package tigase.extras.bcstarttls;

import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.util.Hashtable;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.CertificateEntry;
import org.bouncycastle.tls.TlsServerContext;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
import tigase.io.CertificateContainerIfc;

/* loaded from: input_file:tigase/extras/bcstarttls/SimpleCredentialsProvider.class */
public class SimpleCredentialsProvider implements CredentialsProvider {
    private static final Logger log = Logger.getLogger(SimpleCredentialsProvider.class.getName());
    private final CertificateContainerIfc certificateContainer;
    private final BcTlsCrypto crypto;
    private final String hostname;
    private Credentials credentials;
    private boolean keysLoaded = false;

    public SimpleCredentialsProvider(BcTlsCrypto bcTlsCrypto, CertificateContainerIfc certificateContainerIfc, String str) {
        this.crypto = bcTlsCrypto;
        this.certificateContainer = certificateContainerIfc;
        this.hostname = str;
    }

    @Override // tigase.extras.bcstarttls.CredentialsProvider
    public Credentials getCredentials(TlsServerContext tlsServerContext) {
        loadIfRequired(tlsServerContext);
        return this.credentials;
    }

    private Certificate gen12(java.security.cert.Certificate[] certificateArr) throws CertificateEncodingException, IOException {
        TlsCertificate[] tlsCertificateArr = new TlsCertificate[certificateArr.length];
        for (int i = 0; i < certificateArr.length; i++) {
            tlsCertificateArr[i] = this.crypto.createCertificate(certificateArr[i].getEncoded());
        }
        return new Certificate(tlsCertificateArr);
    }

    private Certificate gen13(java.security.cert.Certificate[] certificateArr) throws CertificateEncodingException, IOException {
        CertificateEntry[] certificateEntryArr = new CertificateEntry[certificateArr.length];
        for (int i = 0; i < certificateArr.length; i++) {
            certificateEntryArr[i] = new CertificateEntry(this.crypto.createCertificate(certificateArr[i].getEncoded()), (Hashtable) null);
        }
        return new Certificate((short) 0, TlsUtils.EMPTY_BYTES, certificateEntryArr);
    }

    private void loadIfRequired(TlsServerContext tlsServerContext) {
        if (this.keysLoaded) {
            return;
        }
        try {
            tigase.cert.CertificateEntry certificateEntry = this.certificateContainer.getCertificateEntry(this.hostname);
            AsymmetricKeyParameter createKey = PrivateKeyFactory.createKey(certificateEntry.getPrivateKey().getEncoded());
            Certificate gen13 = TlsUtils.isTLSv13(tlsServerContext) ? gen13(certificateEntry.getCertChain()) : gen12(certificateEntry.getCertChain());
            this.keysLoaded = true;
            this.credentials = new Credentials(gen13, createKey);
            log.log(Level.FINE, "Certificate for domain loaded.");
        } catch (IOException | CertificateEncodingException e) {
            log.log(Level.WARNING, "Cannot load domain " + this.hostname + " certificate.", e);
            throw new RuntimeException("Cannot load domain " + this.hostname + " certificate.", e);
        }
    }
}
