package com.oneidentity.safeguard.safeguardjava.event;

import com.google.gson.JsonElement;
import com.microsoft.signalr.Action1;
import com.microsoft.signalr.HttpHubConnectionBuilder;
import com.microsoft.signalr.HubConnection;
import com.microsoft.signalr.HubConnectionBuilder;
import com.microsoft.signalr.OnClosedCallback;
import com.oneidentity.safeguard.safeguardjava.data.CertificateContext;
import com.oneidentity.safeguard.safeguardjava.exceptions.ArgumentException;
import com.oneidentity.safeguard.safeguardjava.exceptions.ObjectDisposedException;
import com.oneidentity.safeguard.safeguardjava.exceptions.SafeguardEventListenerDisconnectedException;
import com.oneidentity.safeguard.safeguardjava.exceptions.SafeguardForJavaException;
import io.reactivex.rxjava3.core.Single;
import java.io.ByteArrayInputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
import okhttp3.Protocol;

/* loaded from: input_file:com/oneidentity/safeguard/safeguardjava/event/SafeguardEventListener.class */
public class SafeguardEventListener implements ISafeguardEventListener, AutoCloseable {
    private boolean disposed;
    private final String eventUrl;
    private final boolean ignoreSsl;
    private final HostnameVerifier validationCallback;
    private char[] accessToken;
    private char[] apiKey;
    private List<char[]> apiKeys;
    private CertificateContext clientCertificate;
    private EventHandlerRegistry eventHandlerRegistry;
    private IDisconnectHandler disconnectHandler;
    private HubConnection signalrConnection;
    private static final String NOTIFICATION_HUB = "signalr";
    private boolean _isStarted;
    TrustManager[] _trustAllCerts;

    private SafeguardEventListener(String str, boolean z, HostnameVerifier hostnameVerifier) {
        this.signalrConnection = null;
        this._isStarted = false;
        this._trustAllCerts = new TrustManager[]{new X509TrustManager() { // from class: com.oneidentity.safeguard.safeguardjava.event.SafeguardEventListener.3
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};
        this.eventUrl = String.format("%s/%s", str, NOTIFICATION_HUB);
        this.ignoreSsl = z;
        this.validationCallback = hostnameVerifier;
        this.eventHandlerRegistry = new EventHandlerRegistry();
        this.accessToken = null;
        this.apiKey = null;
        this.apiKeys = null;
        this.clientCertificate = null;
        this.disconnectHandler = new DefaultDisconnectHandler();
    }

    public SafeguardEventListener(String str, char[] cArr, boolean z, HostnameVerifier hostnameVerifier) throws ArgumentException {
        this(str, z, hostnameVerifier);
        if (cArr == null) {
            throw new ArgumentException("The accessToken parameter can not be null");
        }
        this.accessToken = (char[]) cArr.clone();
    }

    public SafeguardEventListener(String str, String str2, char[] cArr, String str3, char[] cArr2, boolean z, HostnameVerifier hostnameVerifier) throws ArgumentException {
        this(str, z, hostnameVerifier);
        if (cArr2 == null) {
            throw new ArgumentException("The apiKey parameter can not be null");
        }
        this.apiKey = (char[]) cArr2.clone();
        this.clientCertificate = new CertificateContext(str3, str2, null, cArr);
    }

    public SafeguardEventListener(String str, CertificateContext certificateContext, char[] cArr, boolean z, HostnameVerifier hostnameVerifier) throws ArgumentException {
        this(str, z, hostnameVerifier);
        if (cArr == null) {
            throw new ArgumentException("The apiKey parameter can not be null");
        }
        this.clientCertificate = certificateContext.cloneObject();
        this.apiKey = (char[]) cArr.clone();
    }

    /* JADX WARN: Multi-variable type inference failed */
    public SafeguardEventListener(String str, String str2, char[] cArr, String str3, List<char[]> list, boolean z, HostnameVerifier hostnameVerifier) throws ArgumentException {
        this(str, z, hostnameVerifier);
        if (list == 0) {
            throw new ArgumentException("The apiKey parameter can not be null");
        }
        this.clientCertificate = new CertificateContext(str3, str2, null, cArr);
        this.apiKeys = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            list.add(((char[]) it.next()).clone());
        }
        if (list.isEmpty()) {
            throw new ArgumentException("The apiKeys parameter must include at least one item");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public SafeguardEventListener(String str, CertificateContext certificateContext, List<char[]> list, boolean z, HostnameVerifier hostnameVerifier) throws ArgumentException {
        this(str, z, hostnameVerifier);
        if (list == 0) {
            throw new ArgumentException("The apiKeys parameter can not be null");
        }
        this.clientCertificate = certificateContext.cloneObject();
        this.apiKeys = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            list.add(((char[]) it.next()).clone());
        }
        if (list.isEmpty()) {
            throw new ArgumentException("The apiKeys parameter must include at least one item");
        }
    }

    public void setDisconnectHandler(IDisconnectHandler iDisconnectHandler) {
        this.disconnectHandler = iDisconnectHandler;
    }

    public void setEventHandlerRegistry(EventHandlerRegistry eventHandlerRegistry) {
        this.eventHandlerRegistry = eventHandlerRegistry;
    }

    @Override // com.oneidentity.safeguard.safeguardjava.event.ISafeguardEventListener
    public boolean isStarted() {
        return this._isStarted;
    }

    @Override // com.oneidentity.safeguard.safeguardjava.event.ISafeguardEventListener
    public void registerEventHandler(String str, ISafeguardEventHandler iSafeguardEventHandler) throws ObjectDisposedException {
        if (this.disposed) {
            throw new ObjectDisposedException("SafeguardEventListener");
        }
        this.eventHandlerRegistry.registerEventHandler(str, iSafeguardEventHandler);
    }

    @Override // com.oneidentity.safeguard.safeguardjava.event.ISafeguardEventListener
    public void start() throws ObjectDisposedException, SafeguardForJavaException, SafeguardEventListenerDisconnectedException {
        if (this.disposed) {
            throw new ObjectDisposedException("SafeguardEventListener");
        }
        cleanupConnection();
        this._isStarted = true;
        this.signalrConnection = CreateConnection(this.eventUrl);
        this.signalrConnection.on("NotifyEventAsync", jsonElement -> {
            handleEvent(jsonElement);
        }, JsonElement.class);
        this.signalrConnection.onClosed(new OnClosedCallback() { // from class: com.oneidentity.safeguard.safeguardjava.event.SafeguardEventListener.1
            @Override // com.microsoft.signalr.OnClosedCallback
            public void invoke(Exception exc) {
                if (exc != null) {
                    try {
                        Logger.getLogger(SafeguardEventListener.class.getName()).log(Level.WARNING, "SignalR error detected!", (Throwable) exc);
                    } catch (SafeguardEventListenerDisconnectedException e) {
                        Logger.getLogger(SafeguardEventListener.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e);
                        return;
                    }
                }
                SafeguardEventListener.this.handleDisconnect();
            }
        });
        try {
            this.signalrConnection.start().blockingAwait();
        } catch (Exception e) {
            throw new SafeguardForJavaException(String.format("Failed to start signalr connection: %s", e.getMessage()), e);
        }
    }

    @Override // com.oneidentity.safeguard.safeguardjava.event.ISafeguardEventListener
    public void stop() throws ObjectDisposedException, SafeguardForJavaException {
        if (this.disposed) {
            throw new ObjectDisposedException("SafeguardEventListener");
        }
        try {
            cleanupConnection();
        } catch (Exception e) {
            throw new SafeguardForJavaException("Failure stopping SignalR.", e);
        }
    }

    @Override // java.lang.AutoCloseable
    public void close() throws Exception {
        dispose();
    }

    @Override // com.oneidentity.safeguard.safeguardjava.event.ISafeguardEventListener
    public void dispose() {
        cleanupConnection();
        if (this.clientCertificate != null) {
            this.clientCertificate.dispose();
        }
        if (this.apiKey != null) {
            Arrays.fill(this.apiKey, '0');
        }
        if (this.apiKeys != null) {
            Iterator<char[]> it = this.apiKeys.iterator();
            while (it.hasNext()) {
                Arrays.fill(it.next(), '0');
            }
        }
        if (this.accessToken != null) {
            Arrays.fill(this.accessToken, '0');
        }
        this.disposed = true;
    }

    protected void finalize() throws Throwable {
        try {
            cleanupConnection();
            if (this.clientCertificate != null) {
                this.clientCertificate.dispose();
            }
            if (this.apiKey != null) {
                Arrays.fill(this.apiKey, '0');
            }
            if (this.apiKeys != null) {
                Iterator<char[]> it = this.apiKeys.iterator();
                while (it.hasNext()) {
                    Arrays.fill(it.next(), '0');
                }
            }
            if (this.accessToken != null) {
                Arrays.fill(this.accessToken, '0');
            }
            this.disposed = true;
        } finally {
            this.disposed = true;
            super.finalize();
        }
    }

    private void handleEvent(JsonElement jsonElement) {
        this.eventHandlerRegistry.handleEvent(jsonElement);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void handleDisconnect() throws SafeguardEventListenerDisconnectedException {
        if (isStarted()) {
            Logger.getLogger(EventHandlerRegistry.class.getName()).log(Level.WARNING, "SignalR disconnect detected, calling handler...");
            this.disconnectHandler.func();
        }
    }

    private void cleanupConnection() {
        try {
            this._isStarted = false;
            if (this.signalrConnection != null) {
                this.signalrConnection.stop().blockingAwait();
                this.signalrConnection.close();
            }
        } finally {
            this.signalrConnection = null;
        }
    }

    private HubConnection CreateConnection(String str) throws SafeguardForJavaException {
        HttpHubConnectionBuilder create = HubConnectionBuilder.create(str);
        if (this.accessToken != null) {
            create.withAccessTokenProvider(Single.just(new String(this.accessToken)));
        } else {
            String str2 = "";
            if (this.apiKey != null) {
                str2 = new String(this.apiKey);
            } else if (this.apiKeys != null) {
                Iterator<char[]> it = this.apiKeys.iterator();
                while (it.hasNext()) {
                    str2 = str2 + new String(it.next()) + " ";
                }
                str2 = str2.trim();
            }
            if (str2.isEmpty()) {
                throw new SafeguardForJavaException("No API keys found in the authorization header");
            }
            create.withHeader("Authorization", String.format("A2A %s", str2));
        }
        create.setHttpClientBuilderCallback(new Action1<OkHttpClient.Builder>() { // from class: com.oneidentity.safeguard.safeguardjava.event.SafeguardEventListener.2
            @Override // com.microsoft.signalr.Action1
            public void invoke(OkHttpClient.Builder builder) {
                SafeguardEventListener.this.ConfigureHttpClientBuilder(builder);
            }
        });
        return create.build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v22, types: [javax.net.ssl.TrustManager[]] */
    /* JADX WARN: Type inference failed for: r0v38, types: [javax.net.ssl.TrustManager[]] */
    public void ConfigureHttpClientBuilder(OkHttpClient.Builder builder) {
        X509TrustManager[] trustManagers;
        X509TrustManager x509TrustManager;
        if (this.validationCallback != null) {
            builder.hostnameVerifier(this.validationCallback);
        }
        KeyManager[] keyManagerArr = null;
        if (this.clientCertificate != null) {
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                keyStore.load(new ByteArrayInputStream(this.clientCertificate.getCertificateData()), this.clientCertificate.getCertificatePassword());
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, this.clientCertificate.getCertificatePassword());
                keyManagerArr = keyManagerFactory.getKeyManagers();
                builder.protocols(Arrays.asList(Protocol.HTTP_1_1));
            } catch (Exception e) {
                Logger.getLogger(SafeguardEventListener.class.getName()).log(Level.SEVERE, String.format("Error setting client authentication certificate: %s", e.getMessage()));
            }
        }
        try {
            if (this.ignoreSsl) {
                trustManagers = this._trustAllCerts;
                x509TrustManager = (X509TrustManager) this._trustAllCerts[0];
            } else {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                trustManagers = trustManagerFactory.getTrustManagers();
                if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
                    throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
                }
                x509TrustManager = trustManagers[0];
            }
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerArr, trustManagers, null);
            builder.sslSocketFactory(sSLContext.getSocketFactory(), x509TrustManager);
        } catch (KeyManagementException e2) {
            Logger.getLogger(SafeguardEventListener.class.getName()).log(Level.SEVERE, e2.getMessage());
        } catch (KeyStoreException e3) {
            Logger.getLogger(SafeguardEventListener.class.getName()).log(Level.SEVERE, e3.getMessage());
        } catch (NoSuchAlgorithmException e4) {
            Logger.getLogger(SafeguardEventListener.class.getName()).log(Level.SEVERE, e4.getMessage());
        }
    }
}
