package org.netxms.certificate.manager;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import org.netxms.certificate.loader.KeyStoreLoader;
import org.netxms.certificate.loader.KeyStoreRequestListener;
import org.netxms.certificate.loader.exception.KeyStoreLoaderException;
import org.netxms.certificate.manager.exception.CertificateHasNoPrivateKeyException;
import org.netxms.certificate.manager.exception.CertificateNotInKeyStoreException;
import org.netxms.certificate.manager.exception.SignatureImpossibleException;
import org.netxms.certificate.manager.exception.SignatureVerificationImpossibleException;
import org.netxms.certificate.request.KeyStoreEntryPasswordRequestListener;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/plugins/org.netxms.ui.base_4.5.6.jar:org/netxms/certificate/manager/CertificateManager.class */
public class CertificateManager {
    private static Logger logger = LoggerFactory.getLogger((Class<?>) CertificateManager.class);
    private KeyStore keyStore;
    private Certificate[] certs;
    private final KeyStoreLoader loader;
    private KeyStoreEntryPasswordRequestListener passwordRequestListener;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertificateManager(KeyStoreLoader keyStoreLoader) {
        this.loader = keyStoreLoader;
    }

    public void setPasswordRequestListener(KeyStoreEntryPasswordRequestListener keyStoreEntryPasswordRequestListener) {
        this.passwordRequestListener = keyStoreEntryPasswordRequestListener;
    }

    public void setKeyStoreRequestListener(KeyStoreRequestListener keyStoreRequestListener) {
        this.loader.setKeyStoreRequestListener(keyStoreRequestListener);
    }

    public Certificate[] getCerts() {
        return this.certs;
    }

    private void loadCerts() {
        try {
            this.certs = getCertsFromKeyStore();
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
            logger.error("Failed to get certificate from key store", e);
            this.certs = new Certificate[0];
        }
    }

    public boolean hasNoCertificates() {
        return this.certs == null || this.certs.length == 0;
    }

    public byte[] sign(Certificate certificate, byte[] bArr) throws SignatureImpossibleException {
        try {
            PrivateKey privateKey = getPrivateKey(certificate);
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (Exception e) {
            throw new SignatureImpossibleException(e.getMessage());
        }
    }

    public Signature extractSignature(Certificate certificate) throws SignatureImpossibleException {
        try {
            PrivateKey privateKey = getPrivateKey(certificate);
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initSign(privateKey);
            return signature;
        } catch (Exception e) {
            throw new SignatureImpossibleException(e.getMessage());
        }
    }

    public boolean verify(Certificate certificate, byte[] bArr, byte[] bArr2) throws SignatureVerificationImpossibleException {
        try {
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initVerify(certificate);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (Exception e) {
            throw new SignatureVerificationImpossibleException();
        }
    }

    protected PrivateKey getPrivateKey(Certificate certificate) throws KeyStoreException, CertificateNotInKeyStoreException, CertificateHasNoPrivateKeyException, NoSuchAlgorithmException, UnrecoverableEntryException {
        KeyStore.PrivateKeyEntry privateKeyEntry;
        String certificateAlias = this.keyStore.getCertificateAlias(certificate);
        if (certificateAlias == null) {
            throw new CertificateNotInKeyStoreException();
        }
        try {
            privateKeyEntry = (KeyStore.PrivateKeyEntry) this.keyStore.getEntry(certificateAlias, new KeyStore.PasswordProtection("".toCharArray()));
        } catch (UnrecoverableEntryException e) {
            privateKeyEntry = (KeyStore.PrivateKeyEntry) this.keyStore.getEntry(certificateAlias, new KeyStore.PasswordProtection(getEntryPassword().toCharArray()));
        }
        PrivateKey privateKey = privateKeyEntry.getPrivateKey();
        if (privateKey == null) {
            throw new CertificateHasNoPrivateKeyException();
        }
        return privateKey;
    }

    protected String getEntryPassword() {
        return this.passwordRequestListener == null ? "" : this.passwordRequestListener.keyStoreEntryPasswordRequested();
    }

    public void load() throws KeyStoreLoaderException {
        this.keyStore = this.loader.loadKeyStore();
        loadCerts();
    }

    protected Certificate[] getCertsFromKeyStore() throws KeyStoreException, UnrecoverableEntryException, NoSuchAlgorithmException {
        if (this.keyStore == null) {
            throw new KeyStoreException();
        }
        if (this.keyStore.size() == 0) {
            return new Certificate[0];
        }
        ArrayList arrayList = new ArrayList();
        Enumeration<String> aliases = this.keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (this.keyStore.isKeyEntry(nextElement)) {
                arrayList.add(this.keyStore.getCertificate(nextElement));
            }
        }
        Certificate[] certificateArr = new Certificate[arrayList.size()];
        arrayList.toArray(certificateArr);
        return certificateArr;
    }
}
