package com.firenio.baseio.component;

import com.firenio.baseio.common.Assert;
import com.firenio.baseio.common.BASE64Util;
import com.firenio.baseio.common.Encoding;
import com.firenio.baseio.common.FileUtil;
import com.firenio.baseio.common.Util;
import com.firenio.baseio.component.SslContext;
import java.io.Closeable;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/firenio/baseio/component/SslContextBuilder.class */
public final class SslContextBuilder {
    private String[] applicationProtocols;
    private List<String> ciphers;
    private boolean isServer;
    private KeyManagerFactory keyManagerFactory;
    private long sessionCacheSize;
    private long sessionTimeout;
    private TrustManagerFactory trustManagerFactory;
    private X509TrustManager x509TrustManager;
    private SslContext.ClientAuth clientAuth = SslContext.ClientAuth.NONE;
    private TrustType trustType = TrustType.NONE;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/firenio/baseio/component/SslContextBuilder$TrustAllX509TrustManager.class */
    public class TrustAllX509TrustManager implements X509TrustManager {
        TrustAllX509TrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/firenio/baseio/component/SslContextBuilder$TrustType.class */
    public enum TrustType {
        ALL,
        NONE,
        TrustManagerFactory,
        X509TrustManager
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SslContextBuilder(boolean z) {
        this.isServer = z;
    }

    public SslContext build() throws SSLException {
        return new SslContext(newSSLContext(), this.isServer, this.ciphers, this.clientAuth, this.applicationProtocols);
    }

    private KeyManagerFactory buildKeyManagerFactory(KeyStore keyStore, char[] cArr) throws SSLException {
        String property = Security.getProperty("ssl.KeyManagerFactory.algorithm");
        if (property == null) {
            property = "SunX509";
        }
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(property);
            keyManagerFactory.init(keyStore, cArr);
            return keyManagerFactory;
        } catch (Exception e) {
            throw new SSLException(e);
        }
    }

    private KeyManagerFactory buildKeyManagerFactory(X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) throws SSLException {
        if (str == null) {
            str = "";
        }
        char[] charArray = str.toCharArray();
        return buildKeyManagerFactory(buildKeyStore(x509CertificateArr, privateKey, charArray), charArray);
    }

    private KeyStore buildKeyStore(X509Certificate[] x509CertificateArr, PrivateKey privateKey, char[] cArr) throws SSLException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setKeyEntry("key", privateKey, cArr, x509CertificateArr);
            return keyStore;
        } catch (Exception e) {
            throw new SSLException(e);
        }
    }

    private TrustManagerFactory buildTrustManagerFactory(X509Certificate[] x509CertificateArr) throws SSLException {
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null, null);
            int i = 1;
            for (X509Certificate x509Certificate : x509CertificateArr) {
                keyStore.setCertificateEntry(Integer.toString(i), x509Certificate);
                i++;
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory;
        } catch (Exception e) {
            throw new SSLException(e);
        }
    }

    public SslContextBuilder ciphers(List<String> list) {
        needServer();
        this.ciphers = list;
        return this;
    }

    public SslContextBuilder clientAuth(SslContext.ClientAuth clientAuth) {
        needServer();
        this.clientAuth = clientAuth;
        return this;
    }

    private PKCS8EncodedKeySpec generateKeySpec(String str, byte[] bArr) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidKeyException, InvalidAlgorithmParameterException {
        if (str == null) {
            return new PKCS8EncodedKeySpec(bArr);
        }
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
        SecretKey generateSecret = SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(str.toCharArray()));
        Cipher cipher = Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
        cipher.init(2, generateSecret, encryptedPrivateKeyInfo.getAlgParameters());
        return encryptedPrivateKeyInfo.getKeySpec(cipher);
    }

    public String[] getApplicationProtocols() {
        return this.applicationProtocols;
    }

    private X509Certificate[] getCertificatesFromBuffers(List<byte[]> list) throws CertificateException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        X509Certificate[] x509CertificateArr = new X509Certificate[list.size()];
        for (int i = 0; i < list.size(); i++) {
            x509CertificateArr[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(list.get(i)));
        }
        return x509CertificateArr;
    }

    private PrivateKey getPrivateKeyFromByteBuffer(byte[] bArr, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, KeyException, IOException {
        PKCS8EncodedKeySpec generateKeySpec = generateKeySpec(str, bArr);
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(generateKeySpec);
        } catch (InvalidKeySpecException e) {
            try {
                return KeyFactory.getInstance("DSA").generatePrivate(generateKeySpec);
            } catch (InvalidKeySpecException e2) {
                try {
                    return KeyFactory.getInstance("EC").generatePrivate(generateKeySpec);
                } catch (InvalidKeySpecException e3) {
                    throw new InvalidKeySpecException("Neither RSA, DSA nor EC worked", e3);
                }
            }
        }
    }

    public SslContextBuilder keyManager(File file, File file2) throws IOException {
        return keyManager(file, file2, (String) null);
    }

    public SslContextBuilder keyManager(File file, File file2, String str) throws IOException {
        FileInputStream fileInputStream = new FileInputStream(file);
        FileInputStream fileInputStream2 = new FileInputStream(file2);
        try {
            SslContextBuilder keyManager = keyManager(fileInputStream2, fileInputStream, str);
            Util.close((Closeable) fileInputStream);
            Util.close((Closeable) fileInputStream2);
            return keyManager;
        } catch (Throwable th) {
            Util.close((Closeable) fileInputStream);
            Util.close((Closeable) fileInputStream2);
            throw th;
        }
    }

    public SslContextBuilder keyManager(File file, String str, String str2, String str3) throws SSLException {
        try {
            return keyManager(new FileInputStream(file), str, str2, str3);
        } catch (FileNotFoundException e) {
            throw new SSLException(e);
        }
    }

    public SslContextBuilder keyManager(InputStream inputStream, InputStream inputStream2, String str) throws SSLException {
        needServer();
        try {
            try {
                X509Certificate[] x509Certificates = toX509Certificates(inputStream);
                Util.close((Closeable) inputStream);
                try {
                    try {
                        PrivateKey privateKey = toPrivateKey(inputStream2, str);
                        Util.close((Closeable) inputStream2);
                        this.keyManagerFactory = buildKeyManagerFactory(x509Certificates, privateKey, str);
                        return this;
                    } catch (Exception e) {
                        throw new IllegalArgumentException("Input stream does not contain valid private key.", e);
                    }
                } catch (Throwable th) {
                    Util.close((Closeable) inputStream2);
                    throw th;
                }
            } catch (Throwable th2) {
                Util.close((Closeable) inputStream);
                throw th2;
            }
        } catch (Exception e2) {
            throw new IllegalArgumentException("Input stream not contain valid certificates.", e2);
        }
    }

    public SslContextBuilder keyManager(InputStream inputStream, String str, String str2, String str3) throws SSLException {
        needServer();
        try {
            if (str3 == null) {
                str3 = "";
            }
            try {
                char[] charArray = str3.toCharArray();
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(inputStream, charArray);
                this.keyManagerFactory = buildKeyManagerFactory(keyStore, charArray);
                Util.close((Closeable) inputStream);
                return this;
            } catch (Exception e) {
                throw new SSLException(e);
            }
        } catch (Throwable th) {
            Util.close((Closeable) inputStream);
            throw th;
        }
    }

    public SslContextBuilder keyManager(KeyManagerFactory keyManagerFactory) {
        needServer();
        this.keyManagerFactory = keyManagerFactory;
        return this;
    }

    private void needClient() {
        if (this.isServer) {
            throw new IllegalArgumentException("client context mode");
        }
    }

    private void needServer() {
        if (!this.isServer) {
            throw new IllegalArgumentException("server context mode");
        }
    }

    private SSLContext newSSLContext() throws SSLException {
        if (this.isServer && this.keyManagerFactory == null) {
            throw new SSLException("null keyManagerFactory");
        }
        try {
            SSLContext newSSLContext = SslContext.newSSLContext();
            TrustManager[] trustManagerArr = null;
            KeyManager[] keyManagerArr = null;
            if (this.isServer) {
                keyManagerArr = this.keyManagerFactory.getKeyManagers();
            }
            switch (this.trustType) {
                case ALL:
                    trustManagerArr = new X509TrustManager[]{new TrustAllX509TrustManager()};
                    break;
                case TrustManagerFactory:
                    trustManagerArr = this.trustManagerFactory.getTrustManagers();
                    break;
                case X509TrustManager:
                    trustManagerArr = new X509TrustManager[]{this.x509TrustManager};
                    break;
            }
            newSSLContext.init(keyManagerArr, trustManagerArr, new SecureRandom());
            SSLSessionContext serverSessionContext = this.isServer ? newSSLContext.getServerSessionContext() : newSSLContext.getClientSessionContext();
            if (this.sessionCacheSize > 0) {
                serverSessionContext.setSessionCacheSize((int) Math.min(this.sessionCacheSize, 2147483647L));
            }
            if (this.sessionTimeout > 0) {
                serverSessionContext.setSessionTimeout((int) Math.min(this.sessionTimeout, 2147483647L));
            }
            return newSSLContext;
        } catch (Exception e) {
            if (e instanceof SSLException) {
                throw ((SSLException) e);
            }
            throw new SSLException("failed to initialize the SSL context", e);
        }
    }

    public SslContextBuilder sessionCacheSize(long j) {
        this.sessionCacheSize = j;
        return this;
    }

    public SslContextBuilder sessionTimeout(long j) {
        this.sessionTimeout = j;
        return this;
    }

    public SslContextBuilder applicationProtocols(String[] strArr) {
        this.applicationProtocols = strArr;
        return this;
    }

    private PrivateKey toPrivateKey(InputStream inputStream, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, KeyException, IOException, CertificateException {
        if (inputStream == null) {
            return null;
        }
        return getPrivateKeyFromByteBuffer(readCertificates(inputStream).get(0), str);
    }

    private X509Certificate[] toX509Certificates(InputStream inputStream) throws CertificateException {
        Assert.notNull(inputStream, "null inputstream");
        return getCertificatesFromBuffers(readCertificates(inputStream));
    }

    public SslContextBuilder trustManager(boolean z) {
        needClient();
        this.trustType = z ? TrustType.ALL : this.trustType;
        return this;
    }

    public SslContextBuilder trustManager(InputStream inputStream) {
        needClient();
        try {
            return trustManager(toX509Certificates(inputStream));
        } catch (Exception e) {
            throw new IllegalArgumentException("Input stream does not contain valid certificates.", e);
        }
    }

    public SslContextBuilder trustManager(TrustManagerFactory trustManagerFactory) {
        needClient();
        Assert.notNull(trustManagerFactory, "null trustManagerFactory");
        this.trustManagerFactory = trustManagerFactory;
        this.trustType = TrustType.TrustManagerFactory;
        return this;
    }

    public SslContextBuilder trustManager(X509Certificate... x509CertificateArr) throws SSLException {
        needClient();
        Assert.notEmpty(x509CertificateArr, "empty trustCertCollection");
        trustManager(buildTrustManagerFactory(x509CertificateArr));
        return this;
    }

    public SslContextBuilder trustManager(X509TrustManager x509TrustManager) {
        needClient();
        Assert.notNull(x509TrustManager, "null x509TrustManager");
        this.x509TrustManager = x509TrustManager;
        this.trustType = TrustType.X509TrustManager;
        return this;
    }

    public static SslContextBuilder forClient(boolean z) {
        return new SslContextBuilder(false).trustManager(z);
    }

    public static SslContextBuilder forServer() {
        return new SslContextBuilder(true);
    }

    static List<byte[]> readCertificates(File file) throws CertificateException {
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(file);
                List<byte[]> readCertificates = readCertificates(fileInputStream);
                Util.close((Closeable) fileInputStream);
                return readCertificates;
            } catch (FileNotFoundException e) {
                throw new CertificateException("could not find certificate file: " + file);
            }
        } catch (Throwable th) {
            Util.close((Closeable) fileInputStream);
            throw th;
        }
    }

    static List<byte[]> readCertificates(InputStream inputStream) throws CertificateException {
        try {
            List<String> readLines = FileUtil.readLines(inputStream, Encoding.UTF8);
            ArrayList arrayList = new ArrayList();
            StringBuilder sb = new StringBuilder();
            int i = 0;
            for (String str : readLines) {
                if (str.startsWith("----")) {
                    i++;
                    if (i == 2) {
                        arrayList.add(BASE64Util.base64ToByteArray(sb.toString()));
                        i = 0;
                        sb.setLength(0);
                    }
                } else {
                    sb.append(str.trim().replace("\r", ""));
                }
            }
            if (arrayList.isEmpty()) {
                throw new CertificateException("found no certificates in input stream");
            }
            return arrayList;
        } catch (IOException e) {
            throw new CertificateException("failed to read certificate input stream", e);
        }
    }
}
