package com.union.utils;

import com.union.config.ConfigParams;
import com.union.config.Loader;
import com.union.config.SSLConfiger;
import com.union.error.ConfigMistakeException;
import com.union.logger.Logger;
import com.union.logger.LoggerFactory;
import com.union.parser.Parser;
import java.io.File;
import java.io.FileInputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Map;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/union/utils/UnionAuth.class */
public class UnionAuth {
    private final SSLContext sslContext = SSLContext.getInstance("SSL");
    private static SSLSocketFactory sslSocketFactory = null;
    private static final Logger logger = LoggerFactory.getLogger(UnionAuth.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/union/utils/UnionAuth$FakeTrustManager.class */
    public class FakeTrustManager implements X509TrustManager {
        FakeTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    public static synchronized SSLSocketFactory getInstance() throws Exception {
        if (sslSocketFactory == null) {
            sslSocketFactory = new UnionAuth().getSSLSocketFactory(false);
        }
        return sslSocketFactory;
    }

    public static synchronized SSLSocketFactory getInstance(boolean z) throws Exception {
        if (sslSocketFactory == null) {
            sslSocketFactory = new UnionAuth().getSSLSocketFactory(z);
        }
        return sslSocketFactory;
    }

    public SSLSocketFactory getSSLSocketFactory(boolean z) throws Exception {
        try {
            if (Loader.getInstance().getSSLConfiger() != null && Loader.getInstance().getSSLConfiger().available()) {
                configSSLContextWithLoaderSSLConfiger();
            } else if (Loader.getInstance().getSslBox().size() <= 0 || !(Loader.getInstance().isEnableSSL() || z)) {
                logger.warn("unable to setting SSL, please fix with right trustCertificates!");
                this.sslContext.init(null, new TrustManager[]{new com.union.utils.FakeTrustManager()}, null);
            } else {
                configSSLContext();
            }
            return this.sslContext.getSocketFactory();
        } catch (Exception e) {
            logger.error(" API :: generate SSLContext failed.", (Throwable) e);
            throw e;
        }
    }

    void configSSLContextWithLoaderSSLConfiger() throws Exception {
        SSLConfiger sSLConfiger = Loader.getInstance().getSSLConfiger();
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null);
        X509Certificate[] trustCerts = sSLConfiger.getTrustCerts();
        int length = trustCerts.length;
        for (int i = 0; i < length; i++) {
            keyStore.setCertificateEntry(String.valueOf(i), trustCerts[i]);
        }
        Certificate[] chains = sSLConfiger.getChains();
        PrivateKey privateKey = sSLConfiger.getPrivateKey();
        KeyStore keyStore2 = KeyStore.getInstance("JKS");
        keyStore2.load(null);
        keyStore2.setKeyEntry("1", privateKey, sSLConfiger.getDEFAULT_PASSWORD().toCharArray(), chains);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
        trustManagerFactory.init(keyStore);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore2, sSLConfiger.getDEFAULT_PASSWORD().toCharArray());
        this.sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
    }

    void configSSLContext() throws Exception {
        logger.info(" API :: enable SSL, and init SSL.");
        Map<String, String> sslBox = Loader.getInstance().getSslBox();
        String str = sslBox.get("CERTPATH");
        Certificate[] certificates = CertificateUtil.getCertificates(str, sslBox.get("CAFILENAME"));
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null);
        int length = certificates.length;
        for (int i = 0; i < length; i++) {
            keyStore.setCertificateEntry(String.valueOf(i), certificates[i]);
        }
        String str2 = sslBox.get("CERTFILENAME");
        String str3 = sslBox.get("VKFILENAME");
        String str4 = sslBox.get(ConfigParams.CLIENTCERT_PWD);
        KeyStore keyStore2 = KeyStore.getInstance("JKS");
        keyStore2.load(null);
        if (str2 == null || !str2.contains(".pfx")) {
            keyStore2.setKeyEntry("1", Parser.loadRSAPrivateKey(CertificateUtil.getFile(str, str3), str4), str4.toCharArray(), CertHelper.sortCertificates(CertificateUtil.getCertificates(str, str2)));
        } else {
            keyStore2 = getKeyStoreFromPFX(str, str2, str4, keyStore2);
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
        trustManagerFactory.init(keyStore);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore2, str4.toCharArray());
        if (certificates == null || certificates.length == 0) {
            this.sslContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{new FakeTrustManager()}, null);
        } else {
            this.sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
        }
    }

    KeyStore getKeyStoreFromPFX(String str, String str2, String str3, KeyStore keyStore) {
        FileInputStream fileInputStream = null;
        try {
            if (str2 != null) {
                try {
                    if (!str2.isEmpty()) {
                        String[] split = str2.split(",");
                        String str4 = "";
                        StringBuilder sb = new StringBuilder();
                        for (String str5 : split) {
                            if (!str5.isEmpty()) {
                                if (!str5.contains(".pfx")) {
                                    sb.append(",").append(str5);
                                } else {
                                    if (str4.length() > 0) {
                                        throw new ConfigMistakeException(" API :: pfx certificate can't more than 1.");
                                    }
                                    str4 = str5;
                                }
                            }
                        }
                        Certificate[] certificateArr = new Certificate[0];
                        if (sb.toString().length() > 0) {
                            certificateArr = CertificateUtil.getCertificates(str, sb.toString().substring(1));
                        }
                        Key key = null;
                        Certificate[] certificateArr2 = new Certificate[certificateArr.length + 1];
                        String str6 = str + File.separator + str4.replace(" ", "").trim();
                        KeyStore keyStore2 = KeyStore.getInstance("PKCS12");
                        FileInputStream fileInputStream2 = new FileInputStream(str6);
                        keyStore2.load(fileInputStream2, str3.toCharArray());
                        Enumeration<String> aliases = keyStore2.aliases();
                        while (aliases.hasMoreElements()) {
                            String nextElement = aliases.nextElement();
                            if (keyStore2.isKeyEntry(nextElement)) {
                                key = keyStore2.getKey(nextElement, str3.toCharArray());
                                certificateArr2[0] = keyStore2.getCertificateChain(nextElement)[0];
                            }
                        }
                        if (key == null || certificateArr2[0] == null) {
                            throw new ConfigMistakeException(" API :: init with wrong pfx certificate.");
                        }
                        System.arraycopy(certificateArr, 0, certificateArr2, 1, certificateArr.length);
                        keyStore.setKeyEntry("1", key, str3.toCharArray(), CertHelper.sortCertificates(certificateArr2));
                        if (fileInputStream2 != null) {
                            try {
                                fileInputStream2.close();
                            } catch (Exception e) {
                            }
                        }
                        return keyStore;
                    }
                } catch (Exception e2) {
                    e2.printStackTrace();
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Exception e3) {
                        }
                    }
                    return null;
                }
            }
            if (0 != 0) {
                try {
                    fileInputStream.close();
                } catch (Exception e4) {
                }
            }
            return null;
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    fileInputStream.close();
                } catch (Exception e5) {
                }
            }
            throw th;
        }
    }

    public SSLContext getSslContext() {
        return this.sslContext;
    }
}
