package dev.langchain4j.store.embedding.vespa;

import com.google.gson.GsonBuilder;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import retrofit2.Retrofit;
import retrofit2.converter.gson.GsonConverterFactory;

/* loaded from: input_file:dev/langchain4j/store/embedding/vespa/VespaQueryClient.class */
class VespaQueryClient {
    static final BouncyCastleProvider bcProvider = new BouncyCastleProvider();

    VespaQueryClient() {
    }

    public static VespaQueryApi createInstance(String str, Path path, Path path2) {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null);
            keyStore.setKeyEntry("cert", privateKey(path2), new char[0], certificates(path));
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.3");
            sSLContext.init(createKeyManagers(keyStore), null, null);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return (VespaQueryApi) new Retrofit.Builder().baseUrl(str).client(new OkHttpClient.Builder().sslSocketFactory(sSLContext.getSocketFactory(), (X509TrustManager) trustManagerFactory.getTrustManagers()[0]).addInterceptor(chain -> {
                Request request = chain.request();
                return chain.proceed(request.newBuilder().url(request.url().newBuilder().removePathSegment(1).addPathSegment("").encodedQuery((String) request.url().encodedPathSegments().get(1)).build()).build());
            }).build()).addConverterFactory(GsonConverterFactory.create(new GsonBuilder().create())).build().create(VespaQueryApi.class);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static KeyManager[] createKeyManagers(KeyStore keyStore) throws GeneralSecurityException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, new char[0]);
        return keyManagerFactory.getKeyManagers();
    }

    private static Certificate[] certificates(Path path) throws IOException, GeneralSecurityException {
        PEMParser pEMParser = new PEMParser(Files.newBufferedReader(path));
        Throwable th = null;
        try {
            ArrayList arrayList = new ArrayList();
            while (true) {
                Object readObject = pEMParser.readObject();
                if (readObject == null) {
                    break;
                }
                arrayList.add(toX509Certificate(readObject));
            }
            if (arrayList.isEmpty()) {
                throw new IOException("File contains no PEM encoded certificates: " + path);
            }
            Certificate[] certificateArr = (Certificate[]) arrayList.toArray(new Certificate[0]);
            if (pEMParser != null) {
                if (0 != 0) {
                    try {
                        pEMParser.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    pEMParser.close();
                }
            }
            return certificateArr;
        } catch (Throwable th3) {
            if (pEMParser != null) {
                if (0 != 0) {
                    try {
                        pEMParser.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    pEMParser.close();
                }
            }
            throw th3;
        }
    }

    private static PrivateKey privateKey(Path path) throws IOException, GeneralSecurityException {
        Object readObject;
        PEMParser pEMParser = new PEMParser(Files.newBufferedReader(path));
        Throwable th = null;
        do {
            try {
                readObject = pEMParser.readObject();
                if (readObject == null) {
                    throw new IOException("Could not find private key in PEM file");
                }
                if (readObject instanceof PrivateKeyInfo) {
                    PrivateKeyInfo privateKeyInfo = (PrivateKeyInfo) readObject;
                    PrivateKey generatePrivate = createKeyFactory(privateKeyInfo).generatePrivate(new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded()));
                    if (pEMParser != null) {
                        if (0 != 0) {
                            try {
                                pEMParser.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            pEMParser.close();
                        }
                    }
                    return generatePrivate;
                }
            } catch (Throwable th3) {
                if (pEMParser != null) {
                    if (0 != 0) {
                        try {
                            pEMParser.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        pEMParser.close();
                    }
                }
                throw th3;
            }
        } while (!(readObject instanceof PEMKeyPair));
        PrivateKeyInfo privateKeyInfo2 = ((PEMKeyPair) readObject).getPrivateKeyInfo();
        PrivateKey generatePrivate2 = createKeyFactory(privateKeyInfo2).generatePrivate(new PKCS8EncodedKeySpec(privateKeyInfo2.getEncoded()));
        if (pEMParser != null) {
            if (0 != 0) {
                try {
                    pEMParser.close();
                } catch (Throwable th5) {
                    th.addSuppressed(th5);
                }
            } else {
                pEMParser.close();
            }
        }
        return generatePrivate2;
    }

    private static X509Certificate toX509Certificate(Object obj) throws IOException, GeneralSecurityException {
        if (obj instanceof X509Certificate) {
            return (X509Certificate) obj;
        }
        if (obj instanceof X509CertificateHolder) {
            return new JcaX509CertificateConverter().setProvider(bcProvider).getCertificate((X509CertificateHolder) obj);
        }
        throw new IOException("Invalid type of PEM object: " + obj);
    }

    private static KeyFactory createKeyFactory(PrivateKeyInfo privateKeyInfo) throws IOException, GeneralSecurityException {
        ASN1ObjectIdentifier algorithm = privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm();
        if (X9ObjectIdentifiers.id_ecPublicKey.equals(algorithm)) {
            return KeyFactory.getInstance("EC", (Provider) bcProvider);
        }
        if (PKCSObjectIdentifiers.rsaEncryption.equals(algorithm)) {
            return KeyFactory.getInstance("RSA", (Provider) bcProvider);
        }
        throw new IOException("Unknown key algorithm: " + algorithm);
    }
}
