package org.xipki.util.http;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.StringTokenizer;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import org.xipki.password.PasswordResolver;
import org.xipki.password.PasswordResolverException;
import org.xipki.util.Base64;
import org.xipki.util.CompareUtil;
import org.xipki.util.FileOrBinary;
import org.xipki.util.StringUtil;
import org.xipki.util.exception.ObjectCreationException;

/* loaded from: input_file:WEB-INF/lib/util-6.3.1.jar:org/xipki/util/http/SslContextConf.class */
public class SslContextConf {
    private static final byte[] PEM_PREFIX = StringUtil.toUtf8Bytes("-----BEGIN");
    private boolean useSslConf = true;
    private PasswordResolver passwordResolver;
    private String sslStoreType;
    private FileOrBinary sslKeystore;
    private String sslKeystorePassword;
    private FileOrBinary[] sslTrustanchors;
    private String sslHostnameVerifier;
    private SSLContext sslContext;
    private SSLSocketFactory sslSocketFactory;

    public static SslContextConf ofSslConf(SslConf sslConf) {
        SslContextConf sslContextConf = new SslContextConf();
        sslContextConf.setSslStoreType(sslConf.getStoreType());
        if (sslConf.getKeystore() != null) {
            sslContextConf.setSslKeystore(sslConf.getKeystore());
            sslContextConf.setSslKeystorePassword(sslConf.getKeystorePassword());
        }
        if (sslConf.getTrustanchors() != null) {
            sslContextConf.setSslTrustanchors(sslConf.getTrustanchors());
        }
        sslContextConf.setSslHostnameVerifier(sslConf.getHostnameVerifier());
        return sslContextConf;
    }

    public boolean isUseSslConf() {
        return this.useSslConf;
    }

    public void setUseSslConf(boolean z) {
        this.useSslConf = z;
    }

    public PasswordResolver getPasswordResolver() {
        return this.passwordResolver;
    }

    public void setPasswordResolver(PasswordResolver passwordResolver) {
        this.passwordResolver = passwordResolver;
    }

    public String getSslStoreType() {
        return this.sslStoreType;
    }

    public void setSslStoreType(String str) {
        this.sslStoreType = emptyAsNull(str);
    }

    public FileOrBinary getSslKeystore() {
        return this.sslKeystore;
    }

    public void setSslKeystore(String str) {
        String emptyAsNull = emptyAsNull(str);
        if (emptyAsNull == null) {
            this.sslKeystore = null;
        } else {
            setSslKeystore(FileOrBinary.ofFile(emptyAsNull));
        }
    }

    public void setSslKeystore(FileOrBinary fileOrBinary) {
        this.sslKeystore = fileOrBinary;
    }

    public String getSslKeystorePassword() {
        return this.sslKeystorePassword;
    }

    public void setSslKeystorePassword(String str) {
        this.sslKeystorePassword = emptyAsNull(str);
    }

    public FileOrBinary[] getSslTrustanchors() {
        return this.sslTrustanchors;
    }

    public void setSslTrustanchors(String str) {
        String emptyAsNull = emptyAsNull(str);
        if (emptyAsNull == null) {
            this.sslTrustanchors = null;
            return;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(emptyAsNull, ",;:");
        FileOrBinary[] fileOrBinaryArr = new FileOrBinary[stringTokenizer.countTokens()];
        for (int i = 0; i < fileOrBinaryArr.length; i++) {
            fileOrBinaryArr[i] = FileOrBinary.ofFile(stringTokenizer.nextToken());
        }
        setSslTrustanchors(fileOrBinaryArr);
    }

    public void setSslTrustanchors(FileOrBinary[] fileOrBinaryArr) {
        this.sslTrustanchors = fileOrBinaryArr;
    }

    public String getSslHostnameVerifier() {
        return this.sslHostnameVerifier;
    }

    public void setSslHostnameVerifier(String str) {
        this.sslHostnameVerifier = emptyAsNull(str);
    }

    public SSLContext getSslContext() throws ObjectCreationException {
        if (!this.useSslConf) {
            return null;
        }
        if (this.sslContext == null) {
            SslContextBuilder sslContextBuilder = new SslContextBuilder();
            if (this.sslStoreType != null) {
                sslContextBuilder.setKeyStoreType(this.sslStoreType);
            }
            try {
                if (this.sslKeystore != null) {
                    char[] charArray = this.sslKeystorePassword == null ? null : this.passwordResolver == null ? this.sslKeystorePassword.toCharArray() : this.passwordResolver.resolvePassword(this.sslKeystorePassword);
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.sslKeystore.readContent());
                    try {
                        sslContextBuilder.loadKeyMaterial(byteArrayInputStream, charArray, charArray);
                        byteArrayInputStream.close();
                    } finally {
                    }
                }
                if (this.sslTrustanchors != null && this.sslTrustanchors.length != 0) {
                    KeyStore keyStore = KeyStore.getInstance("JKS");
                    keyStore.load(null, "any".toCharArray());
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    int i = 1;
                    for (FileOrBinary fileOrBinary : this.sslTrustanchors) {
                        byte[] readContent = fileOrBinary.readContent();
                        if (CompareUtil.areEqual(readContent, 0, PEM_PREFIX, 0, PEM_PREFIX.length)) {
                            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new ByteArrayInputStream(readContent)));
                            StringBuilder sb = null;
                            while (true) {
                                try {
                                    String readLine = bufferedReader.readLine();
                                    if (readLine == null) {
                                        break;
                                    }
                                    if (readLine.equals("-----BEGIN CERTIFICATE-----")) {
                                        sb = new StringBuilder(1000);
                                    } else if (readLine.equals("-----END CERTIFICATE-----")) {
                                        if (sb != null) {
                                            byte[] decode = Base64.decode(sb.toString());
                                            sb = null;
                                            int i2 = i;
                                            i++;
                                            keyStore.setCertificateEntry("cert-" + i2, parseCert(certificateFactory, decode));
                                        }
                                    } else if (sb != null) {
                                        sb.append(readLine);
                                    }
                                } finally {
                                }
                            }
                            bufferedReader.close();
                        } else {
                            int i3 = i;
                            i++;
                            keyStore.setCertificateEntry("cert-" + i3, parseCert(certificateFactory, readContent));
                        }
                    }
                    sslContextBuilder.loadTrustMaterial(keyStore);
                }
                this.sslContext = sslContextBuilder.build();
            } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException | PasswordResolverException e) {
                throw new ObjectCreationException("could not build SSLContext: " + e.getMessage(), e);
            }
        }
        return this.sslContext;
    }

    private static Certificate parseCert(CertificateFactory certificateFactory, byte[] bArr) throws CertificateException, IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            Certificate generateCertificate = certificateFactory.generateCertificate(byteArrayInputStream);
            byteArrayInputStream.close();
            return generateCertificate;
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public SSLSocketFactory getSslSocketFactory() throws ObjectCreationException {
        if (!this.useSslConf) {
            return null;
        }
        if (this.sslSocketFactory == null) {
            getSslContext();
            this.sslSocketFactory = this.sslContext.getSocketFactory();
        }
        return this.sslSocketFactory;
    }

    public HostnameVerifier buildHostnameVerifier() throws ObjectCreationException {
        if (this.useSslConf) {
            return HostnameVerifiers.createHostnameVerifier(this.sslHostnameVerifier);
        }
        return null;
    }

    private static String emptyAsNull(String str) {
        if (str == null || str.trim().isEmpty()) {
            return null;
        }
        return str;
    }
}
