package org.eclipse.californium.elements.util;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.Socket;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Pattern;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.eclipse.californium.elements.util.Asn1DerDecoder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/californium/elements/util/SslContextUtil.class */
public class SslContextUtil {
    public static final String CLASSPATH_SCHEME = "classpath://";
    public static final String PARAMETER_SEPARATOR = "#";
    public static final String JKS_ENDING = ".jks";
    public static final String BKS_ENDING = ".bks";
    public static final String PKCS12_ENDING = ".p12";
    public static final String PEM_ENDING = ".pem";
    public static final String CRT_ENDING = ".crt";
    public static final String DEFAULT_ENDING = "*";
    public static final String JKS_TYPE = "JKS";
    public static final String BKS_TYPE = "BKS";
    public static final String PKCS12_TYPE = "PKCS12";
    public static final String DEFAULT_SSL_PROTOCOL = "TLSv1.2";
    private static final String SCHEME_DELIMITER = "://";
    private static final String DEFAULT_ALIAS = "californium";
    private static final TrustManager TRUST_ALL;
    public static final Logger LOGGER = LoggerFactory.getLogger(SslContextUtil.class);
    private static final Map<String, KeyStoreType> KEY_STORE_TYPES = new ConcurrentHashMap();
    private static final Map<String, InputStreamFactory> INPUT_STREAM_FACTORIES = new ConcurrentHashMap();
    private static final KeyManager ANONYMOUS = new AnonymousX509ExtendedKeyManager();

    /* loaded from: input_file:org/eclipse/californium/elements/util/SslContextUtil$AnonymousX509ExtendedKeyManager.class */
    private static class AnonymousX509ExtendedKeyManager extends X509ExtendedKeyManager {
        private AnonymousX509ExtendedKeyManager() {
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
            return null;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/californium/elements/util/SslContextUtil$ClassLoaderInputStreamFactory.class */
    public static class ClassLoaderInputStreamFactory implements InputStreamFactory {
        private ClassLoaderInputStreamFactory() {
        }

        @Override // org.eclipse.californium.elements.util.SslContextUtil.InputStreamFactory
        public InputStream create(String str) throws IOException {
            InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(str.substring(SslContextUtil.CLASSPATH_SCHEME.length()));
            if (null == resourceAsStream) {
                throw new IOException("'" + str + "' not found!");
            }
            return resourceAsStream;
        }
    }

    /* loaded from: input_file:org/eclipse/californium/elements/util/SslContextUtil$Credentials.class */
    public static class Credentials {
        private final PrivateKey privateKey;
        private final PublicKey publicKey;
        private final X509Certificate[] chain;
        private final Certificate[] trusts;

        public Credentials(PrivateKey privateKey, PublicKey publicKey, X509Certificate[] x509CertificateArr) {
            if (x509CertificateArr != null) {
                if (x509CertificateArr.length == 0) {
                    x509CertificateArr = null;
                } else if (publicKey == null) {
                    publicKey = x509CertificateArr[0].getPublicKey();
                } else if (!publicKey.equals(x509CertificateArr[0].getPublicKey())) {
                    throw new IllegalArgumentException("public key doesn't match certificate!");
                }
            }
            this.privateKey = privateKey;
            this.chain = x509CertificateArr;
            this.publicKey = publicKey;
            this.trusts = null;
        }

        public Credentials(Certificate[] certificateArr) {
            this.privateKey = null;
            this.publicKey = null;
            this.chain = null;
            this.trusts = certificateArr;
        }

        public PrivateKey getPrivateKey() {
            return this.privateKey;
        }

        public PublicKey getPublicKey() {
            return this.publicKey;
        }

        public X509Certificate[] getCertificateChain() {
            return this.chain;
        }

        public List<X509Certificate> getCertificateChainAsList() {
            if (this.chain == null) {
                return null;
            }
            return Arrays.asList(this.chain);
        }

        public Certificate[] getTrustedCertificates() {
            return this.trusts;
        }
    }

    /* loaded from: input_file:org/eclipse/californium/elements/util/SslContextUtil$IncompleteCredentialsException.class */
    public static class IncompleteCredentialsException extends IllegalArgumentException {
        private static final long serialVersionUID = -53656;
        private final Credentials incompleteCredentials;

        public IncompleteCredentialsException(Credentials credentials) {
            this.incompleteCredentials = credentials;
        }

        public IncompleteCredentialsException(Credentials credentials, String str) {
            super(str);
            this.incompleteCredentials = credentials;
        }

        public IncompleteCredentialsException(Credentials credentials, String str, Throwable th) {
            super(str, th);
            this.incompleteCredentials = credentials;
        }

        public Credentials getIncompleteCredentials() {
            return this.incompleteCredentials;
        }
    }

    /* loaded from: input_file:org/eclipse/californium/elements/util/SslContextUtil$InputStreamFactory.class */
    public interface InputStreamFactory {
        InputStream create(String str) throws IOException;
    }

    /* loaded from: input_file:org/eclipse/californium/elements/util/SslContextUtil$KeyStoreType.class */
    public static class KeyStoreType {
        public final String type;
        public final SimpleKeyStore simpleStore;

        public KeyStoreType(String str) {
            if (str == null) {
                throw new NullPointerException("key store type must not be null!");
            }
            if (str.isEmpty()) {
                throw new IllegalArgumentException("key store type must not be empty!");
            }
            this.type = str;
            this.simpleStore = null;
        }

        public KeyStoreType(SimpleKeyStore simpleKeyStore) {
            if (simpleKeyStore == null) {
                throw new NullPointerException("simple key store must not be null!");
            }
            this.type = null;
            this.simpleStore = simpleKeyStore;
        }
    }

    /* loaded from: input_file:org/eclipse/californium/elements/util/SslContextUtil$SimpleKeyStore.class */
    public interface SimpleKeyStore {
        Credentials load(InputStream inputStream) throws GeneralSecurityException, IOException;
    }

    @NotForAndroid
    /* loaded from: input_file:org/eclipse/californium/elements/util/SslContextUtil$X509ExtendedTrustAllManager.class */
    private static class X509ExtendedTrustAllManager extends X509ExtendedTrustManager {
        private X509ExtendedTrustAllManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            X509TrustAllManager.validateChain(x509CertificateArr, true);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            X509TrustAllManager.validateChain(x509CertificateArr, false);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return X509TrustAllManager.EMPTY;
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            X509TrustAllManager.validateChain(x509CertificateArr, true);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            X509TrustAllManager.validateChain(x509CertificateArr, true);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            X509TrustAllManager.validateChain(x509CertificateArr, false);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            X509TrustAllManager.validateChain(x509CertificateArr, false);
        }
    }

    /* loaded from: input_file:org/eclipse/californium/elements/util/SslContextUtil$X509TrustAllManager.class */
    private static class X509TrustAllManager implements X509TrustManager {
        private static final X509Certificate[] EMPTY = new X509Certificate[0];

        private X509TrustAllManager() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void validateChain(X509Certificate[] x509CertificateArr, boolean z) throws CertificateException {
            if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
                return;
            }
            SslContextUtil.LOGGER.debug("check certificate {} for {}", x509CertificateArr[0].getSubjectX500Principal(), z ? "client" : "server");
            if (!CertPathUtil.canBeUsedForAuthentication(x509CertificateArr[0], z)) {
                SslContextUtil.LOGGER.debug("check certificate {} for {} failed on key-usage!", x509CertificateArr[0].getSubjectX500Principal(), z ? "client" : "server");
                throw new CertificateException("Key usage not proper for " + (z ? "client" : "server"));
            }
            SslContextUtil.LOGGER.trace("check certificate {} for {} succeeded on key-usage!", x509CertificateArr[0].getSubjectX500Principal(), z ? "client" : "server");
            try {
                CertPathUtil.validateCertificatePathWithIssuer(true, CertPathUtil.generateValidatableCertPath(Arrays.asList(x509CertificateArr), null), EMPTY);
                Logger logger = SslContextUtil.LOGGER;
                Object[] objArr = new Object[3];
                objArr[0] = x509CertificateArr[0].getSubjectX500Principal();
                objArr[1] = Integer.valueOf(x509CertificateArr.length);
                objArr[2] = z ? "client" : "server";
                logger.trace("check certificate {} [chain.length={}] for {} validated!", objArr);
            } catch (GeneralSecurityException e) {
                Logger logger2 = SslContextUtil.LOGGER;
                Object[] objArr2 = new Object[3];
                objArr2[0] = x509CertificateArr[0].getSubjectX500Principal();
                objArr2[1] = z ? "client" : "server";
                objArr2[2] = e.getMessage();
                logger2.debug("check certificate {} for {} failed on {}!", objArr2);
                if (!(e instanceof CertificateException)) {
                    throw new CertificateException(e);
                }
                throw ((CertificateException) e);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            validateChain(x509CertificateArr, true);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            validateChain(x509CertificateArr, false);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return EMPTY;
        }
    }

    public static Certificate[] loadTrustedCertificates(String str) throws IOException, GeneralSecurityException {
        if (null == str) {
            throw new NullPointerException("trust must be provided!");
        }
        String[] split = str.split(PARAMETER_SEPARATOR, 3);
        if (1 == split.length && getKeyStoreTypeFromUri(split[0]).simpleStore != null) {
            return loadTrustedCertificates(split[0], null, null);
        }
        if (3 != split.length) {
            throw new IllegalArgumentException("trust must comply the pattern <keystore#hexstorepwd#aliaspattern>");
        }
        return loadTrustedCertificates(split[0], split[2], StringUtil.hex2CharArray(split[1]));
    }

    public static Credentials loadCredentials(String str) throws IOException, GeneralSecurityException {
        if (null == str) {
            throw new NullPointerException("credentials must be provided!");
        }
        String[] split = str.split(PARAMETER_SEPARATOR, 4);
        if (1 == split.length && getKeyStoreTypeFromUri(split[0]).simpleStore != null) {
            return loadCredentials(split[0], null, null, null);
        }
        if (4 != split.length) {
            throw new IllegalArgumentException("credentials must comply the pattern <keystore#hexstorepwd#hexkeypwd#alias>");
        }
        return loadCredentials(split[0], split[3], StringUtil.hex2CharArray(split[1]), StringUtil.hex2CharArray(split[2]));
    }

    public static TrustManager[] loadTrustManager(String str, String str2, char[] cArr) throws IOException, GeneralSecurityException {
        return createTrustManager("trusts", loadTrustedCertificates(str, str2, cArr));
    }

    public static KeyManager[] loadKeyManager(String str, String str2, char[] cArr, char[] cArr2) throws IOException, GeneralSecurityException {
        KeyStoreType keyStoreTypeFromUri = getKeyStoreTypeFromUri(str);
        if (keyStoreTypeFromUri.simpleStore != null) {
            Credentials loadSimpleKeyStore = loadSimpleKeyStore(str, keyStoreTypeFromUri);
            if (loadSimpleKeyStore.privateKey == null) {
                throw new IllegalArgumentException("credentials missing! No private key found!");
            }
            if (loadSimpleKeyStore.chain == null) {
                throw new IllegalArgumentException("credentials missing! No certificate chain found!");
            }
            return createKeyManager(DEFAULT_ALIAS, loadSimpleKeyStore.privateKey, loadSimpleKeyStore.chain);
        }
        if (null == cArr2) {
            throw new NullPointerException("keyPassword must be provided!");
        }
        KeyStore loadKeyStore = loadKeyStore(str, cArr, keyStoreTypeFromUri);
        if (str2 != null && !str2.isEmpty()) {
            boolean z = false;
            Pattern compile = Pattern.compile(str2);
            KeyStore keyStore = KeyStore.getInstance(loadKeyStore.getType());
            keyStore.load(null);
            Enumeration<String> aliases = loadKeyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (compile.matcher(nextElement).matches()) {
                    KeyStore.Entry entry = loadKeyStore.getEntry(nextElement, new KeyStore.PasswordProtection(cArr2));
                    if (null == entry) {
                        throw new GeneralSecurityException("key stores '" + str + "' doesn't contain credentials for '" + nextElement + "'");
                    }
                    keyStore.setEntry(nextElement, entry, new KeyStore.PasswordProtection(cArr2));
                    z = true;
                }
            }
            if (!z) {
                throw new GeneralSecurityException("no credentials found in '" + str + "' for '" + str2 + "'!");
            }
            loadKeyStore = keyStore;
        }
        return createKeyManager(loadKeyStore, cArr2);
    }

    public static Certificate[] loadTrustedCertificates(String str, String str2, char[] cArr) throws IOException, GeneralSecurityException {
        KeyStoreType keyStoreTypeFromUri = getKeyStoreTypeFromUri(str);
        if (keyStoreTypeFromUri.simpleStore != null) {
            Credentials loadSimpleKeyStore = loadSimpleKeyStore(str, keyStoreTypeFromUri);
            if (loadSimpleKeyStore.trusts == null) {
                throw new IllegalArgumentException("no trusted x509 certificates found in '" + str + "'!");
            }
            return loadSimpleKeyStore.trusts;
        }
        KeyStore loadKeyStore = loadKeyStore(str, cArr, keyStoreTypeFromUri);
        Pattern pattern = null;
        if (null != str2 && !str2.isEmpty()) {
            pattern = Pattern.compile(str2);
        }
        ArrayList arrayList = new ArrayList();
        Enumeration<String> aliases = loadKeyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (null == pattern || pattern.matcher(nextElement).matches()) {
                Certificate certificate = loadKeyStore.getCertificate(nextElement);
                if (!arrayList.contains(certificate)) {
                    arrayList.add(certificate);
                }
            }
        }
        if (arrayList.isEmpty()) {
            throw new IllegalArgumentException("no trusted x509 certificates found in '" + str + "' for '" + str2 + "'!");
        }
        return (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]);
    }

    public static Credentials loadCredentials(String str, String str2, char[] cArr, char[] cArr2) throws IOException, GeneralSecurityException {
        KeyStoreType keyStoreTypeFromUri = getKeyStoreTypeFromUri(str);
        if (keyStoreTypeFromUri.simpleStore == null) {
            if (null == str2) {
                throw new NullPointerException("alias must be provided!");
            }
            if (str2.isEmpty()) {
                throw new IllegalArgumentException("alias must not be empty!");
            }
            if (null == cArr2) {
                throw new NullPointerException("keyPassword must be provided!");
            }
            KeyStore loadKeyStore = loadKeyStore(str, cArr, keyStoreTypeFromUri);
            if (loadKeyStore.entryInstanceOf(str2, KeyStore.PrivateKeyEntry.class)) {
                KeyStore.Entry entry = loadKeyStore.getEntry(str2, new KeyStore.PasswordProtection(cArr2));
                if (entry instanceof KeyStore.PrivateKeyEntry) {
                    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
                    return new Credentials(privateKeyEntry.getPrivateKey(), null, asX509Certificates(privateKeyEntry.getCertificateChain()));
                }
            }
            throw new IllegalArgumentException("no credentials found for '" + str2 + "' in '" + str + "'!");
        }
        Credentials loadSimpleKeyStore = loadSimpleKeyStore(str, keyStoreTypeFromUri);
        if (loadSimpleKeyStore.getTrustedCertificates() != null) {
            try {
                List<? extends Certificate> certificates = CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(loadSimpleKeyStore.getTrustedCertificates())).getCertificates();
                loadSimpleKeyStore = new Credentials(null, null, (X509Certificate[]) certificates.toArray(new X509Certificate[certificates.size()]));
                throw new IncompleteCredentialsException(loadSimpleKeyStore, "credentials missing! No private key found!");
            } catch (GeneralSecurityException e) {
                LOGGER.warn("Load PEM {}:", str, e);
            }
        }
        if (loadSimpleKeyStore.publicKey == null && loadSimpleKeyStore.privateKey == null) {
            throw new IllegalArgumentException("credentials missing! No keys found!");
        }
        if (loadSimpleKeyStore.privateKey == null) {
            throw new IncompleteCredentialsException(loadSimpleKeyStore, "credentials missing! No private key found!");
        }
        if (loadSimpleKeyStore.publicKey == null) {
            throw new IncompleteCredentialsException(loadSimpleKeyStore, "credentials missing! Neither certificate chain nor public key found!");
        }
        return loadSimpleKeyStore;
    }

    public static PrivateKey loadPrivateKey(String str, String str2, char[] cArr, char[] cArr2) throws IOException, GeneralSecurityException {
        KeyStoreType keyStoreTypeFromUri = getKeyStoreTypeFromUri(str);
        if (keyStoreTypeFromUri.simpleStore != null) {
            Credentials loadSimpleKeyStore = loadSimpleKeyStore(str, keyStoreTypeFromUri);
            if (loadSimpleKeyStore.privateKey != null) {
                return loadSimpleKeyStore.privateKey;
            }
        } else {
            if (null == str2) {
                throw new NullPointerException("alias must be provided!");
            }
            if (str2.isEmpty()) {
                throw new IllegalArgumentException("alias must not be empty!");
            }
            if (null == cArr2) {
                throw new NullPointerException("keyPassword must be provided!");
            }
            KeyStore loadKeyStore = loadKeyStore(str, cArr, keyStoreTypeFromUri);
            if (loadKeyStore.entryInstanceOf(str2, KeyStore.PrivateKeyEntry.class)) {
                KeyStore.Entry entry = loadKeyStore.getEntry(str2, new KeyStore.PasswordProtection(cArr2));
                if (entry instanceof KeyStore.PrivateKeyEntry) {
                    return ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
                }
            }
        }
        throw new IllegalArgumentException("no private key found for '" + str2 + "' in '" + str + "'!");
    }

    public static PublicKey loadPublicKey(String str, String str2, char[] cArr) throws IOException, GeneralSecurityException {
        KeyStoreType keyStoreTypeFromUri = getKeyStoreTypeFromUri(str);
        if (keyStoreTypeFromUri.simpleStore != null) {
            Credentials loadSimpleKeyStore = loadSimpleKeyStore(str, keyStoreTypeFromUri);
            if (loadSimpleKeyStore.publicKey != null) {
                return loadSimpleKeyStore.publicKey;
            }
            throw new IllegalArgumentException("no public key found for '" + str2 + "' in '" + str + "'!");
        }
        if (null == str2) {
            throw new NullPointerException("alias must be provided!");
        }
        if (str2.isEmpty()) {
            throw new IllegalArgumentException("alias must not be empty!");
        }
        return loadKeyStore(str, cArr, keyStoreTypeFromUri).getCertificateChain(str2)[0].getPublicKey();
    }

    public static X509Certificate[] loadCertificateChain(String str, String str2, char[] cArr) throws IOException, GeneralSecurityException {
        KeyStoreType keyStoreTypeFromUri = getKeyStoreTypeFromUri(str);
        if (keyStoreTypeFromUri.simpleStore != null) {
            Credentials loadSimpleKeyStore = loadSimpleKeyStore(str, keyStoreTypeFromUri);
            if (loadSimpleKeyStore.chain == null) {
                throw new IllegalArgumentException("No certificate chain found!");
            }
            return loadSimpleKeyStore.chain;
        }
        if (null == str2) {
            throw new NullPointerException("alias must be provided!");
        }
        if (str2.isEmpty()) {
            throw new IllegalArgumentException("alias must not be empty!");
        }
        return asX509Certificates(loadKeyStore(str, cArr, keyStoreTypeFromUri).getCertificateChain(str2));
    }

    public static void configureDefaults() {
        KEY_STORE_TYPES.clear();
        KEY_STORE_TYPES.put(JKS_ENDING, new KeyStoreType(JKS_TYPE));
        KEY_STORE_TYPES.put(BKS_ENDING, new KeyStoreType(BKS_TYPE));
        KEY_STORE_TYPES.put(PKCS12_ENDING, new KeyStoreType(PKCS12_TYPE));
        KeyStoreType keyStoreType = new KeyStoreType(new SimpleKeyStore() { // from class: org.eclipse.californium.elements.util.SslContextUtil.1
            @Override // org.eclipse.californium.elements.util.SslContextUtil.SimpleKeyStore
            public Credentials load(InputStream inputStream) throws GeneralSecurityException, IOException {
                return SslContextUtil.loadPemCredentials(inputStream);
            }
        });
        KEY_STORE_TYPES.put(PEM_ENDING, keyStoreType);
        KEY_STORE_TYPES.put(CRT_ENDING, keyStoreType);
        KEY_STORE_TYPES.put("*", new KeyStoreType(KeyStore.getDefaultType()));
        INPUT_STREAM_FACTORIES.clear();
        INPUT_STREAM_FACTORIES.put(CLASSPATH_SCHEME, new ClassLoaderInputStreamFactory());
    }

    public static KeyStoreType configure(String str, KeyStoreType keyStoreType) {
        if (str == null) {
            throw new NullPointerException("ending must not be null!");
        }
        if (!str.equals("*") && !str.startsWith(".")) {
            throw new IllegalArgumentException("ending must start with \".\"!");
        }
        if (keyStoreType == null) {
            throw new NullPointerException("key store type must not be null!");
        }
        return KEY_STORE_TYPES.put(str.toLowerCase(), keyStoreType);
    }

    public static KeyStoreType configureAlias(String str, String str2) {
        if (str == null) {
            throw new NullPointerException("alias must not be null!");
        }
        if (str2 == null) {
            throw new NullPointerException("ending must not be null!");
        }
        if (str2.equals(str)) {
            throw new IllegalArgumentException("alias must differ from ending!");
        }
        if (!str2.equals("*") && !str2.startsWith(".")) {
            throw new IllegalArgumentException("ending must start with \".\"!");
        }
        if (!str.equals("*") && !str2.startsWith(".")) {
            throw new IllegalArgumentException("alias must start with \".\"!");
        }
        KeyStoreType keyStoreType = KEY_STORE_TYPES.get(str2);
        if (keyStoreType == null) {
            throw new IllegalArgumentException("ending must already be configured!");
        }
        return KEY_STORE_TYPES.put(str, keyStoreType);
    }

    public static InputStreamFactory configure(String str, InputStreamFactory inputStreamFactory) {
        if (str == null) {
            throw new NullPointerException("scheme must not be null!");
        }
        if (!str.endsWith(SCHEME_DELIMITER)) {
            throw new IllegalArgumentException("scheme must end with \"://\"!");
        }
        if (inputStreamFactory == null) {
            throw new NullPointerException("stream factory must not be null!");
        }
        return INPUT_STREAM_FACTORIES.put(str.toLowerCase(), inputStreamFactory);
    }

    public static boolean isAvailableFromUri(String str) {
        try {
            InputStream inputStreamFromUri = getInputStreamFromUri(str);
            if (inputStreamFromUri == null) {
                return false;
            }
            inputStreamFromUri.close();
            return true;
        } catch (IOException e) {
            return false;
        }
    }

    private static KeyStoreType getKeyStoreTypeFromUri(String str) throws GeneralSecurityException {
        KeyStoreType keyStoreType = null;
        if (!str.equals("*")) {
            int lastIndexOf = str.lastIndexOf(47);
            int lastIndexOf2 = str.lastIndexOf(46);
            if (lastIndexOf < lastIndexOf2) {
                keyStoreType = KEY_STORE_TYPES.get(str.substring(lastIndexOf2).toLowerCase());
            }
        }
        if (keyStoreType == null) {
            keyStoreType = KEY_STORE_TYPES.get("*");
        }
        if (keyStoreType == null) {
            throw new GeneralSecurityException("no key store type for " + str);
        }
        return keyStoreType;
    }

    private static String getSchemeFromUri(String str) {
        int indexOf = str.indexOf(SCHEME_DELIMITER);
        if (0 < indexOf) {
            return str.substring(0, indexOf + SCHEME_DELIMITER.length()).toLowerCase();
        }
        return null;
    }

    private static InputStream getInputStreamFromUri(String str) throws IOException {
        if (null == str) {
            throw new NullPointerException("keyStoreUri must be provided!");
        }
        InputStream inputStream = null;
        String schemeFromUri = getSchemeFromUri(str);
        if (schemeFromUri == null) {
            String str2 = null;
            File file = new File(str);
            if (!file.exists()) {
                str2 = " doesn't exists!";
            } else if (!file.isFile()) {
                str2 = " is not a file!";
            } else if (!file.canRead()) {
                str2 = " could not be read!";
            }
            if (str2 != null) {
                throw new IOException("URI: " + str + ", file: " + file.getAbsolutePath() + str2);
            }
            inputStream = new FileInputStream(file);
        } else {
            InputStreamFactory inputStreamFactory = INPUT_STREAM_FACTORIES.get(schemeFromUri);
            if (inputStreamFactory != null) {
                inputStream = inputStreamFactory.create(str);
            }
        }
        if (inputStream == null) {
            inputStream = new URL(str).openStream();
        }
        return inputStream;
    }

    private static KeyStore loadKeyStore(String str, char[] cArr, KeyStoreType keyStoreType) throws GeneralSecurityException, IOException {
        if (null == cArr) {
            throw new NullPointerException("storePassword must be provided!");
        }
        InputStream inputStreamFromUri = getInputStreamFromUri(str);
        KeyStore keyStore = KeyStore.getInstance(keyStoreType.type);
        try {
            try {
                keyStore.load(inputStreamFromUri, cArr);
                inputStreamFromUri.close();
                return keyStore;
            } catch (IOException e) {
                throw new IOException(e + ", URI: " + str + ", type: " + keyStoreType.type + ", " + keyStore.getProvider().getName());
            }
        } catch (Throwable th) {
            inputStreamFromUri.close();
            throw th;
        }
    }

    private static Credentials loadSimpleKeyStore(String str, KeyStoreType keyStoreType) throws GeneralSecurityException, IOException {
        InputStream inputStreamFromUri = getInputStreamFromUri(str);
        try {
            Credentials load = keyStoreType.simpleStore.load(inputStreamFromUri);
            inputStreamFromUri.close();
            return load;
        } catch (Throwable th) {
            inputStreamFromUri.close();
            throw th;
        }
    }

    public static Credentials loadPemCredentials(InputStream inputStream) throws GeneralSecurityException, IOException {
        PemReader pemReader = new PemReader(inputStream);
        try {
            Asn1DerDecoder.Keys keys = new Asn1DerDecoder.Keys();
            ArrayList<Certificate> arrayList = new ArrayList();
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (true) {
                String readNextBegin = pemReader.readNextBegin();
                if (readNextBegin == null) {
                    if (keys.getPrivateKey() != null || keys.getPublicKey() != null) {
                        List<? extends Certificate> certificates = certificateFactory.generateCertPath(arrayList).getCertificates();
                        Credentials credentials = new Credentials(keys.getPrivateKey(), keys.getPublicKey(), (X509Certificate[]) certificates.toArray(new X509Certificate[certificates.size()]));
                        pemReader.close();
                        return credentials;
                    }
                    if (arrayList.isEmpty()) {
                        Credentials credentials2 = new Credentials(null);
                        pemReader.close();
                        return credentials2;
                    }
                    ArrayList arrayList2 = new ArrayList();
                    for (Certificate certificate : arrayList) {
                        if (!arrayList2.contains(certificate)) {
                            arrayList2.add(certificate);
                        }
                    }
                    if (arrayList2.size() == arrayList.size()) {
                        try {
                            List<? extends Certificate> certificates2 = certificateFactory.generateCertPath(arrayList).getCertificates();
                            Credentials credentials3 = new Credentials(null, null, (X509Certificate[]) certificates2.toArray(new X509Certificate[certificates2.size()]));
                            pemReader.close();
                            return credentials3;
                        } catch (GeneralSecurityException e) {
                        }
                    }
                    Credentials credentials4 = new Credentials((Certificate[]) arrayList2.toArray(new Certificate[arrayList2.size()]));
                    pemReader.close();
                    return credentials4;
                }
                byte[] readToEnd = pemReader.readToEnd();
                if (readToEnd != null) {
                    if (readNextBegin.contains("CERTIFICATE")) {
                        arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(readToEnd)));
                    } else if (readNextBegin.contains("PRIVATE KEY")) {
                        Asn1DerDecoder.Keys readPrivateKey = Asn1DerDecoder.readPrivateKey(readToEnd);
                        if (readPrivateKey == null) {
                            throw new GeneralSecurityException("private key type not supported!");
                        }
                        keys.add(readPrivateKey);
                    } else if (readNextBegin.contains("PUBLIC KEY")) {
                        PublicKey readSubjectPublicKey = Asn1DerDecoder.readSubjectPublicKey(readToEnd);
                        if (readSubjectPublicKey == null) {
                            throw new GeneralSecurityException("public key type not supported!");
                        }
                        keys.setPublicKey(readSubjectPublicKey);
                    } else {
                        LOGGER.warn("{} not supported!", readNextBegin);
                    }
                }
            }
        } catch (Throwable th) {
            pemReader.close();
            throw th;
        }
    }

    public static X509Certificate[] asX509Certificates(Certificate[] certificateArr) {
        if (null == certificateArr || 0 == certificateArr.length) {
            throw new IllegalArgumentException("certificates missing!");
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
        for (int i = 0; certificateArr.length > i; i++) {
            if (null == certificateArr[i]) {
                throw new IllegalArgumentException("[" + i + "] is null!");
            }
            try {
                x509CertificateArr[i] = (X509Certificate) certificateArr[i];
            } catch (ClassCastException e) {
                throw new IllegalArgumentException("[" + i + "] is not a x509 certificate! Instead it's a " + certificateArr[i].getClass().getName());
            }
        }
        return x509CertificateArr;
    }

    public static X509KeyManager getX509KeyManager(KeyManager[] keyManagerArr) {
        if (keyManagerArr == null) {
            throw new NullPointerException("Key managers must not be null!");
        }
        if (keyManagerArr.length == 0) {
            throw new IllegalArgumentException("Key managers must not be empty!");
        }
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalArgumentException("Missing a X509KeyManager in key managers!");
    }

    public static void ensureUniqueCertificates(X509Certificate[] x509CertificateArr) {
        HashSet hashSet = new HashSet();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (!hashSet.add(x509Certificate)) {
                throw new IllegalArgumentException("Truststore contains certificates duplicates with subject: " + x509Certificate.getSubjectX500Principal());
            }
        }
    }

    public static SSLContext createSSLContext(String str, PrivateKey privateKey, X509Certificate[] x509CertificateArr, Certificate[] certificateArr) throws GeneralSecurityException {
        return createSSLContext(str, privateKey, x509CertificateArr, certificateArr, DEFAULT_SSL_PROTOCOL);
    }

    public static SSLContext createSSLContext(String str, PrivateKey privateKey, X509Certificate[] x509CertificateArr, Certificate[] certificateArr, String str2) throws GeneralSecurityException {
        if (null == str) {
            str = DEFAULT_ALIAS;
        }
        KeyManager[] createKeyManager = createKeyManager(str, privateKey, x509CertificateArr);
        TrustManager[] createTrustManager = createTrustManager(str, certificateArr);
        SSLContext sSLContext = SSLContext.getInstance(str2);
        sSLContext.init(createKeyManager, createTrustManager, null);
        return sSLContext;
    }

    public static String[] getWeakCipherSuites(SSLContext sSLContext) {
        SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
        ArrayList arrayList = new ArrayList();
        String[] cipherSuites = defaultSSLParameters.getCipherSuites();
        for (String str : cipherSuites) {
            if (str.contains("AES_128")) {
                arrayList.add(str);
            }
        }
        if (arrayList.isEmpty() || arrayList.size() >= cipherSuites.length) {
            return null;
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public static KeyManager[] createKeyManager(String str, PrivateKey privateKey, X509Certificate[] x509CertificateArr) throws GeneralSecurityException {
        if (null == privateKey) {
            throw new NullPointerException("private key must be provided!");
        }
        if (null == x509CertificateArr) {
            throw new NullPointerException("certificate chain must be provided!");
        }
        if (0 == x509CertificateArr.length) {
            throw new IllegalArgumentException("certificate chain must not be empty!");
        }
        if (null == str) {
            str = DEFAULT_ALIAS;
        }
        try {
            char[] charArray = "intern".toCharArray();
            KeyStore keyStore = KeyStore.getInstance(getKeyStoreTypeFromUri("*").type);
            keyStore.load(null);
            keyStore.setKeyEntry(str, privateKey, charArray, x509CertificateArr);
            return createKeyManager(keyStore, charArray);
        } catch (IOException e) {
            throw new GeneralSecurityException(e.getMessage());
        }
    }

    public static TrustManager[] createTrustManager(String str, Certificate[] certificateArr) throws GeneralSecurityException {
        if (null == certificateArr) {
            throw new NullPointerException("trusted certificates must be provided!");
        }
        if (0 == certificateArr.length) {
            throw new IllegalArgumentException("trusted certificates must not be empty!");
        }
        if (null == str) {
            str = DEFAULT_ALIAS;
        }
        try {
            int i = 1;
            KeyStore keyStore = KeyStore.getInstance(getKeyStoreTypeFromUri("*").type);
            keyStore.load(null);
            for (Certificate certificate : certificateArr) {
                keyStore.setCertificateEntry(str + i, certificate);
                i++;
            }
            return createTrustManager(keyStore);
        } catch (IOException e) {
            throw new GeneralSecurityException(e.getMessage());
        }
    }

    public static KeyManager[] createAnonymousKeyManager() {
        return new KeyManager[]{ANONYMOUS};
    }

    @NotForAndroid
    public static TrustManager[] createTrustAllManager() {
        return new TrustManager[]{TRUST_ALL};
    }

    private static KeyManager[] createKeyManager(KeyStore keyStore, char[] cArr) throws GeneralSecurityException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(Security.getProperty("ssl.KeyManagerFactory.algorithm"));
        keyManagerFactory.init(keyStore, cArr);
        return keyManagerFactory.getKeyManagers();
    }

    private static TrustManager[] createTrustManager(KeyStore keyStore) throws GeneralSecurityException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(Security.getProperty("ssl.TrustManagerFactory.algorithm"));
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    static {
        X509TrustManager x509TrustAllManager;
        JceProviderUtil.init();
        configureDefaults();
        try {
            x509TrustAllManager = new X509ExtendedTrustAllManager();
        } catch (NoClassDefFoundError e) {
            x509TrustAllManager = new X509TrustAllManager();
        }
        TRUST_ALL = x509TrustAllManager;
    }
}
