package com.prosc.security;

import com.prosc.io.IOUtils;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.UUID;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.xml.bind.DatatypeConverter;
import org.jetbrains.annotations.Nullable;
import sun.misc.BASE64Encoder;

/* loaded from: input_file:com/prosc/security/SecurityUtils.class */
public class SecurityUtils {
    public static final Logger log = Logger.getLogger(SecurityUtils.class.getName());
    private static final SecureRandom SECURE_RANDOM = new SecureRandom();
    private static SSLContext defaultContext;

    public static void addCertificatesToStoresWithPrivateKey(@Nullable InputStream inputStream, @Nullable String str, @Nullable String str2, @Nullable String str3, @Nullable InputStream... inputStreamArr) throws GeneralSecurityException, IOException {
        if (inputStream == null && inputStreamArr == null) {
            throw new IllegalArgumentException("You must provide a client certificate and/or a server certificate");
        }
        TrustManager[] trustManagerArr = null;
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        if (inputStreamArr == null || inputStreamArr.length <= 0) {
            log.info("No server-side certificate info provided, so trust manager will not be configured");
        } else {
            log.info("Configuring trust manager using " + inputStreamArr.length + " server-side certificate(s)");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            for (InputStream inputStream2 : inputStreamArr) {
                String uuid = UUID.randomUUID().toString();
                try {
                    keyStore.setCertificateEntry(uuid, CertificateFactory.getInstance("X.509").generateCertificate(inputStream2));
                    inputStream2.close();
                    if (!keyStore.isCertificateEntry(uuid)) {
                        throw new GeneralSecurityException("Certificate entry not added");
                    }
                } catch (Throwable th) {
                    inputStream2.close();
                    throw th;
                }
            }
            trustManagerFactory.init(keyStore);
            trustManagerArr = trustManagerFactory.getTrustManagers();
        }
        KeyManager[] keyManagerArr = null;
        if (inputStream != null) {
            log.info("Configuring key manager using client-side certificate with private key");
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore2 = KeyStore.getInstance(str3 == null ? KeyStore.getDefaultType() : str3);
            try {
                keyStore2.load(null);
                byte[] inputStreamAsBytes = IOUtils.inputStreamAsBytes(inputStream);
                byte[] parseDERFromPEM = parseDERFromPEM(inputStreamAsBytes, "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----");
                byte[] parseDERFromPEM2 = parseDERFromPEM(inputStreamAsBytes, "-----BEGIN PRIVATE KEY-----", "-----END PRIVATE KEY-----");
                X509Certificate generateCertificateFromDER = generateCertificateFromDER(parseDERFromPEM);
                RSAPrivateKey generatePrivateKeyFromDER = generatePrivateKeyFromDER(parseDERFromPEM2);
                keyStore2.setCertificateEntry("cert-alias", generateCertificateFromDER);
                keyStore2.setKeyEntry("key-alias", generatePrivateKeyFromDER, str != null ? str.toCharArray() : "".toCharArray(), new Certificate[]{generateCertificateFromDER});
                keyManagerFactory.init(keyStore2, str2 != null ? str2.toCharArray() : "".toCharArray());
                inputStream.close();
                try {
                    keyManagerArr = keyManagerFactory.getKeyManagers();
                } catch (IllegalStateException e) {
                    log.log(Level.WARNING, "An error occurred while getting key managers from a factory", (Throwable) e);
                }
            } catch (Throwable th2) {
                inputStream.close();
                throw th2;
            }
        } else {
            log.info("No client-side certificate info provided, so key manager will not be configured");
        }
        if (keyManagerArr == null && trustManagerArr == null) {
            HttpsURLConnection.setDefaultSSLSocketFactory(SSLContext.getDefault().getSocketFactory());
            log.info("No server-side or client-side certificate information provided, so no SSL context will be initialized");
        } else {
            log.info("Initializing SSL context");
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        }
    }

    public static void addCertificatesToStoresWithSocketFactory(@Nullable InputStream inputStream, @Nullable String str, @Nullable String str2, SSLSocketFactory sSLSocketFactory, @Nullable InputStream... inputStreamArr) throws GeneralSecurityException, IOException {
        HttpsURLConnection.setDefaultSSLSocketFactory(sSLSocketFactory);
        _addCertificatesToStores(inputStream, str, str2, inputStreamArr);
    }

    public static void addCertificatesToStores(@Nullable InputStream inputStream, @Nullable String str, @Nullable String str2, @Nullable InputStream... inputStreamArr) throws GeneralSecurityException, IOException {
        HttpsURLConnection.setDefaultSSLSocketFactory(_addCertificatesToStores(inputStream, str, str2, inputStreamArr));
    }

    private static SSLSocketFactory _addCertificatesToStores(@Nullable InputStream inputStream, @Nullable String str, @Nullable String str2, @Nullable InputStream[] inputStreamArr) throws IOException, GeneralSecurityException {
        SSLSocketFactory socketFactory;
        if (inputStream == null && inputStreamArr == null) {
            throw new IllegalArgumentException("You must provide a client certificate and/or a server certificate");
        }
        TrustManager[] trustManagerArr = null;
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        if (inputStreamArr == null || inputStreamArr.length <= 0) {
            log.info("No server-side certificate info provided, so trust manager will not be configured");
        } else {
            log.info("Configuring trust manager using " + inputStreamArr.length + " server-side certificate(s)");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            for (InputStream inputStream2 : inputStreamArr) {
                if (inputStream2 != null) {
                    String uuid = UUID.randomUUID().toString();
                    try {
                        keyStore.setCertificateEntry(uuid, CertificateFactory.getInstance("X.509").generateCertificate(inputStream2));
                        if (inputStream2 != null) {
                            inputStream2.close();
                        }
                        if (!keyStore.isCertificateEntry(uuid)) {
                            throw new GeneralSecurityException("Certificate entry not added");
                        }
                    } catch (Throwable th) {
                        if (inputStream2 != null) {
                            inputStream2.close();
                        }
                        throw th;
                    }
                }
            }
            trustManagerFactory.init(keyStore);
            trustManagerArr = trustManagerFactory.getTrustManagers();
        }
        KeyManager[] keyManagerArr = null;
        if (inputStream == null || str == null) {
            log.info("No client-side certificate info provided, so key manager will not be configured");
        } else {
            log.info("Configuring key manager using client-side certificate");
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore2 = KeyStore.getInstance(str2 == null ? KeyStore.getDefaultType() : str2);
            try {
                keyStore2.load(inputStream, str.toCharArray());
                keyManagerFactory.init(keyStore2, str.toCharArray());
                inputStream.close();
                try {
                    keyManagerArr = keyManagerFactory.getKeyManagers();
                } catch (IllegalStateException e) {
                    log.log(Level.WARNING, "An error occurred while getting key managers from a factory", (Throwable) e);
                }
            } catch (Throwable th2) {
                inputStream.close();
                throw th2;
            }
        }
        if (keyManagerArr == null && trustManagerArr == null) {
            socketFactory = SSLContext.getDefault().getSocketFactory();
            HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory);
            log.info("No server-side or client-side certificate information provided, so no SSL context will be initialized");
        } else {
            log.info("Initializing SSL context");
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            socketFactory = sSLContext.getSocketFactory();
        }
        return socketFactory;
    }

    public static void addCertificatesToStores(@Nullable String str, @Nullable String str2, @Nullable String str3, @Nullable String... strArr) throws GeneralSecurityException, IOException {
        FileInputStream[] fileInputStreamArr = null;
        if (strArr != null && strArr.length > 0) {
            fileInputStreamArr = new FileInputStream[strArr.length];
            for (int i = 0; i < strArr.length; i++) {
                fileInputStreamArr[i] = new FileInputStream(strArr[i]);
            }
        }
        addCertificatesToStores(str == null ? null : new FileInputStream(str), str2, str3, fileInputStreamArr);
    }

    public static void addCertificatesToStoresWithPrivateKey(@Nullable String str, @Nullable String str2, @Nullable String str3, @Nullable String str4, @Nullable String... strArr) throws GeneralSecurityException, IOException {
        FileInputStream[] fileInputStreamArr = null;
        boolean z = false;
        if (strArr != null && strArr.length > 0) {
            fileInputStreamArr = new FileInputStream[strArr.length];
            for (int i = 0; i < strArr.length; i++) {
                String str5 = strArr[i];
                if (str5 != null) {
                    fileInputStreamArr[i] = new FileInputStream(str5);
                    z = true;
                }
            }
        }
        addCertificatesToStoresWithPrivateKey(str == null ? null : new FileInputStream(str), str2, str3, str4, z ? fileInputStreamArr : null);
    }

    public static SSLSocketFactory addCertificatesToStoresGetFactory(String str, String str2, String str3, String... strArr) throws GeneralSecurityException, IOException {
        FileInputStream fileInputStream;
        TrustManager[] trustManagerArr = null;
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        if (strArr != null) {
            log.info("Configuring trust manager using " + strArr.length + " server-side certificate(s)");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            for (String str4 : strArr) {
                fileInputStream = new FileInputStream(str4);
                String uuid = UUID.randomUUID().toString();
                try {
                    keyStore.setCertificateEntry(uuid, CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream));
                    fileInputStream.close();
                    if (!keyStore.isCertificateEntry(uuid)) {
                        throw new GeneralSecurityException("Certificate entry not added for " + str4);
                    }
                } finally {
                }
            }
            trustManagerFactory.init(keyStore);
            trustManagerArr = trustManagerFactory.getTrustManagers();
        } else {
            log.info("No server-side certificate info provided, so trust manager will not be configured");
        }
        KeyManager[] keyManagerArr = null;
        if (str == null || str2 == null) {
            log.info("No client-side certificate info provided, so key manager will not be configured");
        } else {
            log.info("Configuring key manager using client-side certificate");
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore2 = KeyStore.getInstance(str3 == null ? KeyStore.getDefaultType() : str3);
            fileInputStream = new FileInputStream(str);
            try {
                keyStore2.load(fileInputStream, str2.toCharArray());
                keyManagerFactory.init(keyStore2, str2.toCharArray());
                fileInputStream.close();
                try {
                    keyManagerArr = keyManagerFactory.getKeyManagers();
                } catch (IllegalStateException e) {
                    log.log(Level.WARNING, "An error occurred while getting key managers from a factory", (Throwable) e);
                }
            } finally {
            }
        }
        SSLSocketFactory sSLSocketFactory = null;
        if (keyManagerArr == null && trustManagerArr == null) {
            log.info("No server-side or client-side certificate information provided, so no SSL context will be initialized");
        } else {
            log.info("Initializing SSL context");
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            sSLSocketFactory = sSLContext.getSocketFactory();
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLSocketFactory);
        }
        return sSLSocketFactory;
    }

    public static String MD5Hash(String str) {
        try {
            return EncryptionUtils.generateMD5Hash(str.getBytes("utf-8"));
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    public static String RandomString(int i, int i2) {
        return new BigInteger(i, SECURE_RANDOM).toString(i2);
    }

    protected static byte[] parseDERFromPEM(byte[] bArr, String str, String str2) {
        return DatatypeConverter.parseBase64Binary(new String(bArr).split(str)[1].split(str2)[0]);
    }

    protected static RSAPrivateKey generatePrivateKeyFromDER(byte[] bArr) throws InvalidKeySpecException, NoSuchAlgorithmException {
        return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    protected static X509Certificate generateCertificateFromDER(byte[] bArr) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    public static String signAndEncode(String str, String str2, @Nullable String str3, boolean z) throws InvalidKeyException, NoSuchAlgorithmException {
        Mac mac = Mac.getInstance(str3 == null ? "HmacSHA256" : str3);
        mac.init(new SecretKeySpec(str2.getBytes(), str3 == null ? "HmacSHA256" : str3));
        BASE64Encoder bASE64Encoder = new BASE64Encoder();
        try {
            return z ? bASE64Encoder.encode(EncryptionUtils.toHex(mac.doFinal(str.getBytes("UTF-8"))).getBytes("UTF-8")) : bASE64Encoder.encode(mac.doFinal(str.getBytes("UTF-8")));
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }
}
