package com.yahoo.athenz.common.utils;

import com.yahoo.athenz.auth.PrivateKeyStore;
import com.yahoo.athenz.auth.PrivateKeyStoreFactory;
import java.io.FileInputStream;
import java.net.Socket;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yahoo/athenz/common/utils/SSLUtils.class */
public class SSLUtils {
    private static final Logger LOGGER = LoggerFactory.getLogger(SSLUtils.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/yahoo/athenz/common/utils/SSLUtils$ClientAliasedX509ExtendedKeyManager.class */
    public static class ClientAliasedX509ExtendedKeyManager extends X509ExtendedKeyManager {
        private final String alias;
        private final X509ExtendedKeyManager delegate;

        public ClientAliasedX509ExtendedKeyManager(X509ExtendedKeyManager x509ExtendedKeyManager, String str) {
            this.alias = str;
            this.delegate = x509ExtendedKeyManager;
        }

        public X509ExtendedKeyManager getDelegate() {
            return this.delegate;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return this.alias == null ? this.delegate.chooseClientAlias(strArr, principalArr, socket) : getClientAlias(strArr, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return this.delegate.getClientAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.delegate.getCertificateChain(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.delegate.getPrivateKey(str);
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
            return this.alias == null ? this.delegate.chooseEngineClientAlias(strArr, principalArr, sSLEngine) : getClientAlias(strArr, principalArr);
        }

        String getClientAlias(String[] strArr, Principal[] principalArr) {
            for (String str : strArr) {
                String[] clientAliases = this.delegate.getClientAliases(str, principalArr);
                if (clientAliases != null) {
                    for (String str2 : clientAliases) {
                        if (this.alias.equals(str2)) {
                            return this.alias;
                        }
                    }
                }
            }
            return null;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            throw new UnsupportedOperationException();
        }
    }

    /* loaded from: input_file:com/yahoo/athenz/common/utils/SSLUtils$ClientSSLContextBuilder.class */
    public static class ClientSSLContextBuilder {
        private String sslProtocol;
        private PrivateKeyStore privateKeyStore;
        private char[] keyStorePassword;
        private char[] keyManagerPassword;
        private String keyStorePath;
        private String trustStorePath;
        private char[] trustStorePassword;
        private String keyStorePasswordAppName;
        private String keyManagerPasswordAppName;
        private String trustStorePasswordAppName;
        private String certAlias;
        private String keyStoreType = "pkcs12";
        private String trustStoreType = "pkcs12";

        public ClientSSLContextBuilder(String str) {
            this.sslProtocol = str;
        }

        public ClientSSLContextBuilder keyStorePassword(char[] cArr) {
            this.keyStorePassword = cArr;
            return this;
        }

        public ClientSSLContextBuilder keyManagerPassword(char[] cArr) {
            this.keyManagerPassword = cArr;
            return this;
        }

        public ClientSSLContextBuilder keyStorePath(String str) {
            this.keyStorePath = str;
            return this;
        }

        public ClientSSLContextBuilder keyStoreType(String str) {
            this.keyStoreType = str;
            return this;
        }

        public ClientSSLContextBuilder trustStorePath(String str) {
            this.trustStorePath = str;
            return this;
        }

        public ClientSSLContextBuilder trustStorePassword(char[] cArr) {
            this.trustStorePassword = cArr;
            return this;
        }

        public ClientSSLContextBuilder trustStoreType(String str) {
            this.trustStoreType = str;
            return this;
        }

        public ClientSSLContextBuilder keyStorePasswordAppName(String str) {
            this.keyStorePasswordAppName = str;
            return this;
        }

        public ClientSSLContextBuilder keyManagerPasswordAppName(String str) {
            this.keyManagerPasswordAppName = str;
            return this;
        }

        public ClientSSLContextBuilder trustStorePasswordAppName(String str) {
            this.trustStorePasswordAppName = str;
            return this;
        }

        public ClientSSLContextBuilder privateKeyStore(PrivateKeyStore privateKeyStore) {
            this.privateKeyStore = privateKeyStore;
            return this;
        }

        public ClientSSLContextBuilder certAlias(String str) {
            this.certAlias = str;
            return this;
        }

        public SSLContext build() {
            KeyManager[] keyManagerArr = null;
            TrustManager[] trustManagerArr = null;
            if (this.keyStorePath == null && this.trustStorePath == null) {
                return null;
            }
            try {
                if (this.keyStorePath != null) {
                    SSLUtils.LOGGER.info("createSSLContextObject: using SSL KeyStore path: {}", this.keyStorePath);
                    KeyStore loadStore = loadStore(this.keyStorePath, this.keyStoreType, getPassword(this.keyStorePassword, this.privateKeyStore, this.keyStorePasswordAppName));
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    if (this.keyManagerPassword == null) {
                        throw new IllegalArgumentException("Missing key manager password for the key store: " + this.keyStorePath);
                    }
                    this.keyManagerPassword = getPassword(this.keyManagerPassword, this.privateKeyStore, this.keyManagerPasswordAppName);
                    keyManagerFactory.init(loadStore, this.keyStorePassword);
                    keyManagerArr = getAliasedKeyManagers(keyManagerFactory.getKeyManagers(), this.certAlias);
                }
                if (this.trustStorePath != null) {
                    SSLUtils.LOGGER.info("createSSLContextObject: using SSL TrustStore path: {}", this.trustStorePath);
                    KeyStore loadStore2 = loadStore(this.trustStorePath, this.trustStoreType, getPassword(this.trustStorePassword, this.privateKeyStore, this.trustStorePasswordAppName));
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(loadStore2);
                    trustManagerArr = trustManagerFactory.getTrustManagers();
                }
                SSLContext sSLContext = SSLContext.getInstance(this.sslProtocol);
                sSLContext.init(keyManagerArr, trustManagerArr, null);
                return sSLContext;
            } catch (Throwable th) {
                throw new RuntimeException(th);
            }
        }

        private static char[] getPassword(char[] cArr, PrivateKeyStore privateKeyStore, String str) {
            if (cArr != null && null != privateKeyStore) {
                cArr = privateKeyStore.getApplicationSecret(str, String.valueOf(cArr)).toCharArray();
            }
            return cArr;
        }

        private static KeyStore loadStore(String str, String str2, char[] cArr) throws Exception {
            KeyStore keyStore = null;
            if (!str.isEmpty()) {
                keyStore = KeyStore.getInstance(str2);
                FileInputStream fileInputStream = new FileInputStream(str);
                Throwable th = null;
                try {
                    keyStore.load(fileInputStream, cArr);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } catch (Throwable th3) {
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    throw th3;
                }
            }
            return keyStore;
        }

        private static KeyManager[] getAliasedKeyManagers(KeyManager[] keyManagerArr, String str) {
            if (keyManagerArr != null && str != null) {
                for (int i = 0; i < keyManagerArr.length; i++) {
                    if (keyManagerArr[i] instanceof X509ExtendedKeyManager) {
                        keyManagerArr[i] = new ClientAliasedX509ExtendedKeyManager((X509ExtendedKeyManager) keyManagerArr[i], str);
                    }
                }
            }
            return keyManagerArr;
        }
    }

    public static PrivateKeyStore loadServicePrivateKey(String str) {
        try {
            return ((PrivateKeyStoreFactory) Class.forName(str).newInstance()).create();
        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
            LOGGER.error("Invalid PrivateKeyStoreFactory class: {} error: {}", str, e.getMessage());
            throw new IllegalArgumentException("Invalid private key store");
        }
    }
}
