package com.sonatype.insight.scan.cli;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sonatype/insight/scan/cli/GraalSslContext.class */
public class GraalSslContext {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) GraalSslContext.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sonatype/insight/scan/cli/GraalSslContext$SimpleX509KeyManager.class */
    public static class SimpleX509KeyManager implements X509KeyManager {
        private final X509KeyManager keyManager;

        public SimpleX509KeyManager(KeyStore keyStore, char[] cArr) {
            this.keyManager = createKeyManager(keyStore, cArr);
        }

        private X509KeyManager createKeyManager(KeyStore keyStore, char[] cArr) {
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, cArr);
                return (X509KeyManager) Iterables.getFirst(Iterables.filter(Arrays.asList(keyManagerFactory.getKeyManagers()), X509KeyManager.class), null);
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                GraalSslContext.log.error("Unable to create key manager");
                throw new RuntimeException(e);
            }
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return this.keyManager.getClientAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return this.keyManager.chooseClientAlias(strArr, principalArr, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return this.keyManager.getServerAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return this.keyManager.chooseServerAlias(str, principalArr, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            X509Certificate[] certificateChain = this.keyManager.getCertificateChain(str);
            if (certificateChain == null || certificateChain.length <= 0) {
                return null;
            }
            return certificateChain;
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.keyManager.getPrivateKey(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sonatype/insight/scan/cli/GraalSslContext$SimpleX509TrustManager.class */
    public static class SimpleX509TrustManager implements X509TrustManager {
        private final X509TrustManager trustManager;

        public SimpleX509TrustManager(KeyStore keyStore) {
            this.trustManager = createTrustManager(keyStore);
        }

        private X509TrustManager createTrustManager(KeyStore keyStore) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                return (X509TrustManager) Iterables.getFirst(Iterables.filter(Arrays.asList(trustManagerFactory.getTrustManagers()), X509TrustManager.class), null);
            } catch (KeyStoreException | NoSuchAlgorithmException e) {
                GraalSslContext.log.error("Unable to create trust manager");
                throw new RuntimeException(e);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                this.trustManager.checkClientTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                GraalSslContext.log.error("Certificate exception while checking if client is trusted", (Throwable) e);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                this.trustManager.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                GraalSslContext.log.error("Certificate exception while checking if server is trusted", (Throwable) e);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            ImmutableList.Builder builder = ImmutableList.builder();
            for (X509Certificate x509Certificate : this.trustManager.getAcceptedIssuers()) {
                builder.add((ImmutableList.Builder) x509Certificate);
            }
            return (X509Certificate[]) Iterables.toArray(builder.build(), X509Certificate.class);
        }
    }

    public static void maybeDoCustomSslContext(AbstractParameters abstractParameters) throws ExitException {
        GraalParameters graalParameters = (GraalParameters) abstractParameters;
        if (graalParameters.hasSslParams()) {
            try {
                KeyManager[] keyManager = getKeyManager(graalParameters);
                TrustManager[] trustManager = getTrustManager(graalParameters);
                SSLContext sSLContext = SSLContext.getInstance("SSL");
                sSLContext.init(keyManager, trustManager, null);
                SSLContext.setDefault(sSLContext);
                log.info("Set custom default SSL Context");
            } catch (KeyManagementException | NoSuchAlgorithmException | SSLException e) {
                log.error("Failed to load custom SSL configuration", e);
                throw new ExitException(1);
            }
        }
    }

    private static KeyManager[] getKeyManager(GraalParameters graalParameters) throws SSLException {
        if (graalParameters.getKeyStorePath() == null) {
            return null;
        }
        try {
            char[] storePassword = getStorePassword(graalParameters.getKeyStorePassword());
            KeyStore keyStore = KeyStore.getInstance(getStoreType(graalParameters.getKeyStoreType()));
            keyStore.load(new FileInputStream(graalParameters.getKeyStorePath()), storePassword);
            log.info("Loaded provided custom key store '{}'", graalParameters.getKeyStorePath());
            return new KeyManager[]{new SimpleX509KeyManager(keyStore, storePassword)};
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new SSLException("Error loading custom key store. Check your '--ssl-key-store-*' parameters.", e);
        }
    }

    private static TrustManager[] getTrustManager(GraalParameters graalParameters) throws SSLException {
        if (graalParameters.getTrustStorePath() == null) {
            return null;
        }
        try {
            char[] storePassword = getStorePassword(graalParameters.getTrustStorePassword());
            KeyStore keyStore = KeyStore.getInstance(getStoreType(graalParameters.getTrustStoreType()));
            keyStore.load(new FileInputStream(graalParameters.getTrustStorePath()), storePassword);
            log.info("Loaded provided custom trust store '{}'", graalParameters.getTrustStorePath());
            return new TrustManager[]{new SimpleX509TrustManager(keyStore)};
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new SSLException("Error loading custom trust store. Check your '--ssl-trust-store-*' parameters.", e);
        }
    }

    private static String getStoreType(String str) {
        return str != null ? str : KeyStore.getDefaultType();
    }

    private static char[] getStorePassword(String str) {
        if (str != null) {
            return str.toCharArray();
        }
        return null;
    }
}
