package org.apache.qpid.proton.engine.impl.ssl;

import java.io.Closeable;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.Reader;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.KeyManagementException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.qpid.proton.engine.SslDomain;
import org.apache.qpid.proton.engine.SslPeerDetails;
import org.apache.qpid.proton.engine.TransportException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes94.dex */
public class SslEngineFacadeFactory {
    private static final List<String> ANONYMOUS_CIPHER_SUITES;
    private static final Constructor<?> JcaPEMKeyConverterCons;
    private static final Constructor<?> JcePEMDecryptorProviderBuilderCons;
    private static final Class<?> PEMEncryptedKeyPairClass;
    private static final Class<?> PEMKeyPairClass;
    private static final Class<?> PrivateKeyInfoClass;
    private static final String SSLV3_PROTOCOL = "SSLv3";
    private static final String TLS_PROTOCOL = "TLS";
    private static final Logger _logger = Logger.getLogger(SslEngineFacadeFactory.class.getName());
    private static final Exception bouncyCastleSetupException;
    private static final Method builderMethod;
    private static final Method decryptKeyPairMethod;
    private static final Method getKeyPairMethod;
    private static final Method getPrivateKeyMethod;
    private static final Constructor<?> pemParserCons;
    private static final Method pemReadMethod;
    private SSLContext _sslContext;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes94.dex */
    public static final class AlwaysTrustingTrustManager implements X509TrustManager {
        private AlwaysTrustingTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    static {
        Constructor<?> constructor = null;
        Method method = null;
        Constructor<?> constructor2 = null;
        Class<?> cls = null;
        Method method2 = null;
        Method method3 = null;
        Class<?> cls2 = null;
        Method method4 = null;
        Constructor<?> constructor3 = null;
        Method method5 = null;
        Class<?> cls3 = null;
        try {
            Class<?> cls4 = Class.forName("org.bouncycastle.openssl.PEMParser");
            constructor = cls4.getConstructor(Reader.class);
            method = cls4.getMethod("readObject", new Class[0]);
            Class<?> cls5 = Class.forName("org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter");
            constructor2 = cls5.getConstructor(new Class[0]);
            cls = Class.forName("org.bouncycastle.openssl.PEMKeyPair");
            method2 = cls5.getMethod("getKeyPair", cls);
            Class<?> cls6 = Class.forName("org.bouncycastle.openssl.PEMDecryptorProvider");
            cls2 = Class.forName("org.bouncycastle.openssl.PEMEncryptedKeyPair");
            method4 = cls2.getMethod("decryptKeyPair", cls6);
            Class<?> cls7 = Class.forName("org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder");
            constructor3 = cls7.getConstructor(new Class[0]);
            method5 = cls7.getMethod("build", char[].class);
            cls3 = Class.forName("org.bouncycastle.asn1.pkcs.PrivateKeyInfo");
            method3 = cls5.getMethod("getPrivateKey", cls3);
            registerBouncyCastleProvider();
            pemParserCons = constructor;
            pemReadMethod = method;
            JcaPEMKeyConverterCons = constructor2;
            PEMKeyPairClass = cls;
            getKeyPairMethod = method2;
            getPrivateKeyMethod = method3;
            PEMEncryptedKeyPairClass = cls2;
            decryptKeyPairMethod = method4;
            JcePEMDecryptorProviderBuilderCons = constructor3;
            builderMethod = method5;
            PrivateKeyInfoClass = cls3;
            bouncyCastleSetupException = null;
        } catch (Exception e) {
            pemParserCons = constructor;
            pemReadMethod = method;
            JcaPEMKeyConverterCons = constructor2;
            PEMKeyPairClass = cls;
            getKeyPairMethod = method2;
            getPrivateKeyMethod = method3;
            PEMEncryptedKeyPairClass = cls2;
            decryptKeyPairMethod = method4;
            JcePEMDecryptorProviderBuilderCons = constructor3;
            builderMethod = method5;
            PrivateKeyInfoClass = cls3;
            bouncyCastleSetupException = e;
        } catch (Throwable th) {
            pemParserCons = constructor;
            pemReadMethod = method;
            JcaPEMKeyConverterCons = constructor2;
            PEMKeyPairClass = cls;
            getKeyPairMethod = method2;
            getPrivateKeyMethod = method3;
            PEMEncryptedKeyPairClass = cls2;
            decryptKeyPairMethod = method4;
            JcePEMDecryptorProviderBuilderCons = constructor3;
            builderMethod = method5;
            PrivateKeyInfoClass = cls3;
            bouncyCastleSetupException = null;
            throw th;
        }
        ANONYMOUS_CIPHER_SUITES = Arrays.asList("TLS_DH_anon_WITH_AES_128_CBC_SHA", "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", "SSL_DH_anon_WITH_DES_CBC_SHA", "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA");
    }

    private void addAnonymousCipherSuites(SSLEngine sSLEngine) {
        sSLEngine.setEnabledCipherSuites((String[]) buildEnabledSuitesIncludingAnonymous(ANONYMOUS_CIPHER_SUITES, Arrays.asList(sSLEngine.getSupportedCipherSuites()), Arrays.asList(sSLEngine.getEnabledCipherSuites())).toArray(new String[0]));
    }

    private List<String> buildEnabledSuitesIncludingAnonymous(List<String> list, List<String> list2, List<String> list3) {
        ArrayList arrayList = new ArrayList(list3);
        int i = 0;
        for (String str : list) {
            if (list2.contains(str)) {
                arrayList.add(str);
                i++;
            }
        }
        if (i > 0 && _logger.isLoggable(Level.FINE)) {
            _logger.fine("There are now " + arrayList.size() + " cipher suites enabled (previously " + list3.size() + "), including " + i + " out of the " + list.size() + " requested anonymous ones.");
        }
        return arrayList;
    }

    private void closeSafely(Closeable closeable) {
        if (closeable != null) {
            try {
                closeable.close();
            } catch (IOException e) {
            }
        }
    }

    private SSLEngine createAndInitialiseSslEngine(SslDomain sslDomain, SslPeerDetails sslPeerDetails) {
        SslDomain.Mode mode = sslDomain.getMode();
        SSLEngine createSslEngine = createSslEngine(getOrCreateSslContext(sslDomain), sslPeerDetails);
        if (sslDomain.getPeerAuthentication() == SslDomain.VerifyMode.ANONYMOUS_PEER) {
            addAnonymousCipherSuites(createSslEngine);
        } else if (mode == SslDomain.Mode.SERVER) {
            createSslEngine.setNeedClientAuth(true);
        }
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, mode + " Enabled cipher suites " + Arrays.asList(createSslEngine.getEnabledCipherSuites()));
        }
        createSslEngine.setUseClientMode(mode == SslDomain.Mode.CLIENT);
        removeSSLv3Support(createSslEngine);
        return createSslEngine;
    }

    private KeyStore createKeyStoreFrom(SslDomain sslDomain, char[] cArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            if (sslDomain.getTrustedCaDb() != null) {
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.log(Level.FINE, "_sslParams.getTrustedCaDb() : " + sslDomain.getTrustedCaDb());
                }
                Iterator<? extends Certificate> it = readCertificates(sslDomain.getTrustedCaDb()).iterator();
                int i = 1;
                while (it.hasNext()) {
                    keyStore.setCertificateEntry("cacert" + i, it.next());
                    i++;
                }
            }
            if (sslDomain.getCertificateFile() != null && sslDomain.getPrivateKeyFile() != null) {
                keyStore.setKeyEntry("clientPrivateKey", readPrivateKey(sslDomain.getPrivateKeyFile(), sslDomain.getPrivateKeyPassword()), cArr, new Certificate[]{readCertificate(sslDomain.getCertificateFile())});
            }
            return keyStore;
        } catch (IOException e) {
            throw new TransportException("Unexpected exception creating keystore", e);
        } catch (KeyStoreException e2) {
            throw new TransportException("Unexpected exception creating keystore", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new TransportException("Unexpected exception creating keystore", e3);
        } catch (CertificateException e4) {
            throw new TransportException("Unexpected exception creating keystore", e4);
        }
    }

    private SSLEngine createSslEngine(SSLContext sSLContext, SslPeerDetails sslPeerDetails) {
        return sslPeerDetails == null ? sSLContext.createSSLEngine() : sSLContext.createSSLEngine(sslPeerDetails.getHostname(), sslPeerDetails.getPort());
    }

    private String engineToString(SSLEngine sSLEngine) {
        return "[ " + sSLEngine + ", needClientAuth=" + sSLEngine.getNeedClientAuth() + ", useClientMode=" + sSLEngine.getUseClientMode() + ", peerHost=" + sSLEngine.getPeerHost() + ", peerPort=" + sSLEngine.getPeerPort() + " ]";
    }

    private SSLContext getOrCreateSslContext(SslDomain sslDomain) {
        TrustManager[] trustManagers;
        if (this._sslContext == null && sslDomain.getSslContext() != null) {
            this._sslContext = sslDomain.getSslContext();
        } else if (this._sslContext == null) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("lazily creating new SSLContext using domain " + sslDomain);
            }
            char[] charArray = "unused-passphrase".toCharArray();
            try {
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                KeyStore createKeyStoreFrom = createKeyStoreFrom(sslDomain, charArray);
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(createKeyStoreFrom, charArray);
                if (sslDomain.getPeerAuthentication() == SslDomain.VerifyMode.ANONYMOUS_PEER) {
                    trustManagers = new TrustManager[]{new AlwaysTrustingTrustManager()};
                } else {
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(createKeyStoreFrom);
                    trustManagers = trustManagerFactory.getTrustManagers();
                }
                sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagers, null);
                this._sslContext = sSLContext;
            } catch (KeyManagementException e) {
                throw new TransportException("Unexpected exception creating SSLContext", e);
            } catch (KeyStoreException e2) {
                throw new TransportException("Unexpected exception creating SSLContext", e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new TransportException("Unexpected exception creating SSLContext", e3);
            } catch (UnrecoverableKeyException e4) {
                throw new TransportException("Unexpected exception creating SSLContext", e4);
            }
        }
        return this._sslContext;
    }

    private Object readPemObject(String str) {
        Throwable th;
        FileReader fileReader;
        FileReader fileReader2 = null;
        try {
            try {
                fileReader = new FileReader(str);
            } catch (Throwable th2) {
                th = th2;
            }
        } catch (IOException e) {
            e = e;
        } catch (IllegalAccessException e2) {
            e = e2;
        } catch (IllegalArgumentException e3) {
            e = e3;
        } catch (InstantiationException e4) {
            e = e4;
        } catch (InvocationTargetException e5) {
            e = e5;
        }
        try {
            Object invoke = pemReadMethod.invoke(pemParserCons.newInstance(fileReader), new Object[0]);
            closeSafely(fileReader);
            return invoke;
        } catch (IOException e6) {
            e = e6;
            th = e;
            _logger.log(Level.SEVERE, "Unable to read PEM object. Perhaps you need the unlimited strength libraries in <java-home>/jre/lib/security/ ?", th);
            throw new TransportException("Unable to read PEM object from file " + str, th);
        } catch (IllegalAccessException e7) {
            e = e7;
            th = e;
            _logger.log(Level.SEVERE, "Unable to read PEM object. Perhaps you need the unlimited strength libraries in <java-home>/jre/lib/security/ ?", th);
            throw new TransportException("Unable to read PEM object from file " + str, th);
        } catch (IllegalArgumentException e8) {
            e = e8;
            th = e;
            _logger.log(Level.SEVERE, "Unable to read PEM object. Perhaps you need the unlimited strength libraries in <java-home>/jre/lib/security/ ?", th);
            throw new TransportException("Unable to read PEM object from file " + str, th);
        } catch (InstantiationException e9) {
            e = e9;
            th = e;
            _logger.log(Level.SEVERE, "Unable to read PEM object. Perhaps you need the unlimited strength libraries in <java-home>/jre/lib/security/ ?", th);
            throw new TransportException("Unable to read PEM object from file " + str, th);
        } catch (InvocationTargetException e10) {
            e = e10;
            th = e;
            _logger.log(Level.SEVERE, "Unable to read PEM object. Perhaps you need the unlimited strength libraries in <java-home>/jre/lib/security/ ?", th);
            throw new TransportException("Unable to read PEM object from file " + str, th);
        } catch (Throwable th3) {
            th = th3;
            fileReader2 = fileReader;
            closeSafely(fileReader2);
            throw th;
        }
    }

    static void registerBouncyCastleProvider() throws ClassNotFoundException, InstantiationException, IllegalAccessException, InvocationTargetException, NoSuchMethodException {
        Provider provider = (Provider) Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider").getConstructor(new Class[0]).newInstance(new Object[0]);
        synchronized (Security.class) {
            if (Security.getProvider(provider.getName()) == null) {
                Security.addProvider(provider);
            }
        }
    }

    private static void removeSSLv3Support(SSLEngine sSLEngine) {
        List asList = Arrays.asList(sSLEngine.getEnabledProtocols());
        if (asList.contains(SSLV3_PROTOCOL)) {
            ArrayList arrayList = new ArrayList(asList);
            arrayList.remove(SSLV3_PROTOCOL);
            sSLEngine.setEnabledProtocols((String[]) arrayList.toArray(new String[arrayList.size()]));
        }
    }

    private void setProvider(Object obj, String str) throws IllegalAccessException, IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException {
        obj.getClass().getMethod("setProvider", String.class).invoke(obj, str);
    }

    public ProtonSslEngine createProtonSslEngine(SslDomain sslDomain, SslPeerDetails sslPeerDetails) {
        SSLEngine createAndInitialiseSslEngine = createAndInitialiseSslEngine(sslDomain, sslPeerDetails);
        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine("Created SSL engine: " + engineToString(createAndInitialiseSslEngine));
        }
        return new DefaultSslEngineFacade(createAndInitialiseSslEngine);
    }

    Certificate readCertificate(String str) {
        CertificateFactory certificateFactory;
        FileInputStream fileInputStream;
        Closeable closeable = null;
        try {
            try {
                certificateFactory = CertificateFactory.getInstance("X.509");
                fileInputStream = new FileInputStream(str);
            } catch (Throwable th) {
                th = th;
            }
        } catch (FileNotFoundException e) {
            e = e;
        } catch (CertificateException e2) {
            e = e2;
        }
        try {
            Certificate generateCertificate = certificateFactory.generateCertificate(fileInputStream);
            closeSafely(fileInputStream);
            return generateCertificate;
        } catch (FileNotFoundException e3) {
            e = e3;
            String str2 = "Certificate file not found [" + str + "]";
            _logger.log(Level.SEVERE, str2);
            throw new TransportException(str2, e);
        } catch (CertificateException e4) {
            e = e4;
            String str3 = "Failed to load certificate [" + str + "]";
            _logger.log(Level.SEVERE, str3, (Throwable) e);
            throw new TransportException(str3, e);
        } catch (Throwable th2) {
            th = th2;
            closeable = fileInputStream;
            closeSafely(closeable);
            throw th;
        }
    }

    Collection<? extends Certificate> readCertificates(String str) {
        CertificateFactory certificateFactory;
        FileInputStream fileInputStream;
        Closeable closeable = null;
        try {
            try {
                certificateFactory = CertificateFactory.getInstance("X.509");
                fileInputStream = new FileInputStream(str);
            } catch (Throwable th) {
                th = th;
            }
        } catch (FileNotFoundException e) {
            e = e;
        } catch (CertificateException e2) {
            e = e2;
        }
        try {
            Collection<? extends Certificate> generateCertificates = certificateFactory.generateCertificates(fileInputStream);
            closeSafely(fileInputStream);
            return generateCertificates;
        } catch (FileNotFoundException e3) {
            e = e3;
            String str2 = "Certificates file not found [" + str + "]";
            _logger.log(Level.SEVERE, str2);
            throw new TransportException(str2, e);
        } catch (CertificateException e4) {
            e = e4;
            String str3 = "Failed to load certificates [" + str + "]";
            _logger.log(Level.SEVERE, str3, (Throwable) e);
            throw new TransportException(str3, e);
        } catch (Throwable th2) {
            th = th2;
            closeable = fileInputStream;
            closeSafely(closeable);
            throw th;
        }
    }

    PrivateKey readPrivateKey(String str, String str2) {
        if (bouncyCastleSetupException != null) {
            throw new TransportException("BouncyCastle failed to load", bouncyCastleSetupException);
        }
        Object readPemObject = readPemObject(str);
        try {
            Object newInstance = JcaPEMKeyConverterCons.newInstance(new Object[0]);
            setProvider(newInstance, BouncyCastleProvider.PROVIDER_NAME);
            if (PEMEncryptedKeyPairClass.isInstance(readPemObject)) {
                return ((KeyPair) getKeyPairMethod.invoke(newInstance, decryptKeyPairMethod.invoke(readPemObject, builderMethod.invoke(JcePEMDecryptorProviderBuilderCons.newInstance(new Object[0]), str2.toCharArray())))).getPrivate();
            }
            if (PEMKeyPairClass.isInstance(readPemObject)) {
                return ((KeyPair) getKeyPairMethod.invoke(newInstance, readPemObject)).getPrivate();
            }
            if (PrivateKeyInfoClass.isInstance(readPemObject)) {
                return (PrivateKey) getPrivateKeyMethod.invoke(newInstance, readPemObject);
            }
            String str3 = "Unable to load PrivateKey, Unpexected Object [" + readPemObject.getClass().getName() + "]";
            _logger.log(Level.SEVERE, str3);
            throw new TransportException(str3);
        } catch (IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | SecurityException | InvocationTargetException e) {
            throw new TransportException("Failed to process key file [" + str + "] - " + e.getMessage(), e);
        }
    }

    public void resetCache() {
        this._sslContext = null;
    }
}
