package org.apache.qpid.transport.network.security.ssl;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.apache.qpid.ssl.SSLContextFactory;
import org.apache.qpid.transport.TransportException;
import org.apache.qpid.transport.util.Logger;

/* loaded from: input_file:org/apache/qpid/transport/network/security/ssl/SSLUtil.class */
public class SSLUtil {
    private static final Logger log = Logger.get(SSLUtil.class);

    private SSLUtil() {
    }

    public static void verifyHostname(SSLEngine sSLEngine, String str) {
        try {
            String name = ((X509Certificate) sSLEngine.getSession().getPeerCertificates()[0]).getSubjectDN().getName();
            String str2 = null;
            if (name.contains("CN=")) {
                str2 = name.substring(3, name.indexOf(",") == -1 ? name.length() : name.indexOf(","));
            }
            if (log.isDebugEnabled()) {
                log.debug("Hostname expected : " + str, new Object[0]);
                log.debug("Distinguished Name for server certificate : " + name, new Object[0]);
                log.debug("Host Name obtained from DN : " + str2, new Object[0]);
            }
            if (str2 == null || str2.equalsIgnoreCase(str) || str2.equalsIgnoreCase(str + ".localdomain")) {
            } else {
                throw new TransportException("SSL hostname verification failed. Expected : " + str + " Found in cert : " + str2);
            }
        } catch (SSLPeerUnverifiedException e) {
            log.warn("Exception received while trying to verify hostname", e);
        }
    }

    public static String retriveIdentity(SSLEngine sSLEngine) {
        StringBuffer stringBuffer = new StringBuffer();
        try {
            String name = ((X509Certificate) sSLEngine.getSession().getLocalCertificates()[0]).getSubjectDN().getName();
            if (name.contains("CN=")) {
                stringBuffer.append(name.substring(3, name.indexOf(",") == -1 ? name.length() : name.indexOf(",")));
            }
            if (name.contains("DC=")) {
                stringBuffer.append("@");
                int i = 0;
                for (String str : name.split(",")) {
                    if (str.contains("DC")) {
                        if (i > 0) {
                            stringBuffer.append(".");
                        }
                        stringBuffer.append(str.substring(str.indexOf("=") + 1, str.indexOf(",") == -1 ? str.length() : str.indexOf(",")));
                        i++;
                    }
                }
            }
        } catch (Exception e) {
            log.info("Exception received while trying to retrive client identity from SSL cert", e);
        }
        log.debug("Extracted Identity from client certificate : " + ((Object) stringBuffer), new Object[0]);
        return stringBuffer.toString();
    }

    public static KeyStore getInitializedKeyStore(String str, String str2) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(SSLContextFactory.JAVA_KEY_STORE_CODE);
        InputStream inputStream = null;
        try {
            File file = new File(str);
            InputStream fileInputStream = file.exists() ? new FileInputStream(file) : Thread.currentThread().getContextClassLoader().getResourceAsStream(str);
            if (fileInputStream == null) {
                throw new IOException("Unable to load keystore resource: " + str);
            }
            keyStore.load(fileInputStream, str2 == null ? null : str2.toCharArray());
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e) {
                }
            }
            return keyStore;
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (IOException e2) {
                }
            }
            throw th;
        }
    }
}
