package de.governikus.bea.beaToolkit.certificateCache;

import de.bos_bremen.ci.asn1.ParseException;
import de.bos_bremen.ci.asn1.x509.Certificate;
import de.bos_bremen.gov2.jca_provider.OCFPrivateKey;
import de.governikus.bea.beaToolkit.certificateCache.DisplayedAlias;
import de.governikus.pcard.MCardUtil;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:de/governikus/bea/beaToolkit/certificateCache/AliasListFactory.class */
public class AliasListFactory {
    private static final Logger LOG = LogManager.getLogger(AliasListFactory.class);

    /* loaded from: input_file:de/governikus/bea/beaToolkit/certificateCache/AliasListFactory$AliasFilterOption.class */
    public enum AliasFilterOption {
        SIGNATURE(1),
        CRYPTO(3),
        AUTHENTICATION(0);

        private final int expectedPosInKeyUsage;

        AliasFilterOption(int i) {
            this.expectedPosInKeyUsage = i;
        }

        public int getExpectedPosInKeyUsage() {
            return this.expectedPosInKeyUsage;
        }
    }

    private AliasListFactory() {
    }

    public static List<DisplayedAlias> getAllAlias(AliasFilterOption aliasFilterOption, SoftKeyCache softKeyCache, KeyStore keyStore) throws GeneralSecurityException, ParseException, IOException {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(readAliasFromPCardKeyStore(aliasFilterOption, keyStore));
        Iterator<SoftKeyCacheEntry> it = softKeyCache.getEntries().iterator();
        while (it.hasNext()) {
            SoftKeyCacheEntry next = it.next();
            try {
                arrayList.add(new DisplayedAlias(next, DisplayedAlias.TokenTyp.SOFTWARE));
            } catch (IOException | KeyStoreException | CertificateException | ParseException e) {
                LOG.warn("Fehler beim Einlesen von CacheEntry[" + next.getAlias() + "]", e);
                LOG.info("Korrigiere SoftKeyCache...");
                it.remove();
            }
        }
        return arrayList;
    }

    public static List<DisplayedAlias> readAliasFromPCardKeyStore(AliasFilterOption aliasFilterOption, KeyStore keyStore) throws GeneralSecurityException, ParseException {
        String[] strArr = {"digitalSignature", "nonRepudiation/qeS", "keyEncipherment", "dataEncipherment", "keyAgreement", "keyCertSign", "cRLSign", "encipherOnly", "decipherOnly"};
        ArrayList arrayList = new ArrayList();
        if (keyStore != null) {
            Iterator it = Collections.list(keyStore.aliases()).iterator();
            while (it.hasNext()) {
                Key key = null;
                try {
                    key = keyStore.getKey((String) it.next(), null);
                } catch (Exception e) {
                    LOG.error(e.toString(), e);
                }
                if (key instanceof OCFPrivateKey) {
                    MCardUtil.allocateSecureCardContext(((OCFPrivateKey) key).getCardService().getCardObject(), keyStore);
                }
            }
            Iterator it2 = Collections.list(keyStore.aliases()).iterator();
            while (it2.hasNext()) {
                String str = (String) it2.next();
                Key key2 = null;
                try {
                    key2 = keyStore.getKey(str, null);
                } catch (Exception e2) {
                    LOG.error(e2.toString(), e2);
                }
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str);
                Certificate forX509 = Certificate.forX509(x509Certificate);
                if (x509Certificate != null && key2 != null) {
                    LOG.debug("Subject: " + forX509.getSubject().getName());
                    LOG.debug("Serialnumber: " + forX509.getSerialNumber().getValueAsString() + " / " + forX509.getSerialNumber().getValueAsHexedString());
                    LOG.debug("Issuer: " + forX509.getIssuer().getName());
                    LOG.debug("Algorithm: " + key2.getAlgorithm());
                    StringBuilder sb = new StringBuilder();
                    for (int i = 0; i < x509Certificate.getKeyUsage().length; i++) {
                        if (i < strArr.length) {
                            sb.append(strArr[i] + " = " + x509Certificate.getKeyUsage()[i] + " / ");
                        } else {
                            LOG.error("Kein KeyUsageNamen für den KeyUsageIndex " + i + " gefunden");
                        }
                    }
                    LOG.debug("KeyUsage: " + sb);
                    if (x509Certificate.getKeyUsage() != null && x509Certificate.getKeyUsage()[aliasFilterOption.expectedPosInKeyUsage]) {
                        if (aliasFilterOption != AliasFilterOption.SIGNATURE) {
                            DisplayedAlias displayedAlias = new DisplayedAlias(str, x509Certificate, DisplayedAlias.TokenTyp.HARDWARE);
                            if (aliasFilterOption == AliasFilterOption.AUTHENTICATION && findCryptoAliasForHardwareToken(displayedAlias, keyStore) == null) {
                                LOG.warn("Kein Crypt-Cert vorhanden also diese Karte nicht anzeigen");
                            } else {
                                arrayList.add(displayedAlias);
                            }
                        } else if (CertificateStatus.getInstance().isQes(x509Certificate)) {
                            arrayList.add(new DisplayedAlias(str, x509Certificate, DisplayedAlias.TokenTyp.HARDWARE));
                        }
                    }
                }
            }
        }
        if (aliasFilterOption.equals(AliasFilterOption.AUTHENTICATION) && arrayList.size() > 1) {
            HashMap hashMap = new HashMap();
            arrayList.forEach(displayedAlias2 -> {
                try {
                    OCFPrivateKey key3 = keyStore.getKey(displayedAlias2.getAlias(), null);
                    if (key3 instanceof OCFPrivateKey) {
                        Long valueOf = Long.valueOf(key3.getCardService().getCardObject().getCardID());
                        if (hashMap.get(valueOf) == null) {
                            hashMap.put(valueOf, displayedAlias2);
                        } else if (((X509Certificate) keyStore.getCertificate(((DisplayedAlias) hashMap.get(valueOf)).getAlias())).getKeyUsage()[1]) {
                            hashMap.put(valueOf, displayedAlias2);
                        }
                    }
                } catch (Exception e3) {
                    LOG.error(e3.toString(), e3);
                }
            });
            arrayList = new ArrayList(hashMap.values());
        }
        return arrayList;
    }

    public static String findCryptoAliasForHardwareToken(DisplayedAlias displayedAlias, KeyStore keyStore) {
        try {
            List<DisplayedAlias> readAliasFromPCardKeyStore = readAliasFromPCardKeyStore(AliasFilterOption.CRYPTO, keyStore);
            OCFPrivateKey key = keyStore.getKey(displayedAlias.getAlias(), null);
            for (DisplayedAlias displayedAlias2 : readAliasFromPCardKeyStore) {
                if (key.getCardService().getCard().getCardID() == keyStore.getKey(displayedAlias2.getAlias(), null).getCardService().getCard().getCardID()) {
                    return displayedAlias2.getAlias();
                }
            }
            return null;
        } catch (GeneralSecurityException | ParseException e) {
            LOG.error(e.toString(), e);
            return null;
        }
    }
}
