package org.sdase.commons.cacertificates.ssl;

import java.io.IOException;
import java.io.StringReader;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Objects;
import java.util.stream.Stream;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.X509TrustedCertificateBlock;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.lang.Nullable;

/* loaded from: input_file:org/sdase/commons/cacertificates/ssl/SslUtil.class */
public class SslUtil {
    private static final Logger LOG = LoggerFactory.getLogger(SslUtil.class);
    private static final String DEFAULT_SSL_PROTOCOL = "TLSv1.2";

    private SslUtil() {
    }

    public static SSLContext createSslContext(@Nullable KeyStore keyStore) {
        try {
            TrustManager[] trustManagerArr = {createCompositeTrustManager(keyStore)};
            SSLContext sSLContext = SSLContext.getInstance(DEFAULT_SSL_PROTOCOL);
            sSLContext.init(null, trustManagerArr, createSecureRandom());
            return sSLContext;
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    public static KeyStore createTruststoreFromPemKey(@Nullable String str) {
        if (str == null) {
            return null;
        }
        try {
            PEMParser pEMParser = new PEMParser(new StringReader(str));
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                int i = 0;
                while (true) {
                    X509Certificate parseCert = parseCert(pEMParser);
                    if (parseCert == null) {
                        pEMParser.close();
                        return keyStore;
                    }
                    keyStore.setCertificateEntry("cert_" + i, parseCert);
                    i++;
                }
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    public static X509Certificate parseCert(PEMParser pEMParser) throws IOException, CertificateException {
        Object readObject = pEMParser.readObject();
        if (readObject == null) {
            return null;
        }
        if (readObject instanceof X509CertificateHolder) {
            return new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) readObject);
        }
        if (!(readObject instanceof X509TrustedCertificateBlock)) {
            throw new CertificateException("Could not read certificate of type " + String.valueOf(readObject.getClass()));
        }
        return new JcaX509CertificateConverter().getCertificate(((X509TrustedCertificateBlock) readObject).getCertificateHolder());
    }

    public static SecureRandom createSecureRandom() throws NoSuchAlgorithmException {
        try {
            return SecureRandom.getInstance("NativePRNG");
        } catch (NoSuchAlgorithmException e) {
            LOG.warn("Failed to create SecureRandom with algorithm {}. Falling back to {}.This should only happen on windows machines.", new Object[]{"NativePRNG", "Windows-PRNG", e});
            return SecureRandom.getInstance("Windows-PRNG");
        }
    }

    public static X509TrustManager getTrustManager(String str, KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
            trustManagerFactory.init(keyStore);
            Stream stream = Arrays.stream(trustManagerFactory.getTrustManagers());
            Class<X509TrustManager> cls = X509TrustManager.class;
            Objects.requireNonNull(X509TrustManager.class);
            Stream filter = stream.filter((v1) -> {
                return r1.isInstance(v1);
            });
            Class<X509TrustManager> cls2 = X509TrustManager.class;
            Objects.requireNonNull(X509TrustManager.class);
            return (X509TrustManager) filter.map((v1) -> {
                return r1.cast(v1);
            }).findFirst().orElse(null);
        } catch (Exception e) {
            return null;
        }
    }

    private static TrustManager createCompositeTrustManager(@Nullable KeyStore keyStore) {
        String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        ArrayList arrayList = new ArrayList();
        arrayList.add(getTrustManager(defaultAlgorithm, null));
        if (keyStore != null) {
            arrayList.add(getTrustManager(defaultAlgorithm, keyStore));
        }
        return new CompositeX509TrustManager(arrayList);
    }
}
