package org.xbib.net.http.server.simple.secure;

import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.ServiceLoader;
import java.util.Set;
import java.util.logging.Logger;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import org.xbib.net.http.HttpAddress;
import org.xbib.net.http.HttpVersion;
import org.xbib.net.security.CertificateProvider;
import org.xbib.net.security.CertificateReader;
import org.xbib.net.security.ssl.SSLFactory;
import org.xbib.net.security.util.DistinguishedNameParser;

/* loaded from: input_file:org/xbib/net/http/server/simple/secure/HttpsAddress.class */
public class HttpsAddress extends HttpAddress {
    private static final Logger logger = Logger.getLogger(HttpsAddress.class.getName());
    private final SSLContext sslContext;

    /* loaded from: input_file:org/xbib/net/http/server/simple/secure/HttpsAddress$Builder.class */
    public static class Builder {
        private static TrustManagerFactory TRUST_MANAGER_FACTORY;
        private static final Iterable<String> DEFAULT_JDK_CIPHERS = Arrays.asList(((SSLSocketFactory) SSLSocketFactory.getDefault()).getDefaultCipherSuites());
        private String host;
        private KeyStore trustManagerKeyStore;
        private Collection<? extends X509Certificate> certChain;
        private PrivateKey privateKey;
        private String privateKeyPassword;
        private Set<String> hostNames;
        private int port = -1;
        private boolean isSecure = true;
        private HttpVersion httpVersion = HttpVersion.HTTP_1_1;
        private TrustManagerFactory trustManagerFactory = TRUST_MANAGER_FACTORY;
        private Iterable<String> ciphers = DEFAULT_JDK_CIPHERS;

        private Builder() {
        }

        public Builder setHost(String str) {
            this.host = str;
            return this;
        }

        public Builder setPort(int i) {
            this.port = i;
            return this;
        }

        public Builder setSecure(boolean z) {
            this.isSecure = z;
            return this;
        }

        public Builder setVersion(HttpVersion httpVersion) {
            this.httpVersion = httpVersion;
            return this;
        }

        public Builder setTrustManagerFactory(TrustManagerFactory trustManagerFactory) {
            this.trustManagerFactory = trustManagerFactory;
            return this;
        }

        public Builder setTrustManagerKeyStore(KeyStore keyStore) {
            this.trustManagerKeyStore = keyStore;
            return this;
        }

        public Builder setCiphers(Iterable<String> iterable) {
            this.ciphers = iterable;
            return this;
        }

        public Builder setPrivateKey(PrivateKey privateKey) {
            this.privateKey = privateKey;
            return this;
        }

        public Builder setCertChain(Collection<? extends X509Certificate> collection) {
            Objects.requireNonNull(collection);
            this.certChain = collection;
            return this;
        }

        public Builder setCertChain(InputStream inputStream, String str, InputStream inputStream2) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException {
            ServiceLoader load = ServiceLoader.load(CertificateProvider.class);
            boolean z = false;
            this.privateKeyPassword = str;
            Iterator it = load.iterator();
            while (it.hasNext()) {
                try {
                    Map.Entry provide = ((CertificateProvider) it.next()).provide(inputStream, str, inputStream2);
                    setPrivateKey((PrivateKey) provide.getKey());
                    setCertChain((Collection) provide.getValue());
                    z = true;
                    break;
                } catch (IOException | CertificateException e) {
                }
            }
            if (!z) {
                throw new CertificateException("no certificate found");
            }
            this.hostNames = HttpsAddress.getServerNames((X509Certificate) CertificateReader.orderCertificateChain(this.certChain).get(0));
            return this;
        }

        public Builder setSelfCert(String str) throws CertificateException {
            boolean z = false;
            Iterator it = ServiceLoader.load(CertificateProvider.class).iterator();
            while (it.hasNext()) {
                try {
                    Map.Entry provideSelfSigned = ((CertificateProvider) it.next()).provideSelfSigned(str);
                    setPrivateKey((PrivateKey) provideSelfSigned.getKey());
                    setCertChain((Collection) provideSelfSigned.getValue());
                    z = true;
                } catch (IOException | CertificateException e) {
                }
            }
            if (z) {
                return this;
            }
            throw new CertificateException("no self-signed certificate found");
        }

        public HttpsAddress build() throws KeyStoreException {
            Objects.requireNonNull(this.host);
            Objects.requireNonNull(this.httpVersion);
            Objects.requireNonNull(this.privateKey);
            Objects.requireNonNull(this.certChain);
            if (this.certChain.isEmpty()) {
                throw new IllegalArgumentException("cert chain must not be empty");
            }
            Objects.requireNonNull(this.ciphers);
            this.trustManagerFactory.init(this.trustManagerKeyStore);
            return new HttpsAddress(this.host, Integer.valueOf(this.port), this.httpVersion, this.isSecure, this.hostNames, SSLFactory.builder().withCiphers(this.ciphers).withIdentityMaterial(this.privateKey, this.privateKeyPassword != null ? this.privateKeyPassword.toCharArray() : null, this.certChain).withTrustMaterial(this.trustManagerFactory).build().getSslContext());
        }

        static {
            try {
                TRUST_MANAGER_FACTORY = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            } catch (Exception e) {
                TRUST_MANAGER_FACTORY = null;
            }
        }
    }

    public HttpsAddress(String str, Integer num, HttpVersion httpVersion, boolean z, Set<String> set, SSLContext sSLContext) {
        super(str, num, httpVersion, z, set);
        this.sslContext = sSLContext;
    }

    public static Builder builder() {
        return new Builder().setSecure(true);
    }

    public static HttpsAddress https1(String str) throws KeyStoreException {
        return builder().setVersion(HttpVersion.HTTP_1_1).setHost(str).setPort(443).build();
    }

    public static HttpAddress https1(String str, int i) throws KeyStoreException {
        return builder().setVersion(HttpVersion.HTTP_1_1).setHost(str).setPort(i).build();
    }

    public static HttpAddress https2(String str) throws KeyStoreException {
        return builder().setVersion(HttpVersion.HTTP_2_0).setHost(str).setPort(443).build();
    }

    public static HttpAddress https2(String str, int i) throws KeyStoreException {
        return builder().setVersion(HttpVersion.HTTP_2_0).setHost(str).setPort(i).build();
    }

    public SSLContext getSslContext() {
        return this.sslContext;
    }

    private static Set<String> getServerNames(X509Certificate x509Certificate) throws CertificateParsingException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.add(new DistinguishedNameParser(x509Certificate.getSubjectX500Principal()).findMostSpecific("CN"));
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames != null) {
            for (List<?> list : subjectAlternativeNames) {
                if (((Integer) list.get(0)).intValue() == 2) {
                    linkedHashSet.add(list.get(1).toString());
                }
            }
        }
        return linkedHashSet;
    }
}
