package com.realmone.tleasy.rest;

import com.realmone.tleasy.TleClient;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URI;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.UUID;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import lombok.Generated;

/* loaded from: input_file:com/realmone/tleasy/rest/SimpleTleClient.class */
public class SimpleTleClient implements TleClient {
    private static final String PKCS12 = "PKCS12";
    private static final String TRUSTSTORE = "truststore.p12";
    private static final String TRUSTSTORE_PW = "realm1p@ss";
    private final String tleDataEndpoint;
    private final File tleFile;
    private final File keystoreFile;
    private final char[] keystorePassword;
    private final boolean skipCertValidation;
    private SSLContext sslContext;

    @Generated
    /* loaded from: input_file:com/realmone/tleasy/rest/SimpleTleClient$SimpleTleClientBuilder.class */
    public static class SimpleTleClientBuilder {

        @Generated
        private String tleDataEndpoint;

        @Generated
        private File tleFile;

        @Generated
        private File keystoreFile;

        @Generated
        private char[] keystorePassword;

        @Generated
        private boolean skipCertValidation;

        @Generated
        SimpleTleClientBuilder() {
        }

        @Generated
        public SimpleTleClientBuilder tleDataEndpoint(String str) {
            this.tleDataEndpoint = str;
            return this;
        }

        @Generated
        public SimpleTleClientBuilder tleFile(File file) {
            this.tleFile = file;
            return this;
        }

        @Generated
        public SimpleTleClientBuilder keystoreFile(File file) {
            this.keystoreFile = file;
            return this;
        }

        @Generated
        public SimpleTleClientBuilder keystorePassword(char[] cArr) {
            this.keystorePassword = cArr;
            return this;
        }

        @Generated
        public SimpleTleClientBuilder skipCertValidation(boolean z) {
            this.skipCertValidation = z;
            return this;
        }

        @Generated
        public SimpleTleClient build() throws IOException {
            return new SimpleTleClient(this.tleDataEndpoint, this.tleFile, this.keystoreFile, this.keystorePassword, this.skipCertValidation);
        }

        @Generated
        public String toString() {
            return "SimpleTleClient.SimpleTleClientBuilder(tleDataEndpoint=" + this.tleDataEndpoint + ", tleFile=" + this.tleFile + ", keystoreFile=" + this.keystoreFile + ", keystorePassword=" + Arrays.toString(this.keystorePassword) + ", skipCertValidation=" + this.skipCertValidation + ")";
        }
    }

    private SimpleTleClient(String str, File file, File file2, char[] cArr, boolean z) throws IOException {
        this.tleDataEndpoint = str;
        this.tleFile = file;
        this.keystoreFile = file2;
        this.keystorePassword = cArr;
        this.skipCertValidation = z;
        this.sslContext = createSecureSslContext(file2, cArr, z);
    }

    @Override // com.realmone.tleasy.TleClient
    public InputStream fetchTle() throws IOException {
        if (this.tleDataEndpoint == null || this.tleDataEndpoint.isEmpty()) {
            return Files.newInputStream(this.tleFile.toPath(), new OpenOption[0]);
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) URI.create(this.tleDataEndpoint).toURL().openConnection();
        HttpURLConnection.setFollowRedirects(true);
        if (httpURLConnection instanceof HttpsURLConnection) {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) httpURLConnection;
            httpsURLConnection.setSSLSocketFactory(this.sslContext.getSocketFactory());
            if (this.skipCertValidation) {
                httpsURLConnection.setHostnameVerifier((str, sSLSession) -> {
                    return true;
                });
            }
        }
        httpURLConnection.setRequestMethod("GET");
        httpURLConnection.setDoInput(true);
        int responseCode = httpURLConnection.getResponseCode();
        if (responseCode != 200) {
            throw new IOException("Remote server did not respond with success: " + responseCode);
        }
        return httpURLConnection.getInputStream();
    }

    @Override // com.realmone.tleasy.TleClient
    public void trustCerts() throws IOException {
        if (this.tleDataEndpoint == null || this.tleDataEndpoint.isEmpty()) {
            return;
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) URI.create(this.tleDataEndpoint).toURL().openConnection();
        if (httpURLConnection instanceof HttpsURLConnection) {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) httpURLConnection;
            try {
                httpsURLConnection.setSSLSocketFactory(getTrustAllSSLContext(this.keystoreFile, this.keystorePassword).getSocketFactory());
                httpsURLConnection.setHostnameVerifier((str, sSLSession) -> {
                    return true;
                });
                httpURLConnection.connect();
                this.sslContext = createSecureSslContext(this.keystoreFile, this.keystorePassword, this.skipCertValidation, httpsURLConnection.getServerCertificates());
            } catch (GeneralSecurityException e) {
                throw new RuntimeException(e);
            }
        }
        httpURLConnection.disconnect();
    }

    private static SSLContext createSecureSslContext(File file, char[] cArr, boolean z) throws IOException {
        return createSecureSslContext(file, cArr, z, new Certificate[0]);
    }

    private static SSLContext createSecureSslContext(File file, char[] cArr, boolean z, Certificate[] certificateArr) throws IOException {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            KeyManagerFactory keyManagerFactory = getKeyManagerFactory(file, cArr);
            TrustManagerFactory trustManagerFactory = null;
            if (!z) {
                KeyStore keyStore = KeyStore.getInstance(PKCS12);
                InputStream resourceAsStream = SimpleTleClient.class.getResourceAsStream(TRUSTSTORE);
                try {
                    keyStore.load(resourceAsStream, TRUSTSTORE_PW.toCharArray());
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                    for (Certificate certificate : certificateArr) {
                        loadCertIfMissing(certificate, keyStore);
                    }
                    trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(keyStore);
                } finally {
                }
            }
            sSLContext.init(keyManagerFactory.getKeyManagers(), z ? new TrustManager[]{getTrustAllManager()} : trustManagerFactory.getTrustManagers(), null);
            return sSLContext;
        } catch (GeneralSecurityException e) {
            throw new IOException("Issue managing TLS certificates to make TLE file request", e);
        }
    }

    private static boolean certInKeystore(Certificate certificate, KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            Certificate certificate2 = keyStore.getCertificate(aliases.nextElement());
            if (certificate2 != null && certificate2.equals(certificate)) {
                return true;
            }
        }
        return false;
    }

    private static void loadCertIfMissing(Certificate certificate, KeyStore keyStore) throws KeyStoreException {
        if (certInKeystore(certificate, keyStore)) {
            return;
        }
        keyStore.setCertificateEntry("tleasy" + UUID.randomUUID(), certificate);
    }

    private static KeyManagerFactory getKeyManagerFactory(File file, char[] cArr) throws GeneralSecurityException, IOException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance(PKCS12);
        InputStream newInputStream = Files.newInputStream(file.toPath(), new OpenOption[0]);
        try {
            keyStore.load(newInputStream, cArr);
            if (newInputStream != null) {
                newInputStream.close();
            }
            keyManagerFactory.init(keyStore, cArr);
            return keyManagerFactory;
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static SSLContext getTrustAllSSLContext(File file, char[] cArr) throws GeneralSecurityException, IOException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(getKeyManagerFactory(file, cArr).getKeyManagers(), new TrustManager[]{getTrustAllManager()}, null);
        return sSLContext;
    }

    private static TrustManager getTrustAllManager() {
        return new X509TrustManager() { // from class: com.realmone.tleasy.rest.SimpleTleClient.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }
        };
    }

    @Generated
    public static SimpleTleClientBuilder builder() {
        return new SimpleTleClientBuilder();
    }
}
