package org.jlab.jlog.util;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:org/jlab/jlog/util/SecurityUtil.class */
public final class SecurityUtil {
    private static final Logger logger = Logger.getLogger(SecurityUtil.class.getName());
    private static final SSLSocketFactory defaultFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
    private static final HostnameVerifier defaultVerifier = HttpsURLConnection.getDefaultHostnameVerifier();

    /* loaded from: input_file:org/jlab/jlog/util/SecurityUtil$TrustyTrustManager.class */
    public static class TrustyTrustManager implements X509TrustManager {
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    private SecurityUtil() {
    }

    public static void disableServerCertificateCheck() throws NoSuchAlgorithmException, KeyManagementException {
        HttpsURLConnection.setDefaultSSLSocketFactory(getTrustySocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { // from class: org.jlab.jlog.util.SecurityUtil.1
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        });
    }

    public static void enableServerCertificateCheck() {
        HttpsURLConnection.setDefaultSSLSocketFactory(defaultFactory);
        HttpsURLConnection.setDefaultHostnameVerifier(defaultVerifier);
    }

    public static SSLSocketFactory getTrustySocketFactory() throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, new TrustManager[]{new TrustyTrustManager()}, null);
        return sSLContext.getSocketFactory();
    }

    public static SSLSocketFactory getClientCertSocketFactoryPEM(String str, boolean z) throws NoSuchAlgorithmException, FileNotFoundException, IOException, KeyStoreException, CertificateException, UnrecoverableKeyException, KeyManagementException, InvalidKeySpecException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        byte[] fileToBytes = IOUtil.fileToBytes(new File(str));
        X509Certificate fetchCertificateFromPEM = fetchCertificateFromPEM(fileToBytes);
        RSAPrivateKey fetchPrivateKeyFromPEM = fetchPrivateKeyFromPEM(fileToBytes);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null);
        keyStore.setCertificateEntry("cert-alias", fetchCertificateFromPEM);
        keyStore.setKeyEntry("key-alias", fetchPrivateKeyFromPEM, "changeit".toCharArray(), new Certificate[]{fetchCertificateFromPEM});
        logger.log(Level.FINEST, "Keystore entry count: {0}", Integer.valueOf(keyStore.size()));
        logger.log(Level.FINEST, "Client Certificate: {0}", keyStore.getCertificate("cert-alias"));
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, "changeit".toCharArray());
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        TrustManager[] trustManagerArr = null;
        if (!z) {
            trustManagerArr = new TrustManager[]{new TrustyTrustManager()};
        }
        sSLContext.init(keyManagers, trustManagerArr, null);
        return sSLContext.getSocketFactory();
    }

    public static SSLSocketFactory getSocketFactoryPKCS12(String str) throws NoSuchAlgorithmException, KeyStoreException, FileNotFoundException, IOException, CertificateException, UnrecoverableKeyException, KeyManagementException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(new FileInputStream(str), "changeit".toCharArray());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, "changeit".toCharArray());
        sSLContext.init(keyManagerFactory.getKeyManagers(), null, null);
        return sSLContext.getSocketFactory();
    }

    public static SSLSocketFactory getSocketFactoryJKS(String str) throws NoSuchAlgorithmException, KeyStoreException, FileNotFoundException, IOException, CertificateException, UnrecoverableKeyException, KeyManagementException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(new FileInputStream(str), "changeit".toCharArray());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, "changeit".toCharArray());
        sSLContext.init(keyManagerFactory.getKeyManagers(), null, null);
        return sSLContext.getSocketFactory();
    }

    public static byte[] parseDERFromPEM(byte[] bArr, String str, String str2) {
        return IOUtil.decodeBase64(new String(bArr, StandardCharsets.UTF_8).split(str)[1].split(str2)[0]);
    }

    public static X509Certificate fetchCertificateFromPEM(byte[] bArr) throws CertificateException {
        return generateX509CertificateFromDER(IOUtil.decodeBase64(new String(bArr, StandardCharsets.UTF_8).split("-----BEGIN CERTIFICATE-----")[1].split("-----END CERTIFICATE-----")[0]));
    }

    public static RSAPrivateKey fetchPrivateKeyFromPEM(byte[] bArr) throws InvalidKeySpecException, NoSuchAlgorithmException {
        return generateRSAPrivateKeyFromDER(IOUtil.decodeBase64(new String(bArr, StandardCharsets.UTF_8).split("-----BEGIN PRIVATE KEY-----")[1].split("-----END PRIVATE KEY-----")[0]));
    }

    public static RSAPrivateKey generateRSAPrivateKeyFromDER(byte[] bArr) throws InvalidKeySpecException, NoSuchAlgorithmException {
        return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    public static X509Certificate generateX509CertificateFromDER(byte[] bArr) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    public static String getCommonNameFromCertificate(X509Certificate x509Certificate) throws InvalidNameException {
        String str = null;
        Iterator it = new LdapName(x509Certificate.getSubjectX500Principal().getName("RFC2253")).getRdns().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Rdn rdn = (Rdn) it.next();
            if (rdn.getType().equalsIgnoreCase("CN")) {
                str = String.valueOf(rdn.getValue());
                break;
            }
        }
        return str;
    }
}
