package com.caucho.quercus.lib.curl;

import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import javax.xml.bind.DatatypeConverter;
import sun.security.util.DerInputStream;
import sun.security.util.DerValue;

/* loaded from: input_file:com/caucho/quercus/lib/curl/CurlSSLContextFactory.class */
public class CurlSSLContextFactory {
    private static String PKCS12_HEADER = "-----BEGIN RSA PRIVATE KEY-----";
    private static String PKCS12_FOOTER = "-----END RSA PRIVATE KEY-----";
    private static String PKCS8_HEADER = "-----BEGIN PRIVATE KEY-----";
    private static String PKCS8_FOOTER = "-----END PRIVATE KEY-----";
    private static String PKCS8_ENC_HEADER = "-----BEGIN ENCRYPTED PRIVATE KEY-----";
    private static String PKCS8_ENC_FOOTER = "-----END ENCRYPTED PRIVATE KEY-----";

    public static SSLContext createUntrusted(String str) throws Exception {
        SSLContext sSLContext = SSLContext.getInstance(str);
        sSLContext.init(null, new TrustManager[]{new X509TrustManager() { // from class: com.caucho.quercus.lib.curl.CurlSSLContextFactory.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        }}, new SecureRandom());
        return sSLContext;
    }

    public static SSLContext createCaInfo(String str, String str2) throws Exception {
        SSLContext sSLContext = SSLContext.getInstance(str);
        X509Certificate certificate = getCertificate(str2);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        keyStore.setCertificateEntry("server_key", certificate);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, null);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
        trustManagerFactory.init(keyStore);
        sSLContext.init(keyManagers, trustManagerFactory.getTrustManagers(), null);
        return sSLContext;
    }

    public static SSLContext create(String str, String str2, String str3, String str4) throws Exception {
        X509Certificate certificate = getCertificate(str);
        PrivateKey privateKey = getPrivateKey(str2, str3);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        keyStore.setEntry("client_key", new KeyStore.TrustedCertificateEntry(certificate), null);
        String str5 = str3 != null ? str3 : "changeit";
        keyStore.setKeyEntry("client_key_prv", privateKey, str5.toCharArray(), new Certificate[]{certificate});
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, str5.toCharArray());
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if ("client_key" != 0) {
            for (int i = 0; i < keyManagers.length; i++) {
                keyManagers[i] = new CurlX509KeyManager((X509KeyManager) keyManagers[i], "client_key");
            }
        }
        SSLContext sSLContext = SSLContext.getInstance(str4);
        sSLContext.init(keyManagers, null, new SecureRandom());
        return sSLContext;
    }

    private static X509Certificate getCertificate(String str) throws Exception {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(str));
    }

    private static PrivateKey getPrivateKey(String str, String str2) throws Exception {
        FileInputStream fileInputStream = new FileInputStream(str);
        StringBuilder sb = new StringBuilder();
        while (true) {
            try {
                int read = fileInputStream.read();
                if (read < 0) {
                    break;
                }
                sb.append((char) read);
            } finally {
                fileInputStream.close();
            }
        }
        String sb2 = sb.toString();
        PrivateKey privateKey = null;
        BouncyProvider bouncy = BouncyProvider.getBouncy();
        if (bouncy != null) {
            privateKey = bouncy.getPrivateKey(sb2, str2);
        }
        if (privateKey == null) {
            privateKey = getPrivateKeyPkcs12(sb2);
        }
        if (privateKey == null) {
            privateKey = getPrivateKeyPkcs8(sb2);
        }
        if (privateKey == null) {
            privateKey = getPrivateKeyPkcs8Encrypted(sb2, str2);
        }
        if (privateKey == null) {
            throw new IOException("unknown key format: " + str);
        }
        return privateKey;
    }

    private static byte[] getBytes(String str, String str2, String str3) throws Exception {
        int indexOf = str.indexOf(str2);
        if (indexOf < 0) {
            return null;
        }
        int indexOf2 = str.indexOf(str3, indexOf + str2.length());
        if (indexOf2 < 0) {
            throw new IOException("missing footer: " + str3);
        }
        return DatatypeConverter.parseBase64Binary(str.substring(indexOf + str2.length(), indexOf2).replaceAll("\\s", ""));
    }

    private static PrivateKey getPrivateKeyPkcs12(String str) throws Exception {
        byte[] bytes = getBytes(str, PKCS12_HEADER, PKCS12_FOOTER);
        if (bytes == null) {
            return null;
        }
        DerValue[] sequence = new DerInputStream(bytes).getSequence(0);
        return KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateCrtKeySpec(sequence[1].getBigInteger(), sequence[2].getBigInteger(), sequence[3].getBigInteger(), sequence[4].getBigInteger(), sequence[5].getBigInteger(), sequence[6].getBigInteger(), sequence[7].getBigInteger(), sequence[8].getBigInteger()));
    }

    private static PrivateKey getPrivateKeyPkcs8(String str) throws Exception {
        byte[] bytes = getBytes(str, PKCS8_HEADER, PKCS8_FOOTER);
        if (bytes == null) {
            return null;
        }
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bytes));
    }

    private static PrivateKey getPrivateKeyPkcs8Encrypted(String str, String str2) throws Exception {
        byte[] bytes = getBytes(str, PKCS8_ENC_HEADER, PKCS8_ENC_FOOTER);
        if (bytes == null) {
            return null;
        }
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bytes);
        Cipher cipher = Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
        cipher.init(2, SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(str2.toCharArray())), encryptedPrivateKeyInfo.getAlgParameters());
        return KeyFactory.getInstance("RSA").generatePrivate(encryptedPrivateKeyInfo.getKeySpec(cipher));
    }
}
