package net.anthavio.httl.util;

import java.io.InputStream;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/anthavio/httl/util/SSLContextBuilder.class */
public class SSLContextBuilder {
    private static final Logger log = LoggerFactory.getLogger(SSLContextBuilder.class);
    private String protocol;
    private List<TrustManager> trustManagers;
    private List<KeyManager> keyManagers;
    private Provider provider;
    private String providerName;
    private SecureRandom secureRandom;

    /* loaded from: input_file:net/anthavio/httl/util/SSLContextBuilder$X509TrustManagerWrapper.class */
    public static class X509TrustManagerWrapper implements X509TrustManager {
        private X509TrustManager delegate;

        public X509TrustManagerWrapper(X509TrustManager x509TrustManager) {
            this.delegate = null;
            if (x509TrustManager == null) {
                throw new IllegalArgumentException("Trust manager may not be null");
            }
            this.delegate = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (SSLContextBuilder.log.isDebugEnabled() && x509CertificateArr != null) {
                for (int i = 0; i < x509CertificateArr.length; i++) {
                    X509Certificate x509Certificate = x509CertificateArr[i];
                    if (SSLContextBuilder.log.isTraceEnabled()) {
                        SSLContextBuilder.log.debug("Check client cert" + (i + 1) + ":");
                        SSLContextBuilder.logCertInfo(x509Certificate);
                    } else if (SSLContextBuilder.log.isDebugEnabled()) {
                        SSLContextBuilder.log.debug("Check client cert" + (i + 1) + " Subject DN: " + x509Certificate.getSubjectDN());
                    }
                }
            }
            try {
                this.delegate.checkClientTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                SSLContextBuilder.log.debug("Check client cert failed: " + e);
                throw e;
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (SSLContextBuilder.log.isInfoEnabled() && x509CertificateArr != null) {
                for (int i = 0; i < x509CertificateArr.length; i++) {
                    X509Certificate x509Certificate = x509CertificateArr[i];
                    if (SSLContextBuilder.log.isTraceEnabled()) {
                        SSLContextBuilder.log.debug("Check server cert" + (i + 1) + ":");
                        SSLContextBuilder.logCertInfo(x509Certificate);
                    } else if (SSLContextBuilder.log.isDebugEnabled()) {
                        SSLContextBuilder.log.debug("Check server cert" + (i + 1) + " Subject DN: " + x509Certificate.getSubjectDN());
                    }
                }
            }
            try {
                this.delegate.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                SSLContextBuilder.log.debug("Check server cert failed: " + e);
                throw e;
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.delegate.getAcceptedIssuers();
        }
    }

    public static SSLContextBuilder TLS() {
        return new SSLContextBuilder("TLS");
    }

    public static SSLContextBuilder SSL() {
        return new SSLContextBuilder("SSL");
    }

    public static SSLContextBuilder Protocol(String str) {
        return new SSLContextBuilder(str);
    }

    public SSLContextBuilder(String str) {
        if (Cutils.isBlank(str)) {
            throw new IllegalArgumentException("Invalid protocol: " + str);
        }
        this.protocol = str;
    }

    public Provider getProvider() {
        return this.provider;
    }

    public SSLContextBuilder setProvider(Provider provider) {
        this.provider = provider;
        return this;
    }

    public String getProviderName() {
        return this.providerName;
    }

    public SSLContextBuilder setProviderName(String str) {
        this.providerName = str;
        return this;
    }

    public SecureRandom getSecureRandom() {
        return this.secureRandom;
    }

    public SSLContextBuilder setSecureRandom(SecureRandom secureRandom) {
        this.secureRandom = secureRandom;
        return this;
    }

    public SSLContextBuilder addKeyStore(URL url, String str, String str2) {
        if (url == null) {
            throw new IllegalArgumentException("Null keystore url");
        }
        return addKeyStore(loadKeyStore(url, str), str2);
    }

    public SSLContextBuilder addTrustStore(URL url, String str) {
        if (url == null) {
            throw new IllegalArgumentException("Null keystore url");
        }
        return addTrustStore(loadKeyStore(url, str));
    }

    public SSLContextBuilder addTrustStore(KeyStore keyStore) {
        try {
            for (TrustManager trustManager : createTrustManagers(keyStore)) {
                addTrustManager(trustManager);
            }
            return this;
        } catch (Exception e) {
            throw new IllegalArgumentException("Failed to create TrustManager from KeyStore " + keyStore);
        }
    }

    public SSLContextBuilder addKeyStore(KeyStore keyStore, String str) {
        try {
            for (KeyManager keyManager : createKeyManagers(keyStore, str)) {
                addKeyManager(keyManager);
            }
            return this;
        } catch (Exception e) {
            throw new IllegalArgumentException("Failed to create KeyManagers from KeyStore " + keyStore);
        }
    }

    public SSLContextBuilder addTrustManager(TrustManager trustManager) {
        if (trustManager == null) {
            throw new IllegalArgumentException("Null TrustManager");
        }
        if (this.trustManagers == null) {
            this.trustManagers = new ArrayList();
        }
        this.trustManagers.add(trustManager);
        return this;
    }

    public SSLContextBuilder addKeyManager(KeyManager keyManager) {
        if (keyManager == null) {
            throw new IllegalArgumentException("Null KeyManager");
        }
        if (this.keyManagers == null) {
            this.keyManagers = new ArrayList();
        }
        this.keyManagers.add(keyManager);
        return this;
    }

    public SSLContext build() {
        try {
            SSLContext sSLContext = this.provider != null ? SSLContext.getInstance(this.protocol, this.provider) : this.providerName != null ? SSLContext.getInstance(this.protocol, this.providerName) : SSLContext.getInstance(this.protocol);
            try {
                sSLContext.init(this.keyManagers != null ? (KeyManager[]) this.keyManagers.toArray(new KeyManager[this.keyManagers.size()]) : null, this.trustManagers != null ? (TrustManager[]) this.trustManagers.toArray(new TrustManager[this.trustManagers.size()]) : null, this.secureRandom != null ? this.secureRandom : new SecureRandom());
                return sSLContext;
            } catch (KeyManagementException e) {
                throw new IllegalArgumentException("SSLContext initialization failed " + sSLContext, e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalArgumentException("Invalid protocol " + this.protocol, e2);
        } catch (NoSuchProviderException e3) {
            throw new IllegalArgumentException("Invalid provider " + this.providerName, e3);
        }
    }

    public static KeyStore loadKeyStore(URL url, String str) {
        char[] charArray;
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            InputStream openStream = url.openStream();
            if (str != null) {
                try {
                    charArray = str.toCharArray();
                } catch (Throwable th) {
                    openStream.close();
                    throw th;
                }
            } else {
                charArray = null;
            }
            keyStore.load(openStream, charArray);
            openStream.close();
            return keyStore;
        } catch (Exception e) {
            throw new IllegalArgumentException("Cannot initialize keyStore " + url, e);
        }
    }

    public static KeyManager[] createKeyManagers(KeyStore keyStore, String str) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        if (keyStore == null) {
            throw new IllegalArgumentException("Keystore may not be null");
        }
        log.debug("Initializing KeyManagerFactory with algorithm " + KeyManagerFactory.getDefaultAlgorithm());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, str != null ? str.toCharArray() : null);
        return keyManagerFactory.getKeyManagers();
    }

    public static TrustManager[] createTrustManagers(KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException {
        if (keyStore == null) {
            throw new IllegalArgumentException("Keystore may not be null");
        }
        log.debug("Initializing TrustManagerFactory with algorithm " + TrustManagerFactory.getDefaultAlgorithm());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        for (int i = 0; i < trustManagers.length; i++) {
            if (trustManagers[i] instanceof X509TrustManager) {
                log.debug("Adding X509TrustManager " + trustManagers[i]);
                trustManagers[i] = new X509TrustManagerWrapper((X509TrustManager) trustManagers[i]);
            }
        }
        return trustManagers;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void logCertInfo(X509Certificate x509Certificate) {
        log.trace("  Subject DN: " + x509Certificate.getSubjectDN());
        log.trace("  Signature Algorithm: " + x509Certificate.getSigAlgName());
        log.trace("  Valid from: " + x509Certificate.getNotBefore());
        log.trace("  Valid until: " + x509Certificate.getNotAfter());
        log.trace("  Issuer: " + x509Certificate.getIssuerDN());
    }

    public static void logKeyStoreContent(KeyStore keyStore, boolean z) throws KeyStoreException {
        if (!z) {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (log.isTraceEnabled()) {
                    log.debug("Trusted certificate '" + nextElement + "':");
                    Certificate certificate = keyStore.getCertificate(nextElement);
                    if (certificate instanceof X509Certificate) {
                        logCertInfo((X509Certificate) certificate);
                    }
                } else if (log.isDebugEnabled()) {
                    log.debug("Trusted certificate '" + nextElement + "' Subject DN: " + ((X509Certificate) keyStore.getCertificate(nextElement)).getSubjectDN());
                }
            }
            return;
        }
        Enumeration<String> aliases2 = keyStore.aliases();
        while (aliases2.hasMoreElements()) {
            String nextElement2 = aliases2.nextElement();
            Certificate[] certificateChain = keyStore.getCertificateChain(nextElement2);
            if (certificateChain != null) {
                if (log.isTraceEnabled()) {
                    log.debug("Certificate chain '" + nextElement2 + "':");
                    for (int i = 0; i < certificateChain.length; i++) {
                        if (certificateChain[i] instanceof X509Certificate) {
                            X509Certificate x509Certificate = (X509Certificate) certificateChain[i];
                            log.trace(" Certificate " + (i + 1) + ":");
                            logCertInfo(x509Certificate);
                        }
                    }
                } else if (log.isDebugEnabled()) {
                    log.debug("Certificate chain '" + nextElement2 + "' Subject DN: " + ((X509Certificate) certificateChain[0]).getSubjectDN());
                }
            }
        }
    }
}
