package org.cesecore.keybind.impl;

import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.X509KeyManager;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/cesecore/keybind/impl/ClientX509KeyManager.class */
public class ClientX509KeyManager implements X509KeyManager {
    private static final Logger log = Logger.getLogger(ClientX509KeyManager.class);
    private final String alias;
    private final PrivateKey privateKey;
    private final X509Certificate[] certificateChain;

    public ClientX509KeyManager(String str, PrivateKey privateKey, List<X509Certificate> list) {
        this.alias = str;
        this.privateKey = privateKey;
        this.certificateChain = (X509Certificate[]) list.toArray(new X509Certificate[list.size()]);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        logDebugIfEnabled(null, strArr, principalArr, socket);
        return this.alias;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        logDebugIfEnabled(null, new String[]{str}, principalArr, socket);
        log.warn("Got a request for server aliases, but implementation only supports client side of TLS negotiations.");
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        logDebugIfEnabled(str, null, null, null);
        if (this.alias.equals(str)) {
            return this.certificateChain;
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        logDebugIfEnabled(null, new String[]{str}, principalArr, null);
        return new String[]{this.alias};
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        logDebugIfEnabled(str, null, null, null);
        if (this.alias.equals(str)) {
            return this.privateKey;
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        logDebugIfEnabled(null, new String[]{str}, principalArr, null);
        log.warn("Got a request for server aliases, but implementation only supports client side of TLS negotiations.");
        return null;
    }

    private void logDebugIfEnabled(String str, String[] strArr, Principal[] principalArr, Socket socket) {
        if (log.isDebugEnabled()) {
            log.debug(Thread.currentThread().getStackTrace()[2].getMethodName() + ":");
            if (str != null) {
                log.debug(" Alias: " + str);
            }
            if (strArr != null) {
                log.debug(" KeyTypes: " + Arrays.toString(strArr));
            }
            if (principalArr != null) {
                for (Principal principal : principalArr) {
                    log.debug(" Issuer: " + principal);
                }
            }
            if (socket != null) {
                log.debug(" RemoteSocketAddress: " + socket.getRemoteSocketAddress());
            }
        }
    }
}
