package eu.cec.digit.ecas.util.httpclient.protocol.bouncycastle;

import eu.cec.digit.ecas.client.DesktopUtil;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.net.ssl.SSLSocketFactory;

/* loaded from: input_file:eu/cec/digit/ecas/util/httpclient/protocol/bouncycastle/StandardNamesTlsSocketFactory.class */
public final class StandardNamesTlsSocketFactory extends SSLSocketFactory {
    private final IdentityAndTrust identityAndTrust;
    private final Set<JsseCipherSuite> enabledCipherSuites;
    private final Set<JsseProtocolVersion> enabledProtocols;
    private final Set<JsseHashAlgorithm> enabledHashAlgorithms;
    private final Set<JsseSignatureAlgorithm> enabledSignatureAlgorithms;
    private final Set<JsseNamedCurve> enabledNamedCurves;
    private final boolean acceptInsecureRenegotiation;
    private final StandardNamesTlsSessionContext sslSessionContext;

    /* loaded from: input_file:eu/cec/digit/ecas/util/httpclient/protocol/bouncycastle/StandardNamesTlsSocketFactory$Builder.class */
    public static final class Builder {
        private X509Certificate[] identityCertificateChain;
        private PrivateKey identityPrivateKey;
        private boolean acceptInsecureRenegotiation;
        private final Set<X509Certificate> trustedCertificates = new HashSet();
        private final Set<JsseCipherSuite> enabledCipherSuites = new LinkedHashSet();
        private final Set<JsseProtocolVersion> enabledProtocols = new LinkedHashSet();
        private final Set<JsseHashAlgorithm> enabledHashAlgorithms = new LinkedHashSet();
        private final Set<JsseSignatureAlgorithm> enabledSignatureAlgorithms = new LinkedHashSet();
        private final Set<JsseNamedCurve> enabledNamedCurves = new LinkedHashSet();

        public Builder acceptInsecureRenegotiation(boolean z) {
            this.acceptInsecureRenegotiation = z;
            return this;
        }

        public StandardNamesTlsSocketFactory build() {
            validate();
            StandardNamesTlsSocketFactory standardNamesTlsSocketFactory = new StandardNamesTlsSocketFactory(this);
            this.identityPrivateKey = null;
            return standardNamesTlsSocketFactory;
        }

        private void debugConfig() {
            if (JsseUtil.isJsseDebugEnabled()) {
                System.out.println("TLS client SSLSocketFactory configured to accept the following Cipher Suites: ");
                Iterator<JsseCipherSuite> it = this.enabledCipherSuites.iterator();
                while (it.hasNext()) {
                    System.out.println("\t-Enabled Cipher Suite: " + it.next().getJsseName());
                }
                System.out.println("TLS client SSLSocketFactory configured to accept the following Protocol Versions: ");
                Iterator<JsseProtocolVersion> it2 = this.enabledProtocols.iterator();
                while (it2.hasNext()) {
                    System.out.println("\t-Enabled Protocol Version: " + it2.next().getJsseName());
                }
                System.out.println("TLS client SSLSocketFactory configured to accept the following Hash Algorithms: ");
                Iterator<JsseHashAlgorithm> it3 = this.enabledHashAlgorithms.iterator();
                while (it3.hasNext()) {
                    System.out.println("\t-Enabled Hash Algorithm: " + it3.next().getJsseName());
                }
                System.out.println("TLS client SSLSocketFactory configured to accept the following Signature Algorithms: ");
                Iterator<JsseSignatureAlgorithm> it4 = this.enabledSignatureAlgorithms.iterator();
                while (it4.hasNext()) {
                    System.out.println("\t-Enabled Signature Algorithm: " + it4.next().getJsseName());
                }
                System.out.println("TLS client SSLSocketFactory configured to accept the following Elliptic Curves: ");
                Iterator<JsseNamedCurve> it5 = this.enabledNamedCurves.iterator();
                while (it5.hasNext()) {
                    System.out.println("\t-Enabled Elliptic Curve: " + it5.next().getJsseName());
                }
                if (null != this.identityCertificateChain) {
                    System.out.println("TLS client SSLSocketFactory configured to use the following Client Certificate Chain: ");
                    for (int i = 0; i < this.identityCertificateChain.length; i++) {
                        X509Certificate x509Certificate = this.identityCertificateChain[i];
                        if (i == 0) {
                            System.out.println("\t-Client Certificate:\n" + ((Object) CertificateUtil.appendCertificateDetails(x509Certificate, new StringBuilder(), "\t\t", "\n")));
                        } else {
                            System.out.println("\t-Client Certificate Authority no" + i + ":\n" + ((Object) CertificateUtil.appendCertificateDetails(x509Certificate, new StringBuilder(), "\t\t", "\n")));
                        }
                    }
                }
                if (null != this.identityPrivateKey) {
                    System.out.println("TLS client SSLSocketFactory configured to use a private key for algorithm: " + this.identityPrivateKey.getAlgorithm());
                }
                System.out.println("TLS client SSLSocketFactory configured to trust the following Certificate Authorities: ");
                Iterator<X509Certificate> it6 = this.trustedCertificates.iterator();
                while (it6.hasNext()) {
                    System.out.println("\t-Trusted Certificate:\n" + ((Object) CertificateUtil.appendCertificateDetails(it6.next(), new StringBuilder(), "\t\t", "\n")));
                }
                System.out.println("TLS client SSLSocketFactory configured to " + (this.acceptInsecureRenegotiation ? "accept" : "refuse") + " insecure renegotiation");
            }
        }

        public Builder enabledCipherSuites(JsseCipherSuite... jsseCipherSuiteArr) {
            Collections.addAll(this.enabledCipherSuites, jsseCipherSuiteArr);
            return this;
        }

        public Builder enabledCipherSuites(String... strArr) {
            this.enabledCipherSuites.addAll(JsseCipherSuite.MAPPER.fromNames(strArr));
            return this;
        }

        public Builder enabledHashAlgorithms(JsseHashAlgorithm... jsseHashAlgorithmArr) {
            Collections.addAll(this.enabledHashAlgorithms, jsseHashAlgorithmArr);
            return this;
        }

        public Builder enabledHashAlgorithms(String... strArr) {
            this.enabledHashAlgorithms.addAll(JsseHashAlgorithm.MAPPER.fromNames(strArr));
            return this;
        }

        public Builder enabledNamedCurves(JsseNamedCurve... jsseNamedCurveArr) {
            Collections.addAll(this.enabledNamedCurves, jsseNamedCurveArr);
            return this;
        }

        public Builder enabledNamedCurves(String... strArr) {
            this.enabledNamedCurves.addAll(JsseNamedCurve.MAPPER.fromNames(strArr));
            return this;
        }

        public Builder enabledProtocols(JsseProtocolVersion... jsseProtocolVersionArr) {
            Collections.addAll(this.enabledProtocols, jsseProtocolVersionArr);
            return this;
        }

        public Builder enabledProtocols(String... strArr) {
            this.enabledProtocols.addAll(JsseProtocolVersion.MAPPER.fromNames(strArr));
            return this;
        }

        public Builder enabledSignatureAlgorithms(JsseSignatureAlgorithm... jsseSignatureAlgorithmArr) {
            Collections.addAll(this.enabledSignatureAlgorithms, jsseSignatureAlgorithmArr);
            return this;
        }

        public Builder enabledSignatureAlgorithms(String... strArr) {
            this.enabledSignatureAlgorithms.addAll(JsseSignatureAlgorithm.MAPPER.fromNames(strArr));
            return this;
        }

        public Builder enabledSignatureAndHashAlgorithms(JsseSignatureAndHashAlgorithm... jsseSignatureAndHashAlgorithmArr) {
            for (JsseSignatureAndHashAlgorithm jsseSignatureAndHashAlgorithm : jsseSignatureAndHashAlgorithmArr) {
                this.enabledHashAlgorithms.add(jsseSignatureAndHashAlgorithm.getJsseHashAlgorithm());
                this.enabledSignatureAlgorithms.add(jsseSignatureAndHashAlgorithm.getJsseSignatureAlgorithm());
            }
            return this;
        }

        public Builder enabledSignatureAndHashAlgorithms(String... strArr) {
            for (String str : strArr) {
                JsseSignatureAndHashAlgorithm jsseSignatureAndHashAlgorithm = (JsseSignatureAndHashAlgorithm) JsseSignatureAndHashAlgorithm.MAPPER.fromName(str);
                this.enabledHashAlgorithms.add(jsseSignatureAndHashAlgorithm.getJsseHashAlgorithm());
                this.enabledSignatureAlgorithms.add(jsseSignatureAndHashAlgorithm.getJsseSignatureAlgorithm());
            }
            return this;
        }

        public Builder identityCertificateChain(X509Certificate... x509CertificateArr) {
            if (null != x509CertificateArr) {
                this.identityCertificateChain = (X509Certificate[]) x509CertificateArr.clone();
            }
            return this;
        }

        public Builder identityCertificateChain(String... strArr) throws CertificateException {
            if (null != strArr) {
                this.identityCertificateChain = new X509Certificate[strArr.length];
                for (int i = 0; i < strArr.length; i++) {
                    this.identityCertificateChain[i] = DesktopUtil.stringToCertificate(strArr[i]);
                }
            }
            return this;
        }

        public Builder identityPrivateKey(PrivateKey privateKey) {
            this.identityPrivateKey = privateKey;
            return this;
        }

        private boolean matches(PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
            if (null == privateKey && (null == x509CertificateArr || x509CertificateArr.length == 0)) {
                return true;
            }
            PublicKey publicKey = x509CertificateArr[0].getPublicKey();
            if (!(publicKey instanceof RSAPublicKey)) {
                return true;
            }
            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) privateKey;
            RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
            if (!rSAPrivateKey.getModulus().equals(rSAPublicKey.getModulus())) {
                return false;
            }
            BigInteger bigInteger = new BigInteger("47");
            return bigInteger.modPow(rSAPublicKey.getPublicExponent(), rSAPublicKey.getModulus()).modPow(rSAPrivateKey.getPrivateExponent(), rSAPrivateKey.getModulus()).equals(bigInteger);
        }

        public Builder trustedCertificates(X509Certificate... x509CertificateArr) {
            Collections.addAll(this.trustedCertificates, x509CertificateArr);
            return this;
        }

        public Builder trustedCertificates(Collection<X509Certificate> collection) {
            this.trustedCertificates.addAll(collection);
            return this;
        }

        public Builder trustedCertificates(String... strArr) throws CertificateException {
            for (String str : strArr) {
                this.trustedCertificates.add(DesktopUtil.stringToCertificate(str));
            }
            return this;
        }

        private void validate() throws IllegalArgumentException {
            if (this.trustedCertificates.isEmpty()) {
                throw new IllegalArgumentException("trustedCertificates cannot be empty");
            }
            if (this.enabledCipherSuites.isEmpty()) {
                throw new IllegalArgumentException("enabledCipherSuites cannot be empty");
            }
            if (this.enabledProtocols.isEmpty()) {
                throw new IllegalArgumentException("enabledProtocols cannot be empty");
            }
            if (this.enabledHashAlgorithms.isEmpty()) {
                throw new IllegalArgumentException("enabledHashAlgorithms cannot be empty");
            }
            if (this.enabledSignatureAlgorithms.isEmpty()) {
                throw new IllegalArgumentException("enabledSignatureAlgorithms cannot be empty");
            }
            if (this.enabledNamedCurves.isEmpty()) {
                this.enabledNamedCurves.add(JsseNamedCurve.SECP256R1);
                this.enabledNamedCurves.add(JsseNamedCurve.SECP384R1);
            }
            if ((null != this.identityPrivateKey && (null == this.identityCertificateChain || this.identityCertificateChain.length == 0)) || (null == this.identityPrivateKey && null != this.identityCertificateChain && this.identityCertificateChain.length > 0)) {
                throw new IllegalArgumentException("identityPrivateKey and identityCertificateChain do not match");
            }
            if (!matches(this.identityPrivateKey, this.identityCertificateChain)) {
                throw new IllegalArgumentException("Identity Key is not the private key of given identity certificate");
            }
            debugConfig();
        }
    }

    private StandardNamesTlsSocketFactory(Builder builder) {
        this.identityAndTrust = new IdentityAndTrust(builder.trustedCertificates, builder.identityCertificateChain, builder.identityPrivateKey);
        this.enabledCipherSuites = Collections.unmodifiableSet(builder.enabledCipherSuites);
        this.enabledProtocols = Collections.unmodifiableSet(builder.enabledProtocols);
        this.enabledHashAlgorithms = Collections.unmodifiableSet(builder.enabledHashAlgorithms);
        this.enabledSignatureAlgorithms = Collections.unmodifiableSet(builder.enabledSignatureAlgorithms);
        this.enabledNamedCurves = Collections.unmodifiableSet(builder.enabledNamedCurves);
        this.acceptInsecureRenegotiation = builder.acceptInsecureRenegotiation;
        this.sslSessionContext = new StandardNamesTlsSessionContext();
    }

    @Override // javax.net.SocketFactory
    public final Socket createSocket() {
        return new StandardNamesTlsSocket(this.identityAndTrust, this.enabledCipherSuites, this.enabledProtocols, this.enabledHashAlgorithms, this.enabledSignatureAlgorithms, this.enabledNamedCurves, this.acceptInsecureRenegotiation, this.sslSessionContext);
    }

    @Override // javax.net.SocketFactory
    public final Socket createSocket(String str, int i) throws IOException, UnknownHostException {
        return new StandardNamesTlsSocket(this.identityAndTrust, this.enabledCipherSuites, this.enabledProtocols, this.enabledHashAlgorithms, this.enabledSignatureAlgorithms, this.enabledNamedCurves, this.acceptInsecureRenegotiation, this.sslSessionContext, str, i);
    }

    @Override // javax.net.SocketFactory
    public final Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        return new StandardNamesTlsSocket(this.identityAndTrust, this.enabledCipherSuites, this.enabledProtocols, this.enabledHashAlgorithms, this.enabledSignatureAlgorithms, this.enabledNamedCurves, this.acceptInsecureRenegotiation, this.sslSessionContext, inetAddress, i);
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public final Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
        StandardNamesTlsSocket standardNamesTlsSocket = new StandardNamesTlsSocket(this.identityAndTrust, this.enabledCipherSuites, this.enabledProtocols, this.enabledHashAlgorithms, this.enabledSignatureAlgorithms, this.enabledNamedCurves, this.acceptInsecureRenegotiation, this.sslSessionContext, socket);
        if (standardNamesTlsSocket.isConnected()) {
            standardNamesTlsSocket.applySecurityLayer();
        } else {
            standardNamesTlsSocket.connect(new InetSocketAddress(str, i));
        }
        return standardNamesTlsSocket;
    }

    @Override // javax.net.SocketFactory
    public final Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
        return new StandardNamesTlsSocket(this.identityAndTrust, this.enabledCipherSuites, this.enabledProtocols, this.enabledHashAlgorithms, this.enabledSignatureAlgorithms, this.enabledNamedCurves, this.acceptInsecureRenegotiation, this.sslSessionContext, str, i, inetAddress, i2);
    }

    @Override // javax.net.SocketFactory
    public final Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        return new StandardNamesTlsSocket(this.identityAndTrust, this.enabledCipherSuites, this.enabledProtocols, this.enabledHashAlgorithms, this.enabledSignatureAlgorithms, this.enabledNamedCurves, this.acceptInsecureRenegotiation, this.sslSessionContext, inetAddress, i, inetAddress2, i2);
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public final String[] getDefaultCipherSuites() {
        return JsseMapper.toJsseNames(this.enabledCipherSuites);
    }

    public final Set<String> getEnabledProtocolSet() {
        return JsseMapper.toJsseNameSet(this.enabledProtocols);
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public final String[] getSupportedCipherSuites() {
        return getDefaultCipherSuites();
    }

    public final String[] getSupportedProtocols() {
        return JsseMapper.toJsseNames(this.enabledProtocols);
    }
}
