package nl.altindag.sslcontext;

import java.io.IOException;
import java.lang.reflect.Array;
import java.nio.file.Path;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import nl.altindag.sslcontext.exception.GenericKeyStoreException;
import nl.altindag.sslcontext.exception.GenericSSLContextException;
import nl.altindag.sslcontext.exception.GenericSecurityException;
import nl.altindag.sslcontext.keymanager.CompositeX509ExtendedKeyManager;
import nl.altindag.sslcontext.model.KeyStoreHolder;
import nl.altindag.sslcontext.trustmanager.CompositeX509ExtendedTrustManager;
import nl.altindag.sslcontext.trustmanager.UnsafeX509ExtendedTrustManager;
import nl.altindag.sslcontext.util.KeyStoreUtils;
import nl.altindag.sslcontext.util.TrustManagerUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:nl/altindag/sslcontext/SSLFactory.class */
public final class SSLFactory {
    private static final Logger LOGGER = LoggerFactory.getLogger(SSLFactory.class);
    private static final char[] EMPTY_PASSWORD = new char[0];
    private final String protocol;
    private final SecureRandom secureRandom;
    private final HostnameVerifier hostnameVerifier;
    private final List<KeyStoreHolder> identities;
    private final List<X509ExtendedKeyManager> identityManagers;
    private final List<KeyStoreHolder> trustStores;
    private final List<X509ExtendedTrustManager> trustManagers;
    private final boolean includeDefaultJdkTrustStore;
    private final boolean trustingAllCertificatesWithoutValidationEnabled;
    private final boolean passwordCachingEnabled;
    private SSLContext sslContext;
    private CompositeX509ExtendedTrustManager trustManager;
    private CompositeX509ExtendedKeyManager keyManager;

    /* loaded from: input_file:nl/altindag/sslcontext/SSLFactory$Builder.class */
    public static class Builder {
        private static final String TRUST_STORE_VALIDATION_EXCEPTION_MESSAGE = "TrustStore details are empty, which are required to be present when SSL/TLS is enabled";
        private static final String TRUST_STRATEGY_VALIDATION_EXCEPTION_MESSAGE = "Trust strategy is missing. Please validate if the TrustStore is present, or including default JDK TrustStore is enabled, or TrustManager is present, or trusting all certificates without validation is enabled";
        private static final String IDENTITY_VALIDATION_EXCEPTION_MESSAGE = "Identity details are empty, which are required to be present when SSL/TLS is enabled";
        private static final String KEY_STORE_LOADING_EXCEPTION = "Failed to load the keystore";
        public static final String IDENTITY_AND_TRUST_MATERIAL_VALIDATION_EXCEPTION_MESSAGE = "Could not create instance of SSLFactory because Identity and Trust material are not present. Please provide at least a Trust material.";
        private String protocol;
        private SecureRandom secureRandom;
        private HostnameVerifier hostnameVerifier;
        private final List<KeyStoreHolder> identities;
        private final List<KeyStoreHolder> trustStores;
        private final List<X509ExtendedKeyManager> identityManagers;
        private final List<X509ExtendedTrustManager> trustManagers;
        private boolean includeDefaultJdkTrustStore;
        private boolean trustingAllCertificatesWithoutValidationEnabled;
        private boolean passwordCachingEnabled;

        private Builder() {
            this.protocol = "TLSv1.2";
            this.secureRandom = new SecureRandom();
            this.hostnameVerifier = (str, sSLSession) -> {
                return str.equalsIgnoreCase(sSLSession.getPeerHost());
            };
            this.identities = new ArrayList();
            this.trustStores = new ArrayList();
            this.identityManagers = new ArrayList();
            this.trustManagers = new ArrayList();
            this.includeDefaultJdkTrustStore = false;
            this.trustingAllCertificatesWithoutValidationEnabled = false;
            this.passwordCachingEnabled = false;
        }

        public Builder withDefaultTrustMaterial() {
            this.includeDefaultJdkTrustStore = true;
            return this;
        }

        public Builder withTrustMaterial(X509ExtendedTrustManager x509ExtendedTrustManager) {
            this.trustManagers.add(x509ExtendedTrustManager);
            return this;
        }

        public Builder withTrustMaterial(String str, char[] cArr) {
            return withTrustMaterial(str, cArr, KeyStore.getDefaultType());
        }

        public Builder withTrustMaterial(String str, char[] cArr, String str2) {
            if (isBlank(str) || isEmpty(cArr)) {
                throw new GenericKeyStoreException(TRUST_STORE_VALIDATION_EXCEPTION_MESSAGE);
            }
            try {
                this.trustStores.add(new KeyStoreHolder(KeyStoreUtils.loadKeyStore(str, cArr, str2), cArr));
                return this;
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new GenericKeyStoreException(KEY_STORE_LOADING_EXCEPTION, e);
            }
        }

        public Builder withTrustMaterial(Path path, char[] cArr) {
            return withTrustMaterial(path, cArr, KeyStore.getDefaultType());
        }

        public Builder withTrustMaterial(Path path, char[] cArr, String str) {
            if (Objects.isNull(path) || isEmpty(cArr) || isBlank(str)) {
                throw new GenericKeyStoreException(TRUST_STORE_VALIDATION_EXCEPTION_MESSAGE);
            }
            try {
                this.trustStores.add(new KeyStoreHolder(KeyStoreUtils.loadKeyStore(path, cArr, str), cArr));
                return this;
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new GenericKeyStoreException(KEY_STORE_LOADING_EXCEPTION, e);
            }
        }

        public Builder withTrustMaterial(KeyStore keyStore, char[] cArr) {
            validateKeyStore(keyStore, cArr, TRUST_STORE_VALIDATION_EXCEPTION_MESSAGE);
            this.trustStores.add(new KeyStoreHolder(keyStore, cArr));
            return this;
        }

        public Builder withIdentityMaterial(String str, char[] cArr) {
            return withIdentityMaterial(str, cArr, cArr, KeyStore.getDefaultType());
        }

        public Builder withIdentityMaterial(String str, char[] cArr, char[] cArr2) {
            return withIdentityMaterial(str, cArr, cArr2, KeyStore.getDefaultType());
        }

        public Builder withIdentityMaterial(String str, char[] cArr, String str2) {
            return withIdentityMaterial(str, cArr, cArr, str2);
        }

        public Builder withIdentityMaterial(String str, char[] cArr, char[] cArr2, String str2) {
            if (isBlank(str) || isEmpty(cArr) || isBlank(str2)) {
                throw new GenericKeyStoreException(IDENTITY_VALIDATION_EXCEPTION_MESSAGE);
            }
            try {
                this.identities.add(new KeyStoreHolder(KeyStoreUtils.loadKeyStore(str, cArr, str2), cArr, cArr2));
                return this;
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new GenericKeyStoreException(KEY_STORE_LOADING_EXCEPTION, e);
            }
        }

        public Builder withIdentityMaterial(Path path, char[] cArr) {
            return withIdentityMaterial(path, cArr, cArr, KeyStore.getDefaultType());
        }

        public Builder withIdentityMaterial(Path path, char[] cArr, char[] cArr2) {
            return withIdentityMaterial(path, cArr, cArr2, KeyStore.getDefaultType());
        }

        public Builder withIdentityMaterial(Path path, char[] cArr, String str) {
            return withIdentityMaterial(path, cArr, cArr, str);
        }

        public Builder withIdentityMaterial(Path path, char[] cArr, char[] cArr2, String str) {
            if (Objects.isNull(path) || isEmpty(cArr) || isBlank(str)) {
                throw new GenericKeyStoreException(IDENTITY_VALIDATION_EXCEPTION_MESSAGE);
            }
            try {
                this.identities.add(new KeyStoreHolder(KeyStoreUtils.loadKeyStore(path, cArr, str), cArr, cArr2));
                return this;
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new GenericKeyStoreException(KEY_STORE_LOADING_EXCEPTION, e);
            }
        }

        public Builder withIdentityMaterial(KeyStore keyStore, char[] cArr) {
            return withIdentityMaterial(keyStore, cArr, cArr);
        }

        public Builder withIdentityMaterial(KeyStore keyStore, char[] cArr, char[] cArr2) {
            validateKeyStore(keyStore, cArr, IDENTITY_VALIDATION_EXCEPTION_MESSAGE);
            this.identities.add(new KeyStoreHolder(keyStore, cArr, cArr2));
            return this;
        }

        public Builder withIdentityMaterial(X509ExtendedKeyManager x509ExtendedKeyManager) {
            this.identityManagers.add(x509ExtendedKeyManager);
            return this;
        }

        private void validateKeyStore(KeyStore keyStore, char[] cArr, String str) {
            if (Objects.isNull(keyStore) || isEmpty(cArr)) {
                throw new GenericKeyStoreException(str);
            }
        }

        public Builder withHostnameVerifier(HostnameVerifier hostnameVerifier) {
            this.hostnameVerifier = hostnameVerifier;
            return this;
        }

        public Builder withProtocol(String str) {
            this.protocol = str;
            return this;
        }

        public Builder withSecureRandom(SecureRandom secureRandom) {
            this.secureRandom = secureRandom;
            return this;
        }

        public Builder withTrustingAllCertificatesWithoutValidation() {
            this.trustingAllCertificatesWithoutValidationEnabled = true;
            return this;
        }

        public Builder withPasswordCaching() {
            this.passwordCachingEnabled = true;
            return this;
        }

        public SSLFactory build() {
            if (isIdentityMaterialNotPresent() && isTrustMaterialNotPresent()) {
                throw new GenericSecurityException(IDENTITY_AND_TRUST_MATERIAL_VALIDATION_EXCEPTION_MESSAGE);
            }
            if (isTrustMaterialNotPresent()) {
                throw new GenericKeyStoreException(TRUST_STRATEGY_VALIDATION_EXCEPTION_MESSAGE);
            }
            SSLFactory sSLFactory = new SSLFactory(this.protocol, this.secureRandom, this.hostnameVerifier, this.identities, this.identityManagers, this.trustStores, this.trustManagers, this.includeDefaultJdkTrustStore, this.trustingAllCertificatesWithoutValidationEnabled, this.passwordCachingEnabled);
            if (isIdentityMaterialPresent() && isTrustMaterialPresent()) {
                sSLFactory.createSSLContextWithKeyMaterialAndTrustMaterial();
            }
            if (isIdentityMaterialNotPresent() && isTrustMaterialPresent()) {
                sSLFactory.createSSLContextWithTrustMaterial();
            }
            return sSLFactory;
        }

        private boolean isTrustMaterialPresent() {
            return !this.trustStores.isEmpty() || !this.trustManagers.isEmpty() || this.includeDefaultJdkTrustStore || this.trustingAllCertificatesWithoutValidationEnabled;
        }

        private boolean isTrustMaterialNotPresent() {
            return !isTrustMaterialPresent();
        }

        private boolean isIdentityMaterialPresent() {
            return (this.identities.isEmpty() && this.identityManagers.isEmpty()) ? false : true;
        }

        private boolean isIdentityMaterialNotPresent() {
            return !isIdentityMaterialPresent();
        }

        private boolean isEmpty(char[] cArr) {
            return (Objects.isNull(cArr) ? 0 : Array.getLength(cArr)) == 0;
        }

        private boolean isBlank(CharSequence charSequence) {
            int length = Objects.isNull(charSequence) ? 0 : charSequence.length();
            if (length == 0) {
                return true;
            }
            for (int i = 0; i < length; i++) {
                if (!Character.isWhitespace(charSequence.charAt(i))) {
                    return false;
                }
            }
            return true;
        }
    }

    private SSLFactory(String str, SecureRandom secureRandom, HostnameVerifier hostnameVerifier, List<KeyStoreHolder> list, List<X509ExtendedKeyManager> list2, List<KeyStoreHolder> list3, List<X509ExtendedTrustManager> list4, boolean z, boolean z2, boolean z3) {
        this.identities = new ArrayList();
        this.identityManagers = new ArrayList();
        this.trustStores = new ArrayList();
        this.trustManagers = new ArrayList();
        this.protocol = str;
        this.secureRandom = secureRandom;
        this.hostnameVerifier = hostnameVerifier;
        this.identities.addAll(list);
        this.identityManagers.addAll(list2);
        this.trustStores.addAll(list3);
        this.trustManagers.addAll(list4);
        this.includeDefaultJdkTrustStore = z;
        this.trustingAllCertificatesWithoutValidationEnabled = z2;
        this.passwordCachingEnabled = z3;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void createSSLContextWithTrustMaterial() {
        createSSLContext(null, createTrustManagers());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void createSSLContextWithKeyMaterialAndTrustMaterial() {
        createSSLContext(createKeyManager(), createTrustManagers());
    }

    private void createSSLContext(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) {
        try {
            this.sslContext = SSLContext.getInstance(this.protocol);
            this.sslContext.init(keyManagerArr, trustManagerArr, this.secureRandom);
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new GenericSSLContextException(e);
        }
    }

    private KeyManager[] createKeyManager() {
        this.keyManager = CompositeX509ExtendedKeyManager.builder().withKeyManagers(this.identityManagers).withIdentities(this.identities).build();
        if (!this.passwordCachingEnabled && !this.identities.isEmpty()) {
            List<KeyStoreHolder> sanitizeKeyStores = sanitizeKeyStores(this.identities);
            this.identities.clear();
            this.identities.addAll(sanitizeKeyStores);
        }
        return new X509ExtendedKeyManager[]{this.keyManager};
    }

    private TrustManager[] createTrustManagers() {
        CompositeX509ExtendedTrustManager.Builder withTrustStores = CompositeX509ExtendedTrustManager.builder().withTrustManagers(this.trustManagers).withTrustStores((List<? extends KeyStore>) this.trustStores.stream().map((v0) -> {
            return v0.getKeyStore();
        }).collect(Collectors.toList()));
        if (this.trustingAllCertificatesWithoutValidationEnabled) {
            LOGGER.warn("UnsafeTrustManager is being used. Client/Server certificates will be accepted without validation. Please don't use this configuration at production.");
            withTrustStores.withTrustManagers(UnsafeX509ExtendedTrustManager.INSTANCE);
        }
        if (this.includeDefaultJdkTrustStore) {
            withTrustStores.withTrustManagers(TrustManagerUtils.createTrustManagerWithJdkTrustedCertificates());
        }
        this.trustManager = withTrustStores.build();
        if (!this.passwordCachingEnabled && !this.trustStores.isEmpty()) {
            List<KeyStoreHolder> sanitizeKeyStores = sanitizeKeyStores(this.trustStores);
            this.trustStores.clear();
            this.trustStores.addAll(sanitizeKeyStores);
        }
        return new TrustManager[]{this.trustManager};
    }

    private List<KeyStoreHolder> sanitizeKeyStores(List<KeyStoreHolder> list) {
        return (List) list.stream().map(keyStoreHolder -> {
            return new KeyStoreHolder(keyStoreHolder.getKeyStore(), EMPTY_PASSWORD, EMPTY_PASSWORD);
        }).collect(Collectors.toList());
    }

    public List<KeyStoreHolder> getIdentities() {
        return Collections.unmodifiableList(this.identities);
    }

    public List<KeyStoreHolder> getTrustStores() {
        return Collections.unmodifiableList(this.trustStores);
    }

    public SSLContext getSslContext() {
        return this.sslContext;
    }

    public Optional<X509ExtendedKeyManager> getKeyManager() {
        return Optional.ofNullable(this.keyManager);
    }

    public X509ExtendedTrustManager getTrustManager() {
        return this.trustManager;
    }

    public X509Certificate[] getTrustedCertificates() {
        return this.trustManager.getAcceptedIssuers();
    }

    public HostnameVerifier getHostnameVerifier() {
        return this.hostnameVerifier;
    }

    public static Builder builder() {
        return new Builder();
    }
}
