package at.damudo.flowy.core.massaging.components;

import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.security.KeyManagementException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/flowy-core-0.0.1.jar:at/damudo/flowy/core/massaging/components/SslManager.class */
final class SslManager {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/flowy-core-0.0.1.jar:at/damudo/flowy/core/massaging/components/SslManager$Certificates.class */
    public static final class Certificates extends Record {
        private final X509Certificate rootCert;
        private final X509Certificate clientCert;

        private Certificates(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
            this.rootCert = x509Certificate;
            this.clientCert = x509Certificate2;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, Certificates.class), Certificates.class, "rootCert;clientCert", "FIELD:Lat/damudo/flowy/core/massaging/components/SslManager$Certificates;->rootCert:Ljava/security/cert/X509Certificate;", "FIELD:Lat/damudo/flowy/core/massaging/components/SslManager$Certificates;->clientCert:Ljava/security/cert/X509Certificate;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, Certificates.class), Certificates.class, "rootCert;clientCert", "FIELD:Lat/damudo/flowy/core/massaging/components/SslManager$Certificates;->rootCert:Ljava/security/cert/X509Certificate;", "FIELD:Lat/damudo/flowy/core/massaging/components/SslManager$Certificates;->clientCert:Ljava/security/cert/X509Certificate;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, Certificates.class, Object.class), Certificates.class, "rootCert;clientCert", "FIELD:Lat/damudo/flowy/core/massaging/components/SslManager$Certificates;->rootCert:Ljava/security/cert/X509Certificate;", "FIELD:Lat/damudo/flowy/core/massaging/components/SslManager$Certificates;->clientCert:Ljava/security/cert/X509Certificate;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public X509Certificate rootCert() {
            return this.rootCert;
        }

        public X509Certificate clientCert() {
            return this.clientCert;
        }
    }

    SslManager() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLContext getSslContext(String str, String str2, String str3, String str4) throws UnrecoverableKeyException, CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
        Security.addProvider(new BouncyCastleProvider());
        Certificates loadCertificates = loadCertificates(str, str2);
        KeyPair loadPrivateKey = loadPrivateKey(str3, str4);
        TrustManagerFactory authenticateServer = authenticateServer(loadCertificates);
        KeyManagerFactory authenticateWithServer = authenticateWithServer(str4, loadCertificates, loadPrivateKey);
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(authenticateWithServer.getKeyManagers(), authenticateServer.getTrustManagers(), null);
        return sSLContext;
    }

    private KeyManagerFactory authenticateWithServer(String str, Certificates certificates, KeyPair keyPair) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry("certificate", certificates.clientCert());
        keyStore.setKeyEntry("private-key", keyPair.getPrivate(), str == null ? null : str.toCharArray(), new Certificate[]{certificates.clientCert()});
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, str == null ? null : str.toCharArray());
        return keyManagerFactory;
    }

    private TrustManagerFactory authenticateServer(Certificates certificates) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry("ca-certificate", certificates.rootCert());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    private KeyPair loadPrivateKey(String str, String str2) throws IOException {
        KeyPair keyPair;
        PEMParser pEMParser = new PEMParser(new StringReader(str));
        Object readObject = pEMParser.readObject();
        JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME);
        if (readObject instanceof PEMEncryptedKeyPair) {
            keyPair = provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(str2 == null ? null : str2.toCharArray())));
        } else {
            keyPair = provider.getKeyPair((PEMKeyPair) readObject);
        }
        pEMParser.close();
        return keyPair;
    }

    private Certificates loadCertificates(String str, String str2) throws CertificateException, IOException {
        X509Certificate x509Certificate = null;
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new ByteArrayInputStream(str.getBytes()));
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        while (bufferedInputStream.available() > 0) {
            x509Certificate = (X509Certificate) certificateFactory.generateCertificate(bufferedInputStream);
        }
        BufferedInputStream bufferedInputStream2 = new BufferedInputStream(new ByteArrayInputStream(str2.getBytes()));
        X509Certificate x509Certificate2 = null;
        while (true) {
            X509Certificate x509Certificate3 = x509Certificate2;
            if (bufferedInputStream2.available() <= 0) {
                return new Certificates(x509Certificate, x509Certificate3);
            }
            x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(bufferedInputStream2);
        }
    }
}
