package io.confluent.common.security.ssl;

import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.KeyManagerFactorySpi;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;

/* loaded from: input_file:io/confluent/common/security/ssl/PrincipalAliasKeyManagerSpi.class */
public final class PrincipalAliasKeyManagerSpi extends KeyManagerFactorySpi {
    private X509KeyManager defaultKeyManager = null;
    private X509ExtendedKeyManager principalAliasKeyManager = null;

    /* loaded from: input_file:io/confluent/common/security/ssl/PrincipalAliasKeyManagerSpi$KeyStoreParser.class */
    public static class KeyStoreParser {
        public static void parse(KeyStore keyStore, Map<String, String> map) throws KeyStoreException {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                map.put(((X509Certificate) keyStore.getCertificate(nextElement)).getSubjectX500Principal().getName(), nextElement);
            }
        }
    }

    @Override // javax.net.ssl.KeyManagerFactorySpi
    protected void engineInit(KeyStore keyStore, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        HashMap hashMap = new HashMap();
        KeyStoreParser.parse(keyStore, hashMap);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, cArr);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (keyManagers == null || keyManagers.length == 0) {
            throw new NoSuchAlgorithmException("The default algorithm :" + KeyManagerFactory.getDefaultAlgorithm() + " produced no key managers");
        }
        int length = keyManagers.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            KeyManager keyManager = keyManagers[i];
            if (keyManager instanceof X509KeyManager) {
                this.defaultKeyManager = (X509KeyManager) keyManager;
                break;
            }
            i++;
        }
        this.principalAliasKeyManager = new PrincipalAliasedX509KeyManager(hashMap, this.defaultKeyManager);
    }

    @Override // javax.net.ssl.KeyManagerFactorySpi
    protected void engineInit(ManagerFactoryParameters managerFactoryParameters) throws InvalidAlgorithmParameterException {
    }

    @Override // javax.net.ssl.KeyManagerFactorySpi
    protected KeyManager[] engineGetKeyManagers() {
        return new KeyManager[]{this.principalAliasKeyManager};
    }
}
