package craterstudio.encryption.ssl;

import craterstudio.io.FileUtil;
import craterstudio.text.Text;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:craterstudio/encryption/ssl/SSLUtil.class */
public class SSLUtil {

    /* loaded from: input_file:craterstudio/encryption/ssl/SSLUtil$HandlingX509TrustManager.class */
    static class HandlingX509TrustManager implements X509TrustManager {
        private final X509TrustManager backing;
        private final ProblematicCertificateHandler handler;

        public HandlingX509TrustManager(X509TrustManager x509TrustManager, ProblematicCertificateHandler problematicCertificateHandler) {
            this.backing = x509TrustManager;
            this.handler = problematicCertificateHandler;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                this.backing.checkClientTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                if (!this.handler.acceptProblematicClient(x509CertificateArr, str, e)) {
                    throw e;
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                this.backing.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                if (!this.handler.acceptProblematicServer(x509CertificateArr, str, e)) {
                    throw e;
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.backing.getAcceptedIssuers();
        }
    }

    public static SSLContext createSSLContext(File file, File file2, File file3, ProblematicCertificateHandler problematicCertificateHandler) throws SSLException, IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, KeyManagementException, NoSuchProviderException {
        char[] charArray = Text.utf8(FileUtil.readFile(file2)).trim().toCharArray();
        char[] charArray2 = Text.utf8(FileUtil.readFile(file3)).trim().toCharArray();
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(new FileInputStream(file), charArray);
        Arrays.fill(charArray, ' ');
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, charArray2);
        Arrays.fill(charArray2, ' ');
        X509TrustManager findX509TrustManager = findX509TrustManager(keyStore);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (problematicCertificateHandler != null) {
            findX509TrustManager = new HandlingX509TrustManager(findX509TrustManager, problematicCertificateHandler);
        }
        SSLContext sSLContext = SSLContext.getInstance("TLS", "SunJSSE");
        sSLContext.init(keyManagers, new TrustManager[]{findX509TrustManager}, new SecureRandom());
        return sSLContext;
    }

    public static SSLContext createSSLContext(KeytoolKey keytoolKey, ProblematicCertificateHandler problematicCertificateHandler) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, NoSuchProviderException, KeyManagementException, CertificateException, IOException {
        char[] cArr = new char[keytoolKey.store.password.length];
        for (int i = 0; i < cArr.length; i++) {
            cArr[i] = (char) keytoolKey.store.password[i];
        }
        char[] cArr2 = new char[keytoolKey.password.length];
        for (int i2 = 0; i2 < cArr2.length; i2++) {
            cArr2[i2] = (char) keytoolKey.password[i2];
        }
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(new FileInputStream(keytoolKey.store.file), cArr);
        Arrays.fill(cArr, ' ');
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, cArr2);
        Arrays.fill(cArr2, ' ');
        X509TrustManager findX509TrustManager = findX509TrustManager(keyStore);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (problematicCertificateHandler != null) {
            findX509TrustManager = new HandlingX509TrustManager(findX509TrustManager, problematicCertificateHandler);
        }
        SSLContext sSLContext = SSLContext.getInstance("TLS", "SunJSSE");
        sSLContext.init(keyManagers, new TrustManager[]{findX509TrustManager}, new SecureRandom());
        return sSLContext;
    }

    private static X509TrustManager findX509TrustManager(KeyStore keyStore) throws NoSuchProviderException, NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        for (int i = 0; i < trustManagers.length; i++) {
            if (trustManagers[i] instanceof X509TrustManager) {
                return (X509TrustManager) trustManagers[i];
            }
        }
        throw new IllegalStateException("X509TrustManager not found");
    }

    public static String[] removeOutdatedCiphers(SSLServerSocket sSLServerSocket) {
        String[] removeOutdatedCiphers = removeOutdatedCiphers(sSLServerSocket.getEnabledCipherSuites());
        sSLServerSocket.setEnabledCipherSuites(removeOutdatedCiphers);
        return removeOutdatedCiphers;
    }

    public static String[] removeOutdatedCiphers(SSLSocket sSLSocket) {
        String[] removeOutdatedCiphers = removeOutdatedCiphers(sSLSocket.getEnabledCipherSuites());
        sSLSocket.setEnabledCipherSuites(removeOutdatedCiphers);
        return removeOutdatedCiphers;
    }

    private static String[] removeOutdatedCiphers(String[] strArr) {
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            if (!str.contains("NULL") && !str.contains("_MD5") && !str.contains("_RC4") && !str.contains("_64_") && !str.contains("_128_") && !str.contains("_168_") && !str.contains("_DES40_")) {
                arrayList.add(str);
            }
        }
        if (arrayList.isEmpty()) {
            throw new IllegalStateException("no proper ciphers available");
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }
}
