package dk.netarkivet.common.utils;

import dk.netarkivet.common.CommonSettings;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.bitrepository.protocol.security.SecurityModuleConstants;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dk/netarkivet/common/utils/BasicTwoWaySSLProvider.class */
public class BasicTwoWaySSLProvider {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) BasicTwoWaySSLProvider.class);
    private final String defaultPassword = "123456";
    private SSLContext sslContext;
    private KeyStore keyStore;

    public BasicTwoWaySSLProvider(String str) {
        Security.addProvider(new BouncyCastleProvider());
        try {
            this.keyStore = loadSystemTrustStore();
            loadPrivateKey(str);
            buildSSLContext();
        } catch (Exception e) {
            log.error("Failed setting up SSL.", (Throwable) e);
        }
    }

    private KeyStore loadSystemTrustStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = null;
        String str = Settings.get(CommonSettings.ACCESS_TRUSTSTORE_PATH);
        if (str != null) {
            File file = new File(str);
            if (file.isFile() && file.canRead()) {
                keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                String str2 = Settings.get(CommonSettings.TRUSTSTORE_PASSWORD);
                FileInputStream fileInputStream = new FileInputStream(file);
                try {
                    keyStore.load(fileInputStream, str2.toCharArray());
                    fileInputStream.close();
                } catch (Throwable th) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            }
        }
        return keyStore;
    }

    private void loadPrivateKey(String str) throws IOException, KeyStoreException, CertificateException {
        PrivateKey privateKey = null;
        X509Certificate x509Certificate = null;
        if (str == null || !new File(str).isFile()) {
            log.info("Key file '" + str + "' with private key and certificate does not exist!");
            return;
        }
        PEMParser pEMParser = new PEMParser(new BufferedReader(new FileReader(str)));
        Object readObject = pEMParser.readObject();
        while (true) {
            Object obj = readObject;
            if (obj == null) {
                break;
            }
            if (obj instanceof X509Certificate) {
                log.debug("Certificate for PrivateKeyEntry found");
                x509Certificate = (X509Certificate) obj;
            } else if (obj instanceof PrivateKey) {
                log.debug("Key for PrivateKeyEntry found");
                privateKey = (PrivateKey) obj;
            } else if (obj instanceof X509CertificateHolder) {
                log.debug("X509CertificateHolder found");
                x509Certificate = new JcaX509CertificateConverter().setProvider(SecurityModuleConstants.BC).getCertificate((X509CertificateHolder) obj);
            } else if (obj instanceof PrivateKeyInfo) {
                log.debug("PrivateKeyInfo found");
                privateKey = new JcaPEMKeyConverter().getPrivateKey((PrivateKeyInfo) obj);
            } else {
                log.debug("Got something, that we don't (yet) recognize. Class: " + obj.getClass().getSimpleName());
            }
            readObject = pEMParser.readObject();
        }
        pEMParser.close();
        if (privateKey == null || x509Certificate == null) {
            log.info("No material to create private key entry found!");
        } else {
            x509Certificate.checkValidity();
            this.keyStore.setEntry(SecurityModuleConstants.privateKeyAlias, new KeyStore.PrivateKeyEntry(privateKey, new Certificate[]{x509Certificate}), new KeyStore.PasswordProtection("123456".toCharArray()));
        }
    }

    private void buildSSLContext() throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, KeyManagementException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(SecurityModuleConstants.keyTrustStoreAlgorithm);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(SecurityModuleConstants.keyTrustStoreAlgorithm);
        trustManagerFactory.init(this.keyStore);
        keyManagerFactory.init(this.keyStore, "123456".toCharArray());
        this.sslContext = SSLContext.getInstance("TLS");
        this.sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), SecurityModuleConstants.defaultRandom);
    }

    public SSLContext getSSLContext() {
        return this.sslContext;
    }
}
