package es.gob.afirma.keystores.dnie;

import es.gob.afirma.keystores.main.common.AOKeyStore;
import es.gob.afirma.keystores.main.common.AOKeyStoreManager;
import es.gob.afirma.keystores.main.common.AOKeyStoreManagerException;
import es.gob.afirma.keystores.main.common.AOKeyStoreManagerFactory;
import es.gob.afirma.ui.utils.Constants;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Logger;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:es/gob/afirma/keystores/dnie/DnieUnifiedKeyStoreManager.class */
public class DnieUnifiedKeyStoreManager extends AOKeyStoreManager {
    private static X509Certificate dnieRootCertificate;
    private static final int DNIE_CERTCHAIN_LENGTH = 2;
    private static final List<String> DNIE_ALIASES;
    private final String[] aliases;
    private static final X500Principal DNIE_ISSUER;
    private final AOKeyStoreManager originalKsm;
    private AOKeyStoreManager dnieKsm;

    public DnieUnifiedKeyStoreManager(AOKeyStoreManager aOKeyStoreManager, Object obj) {
        this.dnieKsm = null;
        if (aOKeyStoreManager == null) {
            throw new IllegalArgumentException("Es necesario un almacen al que anadir los certificados de DNIe, no puede ser nulo");
        }
        this.originalKsm = aOKeyStoreManager;
        boolean z = true;
        String[] aliases = aOKeyStoreManager.getAliases();
        int length = aliases.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (aOKeyStoreManager.getCertificate(aliases[i]).getIssuerX500Principal().equals(DNIE_ISSUER)) {
                z = false;
                break;
            }
            i++;
        }
        if (z) {
            try {
                this.dnieKsm = AOKeyStoreManagerFactory.getAOKeyStoreManager(AOKeyStore.DNIEJAVA, null, aOKeyStoreManager.getType() + "_PLUS_DNIE", null, obj);
            } catch (Exception e) {
                Logger.getLogger(Constants.OUR_NODE_NAME).info("No se puede usar DNIe con controlador 100% Java: " + e);
            }
        }
        String[] aliases2 = aOKeyStoreManager.getAliases();
        this.aliases = new String[aliases2.length + (this.dnieKsm != null ? 2 : 0)];
        System.arraycopy(aliases2, 0, this.aliases, 0, aliases2.length);
        if (this.dnieKsm != null) {
            this.aliases[this.aliases.length - 1] = DNIE_ALIASES.get(0);
            this.aliases[this.aliases.length - 2] = DNIE_ALIASES.get(1);
        }
    }

    @Override // es.gob.afirma.keystores.main.common.AOKeyStoreManager
    public String[] getAliases() {
        return this.aliases;
    }

    @Override // es.gob.afirma.keystores.main.common.AOKeyStoreManager
    public X509Certificate getCertificate(String str) {
        return (!DNIE_ALIASES.contains(str) || this.dnieKsm == null) ? this.originalKsm.getCertificate(str) : this.dnieKsm.getCertificate(str);
    }

    @Override // es.gob.afirma.keystores.main.common.AOKeyStoreManager
    public X509Certificate[] getCertificateChain(String str) {
        if (!DNIE_ALIASES.contains(str) || this.dnieKsm == null) {
            return this.originalKsm.getCertificateChain(str);
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[2];
        X509Certificate[] certificateChain = this.dnieKsm.getCertificateChain(str);
        x509CertificateArr[0] = certificateChain[0];
        x509CertificateArr[1] = certificateChain[1];
        x509CertificateArr[2] = dnieRootCertificate;
        return x509CertificateArr;
    }

    @Override // es.gob.afirma.keystores.main.common.AOKeyStoreManager
    public KeyStore.PrivateKeyEntry getKeyEntry(String str, PasswordCallback passwordCallback) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        return (!DNIE_ALIASES.contains(str) || this.dnieKsm == null) ? this.originalKsm.getKeyEntry(str, passwordCallback) : new KeyStore.PrivateKeyEntry(this.dnieKsm.getKeyEntry(str, null).getPrivateKey(), getCertificateChain(str));
    }

    @Override // es.gob.afirma.keystores.main.common.AOKeyStoreManager
    public List<KeyStore> getKeyStores() {
        if (this.dnieKsm == null) {
            return this.originalKsm.getKeyStores();
        }
        ArrayList arrayList = new ArrayList(this.originalKsm.getKeyStores().size() + 1);
        arrayList.addAll(this.originalKsm.getKeyStores());
        arrayList.addAll(this.dnieKsm.getKeyStores());
        return arrayList;
    }

    @Override // es.gob.afirma.keystores.main.common.AOKeyStoreManager
    public AOKeyStore getType() {
        return this.originalKsm.getType();
    }

    @Override // es.gob.afirma.keystores.main.common.AOKeyStoreManager
    public List<KeyStore> init(AOKeyStore aOKeyStore, InputStream inputStream, PasswordCallback passwordCallback, Object[] objArr) throws AOKeyStoreManagerException, IOException {
        throw new UnsupportedOperationException();
    }

    static {
        try {
            dnieRootCertificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(ClassLoader.getSystemResourceAsStream("ACRAIZ-SHA2.crt"));
        } catch (CertificateException e) {
            Logger.getLogger(Constants.OUR_NODE_NAME).warning("No se ha podido cargal el certificado raiz del DNIe, la cadena de confianza puede estar incompleta: " + e);
            dnieRootCertificate = null;
        }
        DNIE_ALIASES = new ArrayList(2);
        DNIE_ALIASES.add("CertAutenticacion");
        DNIE_ALIASES.add("CertFirmaDigital");
        DNIE_ISSUER = new X500Principal("CN=AC DNIE 001, OU=DNIE, O=DIRECCION GENERAL DE LA POLICIA, C=ES");
    }
}
