package org.newsclub.net.unix.ssl;

import com.kohlschutter.annotations.compiletime.SuppressFBWarnings;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Objects;
import java.util.function.Consumer;
import java.util.function.Function;
import javax.net.SocketFactory;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Destroyable;
import org.newsclub.net.unix.AFSocket;
import org.newsclub.net.unix.KnownJavaBugIOException;

/* loaded from: input_file:org/newsclub/net/unix/ssl/SSLContextBuilder.class */
public final class SSLContextBuilder {
    private static final Provider PROVIDER_PKCS12;
    private static final Provider PROVIDER_JSSE;
    private static final String DEFAULT_PROVIDER;
    private final boolean clientMode;
    private URL keyStoreUrl;
    private SSLSupplier<char[]> keyStorePassword;
    private URL trustManagerUrl;
    private SSLSupplier<char[]> trustManagerPassword;
    private String protocol = "TLS";
    private SecureRandom secureRandom = null;
    private Function<SSLParameters, SSLParameters> parametersFunction = null;
    private SSLSupplier<KeyStore> keyStoreSupplier = SSLContextBuilder::newKeyStorePKCS12;
    private SSLFunction<KeyManagerFactory, KeyManager[]> keyManager = null;
    private SSLFunction<TrustManagerFactory, TrustManager[]> trustManager = null;
    private Object provider = DEFAULT_PROVIDER;
    private SocketFactory socketFactory = SocketFactory.getDefault();

    private SSLContextBuilder(boolean z) {
        this.clientMode = z;
    }

    public static SSLContextBuilder forServer() {
        return new SSLContextBuilder(false);
    }

    public static SSLContextBuilder forClient() {
        return new SSLContextBuilder(true);
    }

    public SSLContextBuilder withSocketFactory(SocketFactory socketFactory) {
        this.socketFactory = socketFactory == null ? SocketFactory.getDefault() : socketFactory;
        return this;
    }

    public SSLContextBuilder withProtocol(String str) {
        this.protocol = str;
        return this;
    }

    public SSLContextBuilder withProvider(Provider provider) {
        this.provider = provider;
        return this;
    }

    public SSLContextBuilder withProvider(String str) {
        this.provider = str.isEmpty() ? null : str;
        return this;
    }

    public SSLContextBuilder withKeyManagers(SSLFunction<KeyManagerFactory, KeyManager[]> sSLFunction) {
        if (this.keyStoreUrl != null) {
            throw new IllegalStateException("withKeyStore was already called");
        }
        this.keyManager = sSLFunction;
        return this;
    }

    public SSLContextBuilder withTrustManagers(SSLFunction<TrustManagerFactory, TrustManager[]> sSLFunction) {
        if (this.trustManagerUrl != null) {
            throw new IllegalStateException("withTrustStore was already called");
        }
        this.trustManager = sSLFunction;
        return this;
    }

    @SuppressFBWarnings({"EI_EXPOSE_REP2"})
    public SSLContextBuilder withSecureRandom(SecureRandom secureRandom) {
        this.secureRandom = secureRandom;
        return this;
    }

    public SSLContextBuilder withKeyStoreSupplier(SSLSupplier<KeyStore> sSLSupplier) {
        this.keyStoreSupplier = sSLSupplier == null ? SSLContextBuilder::newKeyStorePKCS12 : sSLSupplier;
        return this;
    }

    public SSLContextBuilder withKeyStore(File file, SSLSupplier<char[]> sSLSupplier) throws FileNotFoundException, MalformedURLException {
        return withKeyStore(file.toURI().toURL(), sSLSupplier);
    }

    public SSLContextBuilder withKeyStore(URL url, SSLSupplier<char[]> sSLSupplier) throws FileNotFoundException {
        if (this.keyManager != null) {
            throw new IllegalStateException("withKeyManagers was already called");
        }
        this.keyStoreUrl = (URL) Objects.requireNonNull(url);
        this.keyStorePassword = sSLSupplier;
        this.keyManager = this::buildKeyManagers;
        return this;
    }

    public SSLContextBuilder withTrustStore(File file, SSLSupplier<char[]> sSLSupplier) throws FileNotFoundException, MalformedURLException {
        return withTrustStore(file.toURI().toURL(), sSLSupplier);
    }

    public SSLContextBuilder withTrustStore(URL url, SSLSupplier<char[]> sSLSupplier) throws FileNotFoundException {
        if (this.trustManager != null) {
            throw new IllegalStateException("withTrustManagers was already called");
        }
        this.trustManagerUrl = (URL) Objects.requireNonNull(url, "trustStore");
        this.trustManagerPassword = sSLSupplier;
        return this;
    }

    public SSLContextBuilder withDefaultSSLParameters(Function<SSLParameters, SSLParameters> function) {
        if (this.parametersFunction != null) {
            throw new IllegalStateException("Default parameters already set");
        }
        this.parametersFunction = function;
        return this;
    }

    public SSLContextBuilder withDefaultSSLParameters(Consumer<SSLParameters> consumer) {
        return withDefaultSSLParameters(sSLParameters -> {
            consumer.accept(sSLParameters);
            return sSLParameters;
        });
    }

    private KeyManagerFactory buildKeyManagerFactory() throws GeneralSecurityException {
        return KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    }

    private TrustManagerFactory buildTrustManagerFactory() throws GeneralSecurityException {
        return TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    }

    private KeyManager[] buildKeyManagers(KeyManagerFactory keyManagerFactory) throws GeneralSecurityException, IOException, UnrecoverableKeyException {
        if (this.keyStoreUrl == null) {
            return null;
        }
        KeyStore keyStore = this.keyStoreSupplier.get();
        char[] cArr = this.keyStorePassword == null ? null : this.keyStorePassword.get();
        try {
            try {
                InputStream openStream = this.keyStoreUrl.openStream();
                try {
                    keyStore.load(openStream, cArr);
                    keyManagerFactory.init(keyStore, cArr);
                    if (openStream != null) {
                        openStream.close();
                    }
                    return keyManagerFactory.getKeyManagers();
                } catch (Throwable th) {
                    if (openStream != null) {
                        try {
                            openStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (IOException e) {
                throw wrapIOExceptionIfJDKBug(e);
            }
        } finally {
            clear(cArr);
        }
    }

    public static IOException wrapIOExceptionIfJDKBug(IOException iOException) {
        String message = iOException.getMessage();
        return message == null ? iOException : message.contains("data isn't an object ID (tag = 48)") ? knownJDKBug(iOException, "JDK-8202837", "8u312", "11.0.3") : message.contains("HmacPBESHA256 not available") ? knownJDKBug(iOException, "JDK-8267701", "8u301", "11.0.12") : iOException;
    }

    private static KnownJavaBugIOException knownJDKBug(Exception exc, String str, String str2, String str3) {
        String property = System.getProperty("java.specification.version", "");
        return property.startsWith("1.") ? new KnownJavaBugIOException("Bug " + str + " detected -- please upgrade to Java " + str2 + " or newer", exc) : ("9".equals(property) || "10".equals(property) || "11".equals(property)) ? new KnownJavaBugIOException("Bug " + str + " detected -- please upgrade to Java " + str3 + " or newer", exc) : new KnownJavaBugIOException("Bug " + str + " detected -- please upgrade your Java release", exc);
    }

    private TrustManager[] buildTrustManagers(TrustManagerFactory trustManagerFactory) throws IOException, GeneralSecurityException {
        if (this.trustManagerUrl == null) {
            return null;
        }
        KeyStore keyStore = this.keyStoreSupplier.get();
        char[] cArr = this.trustManagerPassword == null ? null : this.trustManagerPassword.get();
        try {
            try {
                InputStream openStream = this.trustManagerUrl.openStream();
                try {
                    keyStore.load(openStream, cArr);
                    if (openStream != null) {
                        openStream.close();
                    }
                    trustManagerFactory.init(keyStore);
                    return trustManagerFactory.getTrustManagers();
                } catch (Throwable th) {
                    if (openStream != null) {
                        try {
                            openStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (IOException e) {
                throw wrapIOExceptionIfJDKBug(e);
            }
        } finally {
            clear(cArr);
        }
    }

    private static void clear(char[] cArr) {
        if (cArr == null) {
            return;
        }
        Arrays.fill(cArr, ' ');
    }

    @SuppressFBWarnings({"DCN_NULLPOINTER_EXCEPTION"})
    private static SSLContext tryInitContextFallback(NoSuchProviderException noSuchProviderException, String str, String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
        try {
            ArrayList arrayList = new ArrayList();
            for (String str3 : str2.split(",")) {
                String trim = str3.trim();
                if (!trim.isEmpty()) {
                    Class<?> cls = Class.forName(trim);
                    if (Provider.class.isAssignableFrom(cls)) {
                        Provider provider = (Provider) cls.getConstructor(new Class[0]).newInstance(new Object[0]);
                        arrayList.add(provider);
                        try {
                            Security.addProvider(provider);
                        } catch (NullPointerException | SecurityException e) {
                            noSuchProviderException.addSuppressed(e);
                        }
                    }
                }
            }
            if (arrayList.isEmpty()) {
                throw noSuchProviderException;
            }
            return SSLContext.getInstance(str, ((Provider) Objects.requireNonNull((Provider) arrayList.get(0))).getName());
        } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | NullPointerException | SecurityException | InvocationTargetException e2) {
            noSuchProviderException.addSuppressed(e2);
            throw noSuchProviderException;
        }
    }

    public SSLContext build() throws GeneralSecurityException, IOException {
        SSLContext sSLContext;
        if (this.provider == null) {
            sSLContext = SSLContext.getInstance(this.protocol);
        } else if (this.provider instanceof String) {
            String str = (String) this.provider;
            try {
                sSLContext = SSLContext.getInstance(this.protocol, str);
            } catch (NoSuchProviderException e) {
                sSLContext = tryInitContextFallback(e, this.protocol, str);
            }
        } else {
            sSLContext = SSLContext.getInstance(this.protocol, (Provider) this.provider);
        }
        SSLFunction<KeyManagerFactory, KeyManager[]> sSLFunction = this.keyManager;
        if (sSLFunction == null) {
            sSLFunction = this::buildKeyManagers;
        }
        SSLFunction<TrustManagerFactory, TrustManager[]> sSLFunction2 = this.trustManager;
        if (sSLFunction2 == null) {
            sSLFunction2 = this::buildTrustManagers;
        }
        BuilderSSLContext.initContext(sSLContext, sSLFunction.apply(buildKeyManagerFactory()), sSLFunction2.apply(buildTrustManagerFactory()), this.secureRandom);
        return new BuilderSSLContext(this.clientMode, sSLContext, this.parametersFunction, this.socketFactory);
    }

    public SSLContext buildAndDestroyBuilder() throws GeneralSecurityException, IOException, DestroyFailedException {
        SSLContext build = build();
        destroy();
        return build;
    }

    public void destroy() throws DestroyFailedException {
        DestroyFailedException destroyFailedException = null;
        for (Object obj : new Object[]{this.keyStorePassword, this.trustManagerPassword, this.keyManager, this.trustManager}) {
            if (obj instanceof Destroyable) {
                Destroyable destroyable = (Destroyable) obj;
                if (!destroyable.isDestroyed()) {
                    try {
                        destroyable.destroy();
                    } catch (DestroyFailedException e) {
                        if (destroyFailedException == null) {
                            destroyFailedException = e;
                        } else {
                            destroyFailedException.addSuppressed(e);
                        }
                    }
                }
            }
        }
        this.keyStoreUrl = null;
        this.keyStorePassword = null;
        this.keyManager = null;
        this.trustManagerUrl = null;
        this.trustManagerPassword = null;
        this.trustManager = null;
        this.parametersFunction = null;
        this.secureRandom = null;
        if (destroyFailedException != null) {
            throw destroyFailedException;
        }
    }

    private static Provider resolveProviderIfPossible(String str) {
        try {
            try {
                return (Provider) Class.forName(str).getConstructor(new Class[0]).newInstance(new Object[0]);
            } catch (ClassCastException | IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | SecurityException | InvocationTargetException e) {
                throw new IllegalStateException("Cannot instantiate provider '" + str + "', despite being on the classpath", e);
            }
        } catch (ClassNotFoundException e2) {
            return null;
        }
    }

    private static Provider bouncyCastleInstanceIfPossible() {
        return resolveProviderIfPossible("org.bouncycastle.jce.provider.BouncyCastleProvider");
    }

    private static Provider bouncyCastleJSSEInstanceIfPossible() {
        return resolveProviderIfPossible("org.bouncycastle.jsse.provider.BouncyCastleJsseProvider");
    }

    public static KeyStore newKeyStorePKCS12() throws KeyStoreException {
        return PROVIDER_PKCS12 == null ? KeyStore.getInstance("PKCS12") : KeyStore.getInstance("PKCS12", PROVIDER_PKCS12);
    }

    static {
        PROVIDER_PKCS12 = AFSocket.isRunningOnAndroid() ? bouncyCastleInstanceIfPossible() : null;
        PROVIDER_JSSE = AFSocket.isRunningOnAndroid() ? bouncyCastleJSSEInstanceIfPossible() : null;
        DEFAULT_PROVIDER = (!AFSocket.isRunningOnAndroid() || PROVIDER_JSSE == null) ? null : "org.bouncycastle.jsse.provider.BouncyCastleJsseProvider,org.bouncycastle.jce.provider.BouncyCastleProvider";
    }
}
