package com.goyeau.kubernetes.client.util;

import com.goyeau.kubernetes.client.KubeConfig;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Base64;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import scala.Array$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.UninitializedFieldError;
import scala.collection.immutable.StringOps;
import scala.reflect.ClassTag$;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;

/* compiled from: SslContexts.scala */
/* loaded from: input_file:com/goyeau/kubernetes/client/util/SslContexts$.class */
public final class SslContexts$ {
    public static SslContexts$ MODULE$;
    private KeyStore defaultKeyStore;
    private KeyStore defaultTrustStore;
    private final String TrustStoreSystemProperty;
    private String TrustStorePasswordSystemProperty;
    private final String KeyStoreSystemProperty;
    private String KeyStorePasswordSystemProperty;
    private volatile byte bitmap$init$0;
    private volatile byte bitmap$0;

    static {
        new SslContexts$();
    }

    private String TrustStoreSystemProperty() {
        if (((byte) (this.bitmap$init$0 & 1)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: /home/runner/work/kubernetes-client/kubernetes-client/kubernetes-client/src/com/goyeau/kubernetes/client/util/SslContexts.scala: 14");
        }
        String str = this.TrustStoreSystemProperty;
        return this.TrustStoreSystemProperty;
    }

    private String TrustStorePasswordSystemProperty() {
        if (((byte) (this.bitmap$init$0 & 2)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: /home/runner/work/kubernetes-client/kubernetes-client/kubernetes-client/src/com/goyeau/kubernetes/client/util/SslContexts.scala: 15");
        }
        String str = this.TrustStorePasswordSystemProperty;
        return this.TrustStorePasswordSystemProperty;
    }

    private String KeyStoreSystemProperty() {
        if (((byte) (this.bitmap$init$0 & 4)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: /home/runner/work/kubernetes-client/kubernetes-client/kubernetes-client/src/com/goyeau/kubernetes/client/util/SslContexts.scala: 16");
        }
        String str = this.KeyStoreSystemProperty;
        return this.KeyStoreSystemProperty;
    }

    private String KeyStorePasswordSystemProperty() {
        if (((byte) (this.bitmap$init$0 & 8)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: /home/runner/work/kubernetes-client/kubernetes-client/kubernetes-client/src/com/goyeau/kubernetes/client/util/SslContexts.scala: 17");
        }
        String str = this.KeyStorePasswordSystemProperty;
        return this.KeyStorePasswordSystemProperty;
    }

    public SSLContext fromConfig(KubeConfig kubeConfig) {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagers(kubeConfig), trustManagers(kubeConfig), new SecureRandom());
        return sSLContext;
    }

    private KeyManager[] keyManagers(KubeConfig kubeConfig) {
        Option map = kubeConfig.clientCertData().map(str -> {
            return new ByteArrayInputStream(Base64.getDecoder().decode(str));
        });
        Option map2 = kubeConfig.clientCertFile().map(file -> {
            return new FileInputStream(file);
        });
        Option map3 = kubeConfig.clientKeyData().map(str2 -> {
            return new ByteArrayInputStream(Base64.getDecoder().decode(str2));
        });
        Option map4 = kubeConfig.clientKeyFile().map(file2 -> {
            return new FileInputStream(file2);
        });
        map3.orElse(() -> {
            return map4;
        }).flatMap(inputStream -> {
            return map.orElse(() -> {
                return map2;
            }).map(inputStream -> {
                $anonfun$keyManagers$8(inputStream, kubeConfig, inputStream);
                return BoxedUnit.UNIT;
            });
        });
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(defaultKeyStore(), (char[]) Array$.MODULE$.empty(ClassTag$.MODULE$.Char()));
        return keyManagerFactory.getKeyManagers();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v11, types: [com.goyeau.kubernetes.client.util.SslContexts$] */
    private KeyStore defaultKeyStore$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 1)) == 0) {
                Option map = Option$.MODULE$.apply(System.getProperty(KeyStoreSystemProperty(), "")).filter(str -> {
                    return BoxesRunTime.boxToBoolean($anonfun$defaultKeyStore$1(str));
                }).map(str2 -> {
                    return new File(str2);
                });
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load((InputStream) map.map(file -> {
                    return new FileInputStream(file);
                }).orNull(Predef$.MODULE$.$conforms()), System.getProperty(KeyStorePasswordSystemProperty(), "").toCharArray());
                this.defaultKeyStore = keyStore;
                r0 = this;
                r0.bitmap$0 = (byte) (this.bitmap$0 | 1);
            }
        }
        this.KeyStorePasswordSystemProperty = null;
        return this.defaultKeyStore;
    }

    private KeyStore defaultKeyStore() {
        return ((byte) (this.bitmap$0 & 1)) == 0 ? defaultKeyStore$lzycompute() : this.defaultKeyStore;
    }

    private TrustManager[] trustManagers(KubeConfig kubeConfig) {
        Option map = kubeConfig.caCertData().map(str -> {
            return new ByteArrayInputStream(Base64.getDecoder().decode(str));
        });
        Option map2 = kubeConfig.caCertFile().map(file -> {
            return new FileInputStream(file);
        });
        map.orElse(() -> {
            return map2;
        }).foreach(inputStream -> {
            $anonfun$trustManagers$4(inputStream);
            return BoxedUnit.UNIT;
        });
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(defaultTrustStore());
        return trustManagerFactory.getTrustManagers();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v11, types: [com.goyeau.kubernetes.client.util.SslContexts$] */
    private KeyStore defaultTrustStore$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 2)) == 0) {
                String sb = new StringBuilder(13).append(System.getProperty("java.home")).append("/lib/security").toString();
                Option map = Option$.MODULE$.apply(System.getProperty(TrustStoreSystemProperty(), "")).filter(str -> {
                    return BoxesRunTime.boxToBoolean($anonfun$defaultTrustStore$1(str));
                }).map(str2 -> {
                    return new File(str2);
                });
                Option filter = Option$.MODULE$.apply(new File(new StringBuilder(12).append(sb).append("/jssecacerts").toString())).filter(file -> {
                    return BoxesRunTime.boxToBoolean($anonfun$defaultTrustStore$3(file));
                });
                File file2 = new File(new StringBuilder(8).append(sb).append("/cacerts").toString());
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(new FileInputStream((File) map.orElse(() -> {
                    return filter;
                }).getOrElse(() -> {
                    return file2;
                })), System.getProperty(TrustStorePasswordSystemProperty(), "changeit").toCharArray());
                this.defaultTrustStore = keyStore;
                r0 = this;
                r0.bitmap$0 = (byte) (this.bitmap$0 | 2);
            }
        }
        this.TrustStorePasswordSystemProperty = null;
        return this.defaultTrustStore;
    }

    private KeyStore defaultTrustStore() {
        return ((byte) (this.bitmap$0 & 2)) == 0 ? defaultTrustStore$lzycompute() : this.defaultTrustStore;
    }

    public static final /* synthetic */ void $anonfun$keyManagers$8(InputStream inputStream, KubeConfig kubeConfig, InputStream inputStream2) {
        Security.addProvider(new BouncyCastleProvider());
        PrivateKey privateKey = new JcaPEMKeyConverter().setProvider("BC").getPrivateKey(((PEMKeyPair) new PEMParser(new InputStreamReader(inputStream)).readObject()).getPrivateKeyInfo());
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(inputStream2);
        MODULE$.defaultKeyStore().setKeyEntry(x509Certificate.getSubjectX500Principal().getName(), privateKey, (char[]) kubeConfig.clientKeyPass().fold(() -> {
            return (char[]) Array$.MODULE$.empty(ClassTag$.MODULE$.Char());
        }, str -> {
            return str.toCharArray();
        }), new Certificate[]{x509Certificate});
    }

    public static final /* synthetic */ boolean $anonfun$defaultKeyStore$1(String str) {
        return new StringOps(Predef$.MODULE$.augmentString(str)).nonEmpty();
    }

    public static final /* synthetic */ void $anonfun$trustManagers$4(InputStream inputStream) {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(inputStream);
        MODULE$.defaultTrustStore().setCertificateEntry(x509Certificate.getSubjectX500Principal().getName(), x509Certificate);
    }

    public static final /* synthetic */ boolean $anonfun$defaultTrustStore$1(String str) {
        return new StringOps(Predef$.MODULE$.augmentString(str)).nonEmpty();
    }

    public static final /* synthetic */ boolean $anonfun$defaultTrustStore$3(File file) {
        return file.exists() && file.isFile();
    }

    private SslContexts$() {
        MODULE$ = this;
        this.TrustStoreSystemProperty = "javax.net.ssl.trustStore";
        this.bitmap$init$0 = (byte) (this.bitmap$init$0 | 1);
        this.TrustStorePasswordSystemProperty = "javax.net.ssl.trustStorePassword";
        this.bitmap$init$0 = (byte) (this.bitmap$init$0 | 2);
        this.KeyStoreSystemProperty = "javax.net.ssl.keyStore";
        this.bitmap$init$0 = (byte) (this.bitmap$init$0 | 4);
        this.KeyStorePasswordSystemProperty = "javax.net.ssl.keyStorePassword";
        this.bitmap$init$0 = (byte) (this.bitmap$init$0 | 8);
    }
}
