package org.nhindirect.stagent.cert;

import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.crypto.SecretKey;
import org.nhindirect.common.crypto.KeyStoreProtectionManager;
import org.nhindirect.common.crypto.WrappableKeyProtectionManager;
import org.nhindirect.common.crypto.exceptions.CryptoException;
import org.nhindirect.stagent.AgentError;
import org.nhindirect.stagent.NHINDException;

/* loaded from: input_file:BOOT-INF/lib/agent-8.0.0.jar:org/nhindirect/stagent/cert/WrappedOnDemandX509CertificateEx.class */
public class WrappedOnDemandX509CertificateEx extends X509CertificateEx {
    protected final KeyStoreProtectionManager mgr;
    protected final byte[] wrappedData;
    protected PrivateKey wrappedKey;

    public static X509CertificateEx fromX509Certificate(KeyStoreProtectionManager keyStoreProtectionManager, X509Certificate x509Certificate, byte[] bArr) {
        if (x509Certificate == null || bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("Cert or wrapped data cannot be null");
        }
        if (keyStoreProtectionManager == null) {
            throw new IllegalArgumentException("KeyStore manager cannot be null");
        }
        if (keyStoreProtectionManager instanceof WrappableKeyProtectionManager) {
            return new WrappedOnDemandX509CertificateEx(keyStoreProtectionManager, x509Certificate, bArr);
        }
        throw new IllegalArgumentException("Key store must implement the WrappableKeyProtectionManager interface");
    }

    protected WrappedOnDemandX509CertificateEx(KeyStoreProtectionManager keyStoreProtectionManager, X509Certificate x509Certificate, byte[] bArr) {
        super(x509Certificate, null);
        this.mgr = keyStoreProtectionManager;
        this.wrappedData = bArr;
    }

    @Override // org.nhindirect.stagent.cert.X509CertificateEx
    public boolean hasPrivateKey() {
        return this.wrappedData != null;
    }

    @Override // org.nhindirect.stagent.cert.X509CertificateEx
    public synchronized PrivateKey getPrivateKey() {
        if (this.wrappedKey != null) {
            return this.wrappedKey;
        }
        try {
            this.wrappedKey = (PrivateKey) ((WrappableKeyProtectionManager) this.mgr).unwrapWithSecretKey((SecretKey) this.mgr.getPrivateKeyProtectionKey(), this.wrappedData, this.internalCert.getPublicKey().getAlgorithm(), 2);
            return this.wrappedKey;
        } catch (CryptoException e) {
            throw new NHINDException(AgentError.Unexpected, "Failed to access wrapped private key.", e);
        }
    }
}
