package org.apache.qpid.amqp_1_0.client;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;

/* loaded from: input_file:org/apache/qpid/amqp_1_0/client/SSLUtil.class */
public class SSLUtil {
    public static final String TRANSPORT_LAYER_SECURITY_CODE = "TLS";
    public static final String SSLV3_PROTOCOL = "SSLv3";
    private static final Logger LOGGER = Logger.getLogger(SSLUtil.class.getName());

    /* loaded from: input_file:org/apache/qpid/amqp_1_0/client/SSLUtil$QpidClientX509KeyManager.class */
    public static class QpidClientX509KeyManager extends X509ExtendedKeyManager {
        private X509ExtendedKeyManager delegate;
        private String alias;

        public QpidClientX509KeyManager(String str, String str2, String str3, String str4, String str5) throws GeneralSecurityException, IOException {
            this.alias = str;
            KeyStore initializedKeyStore = SSLUtil.getInitializedKeyStore(str2, str4, str3);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str5);
            keyManagerFactory.init(initializedKeyStore, str4.toCharArray());
            this.delegate = (X509ExtendedKeyManager) keyManagerFactory.getKeyManagers()[0];
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return this.alias;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return this.delegate.chooseServerAlias(str, principalArr, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.delegate.getCertificateChain(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return new String[]{this.alias};
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.delegate.getPrivateKey(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return this.delegate.getServerAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
            return this.alias;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
            return this.delegate.chooseEngineServerAlias(str, principalArr, sSLEngine);
        }
    }

    public static SSLContext buildSslContext(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9, String str10, String str11) throws GeneralSecurityException, IOException {
        TrustManager[] trustManagerArr;
        KeyManager[] keyManagerArr;
        SSLContext sslContext = getSslContext(str10, str11);
        if (str6 != null) {
            KeyStore initializedKeyStore = getInitializedKeyStore(str6, str7, str8);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str9);
            trustManagerFactory.init(initializedKeyStore);
            trustManagerArr = trustManagerFactory.getTrustManagers();
        } else {
            trustManagerArr = null;
        }
        if (str2 == null) {
            keyManagerArr = null;
        } else if (str != null) {
            keyManagerArr = new KeyManager[]{new QpidClientX509KeyManager(str, str2, str3, str4, str5)};
        } else {
            KeyStore initializedKeyStore2 = getInitializedKeyStore(str2, str4, str3);
            char[] charArray = str4 == null ? null : str4.toCharArray();
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str5);
            keyManagerFactory.init(initializedKeyStore2, charArray);
            keyManagerArr = keyManagerFactory.getKeyManagers();
        }
        sslContext.init(keyManagerArr, trustManagerArr, null);
        return sslContext;
    }

    private static SSLContext getSslContext(String str, String str2) throws NoSuchAlgorithmException {
        String property = str2 != null ? str2 : System.getProperty("qpid.ssl.contextProvider");
        String property2 = str != null ? str : System.getProperty("qpid.ssl.contextProtocol", TRANSPORT_LAYER_SECURITY_CODE);
        SSLContext sSLContext = null;
        if (property != null && property2 != null) {
            try {
                sSLContext = SSLContext.getInstance(property2, property);
            } catch (NoSuchAlgorithmException e) {
                LOGGER.info("Unknown SSL protocol '" + property2 + "' when using the provider '" + property + "' will use the default provider");
            } catch (NoSuchProviderException e2) {
                LOGGER.info("Unknown SSL Context Provider '" + property + "' will use the default");
            }
        }
        if (sSLContext == null && property2 != null) {
            try {
                sSLContext = SSLContext.getInstance(property2);
            } catch (NoSuchAlgorithmException e3) {
                LOGGER.info("Unknown SSL protocol '" + property2 + "' will use '" + TRANSPORT_LAYER_SECURITY_CODE + "'");
            }
        }
        if (sSLContext == null) {
            sSLContext = SSLContext.getInstance(TRANSPORT_LAYER_SECURITY_CODE);
        }
        return sSLContext;
    }

    public static X509Certificate[] getClientCertificates(String str, String str2, String str3, String str4, String str5) throws GeneralSecurityException, IOException {
        return new QpidClientX509KeyManager(str, str2, str4, str3, str5).getCertificateChain(str);
    }

    public static KeyStore getInitializedKeyStore(String str, String str2, String str3) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(str3);
        InputStream inputStream = null;
        try {
            File file = new File(str);
            InputStream fileInputStream = file.exists() ? new FileInputStream(file) : Thread.currentThread().getContextClassLoader().getResourceAsStream(str);
            if (fileInputStream == null && !"PKCS11".equalsIgnoreCase(str3)) {
                throw new IOException("Unable to load keystore resource: " + str);
            }
            keyStore.load(fileInputStream, str2 == null ? null : str2.toCharArray());
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e) {
                }
            }
            return keyStore;
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (IOException e2) {
                }
            }
            throw th;
        }
    }

    public static void removeSSLv3Support(SSLSocket sSLSocket) {
        List asList = Arrays.asList(sSLSocket.getEnabledProtocols());
        if (asList.contains(SSLV3_PROTOCOL)) {
            ArrayList arrayList = new ArrayList(asList);
            arrayList.remove(SSLV3_PROTOCOL);
            sSLSocket.setEnabledProtocols((String[]) arrayList.toArray(new String[arrayList.size()]));
        }
    }
}
