package io.bitdive.parent.safety_config;

import io.bitdive.parent.safety_config.VaultGettingConfig;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.logging.log4j.core.net.ssl.SslConfigurationDefaults;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.RSAPrivateKey;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;

/* loaded from: input_file:io/bitdive/parent/safety_config/SSLContextCustomBitDive.class */
public class SSLContextCustomBitDive {
    private static SSLContext sslContext;
    private static X509Certificate clientCertificate;

    private static void loadCertificatesAndInitializeSSLContext() throws Exception {
        VaultGettingConfig.VaultConfigRet retrieveCertificatesFromVault = VaultGettingConfig.retrieveCertificatesFromVault();
        clientCertificate = loadCertificate(retrieveCertificatesFromVault.getCertificate());
        PrivateKey loadPrivateKey = loadPrivateKey(retrieveCertificatesFromVault.getPrivateKey());
        List<X509Certificate> loadCACertificates = loadCACertificates(retrieveCertificatesFromVault.getCaChain());
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null, null);
        X509Certificate[] x509CertificateArr = new X509Certificate[loadCACertificates.size() + 1];
        x509CertificateArr[0] = clientCertificate;
        for (int i = 0; i < loadCACertificates.size(); i++) {
            x509CertificateArr[i + 1] = loadCACertificates.get(i);
        }
        keyStore.setKeyEntry("client", loadPrivateKey, "changeit".toCharArray(), x509CertificateArr);
        KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore2.load(null, null);
        int i2 = 0;
        Iterator<X509Certificate> it = loadCACertificates.iterator();
        while (it.hasNext()) {
            keyStore2.setCertificateEntry("ca-cert-" + i2, it.next());
            i2++;
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, "changeit".toCharArray());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore2);
        sslContext = SSLContext.getInstance(SslConfigurationDefaults.PROTOCOL);
        sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
    }

    public static void ensureValidCertificate() throws Exception {
        if (isCertificateValid()) {
            return;
        }
        VaultGettingConfig.initVaultConnect();
        loadCertificatesAndInitializeSSLContext();
    }

    private static boolean isCertificateValid() {
        try {
            clientCertificate.checkValidity();
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public static PrivateKey loadPrivateKey(String str) throws IOException, OperatorCreationException {
        PrivateKey privateKey;
        PEMParser pEMParser = new PEMParser(new StringReader(str));
        Object readObject = pEMParser.readObject();
        pEMParser.close();
        JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME);
        if (readObject instanceof PEMEncryptedKeyPair) {
            privateKey = provider.getPrivateKey(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build("password".toCharArray())).getPrivateKeyInfo());
        } else if (readObject instanceof PEMKeyPair) {
            privateKey = provider.getPrivateKey(((PEMKeyPair) readObject).getPrivateKeyInfo());
        } else if (readObject instanceof PrivateKeyInfo) {
            privateKey = provider.getPrivateKey((PrivateKeyInfo) readObject);
        } else {
            if (!(readObject instanceof RSAPrivateKey)) {
                throw new IllegalArgumentException("Invalid key format");
            }
            privateKey = provider.getPrivateKey(new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), (RSAPrivateKey) readObject));
        }
        return privateKey;
    }

    private static X509Certificate loadCertificate(String str) throws Exception {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.trim().getBytes(StandardCharsets.UTF_8)));
    }

    private static List<X509Certificate> loadCACertificates(String str) throws Exception {
        ArrayList arrayList = new ArrayList();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        for (String str2 : str.split("(?=-----BEGIN CERTIFICATE-----)")) {
            String trim = str2.trim();
            if (!trim.isEmpty()) {
                arrayList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(trim.getBytes(StandardCharsets.UTF_8))));
            }
        }
        return arrayList;
    }

    public static SSLContext getSslContext() {
        return sslContext;
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
