package org.nhindirect.stagent.cert.impl;

import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import org.nhindirect.common.crypto.KeyStoreProtectionManager;
import org.nhindirect.common.crypto.MutableKeyStoreProtectionManager;
import org.nhindirect.stagent.AgentError;
import org.nhindirect.stagent.NHINDException;
import org.nhindirect.stagent.cert.CertificateStore;
import org.nhindirect.stagent.cert.Thumbprint;
import org.nhindirect.stagent.cert.X509CertificateEx;

/* loaded from: input_file:BOOT-INF/lib/agent-8.0.0.jar:org/nhindirect/stagent/cert/impl/AbstractKeyStoreManagerCertificateStore.class */
public abstract class AbstractKeyStoreManagerCertificateStore extends CertificateStore {
    protected KeyStoreProtectionManager storeMgr;

    public AbstractKeyStoreManagerCertificateStore() {
    }

    public AbstractKeyStoreManagerCertificateStore(KeyStoreProtectionManager keyStoreProtectionManager) {
        this.storeMgr = keyStoreProtectionManager;
    }

    public void setKeyStoreManager(KeyStoreProtectionManager keyStoreProtectionManager) {
        this.storeMgr = keyStoreProtectionManager;
    }

    @Override // org.nhindirect.stagent.cert.CertificateStore, org.nhindirect.stagent.cert.X509Store
    public Collection<X509Certificate> getAllCertificates() {
        ArrayList arrayList = new ArrayList();
        try {
            for (Map.Entry<String, KeyStore.Entry> entry : this.storeMgr.getAllEntries().entrySet()) {
                if (entry.getValue() instanceof KeyStore.PrivateKeyEntry) {
                    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry.getValue();
                    arrayList.add(X509CertificateEx.fromX509Certificate((X509Certificate) privateKeyEntry.getCertificate(), privateKeyEntry.getPrivateKey()));
                }
            }
            return arrayList;
        } catch (Exception e) {
            throw new NHINDException(AgentError.Unexpected, "Failed to get key entries from PKCS11 store.", e);
        }
    }

    @Override // org.nhindirect.stagent.cert.CertificateStore, org.nhindirect.stagent.cert.X509Store
    public boolean contains(X509Certificate x509Certificate) {
        return getAllCertificates().contains(x509Certificate);
    }

    @Override // org.nhindirect.stagent.cert.CertificateStore, org.nhindirect.stagent.cert.X509Store
    public void add(X509Certificate x509Certificate) {
        if (!(this.storeMgr instanceof MutableKeyStoreProtectionManager)) {
            throw new IllegalStateException("The store manager is a MutableKeyStoreProtectionManager instance");
        }
        if (!(x509Certificate instanceof X509CertificateEx) || !((X509CertificateEx) x509Certificate).hasPrivateKey()) {
            throw new IllegalArgumentException("PKCS11 certificates require a private key");
        }
        try {
            ((MutableKeyStoreProtectionManager) this.storeMgr).setEntry(Thumbprint.toThumbprint(x509Certificate).toString(), new KeyStore.PrivateKeyEntry(((X509CertificateEx) x509Certificate).getPrivateKey(), new Certificate[]{x509Certificate}));
        } catch (Exception e) {
            throw new NHINDException(AgentError.Unexpected, "Failed to add key entry into PKCS11 store.", e);
        }
    }

    @Override // org.nhindirect.stagent.cert.CertificateStore, org.nhindirect.stagent.cert.X509Store
    public void remove(X509Certificate x509Certificate) {
        if (!(this.storeMgr instanceof MutableKeyStoreProtectionManager)) {
            throw new IllegalStateException("The store manager is a MutableKeyStoreProtectionManager instance");
        }
        try {
            String str = null;
            Iterator<String> it = this.storeMgr.getAllEntries().keySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String next = it.next();
                KeyStore.Entry entry = this.storeMgr.getEntry(next);
                if ((entry instanceof KeyStore.PrivateKeyEntry) && x509Certificate.equals(((KeyStore.PrivateKeyEntry) entry).getCertificate())) {
                    str = next;
                    break;
                }
            }
            if (str != null) {
                ((MutableKeyStoreProtectionManager) this.storeMgr).clearEntry(str);
            }
        } catch (Exception e) {
            throw new NHINDException(AgentError.Unexpected, "Failed to remove key entry from PKCS11 store.", e);
        }
    }
}
