package org.openhealthtools.ihe.atna.nodeauth.utils;

import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509KeyManager;
import org.apache.log4j.Logger;
import org.openhealthtools.ihe.atna.nodeauth.SecurityDomain;

/* loaded from: input_file:lib/ehealth_connector-fatjar-ch-1.7-20180920s.jar:org/openhealthtools/ihe/atna/nodeauth/utils/AliasSensitiveX509KeyManager.class */
public class AliasSensitiveX509KeyManager implements X509KeyManager {
    public static final Logger LOGGER = Logger.getLogger(AliasSensitiveX509KeyManager.class);
    private SecurityDomain domain;
    private X509KeyManager parent;

    public AliasSensitiveX509KeyManager(SecurityDomain securityDomain, X509KeyManager x509KeyManager) {
        this.parent = x509KeyManager;
        this.domain = securityDomain;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        if (this.domain == null || this.domain.getPreferredKeyAlias() == null) {
            if (LOGGER.isInfoEnabled()) {
                LOGGER.info("No preferred key alias defined.  Defaulting to JSSE certificate selection.");
            }
            return this.parent.chooseClientAlias(strArr, principalArr, socket);
        }
        String preferredKeyAlias = this.domain.getPreferredKeyAlias();
        if (strArr != null && strArr.length > 0) {
            for (String str : strArr) {
                String chooseClientAliasForKey = chooseClientAliasForKey(preferredKeyAlias, str, principalArr, socket);
                if (chooseClientAliasForKey != null && !"".equals(chooseClientAliasForKey)) {
                    if (LOGGER.isInfoEnabled()) {
                        LOGGER.info("Found valid keystore alias: " + chooseClientAliasForKey);
                    }
                    return chooseClientAliasForKey;
                }
            }
        }
        LOGGER.warn("The requested key alias " + preferredKeyAlias + " was not found in the keystore.  No certificate selected.  The transaction will probably fail.");
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return this.parent.chooseServerAlias(str, principalArr, socket);
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        return this.parent.getCertificateChain(str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return this.parent.getClientAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        return this.parent.getPrivateKey(str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return this.parent.getServerAliases(str, principalArr);
    }

    private String chooseClientAliasForKey(String str, String str2, Principal[] principalArr, Socket socket) {
        String[] clientAliases = getClientAliases(str2, principalArr);
        if (clientAliases == null || clientAliases.length <= 0) {
            return null;
        }
        for (int i = 0; i < clientAliases.length; i++) {
            if (str.equals(clientAliases[i])) {
                return clientAliases[i];
            }
        }
        return null;
    }
}
