrayList.add(str);
                    }
                } catch (CertificateEncodingException e) {
                    LOGGER.severe("No se ha obtener la huela del certificado '" + str + "', pueden aparecer duplicados en la lista de certificados: " + e);
                }
            }
            return (String[]) arrayList.toArray(new String[arrayList.size()]);
        } catch (NoSuchAlgorithmException e2) {
            LOGGER.warning("No se ha podido instanciar el generador de huellas digitales SHA1, pueden aparecer duplicados en la lista de certificados: " + e2);
            return strArr;
        }
    }

    @Override // es.gob.afirma.core.keystores.KeyStoreManager
    public void deactivateEntry(String str) {
        if (str != null) {
            this.deactivatedCertificatesThumbprints.add(str);
        }
        resetCachedAliases();
    }

    @Override // es.gob.afirma.core.keystores.KeyStoreManager
    public String[] getAliases() {
        KeyStore keyStore = this.ks;
        if (keyStore == null) {
            throw new IllegalStateException("Se han pedido alias a un almacen no inicializado");
        }
        String[] strArr = this.cachedAliases;
        if (strArr != null) {
            return strArr;
        }
        try {
            String[] cleanDeactivatedAliases = cleanDeactivatedAliases((String[]) Collections.list(keyStore.aliases()).toArray(new String[0]));
            this.cachedAliases = cleanDeactivatedAliases;
            return cleanDeactivatedAliases;
        } catch (KeyStoreException e) {
            LOGGER.severe("Error intentando recuperar los alias, se devolvera una lista vacia: " + e);
            return new String[0];
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String[] getCachedAliases() {
        return this.cachedAliases;
    }

    @Override // es.gob.afirma.core.keystores.KeyStoreManager
    public X509Certificate getCertificate(String str) {
        if (str == null) {
            LOGGER.warning("El alias del certificado es nulo, se devolvera null");
            return null;
        }
        KeyStore keyStore = this.ks;
        if (keyStore == null) {
            LOGGER.warning("No se ha podido recuperar el certificado con alias '" + str + "' porque el KeyStore no estaba inicializado, se devolvera null");
            return null;
        }
        try {
            return (X509Certificate) keyStore.getCertificate(str);
        } catch (CancelledOperationException e) {
            throw new AOCancelledOperationException("Se cancelo uso de la tarjeta a traves del driver Java: " + e, e);
        } catch (AuthenticationModeLockedException e2) {
            throw new SmartCardLockedException("Tarjeta inteligente bloqueada: " + e2, e2);
        } catch (Exception e3) {
            LOGGER.severe("Error intentando recuperar el certificado con el alias '" + str + "', se devolvera null: " + e3);
            return null;
        }
    }

    @Override // es.gob.afirma.core.keystores.KeyStoreManager
    public X509Certificate[] getCertificateChain(String str) {
        if (str == null) {
            LOGGER.warning("El alias del certificado es nulo, se devolvera una cadena vacia");
            return new X509Certificate[0];
        }
        KeyStore keyStore = this.ks;
        if (keyStore == null) {
            LOGGER.warning("No se ha podido recuperar el certificado con alias '" + str + "' porque el KeyStore no estaba inicializado, se devolvera una cadena vacia");
            return new X509Certificate[0];
        }
        try {
            Certificate[] certificateChain = keyStore.getCertificateChain(str);
            if (certificateChain == null) {
                return new X509Certificate[0];
            }
            ArrayList arrayList = new ArrayList();
            for (Certificate certificate : certificateChain) {
                if (certificate instanceof X509Certificate) {
                    arrayList.add((X509Certificate) certificate);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
        } catch (Exception e) {
            Logger logger = LOGGER;
            logger.severe("Error intentando recuperar la cadena del certificado con alias '" + str + "', se continuara con el siguiente almacen: " + e);
            logger.warning("El almacen no contiene ningun certificado con el alias '" + str + "', se devolvera una cadena vacia");
            return new X509Certificate[0];
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PasswordCallback getEntryPasswordCallBack() {
        return this.entryPasswordCallBack;
    }

    @Override // es.gob.afirma.core.keystores.KeyStoreManager
    public KeyStore.PrivateKeyEntry getKeyEntry(String str) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        KeyStore.PasswordProtection passwordProtection;
        if (this.ks == null) {
            throw new IllegalStateException("Se han pedido claves a un almacen no inicializado");
        }
        if (str == null) {
            throw new IllegalArgumentException("El alias no puede ser nulo");
        }
        if (this.entryPasswordCallBack != null) {
            passwordProtection = new KeyStore.PasswordProtection(this.entryPasswordCallBack.getPassword());
        } else {
            PasswordCallback certificatePasswordCallback = getType(str).getCertificatePasswordCallback(getParentComponent());
            passwordProtection = certificatePasswordCallback != null ? new KeyStore.PasswordProtection(certificatePasswordCallback.getPassword()) : null;
        }
        return (KeyStore.PrivateKeyEntry) this.ks.getEntry(str, passwordProtection);
    }

    public KeyStore getKeyStore() {
        return this.ks;
    }

    protected Object getParentComponent() {
        return this.parentComponent;
    }

    public AOKeyStore getType() {
        return this.ksType;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AOKeyStore getType(String str) {
        return getType();
    }

    public void init(AOKeyStore aOKeyStore, InputStream inputStream, PasswordCallback passwordCallback, Object[] objArr, boolean z) throws AOKeyStoreManagerException, IOException {
        if (aOKeyStore == null) {
            throw new IllegalArgumentException("Se ha solicitado inicializar un AOKeyStore nulo");
        }
        LOGGER.info("Inicializamos el almacen de tipo: " + aOKeyStore);
        resetCachedAliases();
        this.ksType = aOKeyStore;
        this.storeIs = inputStream;
        this.storePasswordCallBack = passwordCallback;
        Object obj = null;
        Object[] objArr2 = null;
        r4 = null;
        Object obj2 = null;
        r4 = null;
        Object obj3 = null;
        r4 = null;
        Object obj4 = null;
        obj = null;
        if (objArr == null) {
            this.storeParams = null;
        } else {
            Object[] objArr3 = new Object[objArr.length];
            this.storeParams = objArr3;
            System.arraycopy(objArr, 0, objArr3, 0, objArr.length);
        }
        switch (AnonymousClass1.$SwitchMap$es$gob$afirma$keystores$AOKeyStore[this.ksType.ordinal()]) {
            case 1:
                this.ks = AOKeyStoreManagerHelperSingle.initSingle(inputStream, passwordCallback);
                return;
            case 2:
                if (objArr != null && objArr.length > 0) {
                    obj = objArr[0];
                }
                setParentComponent(obj);
                this.ks = AOKeyStoreManagerHelperFullJava.initSmartCafeJava(getParentComponent());
                return;
            case 3:
                if (objArr != null && objArr.length > 0) {
                    obj4 = objArr[0];
                }
                setParentComponent(obj4);
                this.ks = AOKeyStoreManagerHelperFullJava.initCeresJava(getParentComponent());
                return;
            case 4:
                if (objArr != null && objArr.length > 0) {
                    obj3 = objArr[0];
                }
                setParentComponent(obj3);
                this.ks = AOKeyStoreManagerHelperFullJava.initCeres430Java(getParentComponent());
                return;
            case 5:
                if (objArr != null && objArr.length > 0) {
                    obj2 = objArr[0];
                }
                setParentComponent(obj2);
                this.ks = AOKeyStoreManagerHelperFullJava.initDnieJava(getParentComponent());
                return;
            case 6:
            case 7:
                this.ks = AOKeyStoreManagerHelperJava.initJava(inputStream, passwordCallback, this.ksType);
                return;
            case 8:
            case 9:
                this.ks = AOKeyStoreManagerHelperCapiAddressBook.initCAPIAddressBook(this.ksType);
                return;
            case 10:
                if (objArr != null) {
                    objArr2 = new Object[objArr.length];
                    System.arraycopy(objArr, 0, objArr2, 0, objArr.length);
                }
                this.ks = AOKeyStoreManagerHelperPkcs11.initPKCS11(passwordCallback, objArr2, z, getParentComponent());
                return;
            default:
                throw new UnsupportedOperationException("Tipo de almacen no soportado: " + this.ksType);
        }
    }

    @Override // es.gob.afirma.core.keystores.KeyStoreManager
    public boolean isKeyEntry(String str) throws KeyStoreException {
        return getKeyStore().isKeyEntry(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isPreferred() {
        return this.preferred;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean lacksKeyStores() {
        return this.ks == null;
    }

    @Override // es.gob.afirma.core.keystores.KeyStoreManager
    public void refresh() throws IOException {
        resetCachedAliases();
        try {
            init(this.ksType, this.storeIs, this.storePasswordCallBack, this.storeParams, true);
        } catch (AOKeyStoreManagerException e) {
            this.ks = null;
            throw new IOException("Error al refrescar el almacen, se ocultaran sus entradas " + e, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void resetCachedAliases() {
        this.cachedAliases = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setCachedAliases(String[] strArr) {
        this.cachedAliases = (String[]) strArr.clone();
    }

    @Override // es.gob.afirma.core.keystores.KeyStoreManager
    public void setEntryPasswordCallBack(PasswordCallback passwordCallback) {
        this.entryPasswordCallBack = passwordCallback;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setKeyStore(KeyStore keyStore) {
        this.ks = keyStore;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setKeyStoreType(AOKeyStore aOKeyStore) {
        this.ksType = aOKeyStore;
    }

    @Override // es.gob.afirma.core.keystores.KeyStoreManager
    public void setParentComponent(Object obj) {
        this.parentComponent = obj;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPreferred(boolean z) {
        this.preferred = z;
    }

    public String toString() {
        StringBuilder sb = new StringBuilder("Gestor de almacenes de claves ");
        sb.append(this.ksType);
        AOKeyStore aOKeyStore = this.ksType;
        if (aOKeyStore != null && aOKeyStore.getName() != null) {
            sb.append(" con nombre ");
            sb.append(this.ksType.getName());
        }
        return sb.toString();
    }
}
