package org.jgroups.ping.common.stream;

import infinispan.net.oauth.signature.pem.PEMReader;
import infinispan.net.oauth.signature.pem.PKCS1EncodedKeySpec;
import java.io.IOException;
import java.io.InputStream;
import java.net.URLConnection;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.logging.log4j.core.net.ssl.SslConfigurationDefaults;
import org.jgroups.ping.common.Utils;

/* loaded from: input_file:WEB-INF/lib/infinispan-embedded-9.0.0.CR3.jar:org/jgroups/ping/common/stream/CertificateStreamProvider.class */
public class CertificateStreamProvider extends BaseStreamProvider {
    private static final Logger log = Logger.getLogger(CertificateStreamProvider.class.getName());
    private final SSLSocketFactory factory;

    public CertificateStreamProvider(String str, String str2, String str3, String str4, String str5) throws Exception {
        KeyManager[] configureClientCert = configureClientCert(str, str2, str3 != null ? str3.toCharArray() : new char[0], str4 != null ? str4 : "RSA");
        TrustManager[] configureCaCert = configureCaCert(str5);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(configureClientCert, configureCaCert, null);
        this.factory = sSLContext.getSocketFactory();
    }

    @Override // org.jgroups.ping.common.stream.StreamProvider
    public InputStream openStream(String str, Map<String, String> map, int i, int i2) throws IOException {
        URLConnection openConnection = openConnection(str, map, i, i2);
        if (openConnection instanceof HttpsURLConnection) {
            ((HttpsURLConnection) HttpsURLConnection.class.cast(openConnection)).setSSLSocketFactory(this.factory);
            if (log.isLoggable(Level.FINE)) {
                log.fine(String.format("Using HttpsURLConnection with SSLSocketFactory [%s] for url [%s].", this.factory, str));
            }
        } else if (log.isLoggable(Level.FINE)) {
            log.fine(String.format("Using URLConnection for url [%s].", str));
        }
        return openConnection.getInputStream();
    }

    private KeyManager[] configureClientCert(String str, String str2, char[] cArr, String str3) throws Exception {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(Utils.openFile(str));
            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) KeyFactory.getInstance(str3).generatePrivate(new PKCS1EncodedKeySpec(new PEMReader(Utils.openFile(str2)).getDerBytes()).getKeySpec());
            KeyStore keyStore = KeyStore.getInstance(SslConfigurationDefaults.KEYSTORE_TYPE);
            keyStore.load(null);
            keyStore.setKeyEntry(x509Certificate.getSubjectX500Principal().getName(), rSAPrivateKey, cArr, new Certificate[]{x509Certificate});
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, cArr);
            return keyManagerFactory.getKeyManagers();
        } catch (Exception e) {
            log.log(Level.SEVERE, "Could not create key manager for " + str + " (" + str2 + ")", (Throwable) e);
            throw e;
        }
    }

    private TrustManager[] configureCaCert(String str) throws Exception {
        if (str == null) {
            if (log.isLoggable(Level.WARNING)) {
                log.log(Level.WARNING, "ca cert file undefined");
            }
            return InsecureStreamProvider.INSECURE_TRUST_MANAGERS;
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(Utils.openFile(str));
            KeyStore keyStore = KeyStore.getInstance(SslConfigurationDefaults.KEYSTORE_TYPE);
            keyStore.load(null);
            keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName(), x509Certificate);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory.getTrustManagers();
        } catch (Exception e) {
            log.log(Level.SEVERE, "Could not create trust manager for " + str, (Throwable) e);
            throw e;
        }
    }
}
