package org.commonjava.util.jhttpc.INTERNAL.util;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.Reader;
import java.nio.charset.Charset;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.commonjava.util.jhttpc.JHttpCException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/jhttpc.jar:org/commonjava/util/jhttpc/INTERNAL/util/SSLUtils.class */
public final class SSLUtils {
    private static final String[] BC_TEST_NAMES = {"org.bouncycastle.jce.provider.BouncyCastleProvider", "org.bouncycastle.openssl.PEMParser"};
    private static final Integer DNSNAME_TYPE = 2;

    private SSLUtils() {
    }

    public static KeyStore readKeyAndCert(String str, String str2) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, InvalidKeySpecException, JHttpCException {
        Logger logger = LoggerFactory.getLogger(SSLUtils.class);
        boolean z = true;
        for (String str3 : BC_TEST_NAMES) {
            try {
                Class.forName(str3);
            } catch (ClassNotFoundException e) {
                logger.warn("One or more BouncyCastle jars (bcprov-jdk15on, bcpkix-jdk15on) are missing from the classpath! PEM SSL client keys are not supported!");
                z = false;
            }
        }
        if (!z) {
            return null;
        }
        KeyStore readKeyAndCertFromPem = BouncyCastleUtils.readKeyAndCertFromPem(str, str2);
        Enumeration<String> aliases = readKeyAndCertFromPem.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            logger.trace("Got alias: {}. Is Cert? {} Is Private key? {}", new Object[]{nextElement, Boolean.valueOf(readKeyAndCertFromPem.isCertificateEntry(nextElement)), Boolean.valueOf(readKeyAndCertFromPem.isKeyEntry(nextElement))});
        }
        return readKeyAndCertFromPem;
    }

    public static KeyStore decodePEMTrustStore(String str, String str2) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        Logger logger = LoggerFactory.getLogger(SSLUtils.class);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        List<String> readLines = readLines(str);
        StringBuilder sb = new StringBuilder();
        ArrayList<String> arrayList = new ArrayList();
        for (String str3 : readLines) {
            if (str3 != null) {
                if (str3.startsWith("-----BEGIN")) {
                    sb.setLength(0);
                } else if (str3.startsWith("-----END")) {
                    arrayList.add(sb.toString());
                } else {
                    sb.append(str3);
                }
            }
        }
        logger.trace("Found {} entries to decode.", Integer.valueOf(arrayList.size()));
        int i = 0;
        for (String str4 : arrayList) {
            logger.trace("Decoding certificate info from:\n\n{}\n\n", str4);
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decodeBase64(str4)));
            HashSet<String> hashSet = new HashSet();
            if (i < 1) {
                hashSet.add(str2);
            } else {
                hashSet.add(str2 + i);
            }
            extractAliases(x509Certificate, hashSet);
            KeyStore.TrustedCertificateEntry trustedCertificateEntry = new KeyStore.TrustedCertificateEntry(x509Certificate);
            for (String str5 : hashSet) {
                keyStore.setEntry(str5, trustedCertificateEntry, null);
                logger.trace("Storing trusted cert under alias: {}\n  with DN: {}", str5, x509Certificate.getSubjectDN().getName());
            }
            logger.trace("Certificate added.");
            i++;
        }
        return keyStore;
    }

    public static void extractAliases(Certificate certificate, Set<String> set) throws CertificateParsingException {
        AttributeTypeAndValue first;
        Logger logger = LoggerFactory.getLogger(SSLUtils.class);
        X509Certificate x509Certificate = (X509Certificate) certificate;
        X500Name x500Name = new X500Name(x509Certificate.getSubjectX500Principal().getName("RFC1779"));
        logger.trace("Certificate X.500 name: '{}'", x500Name.toString());
        RDN[] rDNs = x500Name.getRDNs(BCStyle.CN);
        if (rDNs != null && rDNs.length > 0 && (first = rDNs[0].getFirst()) != null) {
            String valueToString = IETFUtils.valueToString(first.getValue());
            logger.trace("Found certificate alias: '{}'", valueToString);
            set.add(valueToString);
        }
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames == null) {
            logger.debug("NO SubjectAlternativeNames available!");
            return;
        }
        for (List<?> list : subjectAlternativeNames) {
            if (list.size() > 1 && DNSNAME_TYPE.equals(list.get(0))) {
                String str = (String) list.get(1);
                logger.trace("Found subjectAlternativeName: '{}'", str);
                set.add(str);
            }
        }
    }

    public static List<String> readLines(String str) throws IOException {
        ArrayList arrayList = new ArrayList();
        BufferedReader bufferedReader = null;
        try {
            bufferedReader = new BufferedReader(new InputStreamReader(new ByteArrayInputStream(str.getBytes(Charset.forName("UTF-8")))));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    IOUtils.closeQuietly((Reader) bufferedReader);
                    return arrayList;
                }
                arrayList.add(readLine.trim());
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly((Reader) bufferedReader);
            throw th;
        }
    }
}
