package org.jclouds.docker.suppliers;

import com.google.common.base.Charsets;
import com.google.common.base.Preconditions;
import com.google.common.base.Supplier;
import com.google.common.base.Throwables;
import com.google.common.io.Files;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.StringReader;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.jclouds.domain.Credentials;
import org.jclouds.http.HttpUtils;
import org.jclouds.http.config.SSLModule;
import org.jclouds.location.Provider;

@Singleton
/* loaded from: input_file:org/jclouds/docker/suppliers/SSLContextWithKeysSupplier.class */
public class SSLContextWithKeysSupplier implements Supplier<SSLContext> {
    private final TrustManager[] trustManager;
    private final Supplier<Credentials> creds;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jclouds/docker/suppliers/SSLContextWithKeysSupplier$InMemoryKeyManager.class */
    public static class InMemoryKeyManager extends X509ExtendedKeyManager {
        private static final String DEFAULT_ALIAS = "docker";
        private final X509Certificate certificate;
        private final PrivateKey privateKey;

        public InMemoryKeyManager(X509Certificate x509Certificate, PrivateKey privateKey) throws IOException, CertificateException {
            this.certificate = x509Certificate;
            this.privateKey = privateKey;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return DEFAULT_ALIAS;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return DEFAULT_ALIAS;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return new X509Certificate[]{this.certificate};
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return new String[]{DEFAULT_ALIAS};
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.privateKey;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return new String[]{DEFAULT_ALIAS};
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Inject
    SSLContextWithKeysSupplier(@Provider Supplier<Credentials> supplier, HttpUtils httpUtils, SSLModule.TrustAllCerts trustAllCerts) {
        this.trustManager = httpUtils.trustAllCerts() ? new TrustManager[]{trustAllCerts} : null;
        this.creds = supplier;
    }

    /* renamed from: get, reason: merged with bridge method [inline-methods] */
    public SSLContext m40get() {
        Credentials credentials = (Credentials) Preconditions.checkNotNull(this.creds.get(), "credential supplier returned null");
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(new KeyManager[]{new InMemoryKeyManager(getCertificate(loadFile(credentials.identity)), getKey(loadFile(credentials.credential)))}, this.trustManager, new SecureRandom());
            return sSLContext;
        } catch (IOException e) {
            throw Throwables.propagate(e);
        } catch (KeyManagementException e2) {
            throw Throwables.propagate(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw Throwables.propagate(e3);
        } catch (CertificateException e4) {
            throw Throwables.propagate(e4);
        }
    }

    private static X509Certificate getCertificate(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes(Charsets.UTF_8)));
        } catch (CertificateException e) {
            throw new RuntimeException("Invalid certificate", e);
        }
    }

    private static PrivateKey getKey(String str) {
        try {
            Object readObject = new PEMParser(new StringReader(str)).readObject();
            if (Security.getProvider("BC") == null) {
                Security.addProvider(new BouncyCastleProvider());
            }
            return new JcaPEMKeyConverter().setProvider("BC").getKeyPair((PEMKeyPair) readObject).getPrivate();
        } catch (IOException e) {
            throw new RuntimeException("Invalid private key", e);
        }
    }

    private static String loadFile(String str) throws IOException {
        return Files.toString(new File(str), Charsets.UTF_8);
    }
}
