package com.ibm.gsk.ikeyman.keystore;

import com.ibm.crypto.pkcs11impl.provider.PKCS11SecretKey;
import com.ibm.gsk.ikeyman.command.Constants;
import com.ibm.gsk.ikeyman.error.InternalKeyManagerException;
import com.ibm.gsk.ikeyman.error.KeyManagerException;
import com.ibm.gsk.ikeyman.keystore.entry.DisplayItemFactory;
import com.ibm.gsk.ikeyman.util.Debug;
import com.ibm.security.x509.KeyIdentifier;
import com.ibm.security.x509.SubjectKeyIdentifierExtension;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import javax.crypto.SecretKey;

/* loaded from: input_file:jre/lib/ext/gskikm.jar:com/ibm/gsk/ikeyman/keystore/EntryFilterFactory.class */
public class EntryFilterFactory {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:jre/lib/ext/gskikm.jar:com/ibm/gsk/ikeyman/keystore/EntryFilterFactory$CertReqEntryFilter.class */
    public static class CertReqEntryFilter implements EntryFilter<KeyStore> {
        private boolean certRequests;

        public CertReqEntryFilter(boolean z) {
            this.certRequests = z;
        }

        @Override // com.ibm.gsk.ikeyman.keystore.EntryFilterFactory.EntryFilter
        public boolean isEntry(KeyStore keyStore, String str, String str2) throws KeyManagerException {
            X509Certificate x509Certificate;
            try {
                if (!keyStore.isKeyEntry(str)) {
                    return false;
                }
                try {
                    x509Certificate = (X509Certificate) keyStore.getCertificate(getCertForAlias(keyStore, str));
                } catch (Exception e) {
                    x509Certificate = (X509Certificate) keyStore.getCertificate(str);
                }
                if (x509Certificate == null) {
                    return false;
                }
                return !(this.certRequests ^ isCertRequest(x509Certificate));
            } catch (KeyStoreException e2) {
                throw new InternalKeyManagerException(KeyManagerException.ExceptionReason.UNINITIALISED_KEY_STORE, e2);
            }
        }

        private String getCertForAlias(KeyStore keyStore, String str) throws KeyManagerException {
            try {
                for (String str2 : Collections.list(keyStore.aliases())) {
                    if (str2.matches(str + "cert[\\d]+")) {
                        return str2;
                    }
                }
                return null;
            } catch (KeyStoreException e) {
                return null;
            }
        }

        protected static boolean isCertRequest(X509Certificate x509Certificate) throws KeyManagerException {
            for (DisplayItemFactory.ExtensionItem extensionItem : DisplayItemFactory.getExtensionItems(x509Certificate)) {
                if (extensionItem.getExtension() instanceof SubjectKeyIdentifierExtension) {
                    try {
                        if (new String(((KeyIdentifier) ((SubjectKeyIdentifierExtension) extensionItem.getExtension()).get("key_id")).getIdentifier()).equals(Constants.certRequestTag)) {
                            return true;
                        }
                    } catch (IOException e) {
                        throw new KeyManagerException(KeyManagerException.ExceptionReason.IO_ERROR, e);
                    }
                }
            }
            return false;
        }
    }

    /* loaded from: input_file:jre/lib/ext/gskikm.jar:com/ibm/gsk/ikeyman/keystore/EntryFilterFactory$EntryFilter.class */
    public interface EntryFilter<T> {
        boolean isEntry(T t, String str, String str2) throws KeyManagerException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:jre/lib/ext/gskikm.jar:com/ibm/gsk/ikeyman/keystore/EntryFilterFactory$KeyStoreCertEntryFilter.class */
    public static class KeyStoreCertEntryFilter implements EntryFilter<KeyStore> {
        private KeyStoreCertEntryFilter() {
        }

        @Override // com.ibm.gsk.ikeyman.keystore.EntryFilterFactory.EntryFilter
        public boolean isEntry(KeyStore keyStore, String str, String str2) throws KeyManagerException {
            try {
                return keyStore.isCertificateEntry(str);
            } catch (KeyStoreException e) {
                throw new InternalKeyManagerException(KeyManagerException.ExceptionReason.UNINITIALISED_KEY_STORE, e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:jre/lib/ext/gskikm.jar:com/ibm/gsk/ikeyman/keystore/EntryFilterFactory$KeyStoreKeyEntryFilter.class */
    public static class KeyStoreKeyEntryFilter implements EntryFilter<KeyStore> {
        private Class<? extends Key> keyType;
        private CertReqEntryFilter crf = new CertReqEntryFilter(true);

        public KeyStoreKeyEntryFilter(Class<? extends Key> cls) {
            this.keyType = cls;
        }

        @Override // com.ibm.gsk.ikeyman.keystore.EntryFilterFactory.EntryFilter
        public boolean isEntry(KeyStore keyStore, String str, String str2) throws KeyManagerException {
            Debug.entering(str);
            if (this.crf.isEntry(keyStore, str, str2)) {
                return false;
            }
            try {
                if (!keyStore.isKeyEntry(str)) {
                    Debug.exiting();
                    return false;
                }
                Key key = keyStore.getKey(str, str2.toCharArray());
                if (!this.keyType.isInstance(key)) {
                    Debug.exiting();
                    return false;
                }
                if (key instanceof PKCS11SecretKey) {
                    return !((PKCS11SecretKey) key).getNeverExtractable().booleanValue();
                }
                Debug.exiting();
                return true;
            } catch (KeyStoreException e) {
                Debug.exiting();
                throw new InternalKeyManagerException(KeyManagerException.ExceptionReason.UNINITIALISED_KEY_STORE, e);
            } catch (NoSuchAlgorithmException e2) {
                Debug.log(e2.getMessage(), str);
                Debug.exiting();
                return true;
            } catch (UnrecoverableKeyException e3) {
                Debug.log(e3.getMessage(), str);
                Debug.exiting();
                return true;
            }
        }
    }

    public static EntryFilter<KeyStore> newKeyStoreKeyEntryFilter() {
        return new KeyStoreKeyEntryFilter(PrivateKey.class);
    }

    public static EntryFilter<KeyStore> newKeyStoreSecretKeyEntryFilter() {
        return new KeyStoreKeyEntryFilter(SecretKey.class);
    }

    public static EntryFilter<KeyStore> newKeyStoreCertEntryFilter() {
        return new KeyStoreCertEntryFilter();
    }

    public static EntryFilter<KeyStore> newCertificateRequestEntryFilter() {
        return new CertReqEntryFilter(true);
    }

    public static EntryFilter<KeyStore> newPKCS11KeyEntryFilter() {
        return new CertReqEntryFilter(false);
    }
}
