package eu.cec.digit.ecas.util.httpclient.protocol;

import eu.cec.digit.ecas.client.logging.Logger;
import eu.cec.digit.ecas.client.resolver.container.ContainerResolver;
import eu.cec.digit.ecas.client.resolver.container.ContainerResolverFactory;
import eu.cec.digit.ecas.client.resolver.logging.LoggerFactory;
import java.net.InetAddress;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;

/* loaded from: input_file:eu/cec/digit/ecas/util/httpclient/protocol/EmbeddedTwoWaySSLSocketFactory.class */
public final class EmbeddedTwoWaySSLSocketFactory extends AbstractEmbeddedSSLSocketFactory {
    private static final Logger LOG = LoggerFactory.getInstance().getLogger(EmbeddedTwoWaySSLSocketFactory.class);
    private TrustManager[] trustManagers;
    private KeyManager[] keyManagers;

    public EmbeddedTwoWaySSLSocketFactory(KeyStore keyStore, String str, char[] cArr) {
        this(null, keyStore, str, cArr);
    }

    public EmbeddedTwoWaySSLSocketFactory(List<X509Certificate> list, KeyStore keyStore, String str, char[] cArr) {
        this.trustManagers = initTrustStore(list);
        initKeyManagers(keyStore, str, cArr);
    }

    private void initKeyManagers(KeyStore keyStore, final String str, char[] cArr) {
        char[] cArr2 = (char[]) cArr.clone();
        try {
            try {
                final Certificate[] certificateChain = keyStore.getCertificateChain(str);
                final PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, cArr2);
                Arrays.fill(cArr2, (char) 0);
                try {
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                    KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore2.load(null, null);
                    char[] cArr3 = {'S', 'e', 's', 'a', 'm', 'e', '2', '0', '0', '1'};
                    keyStore2.setKeyEntry(str, privateKey, (char[]) cArr3.clone(), certificateChain);
                    keyManagerFactory.init(keyStore2, (char[]) cArr3.clone());
                    this.keyManagers = keyManagerFactory.getKeyManagers();
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("SunX509 KeyManagerFactory initialized: " + Arrays.asList(this.keyManagers));
                    }
                } catch (Exception e) {
                    if (LOG.isWarnEnabled()) {
                        LOG.warn("SunX509 KeyManagerFactory has an issue with specified keystore: " + e, e);
                    }
                    try {
                        this.keyManagers = new KeyManager[]{new X509ExtendedKeyManager() { // from class: eu.cec.digit.ecas.util.httpclient.protocol.EmbeddedTwoWaySSLSocketFactory.1
                            @Override // javax.net.ssl.X509KeyManager
                            public String[] getClientAliases(String str2, Principal[] principalArr) {
                                return new String[]{str};
                            }

                            @Override // javax.net.ssl.X509KeyManager
                            public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
                                return str;
                            }

                            @Override // javax.net.ssl.X509KeyManager
                            public String[] getServerAliases(String str2, Principal[] principalArr) {
                                throw new UnsupportedOperationException("This SSLSocketFactory cannot be used by a server, only by a client");
                            }

                            @Override // javax.net.ssl.X509KeyManager
                            public String chooseServerAlias(String str2, Principal[] principalArr, Socket socket) {
                                throw new UnsupportedOperationException("This SSLSocketFactory cannot be used by a server, only by a client");
                            }

                            @Override // javax.net.ssl.X509KeyManager
                            public X509Certificate[] getCertificateChain(String str2) {
                                if (certificateChain instanceof X509Certificate[]) {
                                    return (X509Certificate[]) certificateChain;
                                }
                                X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
                                for (int i = 0; i < certificateChain.length; i++) {
                                    x509CertificateArr[i] = (X509Certificate) certificateChain[i];
                                }
                                return x509CertificateArr;
                            }

                            @Override // javax.net.ssl.X509KeyManager
                            public PrivateKey getPrivateKey(String str2) {
                                return privateKey;
                            }

                            @Override // javax.net.ssl.X509ExtendedKeyManager
                            public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
                                return str;
                            }

                            @Override // javax.net.ssl.X509ExtendedKeyManager
                            public String chooseEngineServerAlias(String str2, Principal[] principalArr, SSLEngine sSLEngine) {
                                throw new UnsupportedOperationException("This SSLSocketFactory cannot be used by a server, only by a client");
                            }
                        }};
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Custom X509ExtendedKeyManager created: " + Arrays.asList(this.keyManagers));
                        }
                    } catch (Exception e2) {
                        if (LOG.isErrorEnabled()) {
                            LOG.error("Unable to load private key from specified keystore: " + e2, e2);
                        }
                        throw new IllegalStateException(e2);
                    }
                }
            } catch (GeneralSecurityException e3) {
                throw new IllegalStateException("Could not load private key: " + e3, e3);
            }
        } catch (Throwable th) {
            Arrays.fill(cArr2, (char) 0);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // eu.cec.digit.ecas.util.httpclient.protocol.AbstractEmbeddedSSLSocketFactory
    public KeyManager[] getKeyManagers() {
        return this.keyManagers;
    }

    @Override // eu.cec.digit.ecas.util.httpclient.protocol.AbstractEmbeddedSSLSocketFactory
    TrustManager[] getTrustManagers() {
        return this.trustManagers;
    }

    @Override // eu.cec.digit.ecas.util.httpclient.protocol.AbstractEmbeddedSSLSocketFactory
    public InetAddress getLocalAddress() {
        return null;
    }

    @Override // eu.cec.digit.ecas.util.httpclient.protocol.AbstractEmbeddedSSLSocketFactory
    public Map<String, ?> getServerDetails() {
        ContainerResolver resolver = ContainerResolverFactory.getInstance().getResolver();
        String containerName = resolver.getContainerName();
        HashMap hashMap = null;
        if (null != containerName) {
            hashMap = new HashMap();
            hashMap.put(containerName, resolver.getContainerVersion());
        }
        return hashMap;
    }

    @Override // eu.cec.digit.ecas.util.httpclient.protocol.AbstractEmbeddedSSLSocketFactory
    public SSLSocketFactoryWrapper getSSLSocketFactory() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLSv1");
            sSLContext.init(this.keyManagers, this.trustManagers, null);
            return new SSLSocketFactoryWrapper(sSLContext.getSocketFactory(), (InetAddress) null);
        } catch (KeyManagementException e) {
            throw new IllegalStateException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException(e2);
        } catch (Exception e3) {
            throw new IllegalStateException(e3);
        }
    }
}
