package com.ghc.ssl;

import com.ghc.config.Config;
import com.ghc.config.SimpleXMLConfig;
import com.ghc.identity.AuthenticationManager;
import com.ghc.identity.CertificateSettings;
import com.ghc.identity.IdentityProvider;
import com.ghc.identity.IdentityResource;
import com.ghc.identity.IdentityStoreResource;
import com.ghc.identity.IdentityType;
import com.ghc.lang.Providers;
import com.ghc.lang.ThrowingProvider;
import java.net.URI;
import java.net.URL;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpClientError;
import org.apache.commons.httpclient.protocol.Protocol;

/* loaded from: input_file:com/ghc/ssl/SSLUtils.class */
public final class SSLUtils {
    private static final Set<String> UNWANTED_PROVIDERS = new HashSet();

    static {
        UNWANTED_PROVIDERS.add("Entrust");
        UNWANTED_PROVIDERS.add("IAIK");
    }

    private SSLUtils() {
    }

    public static boolean isHTTPS(URI uri) {
        return SSLURLStreamHandlerService.PROTOCOL.equals(uri.getScheme());
    }

    public static boolean isHTTPS(URL url) {
        return SSLURLStreamHandlerService.PROTOCOL.equals(url.getProtocol());
    }

    public static final void runUsingIdentityForUrl(URL url, IdentityProvider identityProvider, Runnable runnable) {
        runUsingIdentityForUrl(url, identityProvider, (ThrowingProvider) Providers.onceBefore((Object) null, runnable));
    }

    public static final <T, X extends Exception> T runUsingIdentityForUrl(URL url, IdentityProvider identityProvider, ThrowingProvider<T, X> throwingProvider) throws Exception {
        Map<Provider, Integer> removeUnwantedProviders = removeUnwantedProviders();
        try {
            X_addSSLConfiguration(url, identityProvider);
            return (T) throwingProvider.get();
        } finally {
            reAddUnwantedProviders(removeUnwantedProviders);
            X_clearSSLConfiguration(url);
        }
    }

    public static SSLContext createSecureContext(String str, boolean z, IdentityStoreResource identityStoreResource, String str2, boolean z2, IdentityStoreResource identityStoreResource2, boolean z3, boolean z4) {
        TrustManager[] trustManagerArr;
        SSLContext sSLContext;
        KeyManager[] keyManagerArr = {new SSLKeyManager(identityStoreResource, str2, z)};
        if (identityStoreResource2 != null) {
            trustManagerArr = X_getTrustManagers(identityStoreResource2);
            for (int i = 0; i < trustManagerArr.length; i++) {
                if (trustManagerArr[i] instanceof X509TrustManager) {
                    trustManagerArr[i] = new SSLTrustManager((X509TrustManager) trustManagerArr[i], identityStoreResource2, str, z2, z3, z4);
                }
            }
        } else {
            trustManagerArr = new TrustManager[]{new SSLTrustManager(null, null, str, z2, z3, z4)};
        }
        try {
            try {
                sSLContext = SSLContext.getInstance(System.getProperty("greenhat.ssl.protocol", "SSL_TLS"));
            } catch (NoSuchAlgorithmException unused) {
                sSLContext = SSLContext.getInstance("TLS");
            }
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            return sSLContext;
        } catch (Exception e) {
            throw new HttpClientError(e.toString());
        }
    }

    public static void addUsageConfiguration(Config config, boolean z, boolean z2, boolean z3, boolean z4, boolean z5) {
        config.set(SSLConstants.USE_SSL, z);
        config.set(SSLConstants.SPECIFY_PROVIDED_CERTIFICATE, z2);
        config.set(SSLConstants.SPECIFY_TRUSTED_CERTIFICATE, z3);
        config.set(SSLConstants.PERFORM_AUTHENTICATION, z4);
        config.set(SSLConstants.VERIFY_CERTS, z5);
    }

    public static void addProvidedConfiguration(CertificateSettings certificateSettings, Config config) {
        config.setString(SSLConstants.PROVIDED_KEY_SELECTED, certificateSettings.getKey());
        config.setString(SSLConstants.PROVIDED_IDENTITY_STORE, certificateSettings.getStoreID());
    }

    public static void addSSLtoClient(HttpClient httpClient, SSLClientCertificateSupport sSLClientCertificateSupport, AuthenticationManager authenticationManager, String str, int i) {
        sSLClientCertificateSupport.setHost(str);
        sSLClientCertificateSupport.setAuthenticationManager(authenticationManager);
        Protocol protocol = new Protocol(SSLURLStreamHandlerService.PROTOCOL, sSLClientCertificateSupport.createProtocolSocketFactory(), 443);
        httpClient.getHostConfiguration().setHost(str, i, protocol);
        Protocol.registerProtocol(SSLURLStreamHandlerService.PROTOCOL, protocol);
    }

    public static void addSSLtoClient(HttpClient httpClient, CertificateSettings certificateSettings, AuthenticationManager authenticationManager, String str, int i) {
        SSLClientCertificateSupport sSLClientCertificateSupport = new SSLClientCertificateSupport();
        SimpleXMLConfig simpleXMLConfig = new SimpleXMLConfig();
        addUsageConfiguration(simpleXMLConfig, true, true, false, false, false);
        addProvidedConfiguration(certificateSettings, simpleXMLConfig);
        sSLClientCertificateSupport.restoreState(simpleXMLConfig);
        addSSLtoClient(httpClient, sSLClientCertificateSupport, authenticationManager, str, i);
    }

    private static TrustManager[] X_getTrustManagers(IdentityStoreResource identityStoreResource) {
        TrustManagerFactory trustManagerFactory = null;
        try {
            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(identityStoreResource.getKeyStore());
        } catch (Exception unused) {
        }
        return trustManagerFactory.getTrustManagers();
    }

    private static void X_addSSLConfiguration(URL url, IdentityProvider identityProvider) {
        IdentityStoreResource X_getSSLStore = X_getSSLStore(identityProvider);
        if (X_getSSLStore != null) {
            SSLSocketFactoryRegistry.getInstance().addSSLFactory(url, createSecureContext(url.getHost(), true, X_getSSLStore, X_getSSLKey(identityProvider), false, null, false, false).getSocketFactory());
        }
    }

    private static void X_clearSSLConfiguration(URL url) {
        SSLSocketFactoryRegistry.getInstance().removeSSLFactory(url);
    }

    private static String X_getSSLKey(IdentityProvider identityProvider) {
        IdentityResource selectedIdentity;
        if (identityProvider == null || (selectedIdentity = identityProvider.getSelectedIdentity()) == null || selectedIdentity.getType() != IdentityType.CERTIFICATE) {
            return null;
        }
        return selectedIdentity.getCertificateSettings().getKey();
    }

    private static IdentityStoreResource X_getSSLStore(IdentityProvider identityProvider) {
        IdentityResource selectedIdentity;
        if (identityProvider == null || (selectedIdentity = identityProvider.getSelectedIdentity()) == null || selectedIdentity.getType() != IdentityType.CERTIFICATE) {
            return null;
        }
        return identityProvider.getStore(selectedIdentity.getCertificateSettings().getStoreID());
    }

    public static Map<Provider, Integer> removeUnwantedProviders() {
        if (!Boolean.valueOf(System.getProperty("gh.ssl.ignore.entrust", Boolean.toString(true))).booleanValue()) {
            return Collections.emptyMap();
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        Provider[] providers = Security.getProviders();
        for (int i = 0; i < providers.length; i++) {
            Provider provider = providers[i];
            if (UNWANTED_PROVIDERS.contains(provider.getName())) {
                linkedHashMap.put(provider, Integer.valueOf(i));
            }
        }
        Iterator it = linkedHashMap.keySet().iterator();
        while (it.hasNext()) {
            Security.removeProvider(((Provider) it.next()).getName());
        }
        return linkedHashMap;
    }

    public static void reAddUnwantedProviders(Map<Provider, Integer> map) {
        if (map != null) {
            for (Map.Entry<Provider, Integer> entry : map.entrySet()) {
                Security.insertProviderAt(entry.getKey(), entry.getValue().intValue() + 1);
            }
        }
    }
}
