package de.tk.opensource.secon;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;

/* loaded from: input_file:de/tk/opensource/secon/KeyStoreDirectory.class */
final class KeyStoreDirectory implements Directory {
    private final KeyStore ks;
    private final LRUCache<X509Certificate, X509Certificate> issuerCache;

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStoreDirectory(KeyStore keyStore) {
        this(keyStore, new LRUCache(50));
    }

    KeyStoreDirectory(KeyStore keyStore, LRUCache<X509Certificate, X509Certificate> lRUCache) {
        this.ks = keyStore;
        this.issuerCache = lRUCache;
    }

    @Override // de.tk.opensource.secon.Directory
    public final Optional<X509Certificate> certificate(X509CertSelector x509CertSelector) throws KeyStoreException {
        return certificates(x509CertSelector).findFirst();
    }

    private final Stream<X509Certificate> certificates(X509CertSelector x509CertSelector) throws KeyStoreException {
        Stream flatMap = Collections.list(this.ks.aliases()).stream().flatMap(this::certificateStream);
        Objects.requireNonNull(x509CertSelector);
        return flatMap.filter((v1) -> {
            return r1.match(v1);
        });
    }

    @Override // de.tk.opensource.secon.Directory
    public Optional<X509Certificate> issuer(X509Certificate x509Certificate) throws Exception {
        if (this.issuerCache.containsKey(x509Certificate)) {
            return this.issuerCache.get(x509Certificate);
        }
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setSubject(x509Certificate.getIssuerX500Principal());
        Optional<X509Certificate> findFirst = certificates(x509CertSelector).filter(x509Certificate2 -> {
            try {
                x509Certificate.verify(x509Certificate2.getPublicKey());
                return true;
            } catch (Exception e) {
                return false;
            }
        }).findFirst();
        if (findFirst.isPresent()) {
            this.issuerCache.put(x509Certificate, findFirst.get());
        }
        return findFirst;
    }

    private Stream<X509Certificate> certificateStream(String str) {
        try {
            return (Stream) certificate(str).map((v0) -> {
                return Stream.of(v0);
            }).orElseGet(Stream::empty);
        } catch (KeyStoreException e) {
            throw new IllegalStateException("Cannot get certificate for alias `" + str + "`:", e);
        }
    }

    @Override // de.tk.opensource.secon.Directory
    public final Optional<X509Certificate> certificate(String str) throws KeyStoreException {
        Certificate certificate = this.ks.getCertificate(str);
        return certificate instanceof X509Certificate ? Optional.of((X509Certificate) certificate) : Optional.empty();
    }
}
