package cz.pumpitup.driver8.http;

import cz.pumpitup.driver8.base.Utils;
import cz.pumpitup.driver8.jamulator.api.utils.CertificateUtils;
import cz.pumpitup.driver8.jamulator.api.utils.Constants;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Iterator;
import java.util.List;
import java.util.Random;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.tinylog.Logger;

/* loaded from: input_file:cz/pumpitup/driver8/http/CustomSSLContext.class */
public class CustomSSLContext {
    private static final String INVALID_PRIVATE_KEY = "Unrecognized PEM key format. Key must be in either PKCS1 or PKCS8 format.";
    private static final String ERROR_WHEN_CREATING_CUSTOM_SSL_CONTEXT = "Error when creating custom SSL context: ";
    private static final String CERT_PREFIX = "cert_";
    private static final String ERROR_PRIVATE_KEY = "Private key format not accepted.";

    public static SSLContext createCustomSSLContext(String str, String str2) {
        PrivateKey generatePrivate;
        SSLContext sSLContext = null;
        try {
            List<X509Certificate> chainX509Certificates = CertificateUtils.getChainX509Certificates(str2);
            KeyStore keyStore = KeyStore.getInstance(Constants.KS_INSTANCE);
            keyStore.load(null);
            PEMParser pEMParser = new PEMParser(new InputStreamReader(IOUtils.toInputStream(str, StandardCharsets.UTF_8)));
            if (str.contains(Constants.PKCS1_HEADER)) {
                generatePrivate = new JcaPEMKeyConverter().getKeyPair((PEMKeyPair) pEMParser.readObject()).getPrivate();
            } else {
                if (!str.contains(Constants.PKCS8_HEADER)) {
                    Logger.error(ERROR_PRIVATE_KEY);
                    throw new InvalidKeySpecException(INVALID_PRIVATE_KEY);
                }
                generatePrivate = KeyFactory.getInstance(Constants.KF_INSTANCE).generatePrivate(new PKCS8EncodedKeySpec(PrivateKeyInfo.getInstance(pEMParser).getEncoded()));
            }
            keyStore.setKeyEntry(Constants.USER, generatePrivate, Constants.PASSWORD.toCharArray(), (Certificate[]) chainX509Certificates.toArray(new X509Certificate[0]));
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, Constants.PASSWORD.toCharArray());
            KeyStore keyStore2 = KeyStore.getInstance(Constants.KS_INSTANCE);
            keyStore2.load(null, null);
            CertificateUtils.addDefaultRootCaCertificates(keyStore2);
            Iterator<X509Certificate> it = chainX509Certificates.iterator();
            while (it.hasNext()) {
                keyStore2.setCertificateEntry("cert_" + new Random().nextInt(), it.next());
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore2);
            sSLContext = SSLContext.getInstance(Constants.TLS_PROTOCOL);
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
        } catch (IOException | GeneralSecurityException e) {
            Logger.error("Error when creating custom SSL context: " + e.getMessage() + "\n" + Utils.stackTraceToString(e));
        }
        return sSLContext;
    }
}
