package com.spotify.docker.client;

import com.google.common.base.Optional;
import com.spotify.docker.client.exceptions.DockerCertificateException;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.KeyFactory;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/spotify/docker/client/DockerCertificates.class */
public class DockerCertificates implements DockerCertificatesStore {
    public static final String DEFAULT_CA_CERT_NAME = "ca.pem";
    public static final String DEFAULT_CLIENT_CERT_NAME = "cert.pem";
    public static final String DEFAULT_CLIENT_KEY_NAME = "key.pem";
    private static final char[] KEY_STORE_PASSWORD = "docker!!11!!one!".toCharArray();
    private static final Logger log = LoggerFactory.getLogger(DockerCertificates.class);
    private final SSLContext sslContext;

    /* loaded from: input_file:com/spotify/docker/client/DockerCertificates$Builder.class */
    public static class Builder {
        private SslContextFactory sslContextFactory = new DefaultSslContextFactory();
        private Path caCertPath;
        private Path clientKeyPath;
        private Path clientCertPath;

        public Builder dockerCertPath(Path path) {
            this.caCertPath = path.resolve(DockerCertificates.DEFAULT_CA_CERT_NAME);
            this.clientKeyPath = path.resolve(DockerCertificates.DEFAULT_CLIENT_KEY_NAME);
            this.clientCertPath = path.resolve(DockerCertificates.DEFAULT_CLIENT_CERT_NAME);
            return this;
        }

        public Builder caCertPath(Path path) {
            this.caCertPath = path;
            return this;
        }

        public Builder clientKeyPath(Path path) {
            this.clientKeyPath = path;
            return this;
        }

        public Builder clientCertPath(Path path) {
            this.clientCertPath = path;
            return this;
        }

        public Builder sslFactory(SslContextFactory sslContextFactory) {
            this.sslContextFactory = sslContextFactory;
            return this;
        }

        public Optional<DockerCertificatesStore> build() throws DockerCertificateException {
            if (this.caCertPath == null || this.clientKeyPath == null || this.clientCertPath == null) {
                DockerCertificates.log.debug("caCertPath, clientKeyPath or clientCertPath not specified, not using SSL");
                return Optional.absent();
            }
            if (Files.exists(this.caCertPath, new LinkOption[0]) && Files.exists(this.clientKeyPath, new LinkOption[0]) && Files.exists(this.clientCertPath, new LinkOption[0])) {
                return Optional.of(new DockerCertificates(this));
            }
            DockerCertificates.log.debug("{}, {} or {} does not exist, not using SSL", new Object[]{this.caCertPath, this.clientKeyPath, this.clientCertPath});
            return Optional.absent();
        }
    }

    /* loaded from: input_file:com/spotify/docker/client/DockerCertificates$DefaultSslContextFactory.class */
    private static class DefaultSslContextFactory implements SslContextFactory {
        private DefaultSslContextFactory() {
        }

        @Override // com.spotify.docker.client.DockerCertificates.SslContextFactory
        public SSLContext newSslContext(KeyStore keyStore, char[] cArr, KeyStore keyStore2) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
            return SSLContexts.custom().loadTrustMaterial(keyStore2, (TrustStrategy) null).loadKeyMaterial(keyStore, cArr).build();
        }
    }

    /* loaded from: input_file:com/spotify/docker/client/DockerCertificates$SslContextFactory.class */
    public interface SslContextFactory {
        SSLContext newSslContext(KeyStore keyStore, char[] cArr, KeyStore keyStore2) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException;
    }

    public DockerCertificates(Path path) throws DockerCertificateException {
        this(new Builder().dockerCertPath(path));
    }

    private DockerCertificates(Builder builder) throws DockerCertificateException {
        if (builder.caCertPath == null || builder.clientCertPath == null || builder.clientKeyPath == null) {
            throw new DockerCertificateException("caCertPath, clientCertPath, and clientKeyPath must all be specified");
        }
        try {
            PrivateKey readPrivateKey = readPrivateKey(builder.clientKeyPath);
            List<Certificate> readCertificates = readCertificates(builder.clientCertPath);
            KeyStore newKeyStore = newKeyStore();
            newKeyStore.setKeyEntry("key", readPrivateKey, KEY_STORE_PASSWORD, (Certificate[]) readCertificates.toArray(new Certificate[readCertificates.size()]));
            List<Certificate> readCertificates2 = readCertificates(builder.caCertPath);
            KeyStore newKeyStore2 = newKeyStore();
            for (Certificate certificate : readCertificates2) {
                newKeyStore2.setCertificateEntry(((X509Certificate) certificate).getSubjectX500Principal().getName(), certificate);
            }
            this.sslContext = builder.sslContextFactory.newSslContext(newKeyStore, KEY_STORE_PASSWORD, newKeyStore2);
        } catch (DockerCertificateException e) {
            throw e;
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException | InvalidKeySpecException e2) {
            throw new DockerCertificateException(e2);
        }
    }

    private KeyStore newKeyStore() throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        return keyStore;
    }

    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 10, insn: 0x0101: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:66:0x0101 */
    /* JADX WARN: Not initialized variable reg: 9, insn: 0x00fc: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:64:0x00fc */
    /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r9v0, types: [org.bouncycastle.openssl.PEMParser] */
    private PrivateKey readPrivateKey(Path path) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException, DockerCertificateException {
        ?? r9;
        ?? r10;
        BufferedReader newBufferedReader = Files.newBufferedReader(path, Charset.defaultCharset());
        Throwable th = null;
        try {
            try {
                PEMParser pEMParser = new PEMParser(newBufferedReader);
                Throwable th2 = null;
                Object readObject = pEMParser.readObject();
                if (readObject instanceof PEMKeyPair) {
                    PrivateKey generatePrivateKey = generatePrivateKey(((PEMKeyPair) readObject).getPrivateKeyInfo());
                    if (pEMParser != null) {
                        if (0 != 0) {
                            try {
                                pEMParser.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            pEMParser.close();
                        }
                    }
                    return generatePrivateKey;
                }
                if (!(readObject instanceof PrivateKeyInfo)) {
                    throw new DockerCertificateException("Can not generate private key from file: " + path.toString());
                }
                PrivateKey generatePrivateKey2 = generatePrivateKey((PrivateKeyInfo) readObject);
                if (pEMParser != null) {
                    if (0 != 0) {
                        try {
                            pEMParser.close();
                        } catch (Throwable th4) {
                            th2.addSuppressed(th4);
                        }
                    } else {
                        pEMParser.close();
                    }
                }
                if (newBufferedReader != null) {
                    if (0 != 0) {
                        try {
                            newBufferedReader.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        newBufferedReader.close();
                    }
                }
                return generatePrivateKey2;
            } catch (Throwable th6) {
                if (r9 != 0) {
                    if (r10 != 0) {
                        try {
                            r9.close();
                        } catch (Throwable th7) {
                            r10.addSuppressed(th7);
                        }
                    } else {
                        r9.close();
                    }
                }
                throw th6;
            }
        } finally {
            if (newBufferedReader != null) {
                if (0 != 0) {
                    try {
                        newBufferedReader.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    newBufferedReader.close();
                }
            }
        }
    }

    private static PrivateKey generatePrivateKey(PrivateKeyInfo privateKeyInfo) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded()));
    }

    private List<Certificate> readCertificates(Path path) throws CertificateException, IOException {
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                ArrayList arrayList = new ArrayList(CertificateFactory.getInstance("X.509").generateCertificates(newInputStream));
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                return arrayList;
            } finally {
            }
        } catch (Throwable th3) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th3;
        }
    }

    @Override // com.spotify.docker.client.DockerCertificatesStore
    public SSLContext sslContext() {
        return this.sslContext;
    }

    @Override // com.spotify.docker.client.DockerCertificatesStore
    public HostnameVerifier hostnameVerifier() {
        return NoopHostnameVerifier.INSTANCE;
    }

    public static Builder builder() {
        return new Builder();
    }
}
