package com.ceridwen.circulation.SIP.transport;

import java.io.File;
import java.io.FileInputStream;
import java.net.Socket;
import java.nio.file.Files;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:com/ceridwen/circulation/SIP/transport/SSLSocketConnection.class */
public class SSLSocketConnection extends SocketConnection {
    public static final String PROP_DISABLESSLHOSTCHECK = "com.ceridwen.circulation.SIP.disableSSLHostCheck";
    private File clientCertificate;
    private File clientPrivateKey;
    private String clientPrivateKeyPassword;
    private File serverCertificateCA;

    public File getServerCertificateCA() {
        return this.serverCertificateCA;
    }

    public void setServerCertificateCA(File file) {
        this.serverCertificateCA = file;
    }

    public File getClientCertificate() {
        return this.clientCertificate;
    }

    public void setClientCertificate(File file) {
        this.clientCertificate = file;
    }

    public File getClientPrivateKey() {
        return this.clientPrivateKey;
    }

    public void setClientPrivateKey(File file) {
        this.clientPrivateKey = file;
    }

    public String getClientPrivateKeyPassword() {
        return this.clientPrivateKeyPassword;
    }

    public void setClientPrivateKeyPassword(String str) {
        this.clientPrivateKeyPassword = str;
    }

    private Socket setParameters(Socket socket) {
        if ("true".equals(System.getProperty(PROP_DISABLESSLHOSTCHECK, "false"))) {
            SSLParameters sSLParameters = new SSLParameters();
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            ((SSLSocket) socket).setSSLParameters(sSLParameters);
        }
        return socket;
    }

    @Override // com.ceridwen.circulation.SIP.transport.SocketConnection
    protected Socket getSocket() throws Exception {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        KeyStore keyStore2 = KeyStore.getInstance("PKCS12");
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        if (this.clientPrivateKey == null || this.clientCertificate == null) {
            keyManagerFactory = null;
        } else {
            keyStore.load(null);
            String replaceAll = new String(Files.readAllBytes(this.clientPrivateKey.toPath())).replace("-----BEGIN PRIVATE KEY-----\n", "").replace("-----END PRIVATE KEY-----", "").replaceAll("\\s", "");
            if (this.clientPrivateKeyPassword == null) {
                keyStore.setKeyEntry("client", keyFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(replaceAll))), null, (Certificate[]) certificateFactory.generateCertificates(new FileInputStream(this.clientCertificate)).toArray(new Certificate[0]));
                keyManagerFactory.init(keyStore, null);
            } else {
                keyStore.setKeyEntry("client", keyFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(replaceAll))), this.clientPrivateKeyPassword.toCharArray(), (Certificate[]) certificateFactory.generateCertificates(new FileInputStream(this.clientCertificate)).toArray(new Certificate[0]));
                keyManagerFactory.init(keyStore, this.clientPrivateKeyPassword.toCharArray());
            }
        }
        if (this.serverCertificateCA != null) {
            keyStore2.load(null);
            keyStore2.setCertificateEntry("ca", certificateFactory.generateCertificate(new FileInputStream(this.serverCertificateCA)));
            trustManagerFactory.init(keyStore2);
        } else {
            if (keyManagerFactory == null) {
                return setParameters(SSLContext.getDefault().getSocketFactory().createSocket());
            }
            trustManagerFactory.init((KeyStore) null);
        }
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerFactory == null ? null : keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
        return setParameters(sSLContext.getSocketFactory().createSocket());
    }
}
