package com.goyeau.kubernetes.client.util;

import com.goyeau.kubernetes.client.KubeConfig;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Base64;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import scala.$less$colon$less$;
import scala.Array$;
import scala.MatchError;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Tuple2;
import scala.collection.IterableOnceOps;
import scala.collection.IterableOps;
import scala.collection.StringOps$;
import scala.jdk.CollectionConverters$;
import scala.reflect.ClassTag$;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;

/* compiled from: SslContexts.scala */
/* loaded from: input_file:com/goyeau/kubernetes/client/util/SslContexts$.class */
public final class SslContexts$ {
    private static KeyStore defaultKeyStore;
    private static KeyStore defaultTrustStore;
    private static volatile byte bitmap$0;
    public static final SslContexts$ MODULE$ = new SslContexts$();
    private static final String TrustStoreSystemProperty = "javax.net.ssl.trustStore";
    private static String TrustStorePasswordSystemProperty = "javax.net.ssl.trustStorePassword";
    private static final String KeyStoreSystemProperty = "javax.net.ssl.keyStore";
    private static String KeyStorePasswordSystemProperty = "javax.net.ssl.keyStorePassword";

    private String TrustStoreSystemProperty() {
        return TrustStoreSystemProperty;
    }

    private String TrustStorePasswordSystemProperty() {
        return TrustStorePasswordSystemProperty;
    }

    private String KeyStoreSystemProperty() {
        return KeyStoreSystemProperty;
    }

    private String KeyStorePasswordSystemProperty() {
        return KeyStorePasswordSystemProperty;
    }

    public <F> SSLContext fromConfig(KubeConfig<F> kubeConfig) {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagers(kubeConfig), trustManagers(kubeConfig), new SecureRandom());
        return sSLContext;
    }

    private <F> KeyManager[] keyManagers(KubeConfig<F> kubeConfig) {
        Option map = kubeConfig.clientCertData().map(str -> {
            return new ByteArrayInputStream(Base64.getDecoder().decode(str));
        });
        Option map2 = kubeConfig.clientCertFile().map(path -> {
            return path.toNioPath().toFile();
        }).map(file -> {
            return new FileInputStream(file);
        });
        Option map3 = kubeConfig.clientKeyData().map(str2 -> {
            return new ByteArrayInputStream(Base64.getDecoder().decode(str2));
        });
        Option map4 = kubeConfig.clientKeyFile().map(path2 -> {
            return path2.toNioPath().toFile();
        }).map(file2 -> {
            return new FileInputStream(file2);
        });
        map3.orElse(() -> {
            return map4;
        }).flatMap(inputStream -> {
            return map.orElse(() -> {
                return map2;
            }).map(inputStream -> {
                $anonfun$keyManagers$10(inputStream, kubeConfig, inputStream);
                return BoxedUnit.UNIT;
            });
        });
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(defaultKeyStore(), (char[]) Array$.MODULE$.empty(ClassTag$.MODULE$.Char()));
        return keyManagerFactory.getKeyManagers();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v18, types: [byte] */
    private KeyStore defaultKeyStore$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (bitmap$0 & 1)) == 0) {
                Option map = Option$.MODULE$.apply(System.getProperty(KeyStoreSystemProperty(), "")).filter(str -> {
                    return BoxesRunTime.boxToBoolean($anonfun$defaultKeyStore$1(str));
                }).map(str2 -> {
                    return new File(str2);
                });
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load((InputStream) map.map(file -> {
                    return new FileInputStream(file);
                }).orNull($less$colon$less$.MODULE$.refl()), System.getProperty(KeyStorePasswordSystemProperty(), "").toCharArray());
                defaultKeyStore = keyStore;
                r0 = (byte) (bitmap$0 | 1);
                bitmap$0 = r0;
            }
        }
        KeyStorePasswordSystemProperty = null;
        return defaultKeyStore;
    }

    private KeyStore defaultKeyStore() {
        return ((byte) (bitmap$0 & 1)) == 0 ? defaultKeyStore$lzycompute() : defaultKeyStore;
    }

    private <F> TrustManager[] trustManagers(KubeConfig<F> kubeConfig) {
        Option map = kubeConfig.caCertData().map(str -> {
            return new ByteArrayInputStream(Base64.getDecoder().decode(str));
        });
        Option map2 = kubeConfig.caCertFile().map(path -> {
            return path.toNioPath().toFile();
        }).map(file -> {
            return new FileInputStream(file);
        });
        map.orElse(() -> {
            return map2;
        }).foreach(inputStream -> {
            $anonfun$trustManagers$5(inputStream);
            return BoxedUnit.UNIT;
        });
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(defaultTrustStore());
        return trustManagerFactory.getTrustManagers();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v25, types: [byte] */
    private KeyStore defaultTrustStore$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (bitmap$0 & 2)) == 0) {
                String str = System.getProperty("java.home") + "/lib/security";
                Option map = Option$.MODULE$.apply(System.getProperty(TrustStoreSystemProperty(), "")).filter(str2 -> {
                    return BoxesRunTime.boxToBoolean($anonfun$defaultTrustStore$1(str2));
                }).map(str3 -> {
                    return new File(str3);
                });
                Option filter = Option$.MODULE$.apply(new File(str + "/jssecacerts")).filter(file -> {
                    return BoxesRunTime.boxToBoolean($anonfun$defaultTrustStore$3(file));
                });
                File file2 = new File(str + "/cacerts");
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(new FileInputStream((File) map.orElse(() -> {
                    return filter;
                }).getOrElse(() -> {
                    return file2;
                })), System.getProperty(TrustStorePasswordSystemProperty(), "changeit").toCharArray());
                defaultTrustStore = keyStore;
                r0 = (byte) (bitmap$0 | 2);
                bitmap$0 = r0;
            }
        }
        TrustStorePasswordSystemProperty = null;
        return defaultTrustStore;
    }

    private KeyStore defaultTrustStore() {
        return ((byte) (bitmap$0 & 2)) == 0 ? defaultTrustStore$lzycompute() : defaultTrustStore;
    }

    public static final /* synthetic */ void $anonfun$keyManagers$10(InputStream inputStream, KubeConfig kubeConfig, InputStream inputStream2) {
        Security.addProvider(new BouncyCastleProvider());
        PrivateKey privateKey = new JcaPEMKeyConverter().setProvider("BC").getPrivateKey(((PEMKeyPair) new PEMParser(new InputStreamReader(inputStream)).readObject()).getPrivateKeyInfo());
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(inputStream2);
        MODULE$.defaultKeyStore().setKeyEntry(x509Certificate.getSubjectX500Principal().getName(), privateKey, (char[]) kubeConfig.clientKeyPass().fold(() -> {
            return (char[]) Array$.MODULE$.empty(ClassTag$.MODULE$.Char());
        }, str -> {
            return str.toCharArray();
        }), new Certificate[]{x509Certificate});
    }

    public static final /* synthetic */ boolean $anonfun$defaultKeyStore$1(String str) {
        return StringOps$.MODULE$.nonEmpty$extension(Predef$.MODULE$.augmentString(str));
    }

    public static final /* synthetic */ void $anonfun$trustManagers$7(Tuple2 tuple2) {
        if (tuple2 == null) {
            throw new MatchError(tuple2);
        }
        X509Certificate x509Certificate = (X509Certificate) tuple2._1();
        MODULE$.defaultTrustStore().setCertificateEntry(x509Certificate.getSubjectX500Principal().getName() + "-" + tuple2._2$mcI$sp(), x509Certificate);
        BoxedUnit boxedUnit = BoxedUnit.UNIT;
    }

    public static final /* synthetic */ void $anonfun$trustManagers$5(InputStream inputStream) {
        ((IterableOnceOps) ((IterableOps) CollectionConverters$.MODULE$.CollectionHasAsScala(CertificateFactory.getInstance("X509").generateCertificates(inputStream)).asScala().map(certificate -> {
            return (X509Certificate) certificate;
        })).zipWithIndex()).foreach(tuple2 -> {
            $anonfun$trustManagers$7(tuple2);
            return BoxedUnit.UNIT;
        });
    }

    public static final /* synthetic */ boolean $anonfun$defaultTrustStore$1(String str) {
        return StringOps$.MODULE$.nonEmpty$extension(Predef$.MODULE$.augmentString(str));
    }

    public static final /* synthetic */ boolean $anonfun$defaultTrustStore$3(File file) {
        return file.exists() && file.isFile();
    }

    private SslContexts$() {
    }
}
