package com.microsoft.azure.sdk.iot.service.auth;

import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Collection;
import java.util.Iterator;
import java.util.Objects;
import java.util.UUID;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:com/microsoft/azure/sdk/iot/service/auth/IotHubSSLContext.class */
public class IotHubSSLContext {
    private final SSLContext sslContext;
    private static final String SSL_CONTEXT_PROTOCOL = "TLSv1.2";
    private static final String CERTIFICATE_TYPE = "X.509";
    private static final String TRUSTED_IOT_HUB_CERT_PREFIX = "trustedIotHubCert-";

    public IotHubSSLContext() {
        try {
            this.sslContext = SSLContext.getInstance(SSL_CONTEXT_PROTOCOL);
            this.sslContext.init(null, null, new SecureRandom());
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new IllegalStateException("Failed to build the default SSLContext instance", e);
        }
    }

    public IotHubSSLContext(SSLContext sSLContext) {
        Objects.requireNonNull(sSLContext);
        this.sslContext = sSLContext;
    }

    public SSLContext getSSLContext() {
        return this.sslContext;
    }

    public static SSLContext getSSLContextFromString(String str) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("The provided certificate string cannot be null or empty");
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8));
        Throwable th = null;
        try {
            SSLContext sSLContextFromStream = getSSLContextFromStream(byteArrayInputStream);
            if (byteArrayInputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    byteArrayInputStream.close();
                }
            }
            return sSLContextFromStream;
        } catch (Throwable th3) {
            if (byteArrayInputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    byteArrayInputStream.close();
                }
            }
            throw th3;
        }
    }

    public static SSLContext getSSLContextFromFile(String str) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("The provided certificate path string cannot be null or empty");
        }
        FileInputStream fileInputStream = new FileInputStream(str);
        Throwable th = null;
        try {
            SSLContext sSLContextFromStream = getSSLContextFromStream(fileInputStream);
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            return sSLContextFromStream;
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    private static SSLContext getSSLContextFromStream(InputStream inputStream) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
        TrustManagerFactory generateTrustManagerFactory = generateTrustManagerFactory(CertificateFactory.getInstance(CERTIFICATE_TYPE).generateCertificates(inputStream));
        SSLContext sSLContext = SSLContext.getInstance(SSL_CONTEXT_PROTOCOL);
        sSLContext.init(null, generateTrustManagerFactory.getTrustManagers(), new SecureRandom());
        return sSLContext;
    }

    private static TrustManagerFactory generateTrustManagerFactory(Collection<? extends Certificate> collection) throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        Iterator<? extends Certificate> it = collection.iterator();
        while (it.hasNext()) {
            keyStore.setCertificateEntry(TRUSTED_IOT_HUB_CERT_PREFIX + UUID.randomUUID(), it.next());
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }
}
