package eu.cec.digit.ecas.util.httpclient.protocol;

import eu.cec.digit.ecas.util.httpclient.protocol.bouncycastle.JsseCipherSuite;
import eu.cec.digit.ecas.util.httpclient.protocol.bouncycastle.JsseHashAlgorithm;
import eu.cec.digit.ecas.util.httpclient.protocol.bouncycastle.JsseNamedCurve;
import eu.cec.digit.ecas.util.httpclient.protocol.bouncycastle.JsseProtocolVersion;
import eu.cec.digit.ecas.util.httpclient.protocol.bouncycastle.JsseSignatureAlgorithm;
import eu.cec.digit.ecas.util.httpclient.protocol.bouncycastle.StandardNamesTlsSocketFactory;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Enumeration;
import javax.net.ssl.SSLSocketFactory;

/* loaded from: input_file:eu/cec/digit/ecas/util/httpclient/protocol/SecureTlsSocketFactory.class */
public final class SecureTlsSocketFactory {
    private static StandardNamesTlsSocketFactory.Builder newBuilder(KeyStore keyStore, char[] cArr, KeyStore keyStore2) throws KeyStoreException {
        PrivateKey privateKey = null;
        X509Certificate[] x509CertificateArr = null;
        if (null != keyStore) {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement)) {
                    try {
                        Key key = keyStore.getKey(nextElement, cArr);
                        if (key instanceof PrivateKey) {
                            privateKey = (PrivateKey) key;
                            Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                            if (certificateChain instanceof X509Certificate[]) {
                                x509CertificateArr = (X509Certificate[]) certificateChain;
                            } else {
                                x509CertificateArr = new X509Certificate[certificateChain.length];
                                for (int i = 0; i < certificateChain.length; i++) {
                                    x509CertificateArr[i] = (X509Certificate) certificateChain[i];
                                }
                            }
                        }
                    } catch (NoSuchAlgorithmException e) {
                        throw new KeyStoreException("Unable to recover key \"" + nextElement + "\" from identityKeyStore: " + e, e);
                    } catch (UnrecoverableKeyException e2) {
                    }
                }
            }
        }
        return newBuilder(null != keyStore2 ? TrustStoreUtil.getAllCertificatesFromTrustStore(keyStore2) : null, privateKey, x509CertificateArr);
    }

    private static StandardNamesTlsSocketFactory.Builder newBuilder(Collection<X509Certificate> collection, PrivateKey privateKey, X509Certificate... x509CertificateArr) {
        StandardNamesTlsSocketFactory.Builder builder = new StandardNamesTlsSocketFactory.Builder();
        if (null == collection) {
            collection = TrustStoreUtil.getDefaultTrustedCertificates();
        }
        builder.trustedCertificates(collection);
        builder.identityPrivateKey(privateKey);
        builder.identityCertificateChain(x509CertificateArr);
        return builder;
    }

    private static SSLSocketFactory newLaxSslSocketFactory(StandardNamesTlsSocketFactory.Builder builder, boolean z, JsseProtocolVersion... jsseProtocolVersionArr) {
        builder.enabledCipherSuites(JsseCipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, JsseCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, JsseCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM, JsseCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, JsseCipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, JsseCipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, JsseCipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, JsseCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, JsseCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM, JsseCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, JsseCipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, JsseCipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, JsseCipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, JsseCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, JsseCipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, JsseCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, JsseCipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA, JsseCipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA);
        builder.enabledProtocols(jsseProtocolVersionArr);
        builder.enabledHashAlgorithms(JsseHashAlgorithm.SHA512, JsseHashAlgorithm.SHA384, JsseHashAlgorithm.SHA256);
        builder.enabledSignatureAlgorithms(JsseSignatureAlgorithm.RSA, JsseSignatureAlgorithm.ECDSA, JsseSignatureAlgorithm.DSA);
        builder.enabledNamedCurves(JsseNamedCurve.getAllNamedCurves());
        builder.acceptInsecureRenegotiation(z);
        return builder.build();
    }

    public static SSLSocketFactory newLaxSslSocketFactory(KeyStore keyStore, char[] cArr, KeyStore keyStore2, boolean z, JsseProtocolVersion... jsseProtocolVersionArr) throws KeyStoreException {
        return newLaxSslSocketFactory(newBuilder(keyStore, cArr, keyStore2), z, jsseProtocolVersionArr);
    }

    public static SSLSocketFactory newLaxSslSocketFactory(Collection<X509Certificate> collection, PrivateKey privateKey, X509Certificate[] x509CertificateArr, boolean z, JsseProtocolVersion... jsseProtocolVersionArr) {
        return newLaxSslSocketFactory(newBuilder(collection, privateKey, x509CertificateArr), z, jsseProtocolVersionArr);
    }

    public static SSLSocketFactory newLaxSslSocketFactoryWithDefaultTrust() {
        return newLaxSslSocketFactoryWithDefaultTrust((PrivateKey) null, (X509Certificate[]) null);
    }

    public static SSLSocketFactory newLaxSslSocketFactoryWithDefaultTrust(KeyStore keyStore, char[] cArr) throws KeyStoreException {
        return newLaxSslSocketFactory(keyStore, cArr, (KeyStore) null, true, JsseProtocolVersion.TLSv1_2, JsseProtocolVersion.TLSv1_1, JsseProtocolVersion.TLSv1);
    }

    public static SSLSocketFactory newLaxSslSocketFactoryWithDefaultTrust(PrivateKey privateKey, X509Certificate... x509CertificateArr) {
        return newLaxSslSocketFactory((Collection<X509Certificate>) null, privateKey, x509CertificateArr, true, JsseProtocolVersion.TLSv1_2, JsseProtocolVersion.TLSv1_1, JsseProtocolVersion.TLSv1);
    }

    public static SSLSocketFactory newLaxTLSv10SocketFactory(Collection<X509Certificate> collection, PrivateKey privateKey, X509Certificate... x509CertificateArr) {
        return newLaxSslSocketFactory(newBuilder(collection, privateKey, x509CertificateArr), true, JsseProtocolVersion.TLSv1);
    }

    public static SSLSocketFactory newLaxTLSv10SocketFactoryWithDefaultTrust() {
        return newLaxTLSv10SocketFactory(null, null, (X509Certificate[]) null);
    }

    public static SSLSocketFactory newLaxTLSv1SocketFactoryWithDefaultTrust() {
        return newLaxSslSocketFactory(newBuilder((Collection<X509Certificate>) null, (PrivateKey) null, (X509Certificate[]) null), true, JsseProtocolVersion.TLSv1);
    }

    private static SSLSocketFactory newTls12SocketFactory(StandardNamesTlsSocketFactory.Builder builder) {
        builder.enabledCipherSuites(JsseCipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, JsseCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, JsseCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM, JsseCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, JsseCipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, JsseCipherSuite.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384);
        builder.enabledProtocols(JsseProtocolVersion.TLSv1_2);
        builder.enabledHashAlgorithms(JsseHashAlgorithm.SHA512, JsseHashAlgorithm.SHA384, JsseHashAlgorithm.SHA256);
        builder.enabledSignatureAlgorithms(JsseSignatureAlgorithm.RSA, JsseSignatureAlgorithm.ECDSA, JsseSignatureAlgorithm.DSA);
        builder.enabledNamedCurves(JsseNamedCurve.SECT571R1, JsseNamedCurve.SECT571K1, JsseNamedCurve.SECP521R1, JsseNamedCurve.SECT409R1, JsseNamedCurve.SECT409K1, JsseNamedCurve.SECP384R1, JsseNamedCurve.SECT283K1, JsseNamedCurve.SECT283R1, JsseNamedCurve.SECP256R1, JsseNamedCurve.SECP256K1);
        return builder.build();
    }

    public static SSLSocketFactory newTls12SocketFactory(KeyStore keyStore, char[] cArr, KeyStore keyStore2) throws KeyStoreException {
        return newTls12SocketFactory(newBuilder(keyStore, cArr, keyStore2));
    }

    public static SSLSocketFactory newTls12SocketFactory(Collection<X509Certificate> collection, PrivateKey privateKey, X509Certificate... x509CertificateArr) {
        return newTls12SocketFactory(newBuilder(collection, privateKey, x509CertificateArr));
    }

    public static SSLSocketFactory newTls12SocketFactoryWithDefaultTrust() {
        return newTls12SocketFactoryWithDefaultTrust((PrivateKey) null, (X509Certificate[]) null);
    }

    public static SSLSocketFactory newTls12SocketFactoryWithDefaultTrust(KeyStore keyStore, char[] cArr) throws KeyStoreException {
        return newTls12SocketFactory(keyStore, cArr, (KeyStore) null);
    }

    public static SSLSocketFactory newTls12SocketFactoryWithDefaultTrust(PrivateKey privateKey, X509Certificate... x509CertificateArr) {
        return newTls12SocketFactory((Collection<X509Certificate>) null, privateKey, x509CertificateArr);
    }

    private SecureTlsSocketFactory() {
    }
}
