package ch.icosys.popjava.core.combox.socket.ssl;

import ch.icosys.popjava.core.util.Configuration;
import ch.icosys.popjava.core.util.LogWriter;
import ch.icosys.popjava.core.util.WatchDirectory;
import ch.icosys.popjava.core.util.ssl.SSLUtils;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.Socket;
import java.nio.file.Path;
import java.nio.file.StandardWatchEventKinds;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509KeyManager;

/* loaded from: input_file:ch/icosys/popjava/core/combox/socket/ssl/POPKeyManager.class */
public class POPKeyManager implements X509KeyManager {
    private final Configuration conf = Configuration.getInstance();
    private X509KeyManager keyManager;
    private WatchDirectory keyStoreWatcher;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ch/icosys/popjava/core/combox/socket/ssl/POPKeyManager$KeyStoreWatcher.class */
    public class KeyStoreWatcher extends WatchDirectory.WatchMethod {
        private final Path keyStore;

        public KeyStoreWatcher(Path path) {
            this.keyStore = path;
        }

        @Override // ch.icosys.popjava.core.util.WatchDirectory.WatchMethod
        public void modify(String str) {
            if (this.keyStore.equals(this.keyStore.getParent().resolve(str))) {
                reload();
            }
        }

        private void reload() {
            try {
                POPKeyManager.this.reloadKeyManager();
            } catch (Exception e) {
            }
        }
    }

    public POPKeyManager() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
        reloadKeyManager();
    }

    public final void reloadKeyManager() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
        long currentTimeMillis = System.currentTimeMillis();
        SSLUtils.invalidateSSLSessions();
        KeyStore keyStore = KeyStore.getInstance(this.conf.getSSLKeyStoreFormat().name());
        FileInputStream fileInputStream = new FileInputStream(this.conf.getSSLKeyStoreFile());
        Throwable th = null;
        try {
            keyStore.load(fileInputStream, this.conf.getSSLKeyStorePassword().toCharArray());
            if (0 != 0) {
                try {
                    fileInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            } else {
                fileInputStream.close();
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, this.conf.getSSLKeyStorePrivateKeyPassword().toCharArray());
            File sSLKeyStoreFile = this.conf.getSSLKeyStoreFile();
            if (sSLKeyStoreFile != null && sSLKeyStoreFile.canRead()) {
                Path absolutePath = sSLKeyStoreFile.toPath().toAbsolutePath();
                boolean z = true;
                if (this.keyStoreWatcher != null) {
                    if (absolutePath.getParent().equals(this.keyStoreWatcher.getWatchedDir())) {
                        z = false;
                    } else {
                        this.keyStoreWatcher.stop();
                    }
                }
                if (z) {
                    this.keyStoreWatcher = new WatchDirectory(absolutePath.getParent(), new KeyStoreWatcher(absolutePath), StandardWatchEventKinds.ENTRY_MODIFY);
                    Thread thread = new Thread(this.keyStoreWatcher, "KeyStore changes watcher (KeyManager)");
                    thread.setDaemon(true);
                    thread.start();
                }
            }
            LogWriter.writeDebugInfo(String.format("[KeyManager] initiated in %d ms", Long.valueOf(System.currentTimeMillis() - currentTimeMillis)));
            for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
                if (keyManager instanceof X509KeyManager) {
                    this.keyManager = (X509KeyManager) keyManager;
                    return;
                }
            }
            throw new NoSuchAlgorithmException("No X509KeyManager in KeyManagerFactory");
        } catch (Throwable th3) {
            if (0 != 0) {
                try {
                    fileInputStream.close();
                } catch (Throwable th4) {
                    th.addSuppressed(th4);
                }
            } else {
                fileInputStream.close();
            }
            throw th3;
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        return this.keyManager.getCertificateChain(str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        return this.keyManager.getPrivateKey(str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return this.keyManager.getClientAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return this.keyManager.getServerAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return chooseSNIAlias(true, principalArr, socket, str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return chooseSNIAlias(false, principalArr, socket, strArr);
    }

    private String chooseSNIAlias(boolean z, Principal[] principalArr, Socket socket, String... strArr) {
        ExtendedSSLSession extendedSSLSession;
        if (!(socket instanceof SSLSocket) || (extendedSSLSession = (ExtendedSSLSession) ((SSLSocket) socket).getHandshakeSession()) == null) {
            return null;
        }
        String str = null;
        Iterator<SNIServerName> it = extendedSSLSession.getRequestedServerNames().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SNIServerName next = it.next();
            if (next.getType() == 0) {
                str = ((SNIHostName) next).getAsciiName();
                break;
            }
        }
        if (this.keyManager.getPrivateKey(str) == null) {
            if (z) {
                return this.keyManager.chooseServerAlias(strArr[0], principalArr, socket);
            }
            this.keyManager.chooseClientAlias(strArr, principalArr, socket);
        }
        if (str == null) {
            return null;
        }
        return str.toLowerCase();
    }
}
