package com.marcnuri.yakc.ssl;

import com.marcnuri.yakc.config.Configuration;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Predicate;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import okio.ByteString;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;

/* loaded from: input_file:com/marcnuri/yakc/ssl/SSLResolver.class */
public class SSLResolver {
    private static final Logger log = Logger.getLogger(SSLResolver.class.getName());
    public static final String TLS_V_1_2 = "TLSv1.2";
    private static final String JKS_TYPE = "JKS";
    private static final String X509_TYPE = "X509";
    private static final String DEFAULT_JAVA_TRUSTSTORE_P455W0RD = "changeit";

    public static boolean isTrustAllCertificates(Configuration configuration) {
        return configuration.isInsecureSkipTlsVerify();
    }

    public static boolean hasCertificateAuthority(Configuration configuration) {
        return configuration.getCertificateAuthority() != null || isNotNullOrEmpty(configuration.getCertificateAuthorityData());
    }

    public static boolean hasClientCertificate(Configuration configuration) {
        return (configuration.getClientCertificate() != null || isNotNullOrEmpty(configuration.getClientCertificateData())) && (configuration.getClientKey() != null || isNotNullOrEmpty(configuration.getClientKeyData()));
    }

    public static TrustManager[] trustManagers(Configuration configuration) throws IOException, GeneralSecurityException {
        if (isTrustAllCertificates(configuration)) {
            return new TrustManager[]{new AlwaysTrustManager()};
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(initTrustStore(configuration));
        return trustManagerFactory.getTrustManagers();
    }

    public static KeyManager[] keyManagers(Configuration configuration) throws IOException, GeneralSecurityException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance(X509_TYPE);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        InputStream certInputStream = certInputStream(configuration.getClientCertificateData(), configuration.getClientCertificate());
        try {
            InputStreamReader inputStreamReader = new InputStreamReader(certInputStream(configuration.getClientKeyData(), configuration.getClientKey()));
            try {
                InputStream loadJavaTrustStore = loadJavaTrustStore();
                try {
                    Security.addProvider(new BouncyCastleProvider());
                    Collection<? extends Certificate> generateCertificates = certificateFactory.generateCertificates(certInputStream);
                    KeyStore keyStore = KeyStore.getInstance(JKS_TYPE);
                    if (loadJavaTrustStore != null) {
                        keyStore.load(loadJavaTrustStore, DEFAULT_JAVA_TRUSTSTORE_P455W0RD.toCharArray());
                    } else {
                        keyStore.load(null);
                    }
                    Stream<? extends Certificate> stream = generateCertificates.stream();
                    Class<X509Certificate> cls = X509Certificate.class;
                    Objects.requireNonNull(X509Certificate.class);
                    keyStore.setKeyEntry((String) stream.map((v1) -> {
                        return r1.cast(v1);
                    }).map((v0) -> {
                        return v0.getIssuerX500Principal();
                    }).map((v0) -> {
                        return v0.getName();
                    }).collect(Collectors.joining("_")), decodePrivateKey(inputStreamReader), DEFAULT_JAVA_TRUSTSTORE_P455W0RD.toCharArray(), (Certificate[]) generateCertificates.toArray(new Certificate[0]));
                    keyManagerFactory.init(keyStore, DEFAULT_JAVA_TRUSTSTORE_P455W0RD.toCharArray());
                    if (loadJavaTrustStore != null) {
                        loadJavaTrustStore.close();
                    }
                    inputStreamReader.close();
                    if (certInputStream != null) {
                        certInputStream.close();
                    }
                    return keyManagerFactory.getKeyManagers();
                } catch (Throwable th) {
                    if (loadJavaTrustStore != null) {
                        try {
                            loadJavaTrustStore.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (certInputStream != null) {
                try {
                    certInputStream.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    private static KeyStore initTrustStore(Configuration configuration) throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance(JKS_TYPE);
        InputStream certInputStream = certInputStream(configuration.getCertificateAuthorityData(), configuration.getCertificateAuthority());
        try {
            InputStream loadJavaTrustStore = loadJavaTrustStore();
            try {
                if (loadJavaTrustStore != null) {
                    keyStore.load(loadJavaTrustStore, DEFAULT_JAVA_TRUSTSTORE_P455W0RD.toCharArray());
                } else {
                    keyStore.load(null);
                }
                if (hasCertificateAuthority(configuration)) {
                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(X509_TYPE).generateCertificate(certInputStream);
                    keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName(), x509Certificate);
                }
                if (loadJavaTrustStore != null) {
                    loadJavaTrustStore.close();
                }
                if (certInputStream != null) {
                    certInputStream.close();
                }
                return keyStore;
            } finally {
            }
        } catch (Throwable th) {
            if (certInputStream != null) {
                try {
                    certInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static InputStream loadJavaTrustStore() throws IOException {
        File file = (File) Optional.ofNullable(System.getProperty("java.home")).map(File::new).map(file2 -> {
            return file2.toPath().resolve("lib").resolve("security").resolve("cacerts").toFile();
        }).filter((v0) -> {
            return v0.exists();
        }).filter(file3 -> {
            return file3.length() > 0;
        }).orElse(null);
        if (file != null) {
            return new FileInputStream(file);
        }
        log.warning("Java System trust store was not found");
        return null;
    }

    private static PrivateKey decodePrivateKey(InputStreamReader inputStreamReader) throws IOException {
        PrivateKey privateKey;
        Object readObject = new PEMParser(inputStreamReader).readObject();
        JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
        if (readObject instanceof PEMKeyPair) {
            privateKey = jcaPEMKeyConverter.getPrivateKey(((PEMKeyPair) readObject).getPrivateKeyInfo());
        } else {
            if (!(readObject instanceof PrivateKeyInfo)) {
                throw new IOException("Invalid private key");
            }
            privateKey = jcaPEMKeyConverter.getPrivateKey((PrivateKeyInfo) readObject);
        }
        return privateKey;
    }

    private static InputStream certInputStream(String str, File file) throws IOException {
        return (InputStream) Optional.ofNullable(certInputStream(str)).orElse(certInputStream(file));
    }

    private static InputStream certInputStream(String str) {
        if (isNotNullOrEmpty(str)) {
            return new ByteArrayInputStream(((ByteString) Objects.requireNonNull(ByteString.decodeBase64(str))).toByteArray());
        }
        return null;
    }

    private static boolean isNotNullOrEmpty(String str) {
        Optional ofNullable = Optional.ofNullable(str);
        Predicate predicate = (v0) -> {
            return v0.isEmpty();
        };
        return ofNullable.filter(predicate.negate()).isPresent();
    }

    private static InputStream certInputStream(File file) throws IOException {
        if (file == null) {
            return null;
        }
        return new FileInputStream(file);
    }

    private SSLResolver() {
    }
}
