package com.github.tomakehurst.wiremock.http.ssl;

import com.github.tomakehurst.wiremock.common.Exceptions;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;

/* loaded from: input_file:BOOT-INF/lib/wiremock-jre8-2.31.0.jar:com/github/tomakehurst/wiremock/http/ssl/X509KeyStore.class */
public class X509KeyStore {
    private final KeyStore keyStore;
    private final char[] password;
    private final List<String> aliases;

    public X509KeyStore(KeyStore keyStore, char[] cArr) throws KeyStoreException {
        this.keyStore = (KeyStore) Objects.requireNonNull(keyStore);
        this.password = (char[]) Objects.requireNonNull(cArr);
        this.aliases = Collections.list(keyStore.aliases());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivateKey getPrivateKey(String str) {
        try {
            Key key = this.keyStore.getKey(str, this.password);
            if (key instanceof PrivateKey) {
                return (PrivateKey) key;
            }
            return null;
        } catch (KeyStoreException e) {
            return (PrivateKey) Exceptions.throwUnchecked(e, null);
        } catch (NoSuchAlgorithmException | UnrecoverableKeyException e2) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate[] getCertificateChain(String str) {
        try {
            Certificate[] certificateChain = this.keyStore.getCertificateChain(str);
            if (certificateChain == null || !areX509Certificates(certificateChain)) {
                return null;
            }
            return convertToX509(certificateChain);
        } catch (KeyStoreException e) {
            return (X509Certificate[]) Exceptions.throwUnchecked(e, null);
        }
    }

    private static boolean areX509Certificates(Certificate[] certificateArr) {
        return certificateArr.length == 0 || (certificateArr[0] instanceof X509Certificate);
    }

    private static X509Certificate[] convertToX509(Certificate[] certificateArr) {
        Stream stream = Arrays.stream(certificateArr);
        Class<X509Certificate> cls = X509Certificate.class;
        X509Certificate.class.getClass();
        return (X509Certificate[]) stream.map((v1) -> {
            return r1.cast(v1);
        }).toArray(i -> {
            return new X509Certificate[i];
        });
    }

    public CertificateAuthority getCertificateAuthority() {
        for (String str : this.aliases) {
            X509Certificate[] certificateChain = getCertificateChain(str);
            PrivateKey privateKey = getPrivateKey(str);
            if (isCertificateAuthority(certificateChain[0]) && privateKey != null) {
                return new CertificateAuthority(certificateChain, privateKey);
            }
        }
        return null;
    }

    private static boolean isCertificateAuthority(X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        return keyUsage != null && keyUsage.length > 5 && keyUsage[5];
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setKeyEntry(String str, CertChainAndKey certChainAndKey) throws KeyStoreException {
        this.keyStore.setKeyEntry(str, certChainAndKey.key, this.password, certChainAndKey.certificateChain);
    }
}
