package io.cloudslang.content.httpclient.build.conn;

import io.cloudslang.content.httpclient.entities.Constants;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashSet;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.conn.ssl.X509HostnameVerifier;

/* loaded from: input_file:io/cloudslang/content/httpclient/build/conn/SSLConnectionSocketFactoryBuilder.class */
public class SSLConnectionSocketFactoryBuilder {
    public static final String TRUST_ALL_ROOTS_ERROR = "Could not use trustAllRoots=";
    public static final String SSL_CONNECTION_ERROR = "Could not create SSL connection. Invalid keystore or trustKeystore certificates.";
    public static final String BAD_KEYSTORE_ERROR = "The keystore provided in the 'keystore' input is corrupted OR the password (in the 'keystorePassword' input) is incorrect";
    public static final String INVALID_KEYSTORE_ERROR = "A keystore could not be found or it does not contain the needed certificate";
    public static final String BAD_TRUST_KEYSTORE_ERROR = "The trust keystore provided in the 'trustKeystore' input is corrupted OR the password (in the 'trustPassword' input) is incorrect";
    public static final String INVALID_TRUST_KEYSTORE_ERROR = "A trust keystore could not be found or it does not contain the needed certificate";
    public static final String TLSv12 = "TLSv1.2";
    public String[] cypherArray;
    private String keystore;
    private String inputTLS;
    private String keystorePassword;
    private String trustKeystore;
    private String trustPassword;
    private String inputCyphers;
    private boolean hasTLS2;
    public static final String[] ARRAY_TLSv12 = {"TLSv1.2"};
    public static final String[] array = new String[0];
    public static final String SSLv3 = "SSLv3";
    public static final String TLSv10 = "TLSv1";
    public static final String TLSv11 = "TLSv1.1";
    public static final String[] SUPPORTED_PROTOCOLS = {SSLv3, TLSv10, TLSv11, "TLSv1.2"};
    public static final String[] SUPPORTED_CYPHERS = {"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "THS_DHE_RSA_WITH_AES_256_CBC_SHA256", "THS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256"};
    private static boolean checkArray = false;
    private String trustAllRootsStr = "false";
    private String x509HostnameVerifierInputValue = "strict";
    private boolean flag = false;

    public static boolean checkEquality(String[] strArr, String[] strArr2) {
        for (String str : strArr2) {
            for (int i = 0; i < strArr.length; i++) {
                if (str.toUpperCase().equals(strArr[i].toUpperCase())) {
                    strArr[i] = str;
                }
            }
        }
        return Arrays.asList(strArr2).containsAll(Arrays.asList(strArr));
    }

    public static boolean checkIfTLS2(String[] strArr, String str) {
        return Arrays.asList(strArr).contains(str);
    }

    protected KeyStore createKeyStore(URL url, String str) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        if (url == null) {
            throw new IllegalArgumentException("Keystore url may not be null");
        }
        KeyStore keyStore = KeyStore.getInstance("jks");
        InputStream inputStream = null;
        try {
            inputStream = url.openStream();
            keyStore.load(inputStream, str != null ? str.toCharArray() : null);
            if (inputStream != null) {
                inputStream.close();
            }
            return keyStore;
        } catch (Throwable th) {
            if (inputStream != null) {
                inputStream.close();
            }
            throw th;
        }
    }

    public SSLConnectionSocketFactory build() {
        X509HostnameVerifier x509HostnameVerifier;
        SSLConnectionSocketFactory sSLConnectionSocketFactory;
        if (!"true".equalsIgnoreCase(this.trustAllRootsStr) && !"false".equalsIgnoreCase(this.trustAllRootsStr)) {
            throw new IllegalArgumentException("'trustAllRoots' can only be 'true' or 'false'");
        }
        boolean parseBoolean = Boolean.parseBoolean(this.trustAllRootsStr);
        SSLContextBuilder custom = SSLContexts.custom();
        String str = System.getProperty("java.home") + "/lib/security/cacerts";
        if (parseBoolean) {
            try {
                custom.loadKeyMaterial(createKeyStore(new URL("file:" + this.keystore), this.keystorePassword), this.keystorePassword.toCharArray());
                custom.loadTrustMaterial(createKeyStore(new URL("file:" + str), Constants.CHANGEIT), new TrustSelfSignedStrategy() { // from class: io.cloudslang.content.httpclient.build.conn.SSLConnectionSocketFactoryBuilder.1
                    public boolean isTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                        return true;
                    }
                });
            } catch (Exception e) {
                throw new IllegalArgumentException(e.getMessage() + ". " + TRUST_ALL_ROOTS_ERROR + parseBoolean, e);
            }
        } else {
            boolean isNotEmpty = StringUtils.isNotEmpty(this.keystore);
            boolean isNotEmpty2 = StringUtils.isNotEmpty(this.trustKeystore);
            boolean exists = new File(str).exists();
            if (!isNotEmpty && exists) {
                this.keystore = "file:" + str;
                this.keystorePassword = StringUtils.isNotEmpty(this.keystorePassword) ? this.keystorePassword : Constants.CHANGEIT;
                isNotEmpty = true;
            } else if (isNotEmpty && !this.keystore.startsWith("http")) {
                this.keystore = "file:" + this.keystore;
            }
            if (!isNotEmpty2 && exists) {
                this.trustKeystore = "file:" + str;
                this.trustPassword = StringUtils.isNotEmpty(this.trustPassword) ? this.trustPassword : Constants.CHANGEIT;
                isNotEmpty2 = true;
            } else if (isNotEmpty2 && !this.trustKeystore.startsWith("http")) {
                this.trustKeystore = "file:" + this.trustKeystore;
            }
            createTrustKeystore(custom, isNotEmpty2);
            createKeystore(custom, isNotEmpty);
        }
        custom.useSSL();
        custom.useTLS();
        try {
            String lowerCase = this.x509HostnameVerifierInputValue.toLowerCase();
            boolean z = -1;
            switch (lowerCase.hashCode()) {
                case -892404661:
                    if (lowerCase.equals("browser_compatible")) {
                        z = true;
                        break;
                    }
                    break;
                case -891986231:
                    if (lowerCase.equals("strict")) {
                        z = false;
                        break;
                    }
                    break;
                case 372342699:
                    if (lowerCase.equals("allow_all")) {
                        z = 2;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    x509HostnameVerifier = SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER;
                    break;
                case true:
                    x509HostnameVerifier = SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER;
                    break;
                case true:
                    x509HostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
                    break;
                default:
                    throw new IllegalArgumentException("Invalid value '" + this.x509HostnameVerifierInputValue + "' for input 'x509HostnameVerifier'. Valid values: 'strict','browser_compatible','allow_all'.");
            }
            if (StringUtils.isEmpty(this.inputTLS)) {
                sSLConnectionSocketFactory = new SSLConnectionSocketFactory(custom.build(), SUPPORTED_PROTOCOLS, (String[]) null, x509HostnameVerifier);
            } else {
                String[] strArr = (String[]) new HashSet(Arrays.asList(this.inputTLS.trim().split(","))).toArray(new String[0]);
                if (!checkEquality(strArr, SUPPORTED_PROTOCOLS)) {
                    throw new IllegalArgumentException("Protocol not supported");
                }
                if (checkIfTLS2(strArr, "TLSv1.2")) {
                    this.flag = true;
                }
                if (!StringUtils.isEmpty(this.inputCyphers)) {
                    this.cypherArray = this.inputCyphers.trim().split(",");
                }
                sSLConnectionSocketFactory = this.flag ? this.cypherArray != null ? new SSLConnectionSocketFactory(custom.build(), ARRAY_TLSv12, this.cypherArray, x509HostnameVerifier) : new SSLConnectionSocketFactory(custom.build(), strArr, (String[]) null, x509HostnameVerifier) : new SSLConnectionSocketFactory(custom.build(), strArr, (String[]) null, x509HostnameVerifier);
            }
            return sSLConnectionSocketFactory;
        } catch (Exception e2) {
            if (e2 instanceof IllegalArgumentException) {
                throw new IllegalArgumentException(e2.getMessage());
            }
            throw new RuntimeException(e2.getMessage() + ". " + SSL_CONNECTION_ERROR, e2);
        }
    }

    protected void createKeystore(SSLContextBuilder sSLContextBuilder, boolean z) {
        if (z) {
            try {
                sSLContextBuilder.loadKeyMaterial(createKeyStore(new URL(this.keystore), this.keystorePassword), this.keystorePassword.toCharArray());
            } catch (IOException | UnrecoverableKeyException e) {
                throw new IllegalArgumentException(e.getMessage() + ". " + BAD_KEYSTORE_ERROR, e);
            } catch (GeneralSecurityException e2) {
                throw new IllegalArgumentException(e2.getMessage() + ". " + INVALID_KEYSTORE_ERROR, e2);
            }
        }
    }

    protected void createTrustKeystore(SSLContextBuilder sSLContextBuilder, boolean z) {
        if (z) {
            try {
                sSLContextBuilder.loadTrustMaterial(createKeyStore(new URL(this.trustKeystore), this.trustPassword));
            } catch (IOException e) {
                throw new IllegalArgumentException(e.getMessage() + ". " + BAD_TRUST_KEYSTORE_ERROR, e);
            } catch (GeneralSecurityException e2) {
                throw new IllegalArgumentException(e2.getMessage() + ". " + INVALID_TRUST_KEYSTORE_ERROR, e2);
            }
        }
    }

    public SSLConnectionSocketFactoryBuilder setTrustAllRoots(String str) {
        if (!StringUtils.isEmpty(str)) {
            this.trustAllRootsStr = str;
        }
        return this;
    }

    public SSLConnectionSocketFactoryBuilder setInputTLS(String str) {
        this.inputTLS = str;
        return this;
    }

    public SSLConnectionSocketFactoryBuilder setKeystore(String str) {
        this.keystore = str;
        return this;
    }

    public SSLConnectionSocketFactoryBuilder setKeystorePassword(String str) {
        this.keystorePassword = str;
        return this;
    }

    public SSLConnectionSocketFactoryBuilder setTrustKeystore(String str) {
        this.trustKeystore = str;
        return this;
    }

    public SSLConnectionSocketFactoryBuilder setTrustPassword(String str) {
        this.trustPassword = str;
        return this;
    }

    public SSLConnectionSocketFactoryBuilder setallowedCyphers(String str) {
        this.inputCyphers = str;
        return this;
    }

    public SSLConnectionSocketFactoryBuilder setX509HostnameVerifier(String str) {
        if (!StringUtils.isEmpty(str)) {
            this.x509HostnameVerifierInputValue = str;
        }
        return this;
    }
}
