package org.toilelibre.libe.curl;

import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import java.util.stream.Stream;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.Option;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.ssl.SSLContextBuilder;
import org.toilelibre.libe.curl.CertFormat;
import org.toilelibre.libe.curl.Curl;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/toilelibre/libe/curl/SSLMaterialCreator.class */
public final class SSLMaterialCreator {
    private static final Map<Map<String, List<String>>, SSLConnectionSocketFactory> cachedSSLFactoriesForPerformance = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/toilelibre/libe/curl/SSLMaterialCreator$CertPlusKeyInfo.class */
    public static class CertPlusKeyInfo {
        private final CertFormat certFormat;
        private final CertFormat keyFormat;
        private final String cert;
        private final String certPassphrase;
        private final String cacert;
        private final String key;
        private final String keyPassphrase;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:org/toilelibre/libe/curl/SSLMaterialCreator$CertPlusKeyInfo$Builder.class */
        public static final class Builder {
            private CertFormat certFormat;
            private CertFormat keyFormat;
            private String cert;
            private String certPassphrase;
            private String cacert;
            private String key;
            private String keyPassphrase;

            private Builder() {
            }

            Builder certFormat(CertFormat certFormat) {
                this.certFormat = certFormat;
                return this;
            }

            Builder keyFormat(CertFormat certFormat) {
                this.keyFormat = certFormat;
                return this;
            }

            Builder cert(String str) {
                this.cert = str;
                return this;
            }

            Builder certPassphrase(String str) {
                this.certPassphrase = str;
                return this;
            }

            Builder cacert(String str) {
                this.cacert = str;
                return this;
            }

            Builder key(String str) {
                this.key = str;
                return this;
            }

            Builder keyPassphrase(String str) {
                this.keyPassphrase = str;
                return this;
            }

            CertPlusKeyInfo build() {
                return new CertPlusKeyInfo(this);
            }
        }

        private CertPlusKeyInfo(Builder builder) {
            this.certFormat = builder.certFormat;
            this.keyFormat = builder.keyFormat;
            this.cert = builder.cert;
            this.certPassphrase = builder.certPassphrase;
            this.cacert = builder.cacert;
            this.key = builder.key;
            this.keyPassphrase = builder.keyPassphrase;
        }

        static Builder newBuilder() {
            return new Builder();
        }

        CertFormat getCertFormat() {
            return this.certFormat;
        }

        CertFormat getKeyFormat() {
            return this.keyFormat;
        }

        String getCert() {
            return this.cert;
        }

        String getCertPassphrase() {
            return this.certPassphrase;
        }

        String getCacert() {
            return this.cacert;
        }

        String getKey() {
            return this.key;
        }

        String getKeyPassphrase() {
            return this.keyPassphrase;
        }
    }

    SSLMaterialCreator() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void handleSSLParams(CommandLine commandLine, HttpClientBuilder httpClientBuilder) throws Curl.CurlException {
        Map<String, List<String>> inputExtractedFrom = inputExtractedFrom(commandLine);
        SSLConnectionSocketFactory sSLConnectionSocketFactory = cachedSSLFactoriesForPerformance.get(inputExtractedFrom);
        if (sSLConnectionSocketFactory != null) {
            httpClientBuilder.setSSLSocketFactory(sSLConnectionSocketFactory);
            return;
        }
        SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
        sSLContextBuilder.setProtocol(protocolFromCommandLine(commandLine));
        if (commandLine.hasOption(Arguments.TRUST_INSECURE.getOpt())) {
            sayTrustInsecure(sSLContextBuilder);
        }
        CertFormat valueOf = commandLine.hasOption(Arguments.CERT_TYPE.getOpt()) ? CertFormat.valueOf(commandLine.getOptionValue(Arguments.CERT_TYPE.getOpt()).toUpperCase()) : CertFormat.PEM;
        CertPlusKeyInfo.Builder keyFormat = CertPlusKeyInfo.newBuilder().cacert(commandLine.getOptionValue(Arguments.CA_CERT.getOpt())).certFormat(valueOf).keyFormat(commandLine.hasOption(Arguments.KEY.getOpt()) ? commandLine.hasOption(Arguments.KEY_TYPE.getOpt()) ? CertFormat.valueOf(commandLine.getOptionValue(Arguments.KEY_TYPE.getOpt()).toUpperCase()) : CertFormat.PEM : valueOf);
        if (commandLine.hasOption(Arguments.CERT.getOpt())) {
            String optionValue = commandLine.getOptionValue(Arguments.CERT.getOpt());
            int sslSeparatorIndex = getSslSeparatorIndex(optionValue);
            String substring = sslSeparatorIndex == -1 ? optionValue : optionValue.substring(0, sslSeparatorIndex);
            keyFormat.cert(substring).certPassphrase(sslSeparatorIndex == -1 ? "" : optionValue.substring(sslSeparatorIndex + 1)).key(substring);
        }
        if (commandLine.hasOption(Arguments.KEY.getOpt())) {
            String optionValue2 = commandLine.getOptionValue(Arguments.KEY.getOpt());
            int sslSeparatorIndex2 = getSslSeparatorIndex(optionValue2);
            keyFormat.key(sslSeparatorIndex2 == -1 ? optionValue2 : optionValue2.substring(0, sslSeparatorIndex2)).keyPassphrase(sslSeparatorIndex2 == -1 ? "" : optionValue2.substring(sslSeparatorIndex2 + 1));
        }
        if (commandLine.hasOption(Arguments.CERT.getOpt()) || commandLine.hasOption(Arguments.KEY.getOpt())) {
            addClientCredentials(sSLContextBuilder, keyFormat.build());
        }
        try {
            SSLConnectionSocketFactory sSLConnectionSocketFactory2 = new SSLConnectionSocketFactory(sSLContextBuilder.build(), commandLine.hasOption(Arguments.TRUST_INSECURE.getOpt()) ? NoopHostnameVerifier.INSTANCE : SSLConnectionSocketFactory.getDefaultHostnameVerifier());
            cachedSSLFactoriesForPerformance.put(inputExtractedFrom, sSLConnectionSocketFactory2);
            httpClientBuilder.setSSLSocketFactory(sSLConnectionSocketFactory2);
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new Curl.CurlException(e);
        }
    }

    private static Map<String, List<String>> inputExtractedFrom(CommandLine commandLine) {
        return (Map) Stream.of((Object[]) new Option[]{Arguments.TRUST_INSECURE, Arguments.CERT_TYPE, Arguments.CA_CERT, Arguments.KEY, Arguments.KEY_TYPE, Arguments.CERT, Arguments.TLS_V1, Arguments.TLS_V10, Arguments.TLS_V11, Arguments.TLS_V12, Arguments.SSL_V2, Arguments.SSL_V3}).filter(option -> {
            return commandLine.getOptionValues(option.getOpt()) != null || commandLine.hasOption(option.getOpt());
        }).collect(Collectors.toMap((v0) -> {
            return v0.getOpt();
        }, option2 -> {
            return Arrays.asList((Object[]) Optional.ofNullable(commandLine.getOptionValues(option2.getOpt())).orElse(new String[]{"true"}));
        }));
    }

    private static void addClientCredentials(SSLContextBuilder sSLContextBuilder, CertPlusKeyInfo certPlusKeyInfo) throws Curl.CurlException {
        try {
            String certPassphrase = certPlusKeyInfo.getKeyPassphrase() == null ? certPlusKeyInfo.getCertPassphrase() : certPlusKeyInfo.getKeyPassphrase();
            sSLContextBuilder.loadKeyMaterial(generateKeyStore(certPlusKeyInfo), certPassphrase == null ? null : certPassphrase.toCharArray());
        } catch (IOException | GeneralSecurityException e) {
            throw new Curl.CurlException(e);
        }
    }

    private static KeyStore generateKeyStore(CertPlusKeyInfo certPlusKeyInfo) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, Curl.CurlException {
        CertFormat certFormat = certPlusKeyInfo.getCertFormat();
        File file = certPlusKeyInfo.getCacert() == null ? null : IOUtils.getFile(certPlusKeyInfo.getCacert());
        File file2 = IOUtils.getFile(certPlusKeyInfo.getCert());
        CertFormat keyFormat = certPlusKeyInfo.getKeyFormat();
        File file3 = IOUtils.getFile(certPlusKeyInfo.getKey());
        char[] charArray = certPlusKeyInfo.getCertPassphrase() == null ? null : certPlusKeyInfo.getCertPassphrase().toCharArray();
        char[] charArray2 = certPlusKeyInfo.getKeyPassphrase() == null ? charArray : certPlusKeyInfo.getKeyPassphrase().toCharArray();
        List list = (List) (file == null ? Collections.emptyList() : certFormat.generateCredentialsFromFileAndPassword(CertFormat.Kind.CERTIFICATE, IOUtils.toByteArray(file), charArray2)).stream().filter(certificate -> {
            return (certificate instanceof X509Certificate) && ((X509Certificate) certificate).getBasicConstraints() != -1;
        }).collect(Collectors.toList());
        List generateCredentialsFromFileAndPassword = certFormat.generateCredentialsFromFileAndPassword(CertFormat.Kind.CERTIFICATE, IOUtils.toByteArray(file2), charArray);
        List generateCredentialsFromFileAndPassword2 = keyFormat.generateCredentialsFromFileAndPassword(CertFormat.Kind.PRIVATE_KEY, IOUtils.toByteArray(file3), charArray2);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null);
        Certificate[] certificateArr = (Certificate[]) generateCredentialsFromFileAndPassword.toArray(new Certificate[0]);
        IntStream.range(0, generateCredentialsFromFileAndPassword.size()).forEach(i -> {
            setCertificateEntry(keyStore, generateCredentialsFromFileAndPassword, i);
        });
        IntStream.range(0, list.size()).forEach(i2 -> {
            setCaCertificateEntry(keyStore, list, i2);
        });
        IntStream.range(0, generateCredentialsFromFileAndPassword2.size()).forEach(i3 -> {
            setPrivateKeyEntry(keyStore, generateCredentialsFromFileAndPassword2, charArray2, certificateArr, i3);
        });
        return keyStore;
    }

    private static int getSslSeparatorIndex(String str) {
        if (str.matches("^[A-Za-z]:\\\\") && str.lastIndexOf(58) == 1) {
            return -1;
        }
        return str.lastIndexOf(58);
    }

    private static String protocolFromCommandLine(CommandLine commandLine) {
        return commandLine.hasOption(Arguments.TLS_V1.getOpt()) ? "TLSv1" : commandLine.hasOption(Arguments.TLS_V10.getOpt()) ? "TLSv1.0" : commandLine.hasOption(Arguments.TLS_V11.getOpt()) ? "TLSv1.1" : commandLine.hasOption(Arguments.TLS_V12.getOpt()) ? "TLSv1.2" : commandLine.hasOption(Arguments.SSL_V2.getOpt()) ? "SSLv2" : commandLine.hasOption(Arguments.SSL_V3.getOpt()) ? "SSLv3" : "TLS";
    }

    private static void sayTrustInsecure(SSLContextBuilder sSLContextBuilder) throws Curl.CurlException {
        try {
            sSLContextBuilder.loadTrustMaterial((KeyStore) null, (x509CertificateArr, str) -> {
                return true;
            });
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new Curl.CurlException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void setCaCertificateEntry(KeyStore keyStore, List<Certificate> list, int i) {
        try {
            keyStore.setCertificateEntry("ca-cert-alias-" + i, list.get(i));
        } catch (KeyStoreException e) {
            throw new Curl.CurlException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void setCertificateEntry(KeyStore keyStore, List<Certificate> list, int i) {
        try {
            keyStore.setCertificateEntry("cert-alias-" + i, list.get(i));
        } catch (KeyStoreException e) {
            throw new Curl.CurlException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void setPrivateKeyEntry(KeyStore keyStore, List<PrivateKey> list, char[] cArr, Certificate[] certificateArr, int i) {
        try {
            keyStore.setKeyEntry("key-alias-" + i, list.get(i), cArr, certificateArr);
        } catch (KeyStoreException e) {
            throw new Curl.CurlException(e);
        }
    }
}
