package net.solarnetwork.service.support;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.util.Enumeration;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import net.solarnetwork.io.DecompressingResource;
import net.solarnetwork.service.CertificateException;
import net.solarnetwork.service.SSLService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/solarnetwork/service/support/ConfigurableSSLService.class */
public class ConfigurableSSLService implements SSLService {
    public static final String DEFAULT_KEY_STORE_PATH = "conf/tls/keystore.jks";
    public static final String DEFAULT_TRUST_STORE_PATH = "conf/tls/trust.jks";
    public static final String DEFAULT_PASSWORD = "changeit";
    private SSLSocketFactory socketFactory;
    private String keyStorePath = DEFAULT_KEY_STORE_PATH;
    private String keyStorePassword = DEFAULT_PASSWORD;
    private String trustStorePath = DEFAULT_TRUST_STORE_PATH;
    private String trustStorePassword = DEFAULT_PASSWORD;
    private String jreTrustStorePassword = DEFAULT_PASSWORD;
    protected final Logger log = LoggerFactory.getLogger(getClass());

    public static final KeyStore loadKeyStore(String str, InputStream inputStream, String str2) {
        if (str2 == null) {
            str2 = DecompressingResource.NO_KNOWN_COMPRESSION_TYPE;
        }
        try {
            try {
                try {
                    KeyStore keyStore = KeyStore.getInstance(str);
                    keyStore.load(inputStream, str2 != null ? str2.toCharArray() : null);
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e) {
                        }
                    }
                    return keyStore;
                } catch (GeneralSecurityException e2) {
                    throw new CertificateException("Error loading certificate key store", e2);
                }
            } catch (IOException e3) {
                throw new CertificateException(e3.getCause() instanceof UnrecoverableKeyException ? "Invalid password loading key store" : "Error loading certificate key store", e3);
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e4) {
                }
            }
            throw th;
        }
    }

    public static final void saveKeyStore(KeyStore keyStore, String str, OutputStream outputStream) {
        if (str == null) {
            str = DecompressingResource.NO_KNOWN_COMPRESSION_TYPE;
        }
        try {
            try {
                try {
                    keyStore.store(outputStream, str.toCharArray());
                    if (outputStream != null) {
                        try {
                            outputStream.flush();
                            outputStream.close();
                        } catch (IOException e) {
                            throw new CertificateException("Error closing KeyStore stream", e);
                        }
                    }
                } catch (Throwable th) {
                    if (outputStream != null) {
                        try {
                            outputStream.flush();
                            outputStream.close();
                        } catch (IOException e2) {
                            throw new CertificateException("Error closing KeyStore stream", e2);
                        }
                    }
                    throw th;
                }
            } catch (KeyStoreException e3) {
                throw new CertificateException("Error saving certificate key store", e3);
            } catch (NoSuchAlgorithmException e4) {
                throw new CertificateException("Error saving certificate key store", e4);
            }
        } catch (IOException e5) {
            throw new CertificateException("Error saving certificate key store", e5);
        } catch (java.security.cert.CertificateException e6) {
            throw new CertificateException("Error saving certificate key store", e6);
        }
    }

    protected synchronized KeyStore loadKeyStore() {
        File file = new File(this.keyStorePath);
        BufferedInputStream bufferedInputStream = null;
        String keyStorePassword = getKeyStorePassword();
        try {
            if (file.isFile()) {
                bufferedInputStream = new BufferedInputStream(new FileInputStream(file));
            }
            return loadKeyStore(KeyStore.getDefaultType(), bufferedInputStream, keyStorePassword);
        } catch (IOException e) {
            throw new CertificateException("Error opening file " + this.keyStorePath, e);
        }
    }

    protected synchronized KeyStore loadTrustStore() {
        File file = new File(System.getProperty("java.home"), "lib/security/cacerts");
        BufferedInputStream bufferedInputStream = null;
        if (file.canRead()) {
            try {
                bufferedInputStream = new BufferedInputStream(new FileInputStream(file));
            } catch (FileNotFoundException e) {
            }
        }
        KeyStore loadKeyStore = loadKeyStore(KeyStore.getDefaultType(), bufferedInputStream, this.jreTrustStorePassword);
        File file2 = new File(this.trustStorePath);
        if (file2.canRead()) {
            try {
                KeyStore loadKeyStore2 = loadKeyStore(KeyStore.getDefaultType(), new BufferedInputStream(new FileInputStream(file2)), this.trustStorePassword);
                Enumeration<String> aliases = loadKeyStore2.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    Certificate certificate = loadKeyStore2.getCertificate(nextElement);
                    if (certificate != null) {
                        loadKeyStore.setCertificateEntry(nextElement, certificate);
                    }
                }
            } catch (FileNotFoundException e2) {
            } catch (KeyStoreException e3) {
                this.log.warn("Error processing trusted certs in {}: {}", file2, e3.getMessage());
            }
        }
        return loadKeyStore;
    }

    protected synchronized void resetSocketFactory() {
        this.socketFactory = null;
    }

    @Override // net.solarnetwork.service.SSLService
    public TrustManagerFactory getTrustManagerFactory() {
        KeyStore loadTrustStore = loadTrustStore();
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
            trustManagerFactory.init(loadTrustStore);
            return trustManagerFactory;
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new CertificateException("Error creating TrustManagerFactory: " + e.toString(), e);
        }
    }

    @Override // net.solarnetwork.service.SSLService
    public KeyManagerFactory getKeyManagerFactory() {
        try {
            if (!new File(this.keyStorePath).isFile()) {
                return null;
            }
            KeyStore loadKeyStore = loadKeyStore();
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(loadKeyStore, getKeyStorePassword().toCharArray());
            return keyManagerFactory;
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new CertificateException("Error creating KeyManagerFactory: " + e.toString(), e);
        }
    }

    @Override // net.solarnetwork.service.SSLService
    public synchronized SSLSocketFactory getSSLSocketFactory() {
        if (this.socketFactory == null) {
            try {
                X509TrustManager x509TrustManager = null;
                TrustManager[] trustManagers = getTrustManagerFactory().getTrustManagers();
                int length = trustManagers.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    TrustManager trustManager = trustManagers[i];
                    if (trustManager instanceof X509TrustManager) {
                        x509TrustManager = (X509TrustManager) trustManager;
                        break;
                    }
                    i++;
                }
                if (x509TrustManager == null) {
                    throw new CertificateException("No X509 TrustManager available");
                }
                KeyManager[] keyManagerArr = null;
                KeyManagerFactory keyManagerFactory = getKeyManagerFactory();
                if (keyManagerFactory != null) {
                    for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
                        if (keyManager instanceof X509KeyManager) {
                            keyManagerArr = new KeyManager[]{keyManager};
                        }
                    }
                }
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(keyManagerArr, new TrustManager[]{x509TrustManager}, null);
                this.socketFactory = sSLContext.getSocketFactory();
            } catch (KeyManagementException e) {
                throw new CertificateException("Error creating SSLContext", e);
            } catch (NoSuchAlgorithmException e2) {
                throw new CertificateException("Error creating SSLContext", e2);
            }
        }
        return this.socketFactory;
    }

    public String getKeyStorePath() {
        return this.keyStorePath;
    }

    public void setKeyStorePath(String str) {
        this.keyStorePath = str;
    }

    public String getTrustStorePath() {
        return this.trustStorePath;
    }

    public void setTrustStorePath(String str) {
        this.trustStorePath = str;
    }

    protected String getTrustStorePassword() {
        return this.trustStorePassword;
    }

    public void setTrustStorePassword(String str) {
        this.trustStorePassword = str;
    }

    protected String getJreTrustStorePassword() {
        return this.jreTrustStorePassword;
    }

    public void setJreTrustStorePassword(String str) {
        this.jreTrustStorePassword = str;
    }

    protected String getKeyStorePassword() {
        String str = this.keyStorePassword;
        return (str == null || str.length() <= 0) ? DecompressingResource.NO_KNOWN_COMPRESSION_TYPE : str;
    }

    public void setKeyStorePassword(String str) {
        this.keyStorePassword = str;
    }
}
