package nl.altindag.sslcontext;

import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.nio.file.Path;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import nl.altindag.sslcontext.exception.GenericKeyStoreException;
import nl.altindag.sslcontext.exception.GenericSSLContextException;
import nl.altindag.sslcontext.keymanager.CompositeX509KeyManager;
import nl.altindag.sslcontext.keymanager.KeyManagerFactoryWrapper;
import nl.altindag.sslcontext.model.KeyStoreHolder;
import nl.altindag.sslcontext.trustmanager.CompositeX509TrustManager;
import nl.altindag.sslcontext.trustmanager.TrustManagerFactoryWrapper;
import nl.altindag.sslcontext.trustmanager.UnsafeTrustManager;
import nl.altindag.sslcontext.util.KeystoreUtils;
import nl.altindag.sslcontext.util.TrustManagerUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:nl/altindag/sslcontext/SSLFactory.class */
public class SSLFactory {
    private static final Logger LOGGER = LogManager.getLogger(SSLFactory.class);
    private final List<KeyStoreHolder> identities;
    private final List<KeyStoreHolder> trustStores;
    private boolean securityEnabled;
    private boolean oneWayAuthenticationEnabled;
    private boolean twoWayAuthenticationEnabled;
    private boolean includeDefaultJdkTrustStore;
    private boolean trustingAllCertificatesWithoutValidationEnabled;
    private String protocol;
    private SSLContext sslContext;
    private CompositeX509TrustManager trustManager;
    private TrustManagerFactory trustManagerFactory;
    private CompositeX509KeyManager keyManager;
    private KeyManagerFactory keyManagerFactory;
    private HostnameVerifier hostnameVerifier;

    /* loaded from: input_file:nl/altindag/sslcontext/SSLFactory$Builder.class */
    public static class Builder {
        private static final String TRUST_STORE_VALIDATION_EXCEPTION_MESSAGE = "TrustStore details are empty, which are required to be present when SSL/TLS is enabled";
        private static final String TRUST_STRATEGY_VALIDATION_EXCEPTION_MESSAGE = "Trust strategy is missing. Please validate if the TrustStore is present, or including default JDK trustStore is enabled or trusting all certificates without validation is enabled";
        private static final String IDENTITY_VALIDATION_EXCEPTION_MESSAGE = "Identity details are empty, which are required to be present when SSL/TLS is enabled";
        private static final String KEY_STORE_LOADING_EXCEPTION = "Failed to load the keystore";
        private String protocol;
        private boolean hostnameVerifierEnabled;
        private final List<KeyStoreHolder> identities;
        private final List<KeyStoreHolder> trustStores;
        private boolean oneWayAuthenticationEnabled;
        private boolean twoWayAuthenticationEnabled;
        private boolean includeDefaultJdkTrustStore;
        private boolean trustingAllCertificatesWithoutValidationEnabled;

        private Builder() {
            this.protocol = "TLSv1.2";
            this.hostnameVerifierEnabled = true;
            this.identities = new ArrayList();
            this.trustStores = new ArrayList();
            this.includeDefaultJdkTrustStore = false;
            this.trustingAllCertificatesWithoutValidationEnabled = false;
        }

        public Builder withDefaultJdkTrustStore() {
            this.includeDefaultJdkTrustStore = true;
            this.oneWayAuthenticationEnabled = true;
            return this;
        }

        public Builder withTrustStore(String str, char[] cArr) {
            return withTrustStore(str, cArr, KeyStore.getDefaultType());
        }

        public Builder withTrustStore(String str, char[] cArr, String str2) {
            if (StringUtils.isBlank(str) || ArrayUtils.isEmpty(cArr)) {
                throw new GenericKeyStoreException(TRUST_STORE_VALIDATION_EXCEPTION_MESSAGE);
            }
            try {
                this.trustStores.add(new KeyStoreHolder(KeystoreUtils.loadKeyStore(str, cArr, str2), cArr));
                this.oneWayAuthenticationEnabled = true;
                return this;
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new GenericKeyStoreException(KEY_STORE_LOADING_EXCEPTION, e);
            }
        }

        public Builder withTrustStore(Path path, char[] cArr) {
            return withTrustStore(path, cArr, KeyStore.getDefaultType());
        }

        public Builder withTrustStore(Path path, char[] cArr, String str) {
            if (Objects.isNull(path) || ArrayUtils.isEmpty(cArr) || StringUtils.isBlank(str)) {
                throw new GenericKeyStoreException(TRUST_STORE_VALIDATION_EXCEPTION_MESSAGE);
            }
            try {
                this.trustStores.add(new KeyStoreHolder(KeystoreUtils.loadKeyStore(path, cArr, str), cArr));
                this.oneWayAuthenticationEnabled = true;
                return this;
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new GenericKeyStoreException(KEY_STORE_LOADING_EXCEPTION, e);
            }
        }

        public Builder withTrustStore(KeyStore keyStore, char[] cArr) {
            validateKeyStore(keyStore, cArr, TRUST_STORE_VALIDATION_EXCEPTION_MESSAGE);
            this.trustStores.add(new KeyStoreHolder(keyStore, cArr));
            this.oneWayAuthenticationEnabled = true;
            return this;
        }

        public Builder withIdentity(String str, char[] cArr) {
            return withIdentity(str, cArr, KeyStore.getDefaultType());
        }

        public Builder withIdentity(String str, char[] cArr, String str2) {
            if (StringUtils.isBlank(str) || ArrayUtils.isEmpty(cArr) || StringUtils.isBlank(str2)) {
                throw new GenericKeyStoreException(IDENTITY_VALIDATION_EXCEPTION_MESSAGE);
            }
            try {
                this.identities.add(new KeyStoreHolder(KeystoreUtils.loadKeyStore(str, cArr, str2), cArr));
                this.twoWayAuthenticationEnabled = true;
                return this;
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new GenericKeyStoreException(KEY_STORE_LOADING_EXCEPTION, e);
            }
        }

        public Builder withIdentity(Path path, char[] cArr) {
            return withIdentity(path, cArr, KeyStore.getDefaultType());
        }

        public Builder withIdentity(Path path, char[] cArr, String str) {
            if (Objects.isNull(path) || ArrayUtils.isEmpty(cArr) || StringUtils.isBlank(str)) {
                throw new GenericKeyStoreException(IDENTITY_VALIDATION_EXCEPTION_MESSAGE);
            }
            try {
                this.identities.add(new KeyStoreHolder(KeystoreUtils.loadKeyStore(path, cArr, str), cArr));
                this.twoWayAuthenticationEnabled = true;
                return this;
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new GenericKeyStoreException(KEY_STORE_LOADING_EXCEPTION, e);
            }
        }

        public Builder withIdentity(KeyStore keyStore, char[] cArr) {
            validateKeyStore(keyStore, cArr, IDENTITY_VALIDATION_EXCEPTION_MESSAGE);
            this.identities.add(new KeyStoreHolder(keyStore, cArr));
            this.twoWayAuthenticationEnabled = true;
            return this;
        }

        private void validateKeyStore(KeyStore keyStore, char[] cArr, String str) {
            if (Objects.isNull(keyStore) || ArrayUtils.isEmpty(cArr)) {
                throw new GenericKeyStoreException(str);
            }
        }

        public Builder withHostnameVerifierEnabled(boolean z) {
            this.hostnameVerifierEnabled = z;
            return this;
        }

        public Builder withProtocol(String str) {
            this.protocol = str;
            return this;
        }

        public Builder withTrustingAllCertificatesWithoutValidation() {
            this.trustingAllCertificatesWithoutValidationEnabled = true;
            this.oneWayAuthenticationEnabled = true;
            return this;
        }

        public SSLFactory build() {
            SSLFactory sSLFactory = new SSLFactory();
            if (!this.oneWayAuthenticationEnabled && !this.twoWayAuthenticationEnabled) {
                return sSLFactory;
            }
            validateTrustStore();
            buildHostnameVerifier(sSLFactory);
            sSLFactory.protocol = this.protocol;
            sSLFactory.securityEnabled = true;
            sSLFactory.includeDefaultJdkTrustStore = this.includeDefaultJdkTrustStore;
            sSLFactory.trustingAllCertificatesWithoutValidationEnabled = this.trustingAllCertificatesWithoutValidationEnabled;
            if (this.twoWayAuthenticationEnabled) {
                this.oneWayAuthenticationEnabled = false;
            }
            buildSLLContextForOneWayAuthenticationIfEnabled(sSLFactory);
            buildSLLContextForTwoWayAuthenticationIfEnabled(sSLFactory);
            return sSLFactory;
        }

        private void buildHostnameVerifier(SSLFactory sSLFactory) {
            if (this.hostnameVerifierEnabled) {
                sSLFactory.hostnameVerifier = new DefaultHostnameVerifier();
            } else {
                sSLFactory.hostnameVerifier = new NoopHostnameVerifier();
            }
        }

        private void buildSLLContextForOneWayAuthenticationIfEnabled(SSLFactory sSLFactory) {
            if (this.oneWayAuthenticationEnabled) {
                sSLFactory.oneWayAuthenticationEnabled = true;
                sSLFactory.trustStores.addAll(this.trustStores);
                sSLFactory.createSSLContextWithTrustStore();
            }
        }

        private void buildSLLContextForTwoWayAuthenticationIfEnabled(SSLFactory sSLFactory) {
            if (this.twoWayAuthenticationEnabled) {
                sSLFactory.twoWayAuthenticationEnabled = true;
                sSLFactory.identities.addAll(this.identities);
                sSLFactory.trustStores.addAll(this.trustStores);
                sSLFactory.createSSLContextWithKeyStoreAndTrustStore();
            }
        }

        private void validateTrustStore() {
            if (this.trustStores.isEmpty() && !this.includeDefaultJdkTrustStore && !this.trustingAllCertificatesWithoutValidationEnabled) {
                throw new GenericKeyStoreException(TRUST_STRATEGY_VALIDATION_EXCEPTION_MESSAGE);
            }
        }
    }

    private SSLFactory() {
        this.identities = new ArrayList();
        this.trustStores = new ArrayList();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void createSSLContextWithTrustStore() {
        try {
            createSSLContext(null, createTrustManagerFactory().getTrustManagers());
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new GenericSSLContextException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void createSSLContextWithKeyStoreAndTrustStore() {
        try {
            createSSLContext(createKeyManagerFactory().getKeyManagers(), createTrustManagerFactory().getTrustManagers());
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new GenericSSLContextException(e);
        }
    }

    private void createSSLContext(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) throws NoSuchAlgorithmException, KeyManagementException {
        this.sslContext = SSLContext.getInstance(this.protocol);
        this.sslContext.init(keyManagerArr, trustManagerArr, null);
    }

    private KeyManagerFactory createKeyManagerFactory() {
        this.keyManager = CompositeX509KeyManager.builder().withIdentities(this.identities).build();
        this.keyManagerFactory = new KeyManagerFactoryWrapper(this.keyManager);
        return this.keyManagerFactory;
    }

    private TrustManagerFactory createTrustManagerFactory() {
        CompositeX509TrustManager.Builder builder = CompositeX509TrustManager.builder();
        if (this.trustingAllCertificatesWithoutValidationEnabled) {
            LOGGER.warn("UnsafeTrustManager is being used. Client/Server certificates will be accepted without validation. Please don't use this configuration at production.");
            builder.withTrustManagers(UnsafeTrustManager.INSTANCE);
        }
        if (this.includeDefaultJdkTrustStore) {
            builder.withTrustManagers(TrustManagerUtils.createTrustManagerWithJdkTrustedCertificates());
        }
        this.trustStores.forEach(keyStoreHolder -> {
            builder.withTrustStore(keyStoreHolder.getKeyStore(), TrustManagerFactory.getDefaultAlgorithm());
        });
        this.trustManager = builder.build();
        this.trustManagerFactory = new TrustManagerFactoryWrapper(this.trustManager);
        return this.trustManagerFactory;
    }

    public List<KeyStoreHolder> getIdentities() {
        return ImmutableList.copyOf(this.identities);
    }

    public List<KeyStoreHolder> getTrustStores() {
        return ImmutableList.copyOf(this.trustStores);
    }

    public boolean isSecurityEnabled() {
        return this.securityEnabled;
    }

    public boolean isOneWayAuthenticationEnabled() {
        return this.oneWayAuthenticationEnabled;
    }

    public boolean isTwoWayAuthenticationEnabled() {
        return this.twoWayAuthenticationEnabled;
    }

    public SSLContext getSslContext() {
        return this.sslContext;
    }

    public X509KeyManager getKeyManager() {
        return this.keyManager;
    }

    public KeyManagerFactory getKeyManagerFactory() {
        return this.keyManagerFactory;
    }

    public X509TrustManager getTrustManager() {
        return this.trustManager;
    }

    public TrustManagerFactory getTrustManagerFactory() {
        return this.trustManagerFactory;
    }

    public X509Certificate[] getTrustedCertificates() {
        return (X509Certificate[]) Optional.ofNullable(this.trustManager).map((v0) -> {
            return v0.getAcceptedIssuers();
        }).orElse(new X509Certificate[0]);
    }

    public HostnameVerifier getHostnameVerifier() {
        return this.hostnameVerifier;
    }

    public static Builder builder() {
        return new Builder();
    }
}
