package org.embulk.util.ssl;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.Reader;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.openssl.PEMException;
import org.bouncycastle.openssl.PEMParser;
import sun.security.ssl.SSLSocketImpl;

/* loaded from: input_file:org/embulk/util/ssl/TrustManagers.class */
public class TrustManagers {

    /* loaded from: input_file:org/embulk/util/ssl/TrustManagers$VerifyHostNameSSLSocketFactory.class */
    private static class VerifyHostNameSSLSocketFactory extends SSLSocketFactory {
        private final SSLSocketFactory next;
        private final String hostname;

        public VerifyHostNameSSLSocketFactory(SSLSocketFactory sSLSocketFactory, String str) {
            this.next = sSLSocketFactory;
            this.hostname = str;
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getDefaultCipherSuites() {
            return this.next.getDefaultCipherSuites();
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getSupportedCipherSuites() {
            return this.next.getSupportedCipherSuites();
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
            Socket createSocket = this.next.createSocket(socket, str, i, z);
            setSSLParameters(createSocket, false);
            return createSocket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
            Socket createSocket = this.next.createSocket(str, i);
            setSSLParameters(createSocket, false);
            return createSocket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
            Socket createSocket = this.next.createSocket(str, i, inetAddress, i2);
            setSSLParameters(createSocket, false);
            return createSocket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
            Socket createSocket = this.next.createSocket(inetAddress, i);
            setSSLParameters(createSocket, true);
            return createSocket;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
            Socket createSocket = this.next.createSocket(inetAddress, i, inetAddress2, i2);
            setSSLParameters(createSocket, true);
            return createSocket;
        }

        private void setSSLParameters(Socket socket, boolean z) {
            if (socket instanceof SSLSocket) {
                SSLSocketImpl sSLSocketImpl = (SSLSocket) socket;
                String endpointIdentificationAlgorithm = sSLSocketImpl.getSSLParameters().getEndpointIdentificationAlgorithm();
                if (endpointIdentificationAlgorithm == null || !endpointIdentificationAlgorithm.equalsIgnoreCase("HTTPS")) {
                    if (z && (sSLSocketImpl instanceof SSLSocketImpl)) {
                        sSLSocketImpl.setHost(this.hostname);
                    }
                    SSLParameters sSLParameters = sSLSocketImpl.getSSLParameters();
                    sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
                    sSLSocketImpl.setSSLParameters(sSLParameters);
                }
            }
        }
    }

    private TrustManagers() {
    }

    public static KeyStore readDefaultJavaKeyStore() throws IOException, KeyStoreException, CertificateException {
        String replace = (System.getProperty("java.home") + "/lib/security/cacerts").replace('/', File.separatorChar);
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            FileInputStream fileInputStream = new FileInputStream(replace);
            Throwable th = null;
            try {
                keyStore.load(fileInputStream, null);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return keyStore;
            } finally {
            }
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public static List<X509Certificate> readDefaultJavaTrustedCertificates() throws IOException, CertificateException, KeyStoreException, InvalidAlgorithmParameterException {
        PKIXParameters pKIXParameters = new PKIXParameters(readDefaultJavaKeyStore());
        ArrayList arrayList = new ArrayList();
        Iterator<TrustAnchor> it = pKIXParameters.getTrustAnchors().iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getTrustedCert());
        }
        return arrayList;
    }

    public static List<X509Certificate> readPemEncodedX509Certificates(Reader reader) throws IOException, CertificateException {
        JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
        ArrayList arrayList = new ArrayList();
        try {
            PEMParser pEMParser = new PEMParser(reader);
            while (true) {
                Object readObject = pEMParser.readObject();
                if (readObject == null) {
                    break;
                }
                if (readObject instanceof X509CertificateHolder) {
                    arrayList.add(jcaX509CertificateConverter.getCertificate((X509CertificateHolder) readObject));
                }
            }
        } catch (IOException e) {
            if (!e.getClass().equals(IOException.class)) {
                throw e;
            }
            String message = e.getMessage();
            if (message.startsWith("unrecognised object: ")) {
                throw new CertificateParsingException(e);
            }
            if (message.startsWith("-----END ") && message.endsWith(" not found")) {
                throw new CertificateParsingException(e);
            }
        } catch (PEMException e2) {
            throw new CertificateParsingException((Throwable) e2);
        }
        return arrayList;
    }

    public static KeyStore buildKeyStoreFromTrustedCertificates(List<X509Certificate> list) throws KeyStoreException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        try {
            keyStore.load(null);
            int i = 0;
            Iterator<X509Certificate> it = list.iterator();
            while (it.hasNext()) {
                keyStore.setCertificateEntry("cert_" + i, it.next());
                i++;
            }
            return keyStore;
        } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    public static X509TrustManager[] newTrustManager(List<X509Certificate> list) throws KeyStoreException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(buildKeyStoreFromTrustedCertificates(list));
            ArrayList arrayList = new ArrayList();
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    arrayList.add((X509TrustManager) trustManager);
                }
            }
            return (X509TrustManager[]) arrayList.toArray(new X509TrustManager[arrayList.size()]);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public static X509TrustManager[] newDefaultJavaTrustManager() throws IOException, CertificateException, KeyStoreException, InvalidAlgorithmParameterException {
        return newTrustManager(readDefaultJavaTrustedCertificates());
    }

    public static SSLContext newSSLContext(KeyManager[] keyManagerArr, X509TrustManager[] x509TrustManagerArr) throws KeyManagementException {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerArr, x509TrustManagerArr, new SecureRandom());
            return sSLContext;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public static SSLSocketFactory newSSLSocketFactory(KeyManager[] keyManagerArr, X509TrustManager[] x509TrustManagerArr, String str) throws KeyManagementException {
        SSLSocketFactory socketFactory = newSSLContext(keyManagerArr, x509TrustManagerArr).getSocketFactory();
        return str == null ? socketFactory : new VerifyHostNameSSLSocketFactory(socketFactory, str);
    }
}
