package org.nhindirect.stagent.cert.impl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Hashtable;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.nhindirect.stagent.NHINDException;
import org.nhindirect.stagent.cert.X509CertificateEx;

/* loaded from: input_file:BOOT-INF/lib/agent-8.0.0.jar:org/nhindirect/stagent/cert/impl/LdapCertUtilImpl.class */
public class LdapCertUtilImpl implements LdapCertUtil {
    private LdapEnvironment ldapEnvironment;
    private String keyStorePassword;
    private String certificateFormat;

    public LdapCertUtilImpl(LdapEnvironment ldapEnvironment, String str, String str2) {
        this.ldapEnvironment = ldapEnvironment;
        this.keyStorePassword = str;
        this.certificateFormat = str2;
    }

    @Override // org.nhindirect.stagent.cert.impl.LdapCertUtil
    public Collection<X509Certificate> ldapSearch(String str) {
        Attributes attributes;
        Attribute attribute;
        DirContext dirContext = null;
        try {
            dirContext = getInitialDirContext(this.ldapEnvironment.getEnv());
            NamingEnumeration search = dirContext.search(this.ldapEnvironment.getLdapSearchBase(), this.ldapEnvironment.getLdapSearchAttribute() + "=" + str, getDefaultSearchControls());
            ArrayList<X509Certificate> arrayList = new ArrayList<>();
            while (search != null && search.hasMoreElements()) {
                SearchResult searchResult = (SearchResult) search.nextElement();
                if (searchResult != null && (attributes = searchResult.getAttributes()) != null && (attribute = attributes.get(this.ldapEnvironment.getReturningCertAttribute())) != null) {
                    NamingEnumeration all = attribute.getAll();
                    while (all.hasMoreElements()) {
                        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(new Base64().decode(((String) all.nextElement()).getBytes()));
                        if (this.certificateFormat.equalsIgnoreCase("pkcs12")) {
                            try {
                                processPKCS12FileFormatAndAddToCertificates(byteArrayInputStream, arrayList);
                            } catch (Exception e) {
                                closeDirContext(dirContext);
                                throw new NHINDException("", e);
                            }
                        } else {
                            if (!this.certificateFormat.equalsIgnoreCase("X.509") && !this.certificateFormat.equalsIgnoreCase("X509")) {
                                closeDirContext(dirContext);
                                throw new NHINDException("Invalid certificate format requested");
                            }
                            arrayList.add((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream));
                        }
                    }
                }
            }
            return arrayList;
        } catch (NamingException e2) {
            closeDirContext(dirContext);
            throw new NHINDException("", (Exception) e2);
        } catch (CertificateException e3) {
            closeDirContext(dirContext);
            throw new NHINDException("", (Exception) e3);
        }
    }

    protected void processPKCS12FileFormatAndAddToCertificates(ByteArrayInputStream byteArrayInputStream, ArrayList<X509Certificate> arrayList) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(byteArrayInputStream, this.keyStorePassword == null ? null : this.keyStorePassword.toCharArray());
        IOUtils.closeQuietly((InputStream) byteArrayInputStream);
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            Certificate certificate = keyStore.getCertificate(nextElement);
            if (certificate != null && (certificate instanceof X509Certificate)) {
                Key key = keyStore.getKey(nextElement, this.keyStorePassword == null ? null : this.keyStorePassword.toCharArray());
                if (key != null && (key instanceof PrivateKey)) {
                    arrayList.add(X509CertificateEx.fromX509Certificate((X509Certificate) certificate, (PrivateKey) key));
                }
            }
        }
    }

    protected SearchControls getDefaultSearchControls() {
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningObjFlag(true);
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{this.ldapEnvironment.getReturningCertAttribute()});
        return searchControls;
    }

    protected InitialDirContext getInitialDirContext(Hashtable<String, String> hashtable) throws NamingException {
        return new InitialDirContext(hashtable);
    }

    protected void closeDirContext(DirContext dirContext) {
        if (dirContext != null) {
            try {
                dirContext.close();
            } catch (NamingException e) {
            }
        }
    }

    public LdapEnvironment getLdapEnvironment() {
        return this.ldapEnvironment;
    }
}
