package nl.altindag.sslcontext;

import java.io.IOException;
import java.nio.file.Path;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import nl.altindag.sslcontext.exception.GenericKeyStoreException;
import nl.altindag.sslcontext.exception.GenericSSLContextException;
import nl.altindag.sslcontext.exception.GenericSecurityException;
import nl.altindag.sslcontext.keymanager.CompositeX509ExtendedKeyManager;
import nl.altindag.sslcontext.model.KeyStoreHolder;
import nl.altindag.sslcontext.socket.CompositeSSLServerSocketFactory;
import nl.altindag.sslcontext.socket.CompositeSSLSocketFactory;
import nl.altindag.sslcontext.trustmanager.CompositeX509ExtendedTrustManager;
import nl.altindag.sslcontext.trustmanager.UnsafeX509ExtendedTrustManager;
import nl.altindag.sslcontext.util.KeyStoreUtils;
import nl.altindag.sslcontext.util.TrustManagerUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:nl/altindag/sslcontext/SSLFactory.class */
public final class SSLFactory {
    private static final Logger LOGGER = LoggerFactory.getLogger(SSLFactory.class);
    private static final char[] EMPTY_PASSWORD = new char[0];
    private final String sslContextProtocol;
    private final SecureRandom secureRandom;
    private final HostnameVerifier hostnameVerifier;
    private final List<KeyStoreHolder> identities;
    private final List<X509ExtendedKeyManager> identityManagers;
    private final List<KeyStoreHolder> trustStores;
    private final List<X509ExtendedTrustManager> trustManagers;
    private final boolean passwordCachingEnabled;
    private final SSLParameters sslParameters;
    private SSLContext sslContext;
    private CompositeSSLSocketFactory sslSocketFactory;
    private CompositeSSLServerSocketFactory sslServerSocketFactory;
    private CompositeX509ExtendedTrustManager trustManager;
    private CompositeX509ExtendedKeyManager keyManager;
    private List<X509Certificate> trustedCertificates;
    private List<String> ciphers;
    private List<String> protocols;

    /* loaded from: input_file:nl/altindag/sslcontext/SSLFactory$Builder.class */
    public static class Builder {
        private static final String TRUST_STORE_VALIDATION_EXCEPTION_MESSAGE = "TrustStore details are empty, which are required to be present when SSL/TLS is enabled";
        private static final String IDENTITY_VALIDATION_EXCEPTION_MESSAGE = "Identity details are empty, which are required to be present when SSL/TLS is enabled";
        private static final String KEY_STORE_LOADING_EXCEPTION = "Failed to load the keystore";
        public static final String IDENTITY_AND_TRUST_MATERIAL_VALIDATION_EXCEPTION_MESSAGE = "Could not create instance of SSLFactory because Identity and Trust material are not present. Please provide at least a Trust material.";
        private String sslContextProtocol;
        private SecureRandom secureRandom;
        private HostnameVerifier hostnameVerifier;
        private final List<KeyStoreHolder> identities;
        private final List<KeyStoreHolder> trustStores;
        private final List<X509ExtendedKeyManager> identityManagers;
        private final List<X509ExtendedTrustManager> trustManagers;
        private final SSLParameters sslParameters;
        private boolean passwordCachingEnabled;

        private Builder() {
            this.sslContextProtocol = "TLS";
            this.secureRandom = null;
            this.hostnameVerifier = (str, sSLSession) -> {
                return str.equalsIgnoreCase(sSLSession.getPeerHost());
            };
            this.identities = new ArrayList();
            this.trustStores = new ArrayList();
            this.identityManagers = new ArrayList();
            this.trustManagers = new ArrayList();
            this.sslParameters = new SSLParameters();
            this.passwordCachingEnabled = false;
        }

        public Builder withSystemTrustMaterial() {
            this.trustManagers.add(TrustManagerUtils.createTrustManagerWithSystemTrustedCertificates());
            return this;
        }

        public Builder withDefaultTrustMaterial() {
            this.trustManagers.add(TrustManagerUtils.createTrustManagerWithJdkTrustedCertificates());
            return this;
        }

        public Builder withTrustMaterial(X509ExtendedTrustManager x509ExtendedTrustManager) {
            this.trustManagers.add(x509ExtendedTrustManager);
            return this;
        }

        public Builder withTrustMaterial(String str, char[] cArr) {
            return withTrustMaterial(str, cArr, KeyStore.getDefaultType());
        }

        public Builder withTrustMaterial(String str, char[] cArr, String str2) {
            if (isBlank(str)) {
                throw new GenericKeyStoreException(TRUST_STORE_VALIDATION_EXCEPTION_MESSAGE);
            }
            try {
                this.trustStores.add(new KeyStoreHolder(KeyStoreUtils.loadKeyStore(str, cArr, str2), cArr));
                return this;
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new GenericKeyStoreException(KEY_STORE_LOADING_EXCEPTION, e);
            }
        }

        public Builder withTrustMaterial(Path path, char[] cArr) {
            return withTrustMaterial(path, cArr, KeyStore.getDefaultType());
        }

        public Builder withTrustMaterial(Path path, char[] cArr, String str) {
            if (Objects.isNull(path) || isBlank(str)) {
                throw new GenericKeyStoreException(TRUST_STORE_VALIDATION_EXCEPTION_MESSAGE);
            }
            try {
                this.trustStores.add(new KeyStoreHolder(KeyStoreUtils.loadKeyStore(path, cArr, str), cArr));
                return this;
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new GenericKeyStoreException(KEY_STORE_LOADING_EXCEPTION, e);
            }
        }

        public Builder withTrustMaterial(KeyStore keyStore) {
            withTrustMaterial(keyStore, SSLFactory.EMPTY_PASSWORD);
            return this;
        }

        public Builder withTrustMaterial(KeyStore keyStore, char[] cArr) {
            validateKeyStore(keyStore, TRUST_STORE_VALIDATION_EXCEPTION_MESSAGE);
            this.trustStores.add(new KeyStoreHolder(keyStore, cArr));
            return this;
        }

        public Builder withIdentityMaterial(String str, char[] cArr) {
            return withIdentityMaterial(str, cArr, cArr, KeyStore.getDefaultType());
        }

        public Builder withIdentityMaterial(String str, char[] cArr, char[] cArr2) {
            return withIdentityMaterial(str, cArr, cArr2, KeyStore.getDefaultType());
        }

        public Builder withIdentityMaterial(String str, char[] cArr, String str2) {
            return withIdentityMaterial(str, cArr, cArr, str2);
        }

        public Builder withIdentityMaterial(String str, char[] cArr, char[] cArr2, String str2) {
            if (isBlank(str) || isBlank(str2)) {
                throw new GenericKeyStoreException(IDENTITY_VALIDATION_EXCEPTION_MESSAGE);
            }
            try {
                this.identities.add(new KeyStoreHolder(KeyStoreUtils.loadKeyStore(str, cArr, str2), cArr, cArr2));
                return this;
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new GenericKeyStoreException(KEY_STORE_LOADING_EXCEPTION, e);
            }
        }

        public Builder withIdentityMaterial(Path path, char[] cArr) {
            return withIdentityMaterial(path, cArr, cArr, KeyStore.getDefaultType());
        }

        public Builder withIdentityMaterial(Path path, char[] cArr, char[] cArr2) {
            return withIdentityMaterial(path, cArr, cArr2, KeyStore.getDefaultType());
        }

        public Builder withIdentityMaterial(Path path, char[] cArr, String str) {
            return withIdentityMaterial(path, cArr, cArr, str);
        }

        public Builder withIdentityMaterial(Path path, char[] cArr, char[] cArr2, String str) {
            if (Objects.isNull(path) || isBlank(str)) {
                throw new GenericKeyStoreException(IDENTITY_VALIDATION_EXCEPTION_MESSAGE);
            }
            try {
                this.identities.add(new KeyStoreHolder(KeyStoreUtils.loadKeyStore(path, cArr, str), cArr, cArr2));
                return this;
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new GenericKeyStoreException(KEY_STORE_LOADING_EXCEPTION, e);
            }
        }

        public Builder withIdentityMaterial(KeyStore keyStore, char[] cArr) {
            return withIdentityMaterial(keyStore, cArr, cArr);
        }

        public Builder withIdentityMaterial(KeyStore keyStore, char[] cArr, char[] cArr2) {
            validateKeyStore(keyStore, IDENTITY_VALIDATION_EXCEPTION_MESSAGE);
            this.identities.add(new KeyStoreHolder(keyStore, cArr, cArr2));
            return this;
        }

        public Builder withIdentityMaterial(X509ExtendedKeyManager x509ExtendedKeyManager) {
            this.identityManagers.add(x509ExtendedKeyManager);
            return this;
        }

        private void validateKeyStore(KeyStore keyStore, String str) {
            if (Objects.isNull(keyStore)) {
                throw new GenericKeyStoreException(str);
            }
        }

        public Builder withHostnameVerifier(HostnameVerifier hostnameVerifier) {
            this.hostnameVerifier = hostnameVerifier;
            return this;
        }

        public Builder withCiphers(String... strArr) {
            this.sslParameters.setCipherSuites(strArr);
            return this;
        }

        public Builder withProtocols(String... strArr) {
            this.sslParameters.setProtocols(strArr);
            return this;
        }

        @Deprecated
        public Builder withProtocol(String str) {
            this.sslContextProtocol = str;
            return this;
        }

        public Builder withSecureRandom(SecureRandom secureRandom) {
            this.secureRandom = secureRandom;
            return this;
        }

        public Builder withTrustingAllCertificatesWithoutValidation() {
            SSLFactory.LOGGER.warn("UnsafeTrustManager is being used. Client/Server certificates will be accepted without validation. Please don't use this configuration at production.");
            this.trustManagers.add(UnsafeX509ExtendedTrustManager.INSTANCE);
            return this;
        }

        public Builder withPasswordCaching() {
            this.passwordCachingEnabled = true;
            return this;
        }

        public SSLFactory build() {
            if (isIdentityMaterialNotPresent() && isTrustMaterialNotPresent()) {
                throw new GenericSecurityException(IDENTITY_AND_TRUST_MATERIAL_VALIDATION_EXCEPTION_MESSAGE);
            }
            SSLFactory sSLFactory = new SSLFactory(this.sslContextProtocol, this.secureRandom, this.hostnameVerifier, this.identities, this.identityManagers, this.trustStores, this.trustManagers, this.passwordCachingEnabled, this.sslParameters);
            if (isIdentityMaterialPresent() && isTrustMaterialNotPresent()) {
                sSLFactory.createSSLContextWithIdentityMaterial();
            }
            if (isIdentityMaterialNotPresent() && isTrustMaterialPresent()) {
                sSLFactory.createSSLContextWithTrustMaterial();
            }
            if (isIdentityMaterialPresent() && isTrustMaterialPresent()) {
                sSLFactory.createSSLContextWithIdentityMaterialAndTrustMaterial();
            }
            return sSLFactory;
        }

        private boolean isTrustMaterialPresent() {
            return (this.trustStores.isEmpty() && this.trustManagers.isEmpty()) ? false : true;
        }

        private boolean isTrustMaterialNotPresent() {
            return !isTrustMaterialPresent();
        }

        private boolean isIdentityMaterialPresent() {
            return (this.identities.isEmpty() && this.identityManagers.isEmpty()) ? false : true;
        }

        private boolean isIdentityMaterialNotPresent() {
            return !isIdentityMaterialPresent();
        }

        private boolean isBlank(CharSequence charSequence) {
            int length = Objects.isNull(charSequence) ? 0 : charSequence.length();
            if (length == 0) {
                return true;
            }
            for (int i = 0; i < length; i++) {
                if (!Character.isWhitespace(charSequence.charAt(i))) {
                    return false;
                }
            }
            return true;
        }
    }

    private SSLFactory(String str, SecureRandom secureRandom, HostnameVerifier hostnameVerifier, List<KeyStoreHolder> list, List<X509ExtendedKeyManager> list2, List<KeyStoreHolder> list3, List<X509ExtendedTrustManager> list4, boolean z, SSLParameters sSLParameters) {
        this.identities = new ArrayList();
        this.identityManagers = new ArrayList();
        this.trustStores = new ArrayList();
        this.trustManagers = new ArrayList();
        this.sslContextProtocol = str;
        this.secureRandom = secureRandom;
        this.hostnameVerifier = hostnameVerifier;
        this.identities.addAll(list);
        this.identityManagers.addAll(list2);
        this.trustStores.addAll(list3);
        this.trustManagers.addAll(list4);
        this.passwordCachingEnabled = z;
        this.sslParameters = sSLParameters;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void createSSLContextWithIdentityMaterial() {
        createSSLContext(createKeyManager(), null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void createSSLContextWithTrustMaterial() {
        createSSLContext(null, createTrustManagers());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void createSSLContextWithIdentityMaterialAndTrustMaterial() {
        createSSLContext(createKeyManager(), createTrustManagers());
    }

    private void createSSLContext(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) {
        try {
            this.sslContext = SSLContext.getInstance(this.sslContextProtocol);
            this.sslContext.init(keyManagerArr, trustManagerArr, this.secureRandom);
            postConstructRemainingSslMaterials();
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new GenericSSLContextException(e);
        }
    }

    private KeyManager[] createKeyManager() {
        this.keyManager = CompositeX509ExtendedKeyManager.builder().withKeyManagers(this.identityManagers).withIdentities(this.identities).build();
        if (!this.passwordCachingEnabled && !this.identities.isEmpty()) {
            sanitizeKeyStores(this.identities);
        }
        return new X509ExtendedKeyManager[]{this.keyManager};
    }

    private TrustManager[] createTrustManagers() {
        this.trustManager = CompositeX509ExtendedTrustManager.builder().withTrustManagers(this.trustManagers).withTrustStores((List<? extends KeyStore>) this.trustStores.stream().map((v0) -> {
            return v0.getKeyStore();
        }).collect(Collectors.toList())).build();
        if (!this.passwordCachingEnabled && !this.trustStores.isEmpty()) {
            sanitizeKeyStores(this.trustStores);
        }
        return new TrustManager[]{this.trustManager};
    }

    private void sanitizeKeyStores(List<KeyStoreHolder> list) {
        List list2 = (List) list.stream().map(keyStoreHolder -> {
            return new KeyStoreHolder(keyStoreHolder.getKeyStore(), EMPTY_PASSWORD, EMPTY_PASSWORD);
        }).collect(Collectors.toList());
        list.clear();
        list.addAll(list2);
    }

    private void postConstructRemainingSslMaterials() {
        reinitializeSslParameters();
        this.sslSocketFactory = new CompositeSSLSocketFactory(this.sslContext.getSocketFactory(), this.sslParameters);
        this.sslServerSocketFactory = new CompositeSSLServerSocketFactory(this.sslContext.getServerSocketFactory(), this.sslParameters);
        this.trustedCertificates = (List) Optional.ofNullable(this.trustManager).map((v0) -> {
            return v0.getAcceptedIssuers();
        }).flatMap(x509CertificateArr -> {
            return Optional.of(Arrays.asList(x509CertificateArr));
        }).map(Collections::unmodifiableList).orElse(Collections.emptyList());
    }

    private void reinitializeSslParameters() {
        SSLParameters defaultSSLParameters = this.sslContext.getDefaultSSLParameters();
        String[] strArr = (String[]) Optional.ofNullable(this.sslParameters.getCipherSuites()).orElse(defaultSSLParameters.getCipherSuites());
        String[] strArr2 = (String[]) Optional.ofNullable(this.sslParameters.getProtocols()).orElse(defaultSSLParameters.getProtocols());
        this.sslParameters.setCipherSuites(strArr);
        this.sslParameters.setProtocols(strArr2);
        this.ciphers = Collections.unmodifiableList(Arrays.asList(strArr));
        this.protocols = Collections.unmodifiableList(Arrays.asList(strArr2));
    }

    public List<KeyStoreHolder> getIdentities() {
        return Collections.unmodifiableList(this.identities);
    }

    public List<KeyStoreHolder> getTrustStores() {
        return Collections.unmodifiableList(this.trustStores);
    }

    public SSLContext getSslContext() {
        return this.sslContext;
    }

    public SSLSocketFactory getSslSocketFactory() {
        return this.sslSocketFactory;
    }

    public SSLServerSocketFactory getSslServerSocketFactory() {
        return this.sslServerSocketFactory;
    }

    public Optional<X509ExtendedKeyManager> getKeyManager() {
        return Optional.ofNullable(this.keyManager);
    }

    public Optional<X509ExtendedTrustManager> getTrustManager() {
        return Optional.ofNullable(this.trustManager);
    }

    public List<X509Certificate> getTrustedCertificates() {
        return this.trustedCertificates;
    }

    public HostnameVerifier getHostnameVerifier() {
        return this.hostnameVerifier;
    }

    public List<String> getCiphers() {
        return this.ciphers;
    }

    public List<String> getProtocols() {
        return this.protocols;
    }

    public SSLParameters getSslParameters() {
        return this.sslParameters;
    }

    public static Builder builder() {
        return new Builder();
    }
}
