package org.frameworkset.spi.remote.http.ssl;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.ssl.SSLContexts;
import org.frameworkset.spi.remote.http.HttpRuntimeException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/frameworkset/spi/remote/http/ssl/SSLHelper.class */
public class SSLHelper {
    private static final Logger log = LoggerFactory.getLogger(SSLHelper.class);
    private static final String DEFAULT_STORE_TYPE = "JKS";
    static final String PROTOCOL = "TLS";

    static TrustManagerFactory buildTrustManagerFactory(X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
        KeyStore keyStore = KeyStore.getInstance(DEFAULT_STORE_TYPE);
        keyStore.load(null, null);
        int i = 1;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            keyStore.setCertificateEntry(Integer.toString(i), x509Certificate);
            i++;
        }
        if (trustManagerFactory == null) {
            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        }
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    static KeyManagerFactory buildKeyManagerFactory(X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        String property = Security.getProperty("ssl.KeyManagerFactory.algorithm");
        if (property == null) {
            property = "SunX509";
        }
        return buildKeyManagerFactory(x509CertificateArr, property, privateKey, str, keyManagerFactory);
    }

    static KeyStore buildKeyStore(X509Certificate[] x509CertificateArr, PrivateKey privateKey, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance(DEFAULT_STORE_TYPE);
        keyStore.load(null, null);
        keyStore.setKeyEntry("key", privateKey, cArr, x509CertificateArr);
        return keyStore;
    }

    static KeyManagerFactory buildKeyManagerFactory(X509Certificate[] x509CertificateArr, String str, PrivateKey privateKey, String str2, KeyManagerFactory keyManagerFactory) throws KeyStoreException, NoSuchAlgorithmException, IOException, CertificateException, UnrecoverableKeyException {
        char[] charArray = str2 == null ? EmptyArrays.EMPTY_CHARS : str2.toCharArray();
        KeyStore buildKeyStore = buildKeyStore(x509CertificateArr, privateKey, charArray);
        if (keyManagerFactory == null) {
            keyManagerFactory = KeyManagerFactory.getInstance(str);
        }
        keyManagerFactory.init(buildKeyStore, charArray);
        return keyManagerFactory;
    }

    public static SSLContext newSSLContext(String str, Provider provider, X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str2, KeyManagerFactory keyManagerFactory, long j, long j2) throws SSLException {
        if (privateKey == null && keyManagerFactory == null) {
            throw new NullPointerException("key, keyManagerFactory");
        }
        if (x509CertificateArr != null) {
            try {
                trustManagerFactory = buildTrustManagerFactory(x509CertificateArr, trustManagerFactory);
            } catch (Exception e) {
                if (e instanceof SSLException) {
                    throw ((SSLException) e);
                }
                throw new SSLException("failed to initialize the server-side SSL context", e);
            }
        }
        if (privateKey != null) {
            keyManagerFactory = buildKeyManagerFactory(x509CertificateArr2, privateKey, str2, keyManagerFactory);
        }
        SSLContext sSLContext = provider == null ? SSLContext.getInstance(str) : SSLContext.getInstance(str, provider);
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(), null);
        SSLSessionContext serverSessionContext = sSLContext.getServerSessionContext();
        if (j > 0) {
            serverSessionContext.setSessionCacheSize((int) Math.min(j, 2147483647L));
        }
        if (j2 > 0) {
            serverSessionContext.setSessionTimeout((int) Math.min(j2, 2147483647L));
        }
        return sSLContext;
    }

    public static SSLContext initSSLConfig(String str, String str2) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
        return SSLContexts.custom().loadTrustMaterial(new File(str), str2.toCharArray(), new TrustSelfSignedStrategy()).build();
    }

    public static SSLContext initSSLConfig(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9) {
        if (str2 == null) {
            throw new HttpRuntimeException("Error while initializing HTTP SSL layer: keystoreFilePath is null.");
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(str3);
            try {
                keyStore.load(new FileInputStream(new File(str2)), (str4 == null || str4.length() == 0) ? null : str4.toCharArray());
                X509Certificate[] exportServerCertChain = SSLCertificateHelper.exportServerCertChain(keyStore, str5);
                PrivateKey exportDecryptedKey = SSLCertificateHelper.exportDecryptedKey(keyStore, str5, (str4 == null || str4.length() == 0) ? null : str4.toCharArray());
                if (exportDecryptedKey == null) {
                    throw new HttpRuntimeException("No key found in " + str2 + " with alias " + str5);
                }
                if (exportServerCertChain == null || exportServerCertChain.length <= 0) {
                    throw new HttpRuntimeException("No certificates found in " + str2 + " with alias " + str5);
                }
                X509Certificate[] x509CertificateArr = null;
                if (str6 != null) {
                    KeyStore keyStore2 = KeyStore.getInstance(str7);
                    try {
                        keyStore2.load(new FileInputStream(new File(str6)), (str8 == null || str8.length() == 0) ? null : str8.toCharArray());
                        x509CertificateArr = SSLCertificateHelper.exportRootCertificates(keyStore2, str9);
                    } catch (Exception e) {
                        throw new HttpRuntimeException(e);
                    }
                }
                return newSSLContext(str, null, x509CertificateArr, (TrustManagerFactory) null, exportServerCertChain, exportDecryptedKey, str4, (KeyManagerFactory) null, 0L, 0L);
            } catch (Exception e2) {
                throw new HttpRuntimeException(e2);
            }
        } catch (Exception e3) {
            throw new HttpRuntimeException("Error while initializing HTTP SSL layer: " + e3.toString(), e3);
        }
    }

    public static SSLContext initSSLConfig(String str, String str2, String str3, String str4, String str5) {
        if (str2 == null) {
            throw new HttpRuntimeException("Error while initializing HTTP SSL layer: keystoreFilePath is null.");
        }
        try {
            X509Certificate[] x509Certificates = SSLCertificateHelper.toX509Certificates(new File(str4));
            PrivateKey privateKey = SSLCertificateHelper.toPrivateKey(new File(str2), str3);
            if (privateKey == null) {
                throw new HttpRuntimeException("No key found in pemKey " + str2 + " with pemKeyPassword " + str3);
            }
            if (x509Certificates == null || x509Certificates.length <= 0) {
                throw new HttpRuntimeException("No certificates found in pemCert " + str4);
            }
            X509Certificate[] x509CertificateArr = null;
            if (str5 != null) {
                x509CertificateArr = SSLCertificateHelper.toX509Certificates(new File(str5));
            }
            return newSSLContext(str, null, x509CertificateArr, (TrustManagerFactory) null, x509Certificates, privateKey, str3, (KeyManagerFactory) null, 0L, 0L);
        } catch (Exception e) {
            throw new HttpRuntimeException("Error while initializing HTTP SSL layer: " + e.toString(), e);
        }
    }
}
