package org.eclipse.californium.elements.util;

import eg.c;
import eg.d;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.Socket;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Pattern;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import org.eclipse.californium.elements.util.Asn1DerDecoder;
import vf.a;

/* loaded from: classes2.dex */
public class SslContextUtil {
    private static final KeyManager ANONYMOUS;
    public static final String BKS_ENDING = ".bks";
    public static final String BKS_TYPE = "BKS";
    public static final String CLASSPATH_SCHEME = "classpath://";
    private static final String DEFAULT_ALIAS = "californium";
    public static final String DEFAULT_ENDING = "*";
    public static final String DEFAULT_SSL_PROTOCOL = "TLSv1.2";
    public static final String JKS_ENDING = ".jks";
    public static final String JKS_TYPE = "JKS";
    public static final String PARAMETER_SEPARATOR = "#";
    public static final String PEM_ENDING = ".pem";
    public static final String PEM_TYPE = "PEM";
    public static final String PKCS12_ENDING = ".p12";
    public static final String PKCS12_TYPE = "PKCS12";
    private static final String SCHEME_DELIMITER = "://";
    private static final TrustManager TRUST_ALL;
    public static final c LOGGER = d.i(SslContextUtil.class);
    private static final Map<String, String> KEY_STORE_TYPES = new ConcurrentHashMap();
    private static final Map<String, KeyStoreConfiguration> KEY_STORE_CONFIGS = new ConcurrentHashMap();
    private static final Map<String, InputStreamFactory> INPUT_STREAM_FACTORIES = new ConcurrentHashMap();

    /* loaded from: classes2.dex */
    public static class AnonymousX509ExtendedKeyManager extends X509ExtendedKeyManager {
        private AnonymousX509ExtendedKeyManager() {
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return null;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
            return null;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return null;
        }
    }

    /* loaded from: classes2.dex */
    public static class ClassLoaderInputStreamFactory implements InputStreamFactory {
        private ClassLoaderInputStreamFactory() {
        }

        @Override // org.eclipse.californium.elements.util.SslContextUtil.InputStreamFactory
        public InputStream create(String str) throws IOException {
            InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(str.substring(12));
            if (resourceAsStream != null) {
                return resourceAsStream;
            }
            throw new IOException("'" + str + "' not found!");
        }
    }

    /* loaded from: classes2.dex */
    public static class Credentials {
        private final X509Certificate[] chain;
        private final PrivateKey privateKey;
        private final PublicKey publicKey;
        private final Certificate[] trusts;

        public Credentials(PrivateKey privateKey, PublicKey publicKey, X509Certificate[] x509CertificateArr) {
            if (x509CertificateArr != null) {
                if (x509CertificateArr.length == 0) {
                    x509CertificateArr = null;
                } else if (publicKey == null) {
                    publicKey = x509CertificateArr[0].getPublicKey();
                } else if (!publicKey.equals(x509CertificateArr[0].getPublicKey())) {
                    throw new IllegalArgumentException("public key doesn't match certificate!");
                }
            }
            this.privateKey = privateKey;
            this.chain = x509CertificateArr;
            this.publicKey = publicKey;
            this.trusts = null;
        }

        public Credentials(Certificate[] certificateArr) {
            this.privateKey = null;
            this.publicKey = null;
            this.chain = null;
            this.trusts = certificateArr;
        }

        public X509Certificate[] getCertificateChain() {
            return this.chain;
        }

        public PrivateKey getPrivateKey() {
            return this.privateKey;
        }

        public PublicKey getPubicKey() {
            return this.publicKey;
        }

        public Certificate[] getTrustedCertificates() {
            return this.trusts;
        }
    }

    /* loaded from: classes2.dex */
    public interface InputStreamFactory {
        InputStream create(String str) throws IOException;
    }

    /* loaded from: classes2.dex */
    public static class KeyStoreConfiguration {
        public final SimpleKeyStore simpleStore;
        public final String type;

        public KeyStoreConfiguration(String str, SimpleKeyStore simpleKeyStore) {
            this.type = str;
            this.simpleStore = simpleKeyStore;
        }
    }

    /* loaded from: classes2.dex */
    public interface SimpleKeyStore {
        Credentials load(InputStream inputStream) throws GeneralSecurityException, IOException;
    }

    @NotForAndroid
    /* loaded from: classes2.dex */
    public static class X509ExtendedTrustAllManager extends X509ExtendedTrustManager {
        private X509ExtendedTrustAllManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            X509TrustAllManager.validateChain(x509CertificateArr, true);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            X509TrustAllManager.validateChain(x509CertificateArr, true);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            X509TrustAllManager.validateChain(x509CertificateArr, true);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            X509TrustAllManager.validateChain(x509CertificateArr, false);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            X509TrustAllManager.validateChain(x509CertificateArr, false);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            X509TrustAllManager.validateChain(x509CertificateArr, false);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return X509TrustAllManager.NO_ISSUERS;
        }
    }

    /* loaded from: classes2.dex */
    public static class X509TrustAllManager implements X509TrustManager {
        private static final X509Certificate[] NO_ISSUERS = new X509Certificate[0];

        private X509TrustAllManager() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void validateChain(X509Certificate[] x509CertificateArr, boolean z10) throws CertificateException {
            if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
                return;
            }
            c cVar = SslContextUtil.LOGGER;
            cVar.i("check certificate {} for {}", x509CertificateArr[0].getSubjectDN(), z10 ? "client" : "server");
            if (!CertPathUtil.canBeUsedForAuthentication(x509CertificateArr[0], z10)) {
                cVar.i("check certificate {} for {} failed on key-usage!", x509CertificateArr[0].getSubjectDN(), z10 ? "client" : "server");
                StringBuilder sb2 = new StringBuilder();
                sb2.append("Key usage not proper for ");
                sb2.append(z10 ? "client" : "server");
                throw new CertificateException(sb2.toString());
            }
            cVar.u("check certificate {} for {} succeeded on key-usage!", x509CertificateArr[0].getSubjectDN(), z10 ? "client" : "server");
            try {
                CertPathUtil.validateCertificatePathWithIssuer(false, CertPathUtil.generateValidatableCertPath(Arrays.asList(x509CertificateArr), null), NO_ISSUERS);
                Object[] objArr = new Object[3];
                objArr[0] = x509CertificateArr[0].getSubjectDN();
                objArr[1] = Integer.valueOf(x509CertificateArr.length);
                objArr[2] = z10 ? "client" : "server";
                cVar.c0("check certificate {}[{}] for {} validated!", objArr);
            } catch (GeneralSecurityException e10) {
                c cVar2 = SslContextUtil.LOGGER;
                Object[] objArr2 = new Object[3];
                objArr2[0] = x509CertificateArr[0].getSubjectDN();
                objArr2[1] = z10 ? "client" : "server";
                objArr2[2] = e10.getMessage();
                cVar2.P("check certificate {} for {} failed on {}!", objArr2);
                if (!(e10 instanceof CertificateException)) {
                    throw new CertificateException(e10);
                }
                throw ((CertificateException) e10);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            validateChain(x509CertificateArr, true);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            validateChain(x509CertificateArr, false);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return NO_ISSUERS;
        }
    }

    static {
        TrustManager x509TrustAllManager;
        ANONYMOUS = new AnonymousX509ExtendedKeyManager();
        Asn1DerDecoder.getEdDsaProvider();
        configureDefaults();
        try {
            x509TrustAllManager = new X509ExtendedTrustAllManager();
        } catch (NoClassDefFoundError unused) {
            x509TrustAllManager = new X509TrustAllManager();
        }
        TRUST_ALL = x509TrustAllManager;
    }

    public static X509Certificate[] asX509Certificates(Certificate[] certificateArr) {
        if (certificateArr == null || certificateArr.length == 0) {
            throw new IllegalArgumentException("certificates missing!");
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
        for (int i10 = 0; certificateArr.length > i10; i10++) {
            if (certificateArr[i10] == null) {
                throw new IllegalArgumentException("[" + i10 + "] is null!");
            }
            try {
                x509CertificateArr[i10] = (X509Certificate) certificateArr[i10];
            } catch (ClassCastException unused) {
                throw new IllegalArgumentException("[" + i10 + "] is not a x509 certificate! Instead it's a " + certificateArr[i10].getClass().getName());
            }
        }
        return x509CertificateArr;
    }

    public static String configure(String str, String str2) {
        Objects.requireNonNull(str, "ending must not be null!");
        if (!str.equals("*") && !str.startsWith(".")) {
            throw new IllegalArgumentException("ending must start with \".\"!");
        }
        Objects.requireNonNull(str2, "key store type must not be null!");
        if (str2.isEmpty()) {
            throw new IllegalArgumentException("key store type must not be empty!");
        }
        return KEY_STORE_TYPES.put(str.toLowerCase(), str2);
    }

    public static InputStreamFactory configure(String str, InputStreamFactory inputStreamFactory) {
        Objects.requireNonNull(str, "scheme must not be null!");
        if (!str.endsWith("://")) {
            throw new IllegalArgumentException("scheme must end with \"://\"!");
        }
        Objects.requireNonNull(inputStreamFactory, "stream factory must not be null!");
        return INPUT_STREAM_FACTORIES.put(str.toLowerCase(), inputStreamFactory);
    }

    public static KeyStoreConfiguration configure(String str, KeyStoreConfiguration keyStoreConfiguration) {
        Objects.requireNonNull(str, "key store type must not be null!");
        if (str.isEmpty()) {
            throw new IllegalArgumentException("key store type must not be empty!");
        }
        Objects.requireNonNull(keyStoreConfiguration, "key store configuration must not be null!");
        return KEY_STORE_CONFIGS.put(str, keyStoreConfiguration);
    }

    public static void configureDefaults() {
        Map<String, String> map = KEY_STORE_TYPES;
        map.clear();
        map.put(JKS_ENDING, JKS_TYPE);
        map.put(BKS_ENDING, BKS_TYPE);
        map.put(PKCS12_ENDING, PKCS12_TYPE);
        map.put(PEM_ENDING, PEM_TYPE);
        map.put("*", KeyStore.getDefaultType());
        Map<String, KeyStoreConfiguration> map2 = KEY_STORE_CONFIGS;
        map2.put(JKS_TYPE, new KeyStoreConfiguration(JKS_TYPE, null));
        map2.put(BKS_TYPE, new KeyStoreConfiguration(BKS_TYPE, null));
        map2.put(PKCS12_TYPE, new KeyStoreConfiguration(PKCS12_TYPE, null));
        map2.put(PEM_TYPE, new KeyStoreConfiguration(PEM_TYPE, new SimpleKeyStore() { // from class: org.eclipse.californium.elements.util.SslContextUtil.1
            @Override // org.eclipse.californium.elements.util.SslContextUtil.SimpleKeyStore
            public Credentials load(InputStream inputStream) throws GeneralSecurityException, IOException {
                return SslContextUtil.loadPemCredentials(inputStream);
            }
        }));
        Map<String, InputStreamFactory> map3 = INPUT_STREAM_FACTORIES;
        map3.clear();
        map3.put(CLASSPATH_SCHEME, new ClassLoaderInputStreamFactory());
    }

    public static KeyManager[] createAnonymousKeyManager() {
        return new KeyManager[]{ANONYMOUS};
    }

    public static KeyManager[] createKeyManager(String str, PrivateKey privateKey, X509Certificate[] x509CertificateArr) throws GeneralSecurityException {
        Objects.requireNonNull(privateKey, "private key must be provided!");
        Objects.requireNonNull(x509CertificateArr, "certificate chain must be provided!");
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certificate chain must not be empty!");
        }
        if (str == null) {
            str = DEFAULT_ALIAS;
        }
        try {
            char[] charArray = "intern".toCharArray();
            KeyStore keyStore = KeyStore.getInstance(getKeyStoreConfigurationFromUri("*").type);
            keyStore.load(null);
            keyStore.setKeyEntry(str, privateKey, charArray, x509CertificateArr);
            return createKeyManager(keyStore, charArray);
        } catch (IOException e10) {
            throw new GeneralSecurityException(e10.getMessage());
        }
    }

    private static KeyManager[] createKeyManager(KeyStore keyStore, char[] cArr) throws GeneralSecurityException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(Security.getProperty(a.f44276y));
        keyManagerFactory.init(keyStore, cArr);
        return keyManagerFactory.getKeyManagers();
    }

    public static SSLContext createSSLContext(String str, PrivateKey privateKey, X509Certificate[] x509CertificateArr, Certificate[] certificateArr) throws GeneralSecurityException {
        return createSSLContext(str, privateKey, x509CertificateArr, certificateArr, DEFAULT_SSL_PROTOCOL);
    }

    public static SSLContext createSSLContext(String str, PrivateKey privateKey, X509Certificate[] x509CertificateArr, Certificate[] certificateArr, String str2) throws GeneralSecurityException {
        if (str == null) {
            str = DEFAULT_ALIAS;
        }
        KeyManager[] createKeyManager = createKeyManager(str, privateKey, x509CertificateArr);
        TrustManager[] createTrustManager = createTrustManager(str, certificateArr);
        SSLContext sSLContext = SSLContext.getInstance(str2);
        sSLContext.init(createKeyManager, createTrustManager, null);
        return sSLContext;
    }

    @NotForAndroid
    public static TrustManager[] createTrustAllManager() {
        return new TrustManager[]{TRUST_ALL};
    }

    public static TrustManager[] createTrustManager(String str, Certificate[] certificateArr) throws GeneralSecurityException {
        Objects.requireNonNull(certificateArr, "trusted certificates must be provided!");
        if (certificateArr.length == 0) {
            throw new IllegalArgumentException("trusted certificates must not be empty!");
        }
        if (str == null) {
            str = DEFAULT_ALIAS;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(getKeyStoreConfigurationFromUri("*").type);
            keyStore.load(null);
            int i10 = 1;
            for (Certificate certificate : certificateArr) {
                keyStore.setCertificateEntry(str + i10, certificate);
                i10++;
            }
            return createTrustManager(keyStore);
        } catch (IOException e10) {
            throw new GeneralSecurityException(e10.getMessage());
        }
    }

    private static TrustManager[] createTrustManager(KeyStore keyStore) throws GeneralSecurityException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(Security.getProperty(a.f44277z));
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    public static void ensureUniqueCertificates(X509Certificate[] x509CertificateArr) {
        HashSet hashSet = new HashSet();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (!hashSet.add(x509Certificate)) {
                throw new IllegalArgumentException("Truststore contains certificates duplicates with subject: " + x509Certificate.getSubjectX500Principal());
            }
        }
    }

    private static InputStream getInputStreamFromUri(String str) throws IOException {
        Objects.requireNonNull(str, "keyStoreUri must be provided!");
        String schemeFromUri = getSchemeFromUri(str);
        InputStream inputStream = null;
        String str2 = null;
        if (schemeFromUri == null) {
            File file = new File(str);
            if (!file.exists()) {
                str2 = " doesn't exists!";
            } else if (!file.isFile()) {
                str2 = " is not a file!";
            } else if (!file.canRead()) {
                str2 = " could not be read!";
            }
            if (str2 != null) {
                throw new IOException("URI: " + str + ", file: " + file.getAbsolutePath() + str2);
            }
            inputStream = new FileInputStream(file);
        } else {
            InputStreamFactory inputStreamFactory = INPUT_STREAM_FACTORIES.get(schemeFromUri);
            if (inputStreamFactory != null) {
                inputStream = inputStreamFactory.create(str);
            }
        }
        return inputStream == null ? new URL(str).openStream() : inputStream;
    }

    /* JADX WARN: Removed duplicated region for block: B:15:0x005b  */
    /* JADX WARN: Removed duplicated region for block: B:7:0x002a  */
    /* JADX WARN: Removed duplicated region for block: B:9:0x0035  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static org.eclipse.californium.elements.util.SslContextUtil.KeyStoreConfiguration getKeyStoreConfigurationFromUri(java.lang.String r3) throws java.security.GeneralSecurityException {
        /*
            java.lang.String r0 = "*"
            boolean r1 = r3.equals(r0)
            if (r1 != 0) goto L27
            r1 = 47
            int r1 = r3.lastIndexOf(r1)
            r2 = 46
            int r2 = r3.lastIndexOf(r2)
            if (r1 >= r2) goto L27
            java.lang.String r1 = r3.substring(r2)
            java.lang.String r1 = r1.toLowerCase()
            java.util.Map<java.lang.String, java.lang.String> r2 = org.eclipse.californium.elements.util.SslContextUtil.KEY_STORE_TYPES
            java.lang.Object r1 = r2.get(r1)
            java.lang.String r1 = (java.lang.String) r1
            goto L28
        L27:
            r1 = 0
        L28:
            if (r1 != 0) goto L33
            java.util.Map<java.lang.String, java.lang.String> r1 = org.eclipse.californium.elements.util.SslContextUtil.KEY_STORE_TYPES
            java.lang.Object r0 = r1.get(r0)
            r1 = r0
            java.lang.String r1 = (java.lang.String) r1
        L33:
            if (r1 == 0) goto L5b
            java.util.Map<java.lang.String, org.eclipse.californium.elements.util.SslContextUtil$KeyStoreConfiguration> r3 = org.eclipse.californium.elements.util.SslContextUtil.KEY_STORE_CONFIGS
            java.lang.String r0 = r1.toUpperCase()
            java.lang.Object r3 = r3.get(r0)
            org.eclipse.californium.elements.util.SslContextUtil$KeyStoreConfiguration r3 = (org.eclipse.californium.elements.util.SslContextUtil.KeyStoreConfiguration) r3
            if (r3 == 0) goto L44
            return r3
        L44:
            java.security.GeneralSecurityException r3 = new java.security.GeneralSecurityException
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            r0.<init>()
            java.lang.String r2 = "no key store configuration for "
            r0.append(r2)
            r0.append(r1)
            java.lang.String r0 = r0.toString()
            r3.<init>(r0)
            throw r3
        L5b:
            java.security.GeneralSecurityException r0 = new java.security.GeneralSecurityException
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r1.<init>()
            java.lang.String r2 = "no key store type for "
            r1.append(r2)
            r1.append(r3)
            java.lang.String r3 = r1.toString()
            r0.<init>(r3)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.californium.elements.util.SslContextUtil.getKeyStoreConfigurationFromUri(java.lang.String):org.eclipse.californium.elements.util.SslContextUtil$KeyStoreConfiguration");
    }

    private static String getSchemeFromUri(String str) {
        int indexOf = str.indexOf("://");
        if (indexOf > 0) {
            return str.substring(0, indexOf + 3).toLowerCase();
        }
        return null;
    }

    public static X509Certificate[] loadCertificateChain(String str, String str2, char[] cArr) throws IOException, GeneralSecurityException {
        KeyStoreConfiguration keyStoreConfigurationFromUri = getKeyStoreConfigurationFromUri(str);
        if (keyStoreConfigurationFromUri.simpleStore != null) {
            Credentials loadSimpleKeyStore = loadSimpleKeyStore(str, keyStoreConfigurationFromUri);
            if (loadSimpleKeyStore.chain != null) {
                return loadSimpleKeyStore.chain;
            }
            throw new IllegalArgumentException("No certificate chain found!");
        }
        Objects.requireNonNull(str2, "alias must be provided!");
        if (str2.isEmpty()) {
            throw new IllegalArgumentException("alias must not be empty!");
        }
        return asX509Certificates(loadKeyStore(str, cArr, keyStoreConfigurationFromUri).getCertificateChain(str2));
    }

    public static Credentials loadCredentials(String str) throws IOException, GeneralSecurityException {
        Objects.requireNonNull(str, "credentials must be provided!");
        String[] split = str.split("#", 4);
        if (1 == split.length && getKeyStoreConfigurationFromUri(split[0]).simpleStore != null) {
            return loadCredentials(split[0], null, null, null);
        }
        if (4 == split.length) {
            return loadCredentials(split[0], split[3], StringUtil.hex2CharArray(split[1]), StringUtil.hex2CharArray(split[2]));
        }
        throw new IllegalArgumentException("credentials must comply the pattern <keystore#hexstorepwd#hexkeypwd#alias>");
    }

    public static Credentials loadCredentials(String str, String str2, char[] cArr, char[] cArr2) throws IOException, GeneralSecurityException {
        KeyStoreConfiguration keyStoreConfigurationFromUri = getKeyStoreConfigurationFromUri(str);
        if (keyStoreConfigurationFromUri.simpleStore != null) {
            Credentials loadSimpleKeyStore = loadSimpleKeyStore(str, keyStoreConfigurationFromUri);
            if (loadSimpleKeyStore.privateKey == null) {
                throw new IllegalArgumentException("credentials missing! No private key found!");
            }
            if (loadSimpleKeyStore.chain == null && loadSimpleKeyStore.publicKey == null) {
                throw new IllegalArgumentException("credentials missing! Neither certificate chain nor public key found!");
            }
            return loadSimpleKeyStore;
        }
        Objects.requireNonNull(str2, "alias must be provided!");
        if (str2.isEmpty()) {
            throw new IllegalArgumentException("alias must not be empty!");
        }
        Objects.requireNonNull(cArr2, "keyPassword must be provided!");
        KeyStore loadKeyStore = loadKeyStore(str, cArr, keyStoreConfigurationFromUri);
        if (loadKeyStore.entryInstanceOf(str2, KeyStore.PrivateKeyEntry.class)) {
            KeyStore.Entry entry = loadKeyStore.getEntry(str2, new KeyStore.PasswordProtection(cArr2));
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
                return new Credentials(privateKeyEntry.getPrivateKey(), null, asX509Certificates(privateKeyEntry.getCertificateChain()));
            }
        }
        throw new IllegalArgumentException("no credentials found for '" + str2 + "' in '" + str + "'!");
    }

    public static KeyManager[] loadKeyManager(String str, String str2, char[] cArr, char[] cArr2) throws IOException, GeneralSecurityException {
        KeyStoreConfiguration keyStoreConfigurationFromUri = getKeyStoreConfigurationFromUri(str);
        if (keyStoreConfigurationFromUri.simpleStore != null) {
            Credentials loadSimpleKeyStore = loadSimpleKeyStore(str, keyStoreConfigurationFromUri);
            if (loadSimpleKeyStore.privateKey == null) {
                throw new IllegalArgumentException("credentials missing! No private key found!");
            }
            if (loadSimpleKeyStore.chain != null) {
                return createKeyManager(str2, loadSimpleKeyStore.privateKey, loadSimpleKeyStore.chain);
            }
            throw new IllegalArgumentException("credentials missing! No certificate chain found!");
        }
        Objects.requireNonNull(cArr2, "keyPassword must be provided!");
        KeyStore loadKeyStore = loadKeyStore(str, cArr, keyStoreConfigurationFromUri);
        if (str2 != null && !str2.isEmpty()) {
            KeyStore keyStore = KeyStore.getInstance(loadKeyStore.getType());
            keyStore.load(null);
            KeyStore.Entry entry = loadKeyStore.getEntry(str2, new KeyStore.PasswordProtection(cArr2));
            if (entry == null) {
                throw new GeneralSecurityException("key stores '" + str + "' doesn't contain credentials for '" + str2 + "'");
            }
            keyStore.setEntry(str2, entry, new KeyStore.PasswordProtection(cArr2));
            loadKeyStore = keyStore;
        }
        return createKeyManager(loadKeyStore, cArr2);
    }

    private static KeyStore loadKeyStore(String str, char[] cArr, KeyStoreConfiguration keyStoreConfiguration) throws GeneralSecurityException, IOException {
        Objects.requireNonNull(cArr, "storePassword must be provided!");
        InputStream inputStreamFromUri = getInputStreamFromUri(str);
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(keyStoreConfiguration.type);
                keyStore.load(inputStreamFromUri, cArr);
                return keyStore;
            } catch (IOException e10) {
                throw new IOException(e10 + ", URI: " + str + ", type: " + keyStoreConfiguration.type);
            }
        } finally {
            inputStreamFromUri.close();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Credentials loadPemCredentials(InputStream inputStream) throws GeneralSecurityException, IOException {
        PemReader pemReader = new PemReader(inputStream);
        try {
            Asn1DerDecoder.Keys keys = new Asn1DerDecoder.Keys();
            ArrayList<Certificate> arrayList = new ArrayList();
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (true) {
                String readNextBegin = pemReader.readNextBegin();
                if (readNextBegin == null) {
                    if (keys.getPrivateKey() != null || keys.getPublicKey() != null) {
                        List<? extends Certificate> certificates = certificateFactory.generateCertPath(arrayList).getCertificates();
                        return new Credentials(keys.getPrivateKey(), keys.getPublicKey(), (X509Certificate[]) certificates.toArray(new X509Certificate[certificates.size()]));
                    }
                    ArrayList arrayList2 = new ArrayList();
                    for (Certificate certificate : arrayList) {
                        if (!arrayList2.contains(certificate)) {
                            arrayList2.add(certificate);
                        }
                    }
                    return new Credentials((Certificate[]) arrayList2.toArray(new Certificate[arrayList2.size()]));
                }
                byte[] readToEnd = pemReader.readToEnd();
                if (readToEnd != null) {
                    if (readNextBegin.contains("CERTIFICATE")) {
                        arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(readToEnd)));
                    } else if (readNextBegin.contains("PRIVATE KEY")) {
                        Asn1DerDecoder.Keys readPrivateKey = Asn1DerDecoder.readPrivateKey(readToEnd);
                        if (readPrivateKey == null) {
                            throw new GeneralSecurityException("private key type not supported!");
                        }
                        keys.add(readPrivateKey);
                    } else if (readNextBegin.contains("PUBLIC KEY")) {
                        PublicKey readSubjectPublicKey = Asn1DerDecoder.readSubjectPublicKey(readToEnd);
                        if (readSubjectPublicKey == null) {
                            throw new GeneralSecurityException("public key type not supported!");
                        }
                        keys.setPublicKey(readSubjectPublicKey);
                    } else {
                        LOGGER.d("{} not supported!", readNextBegin);
                    }
                }
            }
        } finally {
            pemReader.close();
        }
    }

    public static PrivateKey loadPrivateKey(String str, String str2, char[] cArr, char[] cArr2) throws IOException, GeneralSecurityException {
        KeyStoreConfiguration keyStoreConfigurationFromUri = getKeyStoreConfigurationFromUri(str);
        if (keyStoreConfigurationFromUri.simpleStore != null) {
            Credentials loadSimpleKeyStore = loadSimpleKeyStore(str, keyStoreConfigurationFromUri);
            if (loadSimpleKeyStore.privateKey != null) {
                return loadSimpleKeyStore.privateKey;
            }
        } else {
            Objects.requireNonNull(str2, "alias must be provided!");
            if (str2.isEmpty()) {
                throw new IllegalArgumentException("alias must not be empty!");
            }
            Objects.requireNonNull(cArr2, "keyPassword must be provided!");
            KeyStore loadKeyStore = loadKeyStore(str, cArr, keyStoreConfigurationFromUri);
            if (loadKeyStore.entryInstanceOf(str2, KeyStore.PrivateKeyEntry.class)) {
                KeyStore.Entry entry = loadKeyStore.getEntry(str2, new KeyStore.PasswordProtection(cArr2));
                if (entry instanceof KeyStore.PrivateKeyEntry) {
                    return ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
                }
            }
        }
        throw new IllegalArgumentException("no private key found for '" + str2 + "' in '" + str + "'!");
    }

    public static PublicKey loadPublicKey(String str, String str2, char[] cArr) throws IOException, GeneralSecurityException {
        KeyStoreConfiguration keyStoreConfigurationFromUri = getKeyStoreConfigurationFromUri(str);
        if (keyStoreConfigurationFromUri.simpleStore == null) {
            Objects.requireNonNull(str2, "alias must be provided!");
            if (str2.isEmpty()) {
                throw new IllegalArgumentException("alias must not be empty!");
            }
            return loadKeyStore(str, cArr, keyStoreConfigurationFromUri).getCertificateChain(str2)[0].getPublicKey();
        }
        Credentials loadSimpleKeyStore = loadSimpleKeyStore(str, keyStoreConfigurationFromUri);
        if (loadSimpleKeyStore.publicKey != null) {
            return loadSimpleKeyStore.publicKey;
        }
        throw new IllegalArgumentException("no public key found for '" + str2 + "' in '" + str + "'!");
    }

    private static Credentials loadSimpleKeyStore(String str, KeyStoreConfiguration keyStoreConfiguration) throws GeneralSecurityException, IOException {
        InputStream inputStreamFromUri = getInputStreamFromUri(str);
        try {
            return keyStoreConfiguration.simpleStore.load(inputStreamFromUri);
        } finally {
            inputStreamFromUri.close();
        }
    }

    public static TrustManager[] loadTrustManager(String str, String str2, char[] cArr) throws IOException, GeneralSecurityException {
        return createTrustManager("trusts", loadTrustedCertificates(str, str2, cArr));
    }

    public static Certificate[] loadTrustedCertificates(String str) throws IOException, GeneralSecurityException {
        Objects.requireNonNull(str, "trust must be provided!");
        String[] split = str.split("#", 3);
        if (1 == split.length && getKeyStoreConfigurationFromUri(split[0]).simpleStore != null) {
            return loadTrustedCertificates(split[0], null, null);
        }
        if (3 == split.length) {
            return loadTrustedCertificates(split[0], split[2], StringUtil.hex2CharArray(split[1]));
        }
        throw new IllegalArgumentException("trust must comply the pattern <keystore#hexstorepwd#aliaspattern>");
    }

    public static Certificate[] loadTrustedCertificates(String str, String str2, char[] cArr) throws IOException, GeneralSecurityException {
        KeyStoreConfiguration keyStoreConfigurationFromUri = getKeyStoreConfigurationFromUri(str);
        if (keyStoreConfigurationFromUri.simpleStore != null) {
            Credentials loadSimpleKeyStore = loadSimpleKeyStore(str, keyStoreConfigurationFromUri);
            if (loadSimpleKeyStore.trusts != null) {
                return loadSimpleKeyStore.trusts;
            }
            throw new IllegalArgumentException("no trusted x509 certificates found in '" + str + "'!");
        }
        KeyStore loadKeyStore = loadKeyStore(str, cArr, keyStoreConfigurationFromUri);
        Pattern pattern = null;
        if (str2 != null && !str2.isEmpty()) {
            pattern = Pattern.compile(str2);
        }
        ArrayList arrayList = new ArrayList();
        Enumeration<String> aliases = loadKeyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (pattern == null || pattern.matcher(nextElement).matches()) {
                Certificate certificate = loadKeyStore.getCertificate(nextElement);
                if (!arrayList.contains(certificate)) {
                    arrayList.add(certificate);
                }
            }
        }
        if (!arrayList.isEmpty()) {
            return (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]);
        }
        throw new IllegalArgumentException("no trusted x509 certificates found in '" + str + "' for '" + str2 + "'!");
    }
}
