package net.codestory.http.ssl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import net.codestory.http.misc.Md5;

/* loaded from: input_file:net/codestory/http/ssl/SSLContextFactory.class */
public class SSLContextFactory {
    public SSLContext create(List<Path> list, Path path, List<Path> list2) throws GeneralSecurityException, IOException {
        KeyStore keyStore;
        X509Certificate[] x509CertificateArr = (X509Certificate[]) list.stream().map(SSLContextFactory::generateCertificateFromDER).toArray(i -> {
            return new X509Certificate[i];
        });
        RSAPrivateKey generatePrivateKeyFromDER = generatePrivateKeyFromDER(path);
        KeyStore keyStore2 = KeyStore.getInstance("JKS");
        keyStore2.load(null);
        keyStore2.setCertificateEntry("cert-alias", x509CertificateArr[0]);
        keyStore2.setKeyEntry("key-alias", generatePrivateKeyFromDER, new char[0], x509CertificateArr);
        if (list2 == null || list2.isEmpty()) {
            keyStore = null;
        } else {
            keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null);
            Iterator<Path> it = list2.iterator();
            while (it.hasNext()) {
                X509Certificate generateCertificateFromDER = generateCertificateFromDER(it.next());
                keyStore.setCertificateEntry(Md5.of(generateCertificateFromDER.getEncoded()), generateCertificateFromDER);
            }
        }
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(getKeyManagers(keyStore2), getTrustManagers(keyStore), null);
        return sSLContext;
    }

    private static KeyManager[] getKeyManagers(KeyStore keyStore) throws GeneralSecurityException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, new char[0]);
        return keyManagerFactory.getKeyManagers();
    }

    private static TrustManager[] getTrustManagers(KeyStore keyStore) throws GeneralSecurityException {
        if (keyStore == null) {
            return null;
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    private static X509Certificate generateCertificateFromDER(Path path) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Files.readAllBytes(path)));
        } catch (IOException | GeneralSecurityException e) {
            throw new IllegalStateException("Unable to generate certificate", e);
        }
    }

    private static RSAPrivateKey generatePrivateKeyFromDER(Path path) {
        try {
            return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Files.readAllBytes(path)));
        } catch (IOException | GeneralSecurityException e) {
            throw new IllegalStateException("Unable to generate private key", e);
        }
    }
}
