package org.eclipse.californium.elements.util;

import com.huawei.hiscenario.common.util.SystemUtil;
import com.huawei.smarthome.common.lib.constants.Constants;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.Socket;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Pattern;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.eclipse.californium.elements.util.Asn1DerDecoder;
import org.eclipse.paho.client.mqttv3.internal.security.SSLSocketFactoryFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes22.dex */
public class SslContextUtil {
    private static final KeyManager ANONYMOUS;
    public static final String BKS_ENDING = ".bks";
    public static final String BKS_TYPE = "BKS";
    public static final String CLASSPATH_SCHEME = "classpath://";
    public static final String CRT_ENDING = ".crt";
    private static final String DEFAULT_ALIAS = "californium";
    public static final String DEFAULT_ENDING = "*";
    public static final String DEFAULT_SSL_PROTOCOL = "TLSv1.2";
    public static final String JKS_ENDING = ".jks";
    public static final String JKS_TYPE = "JKS";
    public static final String PARAMETER_SEPARATOR = "#";
    public static final String PEM_ENDING = ".pem";
    public static final String PKCS12_ENDING = ".p12";
    public static final String PKCS12_TYPE = "PKCS12";
    private static final String SCHEME_DELIMITER = "://";
    private static final TrustManager TRUST_ALL;
    public static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SslContextUtil.class);
    private static final Map<String, KeyStoreType> KEY_STORE_TYPES = new ConcurrentHashMap();
    private static final Map<String, InputStreamFactory> INPUT_STREAM_FACTORIES = new ConcurrentHashMap();

    /* loaded from: classes22.dex */
    static class AnonymousX509ExtendedKeyManager extends X509ExtendedKeyManager {
        private AnonymousX509ExtendedKeyManager() {
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return null;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
            return null;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes22.dex */
    public static class ClassLoaderInputStreamFactory implements InputStreamFactory {
        private ClassLoaderInputStreamFactory() {
        }

        @Override // org.eclipse.californium.elements.util.SslContextUtil.InputStreamFactory
        public InputStream create(String str) throws IOException {
            InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(str.substring(12));
            if (resourceAsStream != null) {
                return resourceAsStream;
            }
            StringBuilder sb = new StringBuilder();
            sb.append("'");
            sb.append(str);
            sb.append("' not found!");
            throw new IOException(sb.toString());
        }
    }

    /* loaded from: classes22.dex */
    public static class Credentials {
        private final X509Certificate[] chain;
        private final PrivateKey privateKey;
        private final PublicKey publicKey;
        private final Certificate[] trusts;

        public Credentials(PrivateKey privateKey, PublicKey publicKey, X509Certificate[] x509CertificateArr) {
            if (x509CertificateArr != null) {
                if (x509CertificateArr.length == 0) {
                    x509CertificateArr = null;
                } else if (publicKey == null) {
                    publicKey = x509CertificateArr[0].getPublicKey();
                } else if (!publicKey.equals(x509CertificateArr[0].getPublicKey())) {
                    throw new IllegalArgumentException("public key doesn't match certificate!");
                }
            }
            this.privateKey = privateKey;
            this.chain = x509CertificateArr;
            this.publicKey = publicKey;
            this.trusts = null;
        }

        public Credentials(Certificate[] certificateArr) {
            this.privateKey = null;
            this.publicKey = null;
            this.chain = null;
            this.trusts = certificateArr;
        }

        public X509Certificate[] getCertificateChain() {
            return this.chain;
        }

        public List<X509Certificate> getCertificateChainAsList() {
            X509Certificate[] x509CertificateArr = this.chain;
            if (x509CertificateArr == null) {
                return null;
            }
            return Arrays.asList(x509CertificateArr);
        }

        public PrivateKey getPrivateKey() {
            return this.privateKey;
        }

        public PublicKey getPublicKey() {
            return this.publicKey;
        }

        public Certificate[] getTrustedCertificates() {
            return this.trusts;
        }
    }

    /* loaded from: classes22.dex */
    public static class IncompleteCredentialsException extends IllegalArgumentException {
        private static final long serialVersionUID = -53656;
        private final Credentials incompleteCredentials;

        public IncompleteCredentialsException(Credentials credentials) {
            this.incompleteCredentials = credentials;
        }

        public IncompleteCredentialsException(Credentials credentials, String str) {
            super(str);
            this.incompleteCredentials = credentials;
        }

        public IncompleteCredentialsException(Credentials credentials, String str, Throwable th) {
            super(str, th);
            this.incompleteCredentials = credentials;
        }

        public Credentials getIncompleteCredentials() {
            return this.incompleteCredentials;
        }
    }

    /* loaded from: classes22.dex */
    public interface InputStreamFactory {
        InputStream create(String str) throws IOException;
    }

    /* loaded from: classes22.dex */
    public static class KeyStoreType {
        public final SimpleKeyStore simpleStore;
        public final String type;

        public KeyStoreType(String str) {
            if (str == null) {
                throw new NullPointerException("key store type must not be null!");
            }
            if (str.isEmpty()) {
                throw new IllegalArgumentException("key store type must not be empty!");
            }
            this.type = str;
            this.simpleStore = null;
        }

        public KeyStoreType(SimpleKeyStore simpleKeyStore) {
            if (simpleKeyStore == null) {
                throw new NullPointerException("simple key store must not be null!");
            }
            this.type = null;
            this.simpleStore = simpleKeyStore;
        }
    }

    /* loaded from: classes22.dex */
    public interface SimpleKeyStore {
        Credentials load(InputStream inputStream) throws GeneralSecurityException, IOException;
    }

    /* loaded from: classes22.dex */
    static class X509ExtendedTrustAllManager extends X509ExtendedTrustManager {
        private X509ExtendedTrustAllManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            X509TrustAllManager.validateChain(x509CertificateArr, true);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            X509TrustAllManager.validateChain(x509CertificateArr, true);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            X509TrustAllManager.validateChain(x509CertificateArr, true);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            X509TrustAllManager.validateChain(x509CertificateArr, false);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            X509TrustAllManager.validateChain(x509CertificateArr, false);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            X509TrustAllManager.validateChain(x509CertificateArr, false);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return X509TrustAllManager.EMPTY;
        }
    }

    /* loaded from: classes22.dex */
    static class X509TrustAllManager implements X509TrustManager {
        private static final X509Certificate[] EMPTY = new X509Certificate[0];

        private X509TrustAllManager() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void validateChain(X509Certificate[] x509CertificateArr, boolean z) throws CertificateException {
            if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
                return;
            }
            SslContextUtil.LOGGER.debug("check certificate {} for {}", x509CertificateArr[0].getSubjectX500Principal(), z ? "client" : "server");
            if (!CertPathUtil.canBeUsedForAuthentication(x509CertificateArr[0], z)) {
                SslContextUtil.LOGGER.debug("check certificate {} for {} failed on key-usage!", x509CertificateArr[0].getSubjectX500Principal(), z ? "client" : "server");
                StringBuilder sb = new StringBuilder();
                sb.append("Key usage not proper for ");
                sb.append(z ? "client" : "server");
                throw new CertificateException(sb.toString());
            }
            SslContextUtil.LOGGER.trace("check certificate {} for {} succeeded on key-usage!", x509CertificateArr[0].getSubjectX500Principal(), z ? "client" : "server");
            try {
                CertPathUtil.validateCertificatePathWithIssuer(true, CertPathUtil.generateValidatableCertPath(Arrays.asList(x509CertificateArr), null), EMPTY);
                Logger logger = SslContextUtil.LOGGER;
                Object[] objArr = new Object[3];
                objArr[0] = x509CertificateArr[0].getSubjectX500Principal();
                objArr[1] = Integer.valueOf(x509CertificateArr.length);
                objArr[2] = z ? "client" : "server";
                logger.trace("check certificate {} [chain.length={}] for {} validated!", objArr);
            } catch (GeneralSecurityException e) {
                Logger logger2 = SslContextUtil.LOGGER;
                Object[] objArr2 = new Object[3];
                objArr2[0] = x509CertificateArr[0].getSubjectX500Principal();
                objArr2[1] = z ? "client" : "server";
                objArr2[2] = e.getMessage();
                logger2.debug("check certificate {} for {} failed on {}!", objArr2);
                if (!(e instanceof CertificateException)) {
                    throw new CertificateException(e);
                }
                throw ((CertificateException) e);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            validateChain(x509CertificateArr, true);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            validateChain(x509CertificateArr, false);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return EMPTY;
        }
    }

    static {
        TrustManager x509TrustAllManager;
        ANONYMOUS = new AnonymousX509ExtendedKeyManager();
        JceProviderUtil.init();
        configureDefaults();
        try {
            x509TrustAllManager = new X509ExtendedTrustAllManager();
        } catch (NoClassDefFoundError unused) {
            x509TrustAllManager = new X509TrustAllManager();
        }
        TRUST_ALL = x509TrustAllManager;
    }

    public static X509Certificate[] asX509Certificates(Certificate[] certificateArr) {
        if (certificateArr == null || certificateArr.length == 0) {
            throw new IllegalArgumentException("certificates missing!");
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
        for (int i = 0; certificateArr.length > i; i++) {
            Certificate certificate = certificateArr[i];
            if (certificate == null) {
                StringBuilder sb = new StringBuilder();
                sb.append("[");
                sb.append(i);
                sb.append("] is null!");
                throw new IllegalArgumentException(sb.toString());
            }
            try {
                x509CertificateArr[i] = (X509Certificate) certificate;
            } catch (ClassCastException unused) {
                StringBuilder sb2 = new StringBuilder();
                sb2.append("[");
                sb2.append(i);
                sb2.append("] is not a x509 certificate! Instead it's a ");
                sb2.append(certificateArr[i].getClass().getName());
                throw new IllegalArgumentException(sb2.toString());
            }
        }
        return x509CertificateArr;
    }

    public static InputStreamFactory configure(String str, InputStreamFactory inputStreamFactory) {
        if (str == null) {
            throw new NullPointerException("scheme must not be null!");
        }
        if (!str.endsWith("://")) {
            throw new IllegalArgumentException("scheme must end with \"://\"!");
        }
        if (inputStreamFactory != null) {
            return INPUT_STREAM_FACTORIES.put(str.toLowerCase(), inputStreamFactory);
        }
        throw new NullPointerException("stream factory must not be null!");
    }

    public static KeyStoreType configure(String str, KeyStoreType keyStoreType) {
        if (str == null) {
            throw new NullPointerException("ending must not be null!");
        }
        if (!str.equals("*") && !str.startsWith(SystemUtil.CONTAIN_NUMBER_SPLIT)) {
            throw new IllegalArgumentException("ending must start with \".\"!");
        }
        if (keyStoreType != null) {
            return KEY_STORE_TYPES.put(str.toLowerCase(), keyStoreType);
        }
        throw new NullPointerException("key store type must not be null!");
    }

    public static KeyStoreType configureAlias(String str, String str2) {
        if (str == null) {
            throw new NullPointerException("alias must not be null!");
        }
        if (str2 == null) {
            throw new NullPointerException("ending must not be null!");
        }
        if (str2.equals(str)) {
            throw new IllegalArgumentException("alias must differ from ending!");
        }
        if (!str2.equals("*") && !str2.startsWith(SystemUtil.CONTAIN_NUMBER_SPLIT)) {
            throw new IllegalArgumentException("ending must start with \".\"!");
        }
        if (!str.equals("*") && !str2.startsWith(SystemUtil.CONTAIN_NUMBER_SPLIT)) {
            throw new IllegalArgumentException("alias must start with \".\"!");
        }
        Map<String, KeyStoreType> map = KEY_STORE_TYPES;
        KeyStoreType keyStoreType = map.get(str2);
        if (keyStoreType != null) {
            return map.put(str, keyStoreType);
        }
        throw new IllegalArgumentException("ending must already be configured!");
    }

    public static void configureDefaults() {
        Map<String, KeyStoreType> map = KEY_STORE_TYPES;
        map.clear();
        map.put(JKS_ENDING, new KeyStoreType(JKS_TYPE));
        map.put(BKS_ENDING, new KeyStoreType(BKS_TYPE));
        map.put(PKCS12_ENDING, new KeyStoreType(PKCS12_TYPE));
        KeyStoreType keyStoreType = new KeyStoreType(new SimpleKeyStore() { // from class: org.eclipse.californium.elements.util.SslContextUtil.1
            @Override // org.eclipse.californium.elements.util.SslContextUtil.SimpleKeyStore
            public final Credentials load(InputStream inputStream) throws GeneralSecurityException, IOException {
                return SslContextUtil.loadPemCredentials(inputStream);
            }
        });
        map.put(PEM_ENDING, keyStoreType);
        map.put(CRT_ENDING, keyStoreType);
        map.put("*", new KeyStoreType(KeyStore.getDefaultType()));
        Map<String, InputStreamFactory> map2 = INPUT_STREAM_FACTORIES;
        map2.clear();
        map2.put(CLASSPATH_SCHEME, new ClassLoaderInputStreamFactory());
    }

    public static KeyManager[] createAnonymousKeyManager() {
        return new KeyManager[]{ANONYMOUS};
    }

    public static KeyManager[] createKeyManager(String str, PrivateKey privateKey, X509Certificate[] x509CertificateArr) throws GeneralSecurityException {
        if (privateKey == null) {
            throw new NullPointerException("private key must be provided!");
        }
        if (x509CertificateArr == null) {
            throw new NullPointerException("certificate chain must be provided!");
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certificate chain must not be empty!");
        }
        if (str == null) {
            str = DEFAULT_ALIAS;
        }
        try {
            char[] charArray = "intern".toCharArray();
            KeyStore keyStore = KeyStore.getInstance(getKeyStoreTypeFromUri("*").type);
            keyStore.load(null);
            keyStore.setKeyEntry(str, privateKey, charArray, x509CertificateArr);
            return createKeyManager(keyStore, charArray);
        } catch (IOException e) {
            throw new GeneralSecurityException(e.getMessage());
        }
    }

    private static KeyManager[] createKeyManager(KeyStore keyStore, char[] cArr) throws GeneralSecurityException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(Security.getProperty(SSLSocketFactoryFactory.SYSKEYMGRALGO));
        keyManagerFactory.init(keyStore, cArr);
        return keyManagerFactory.getKeyManagers();
    }

    public static SSLContext createSSLContext(String str, PrivateKey privateKey, X509Certificate[] x509CertificateArr, Certificate[] certificateArr) throws GeneralSecurityException {
        return createSSLContext(str, privateKey, x509CertificateArr, certificateArr, DEFAULT_SSL_PROTOCOL);
    }

    public static SSLContext createSSLContext(String str, PrivateKey privateKey, X509Certificate[] x509CertificateArr, Certificate[] certificateArr, String str2) throws GeneralSecurityException {
        if (str == null) {
            str = DEFAULT_ALIAS;
        }
        KeyManager[] createKeyManager = createKeyManager(str, privateKey, x509CertificateArr);
        TrustManager[] createTrustManager = createTrustManager(str, certificateArr);
        SSLContext sSLContext = SSLContext.getInstance(str2);
        sSLContext.init(createKeyManager, createTrustManager, null);
        return sSLContext;
    }

    public static TrustManager[] createTrustAllManager() {
        return new TrustManager[]{TRUST_ALL};
    }

    public static TrustManager[] createTrustManager(String str, Certificate[] certificateArr) throws GeneralSecurityException {
        if (certificateArr == null) {
            throw new NullPointerException("trusted certificates must be provided!");
        }
        if (certificateArr.length == 0) {
            throw new IllegalArgumentException("trusted certificates must not be empty!");
        }
        if (str == null) {
            str = DEFAULT_ALIAS;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(getKeyStoreTypeFromUri("*").type);
            keyStore.load(null);
            int i = 1;
            for (Certificate certificate : certificateArr) {
                StringBuilder sb = new StringBuilder();
                sb.append(str);
                sb.append(i);
                keyStore.setCertificateEntry(sb.toString(), certificate);
                i++;
            }
            return createTrustManager(keyStore);
        } catch (IOException e) {
            throw new GeneralSecurityException(e.getMessage());
        }
    }

    private static TrustManager[] createTrustManager(KeyStore keyStore) throws GeneralSecurityException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(Security.getProperty(SSLSocketFactoryFactory.SYSTRUSTMGRALGO));
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    public static void ensureUniqueCertificates(X509Certificate[] x509CertificateArr) {
        HashSet hashSet = new HashSet();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (!hashSet.add(x509Certificate)) {
                StringBuilder sb = new StringBuilder();
                sb.append("Truststore contains certificates duplicates with subject: ");
                sb.append(x509Certificate.getSubjectX500Principal());
                throw new IllegalArgumentException(sb.toString());
            }
        }
    }

    private static InputStream getInputStreamFromUri(String str) throws IOException {
        if (str == null) {
            throw new NullPointerException("keyStoreUri must be provided!");
        }
        String schemeFromUri = getSchemeFromUri(str);
        InputStream inputStream = null;
        String str2 = null;
        if (schemeFromUri == null) {
            File file = new File(str);
            if (!file.exists()) {
                str2 = " doesn't exists!";
            } else if (!file.isFile()) {
                str2 = " is not a file!";
            } else if (!file.canRead()) {
                str2 = " could not be read!";
            }
            if (str2 != null) {
                StringBuilder sb = new StringBuilder();
                sb.append("URI: ");
                sb.append(str);
                sb.append(", file: ");
                sb.append(file.getAbsolutePath());
                sb.append(str2);
                throw new IOException(sb.toString());
            }
            inputStream = new FileInputStream(file);
        } else {
            InputStreamFactory inputStreamFactory = INPUT_STREAM_FACTORIES.get(schemeFromUri);
            if (inputStreamFactory != null) {
                inputStream = inputStreamFactory.create(str);
            }
        }
        return inputStream == null ? new URL(str).openStream() : inputStream;
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x0036  */
    /* JADX WARN: Removed duplicated region for block: B:7:0x002a  */
    /* JADX WARN: Removed duplicated region for block: B:9:0x0035 A[RETURN] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static org.eclipse.californium.elements.util.SslContextUtil.KeyStoreType getKeyStoreTypeFromUri(java.lang.String r3) throws java.security.GeneralSecurityException {
        /*
            java.lang.String r0 = "*"
            boolean r1 = r3.equals(r0)
            if (r1 != 0) goto L27
            r1 = 47
            int r1 = r3.lastIndexOf(r1)
            r2 = 46
            int r2 = r3.lastIndexOf(r2)
            if (r1 >= r2) goto L27
            java.lang.String r1 = r3.substring(r2)
            java.lang.String r1 = r1.toLowerCase()
            java.util.Map<java.lang.String, org.eclipse.californium.elements.util.SslContextUtil$KeyStoreType> r2 = org.eclipse.californium.elements.util.SslContextUtil.KEY_STORE_TYPES
            java.lang.Object r1 = r2.get(r1)
            org.eclipse.californium.elements.util.SslContextUtil$KeyStoreType r1 = (org.eclipse.californium.elements.util.SslContextUtil.KeyStoreType) r1
            goto L28
        L27:
            r1 = 0
        L28:
            if (r1 != 0) goto L33
            java.util.Map<java.lang.String, org.eclipse.californium.elements.util.SslContextUtil$KeyStoreType> r1 = org.eclipse.californium.elements.util.SslContextUtil.KEY_STORE_TYPES
            java.lang.Object r0 = r1.get(r0)
            r1 = r0
            org.eclipse.californium.elements.util.SslContextUtil$KeyStoreType r1 = (org.eclipse.californium.elements.util.SslContextUtil.KeyStoreType) r1
        L33:
            if (r1 == 0) goto L36
            return r1
        L36:
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            r0.<init>()
            java.lang.String r1 = "no key store type for "
            r0.append(r1)
            r0.append(r3)
            java.security.GeneralSecurityException r3 = new java.security.GeneralSecurityException
            java.lang.String r0 = r0.toString()
            r3.<init>(r0)
            throw r3
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.californium.elements.util.SslContextUtil.getKeyStoreTypeFromUri(java.lang.String):org.eclipse.californium.elements.util.SslContextUtil$KeyStoreType");
    }

    private static String getSchemeFromUri(String str) {
        int indexOf = str.indexOf("://");
        if (indexOf > 0) {
            return str.substring(0, indexOf + 3).toLowerCase();
        }
        return null;
    }

    public static String[] getWeakCipherSuites(SSLContext sSLContext) {
        SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
        ArrayList arrayList = new ArrayList();
        String[] cipherSuites = defaultSSLParameters.getCipherSuites();
        for (String str : cipherSuites) {
            if (str.contains("AES_128")) {
                arrayList.add(str);
            }
        }
        if (arrayList.isEmpty() || arrayList.size() >= cipherSuites.length) {
            return null;
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public static X509KeyManager getX509KeyManager(KeyManager[] keyManagerArr) {
        if (keyManagerArr == null) {
            throw new NullPointerException("Key managers must not be null!");
        }
        if (keyManagerArr.length == 0) {
            throw new IllegalArgumentException("Key managers must not be empty!");
        }
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalArgumentException("Missing a X509KeyManager in key managers!");
    }

    public static boolean isAvailableFromUri(String str) {
        try {
            InputStream inputStreamFromUri = getInputStreamFromUri(str);
            if (inputStreamFromUri == null) {
                return false;
            }
            inputStreamFromUri.close();
            return true;
        } catch (IOException unused) {
            return false;
        }
    }

    public static X509Certificate[] loadCertificateChain(String str, String str2, char[] cArr) throws IOException, GeneralSecurityException {
        KeyStoreType keyStoreTypeFromUri = getKeyStoreTypeFromUri(str);
        if (keyStoreTypeFromUri.simpleStore != null) {
            Credentials loadSimpleKeyStore = loadSimpleKeyStore(str, keyStoreTypeFromUri);
            if (loadSimpleKeyStore.chain != null) {
                return loadSimpleKeyStore.chain;
            }
            throw new IllegalArgumentException("No certificate chain found!");
        }
        if (str2 == null) {
            throw new NullPointerException("alias must be provided!");
        }
        if (str2.isEmpty()) {
            throw new IllegalArgumentException("alias must not be empty!");
        }
        return asX509Certificates(loadKeyStore(str, cArr, keyStoreTypeFromUri).getCertificateChain(str2));
    }

    public static Credentials loadCredentials(String str) throws IOException, GeneralSecurityException {
        if (str == null) {
            throw new NullPointerException("credentials must be provided!");
        }
        String[] split = str.split("#", 4);
        if (1 == split.length && getKeyStoreTypeFromUri(split[0]).simpleStore != null) {
            return loadCredentials(split[0], null, null, null);
        }
        if (4 == split.length) {
            return loadCredentials(split[0], split[3], StringUtil.hex2CharArray(split[1]), StringUtil.hex2CharArray(split[2]));
        }
        throw new IllegalArgumentException("credentials must comply the pattern <keystore#hexstorepwd#hexkeypwd#alias>");
    }

    /* JADX WARN: Removed duplicated region for block: B:14:0x006b  */
    /* JADX WARN: Removed duplicated region for block: B:19:0x007a  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static org.eclipse.californium.elements.util.SslContextUtil.Credentials loadCredentials(java.lang.String r3, java.lang.String r4, char[] r5, char[] r6) throws java.io.IOException, java.security.GeneralSecurityException {
        /*
            org.eclipse.californium.elements.util.SslContextUtil$KeyStoreType r0 = getKeyStoreTypeFromUri(r3)
            org.eclipse.californium.elements.util.SslContextUtil$SimpleKeyStore r1 = r0.simpleStore
            r2 = 0
            if (r1 == 0) goto L80
            org.eclipse.californium.elements.util.SslContextUtil$Credentials r4 = loadSimpleKeyStore(r3, r0)
            java.security.cert.Certificate[] r5 = r4.getTrustedCertificates()
            java.lang.String r6 = "credentials missing! No private key found!"
            if (r5 != 0) goto L16
            goto L50
        L16:
            java.lang.String r5 = "X.509"
            java.security.cert.CertificateFactory r5 = java.security.cert.CertificateFactory.getInstance(r5)     // Catch: java.security.GeneralSecurityException -> L45
            java.security.cert.Certificate[] r0 = r4.getTrustedCertificates()     // Catch: java.security.GeneralSecurityException -> L45
            java.util.List r0 = java.util.Arrays.asList(r0)     // Catch: java.security.GeneralSecurityException -> L45
            java.security.cert.CertPath r5 = r5.generateCertPath(r0)     // Catch: java.security.GeneralSecurityException -> L45
            java.util.List r5 = r5.getCertificates()     // Catch: java.security.GeneralSecurityException -> L45
            int r0 = r5.size()     // Catch: java.security.GeneralSecurityException -> L45
            java.security.cert.X509Certificate[] r0 = new java.security.cert.X509Certificate[r0]     // Catch: java.security.GeneralSecurityException -> L45
            java.lang.Object[] r5 = r5.toArray(r0)     // Catch: java.security.GeneralSecurityException -> L45
            java.security.cert.X509Certificate[] r5 = (java.security.cert.X509Certificate[]) r5     // Catch: java.security.GeneralSecurityException -> L45
            org.eclipse.californium.elements.util.SslContextUtil$Credentials r0 = new org.eclipse.californium.elements.util.SslContextUtil$Credentials     // Catch: java.security.GeneralSecurityException -> L45
            r0.<init>(r2, r2, r5)     // Catch: java.security.GeneralSecurityException -> L45
            org.eclipse.californium.elements.util.SslContextUtil$IncompleteCredentialsException r4 = new org.eclipse.californium.elements.util.SslContextUtil$IncompleteCredentialsException     // Catch: java.security.GeneralSecurityException -> L43
            r4.<init>(r0, r6)     // Catch: java.security.GeneralSecurityException -> L43
            throw r4     // Catch: java.security.GeneralSecurityException -> L43
        L43:
            r4 = move-exception
            goto L48
        L45:
            r5 = move-exception
            r0 = r4
            r4 = r5
        L48:
            org.slf4j.Logger r5 = org.eclipse.californium.elements.util.SslContextUtil.LOGGER
            java.lang.String r1 = "Load PEM {}:"
            r5.warn(r1, r3, r4)
            r4 = r0
        L50:
            java.security.PublicKey r3 = org.eclipse.californium.elements.util.SslContextUtil.Credentials.access$600(r4)
            if (r3 != 0) goto L65
            java.security.PrivateKey r3 = org.eclipse.californium.elements.util.SslContextUtil.Credentials.access$300(r4)
            if (r3 == 0) goto L5d
            goto L65
        L5d:
            java.lang.IllegalArgumentException r3 = new java.lang.IllegalArgumentException
            java.lang.String r4 = "credentials missing! No keys found!"
            r3.<init>(r4)
            throw r3
        L65:
            java.security.PrivateKey r3 = org.eclipse.californium.elements.util.SslContextUtil.Credentials.access$300(r4)
            if (r3 == 0) goto L7a
            java.security.PublicKey r3 = org.eclipse.californium.elements.util.SslContextUtil.Credentials.access$600(r4)
            if (r3 == 0) goto L72
            return r4
        L72:
            org.eclipse.californium.elements.util.SslContextUtil$IncompleteCredentialsException r3 = new org.eclipse.californium.elements.util.SslContextUtil$IncompleteCredentialsException
            java.lang.String r5 = "credentials missing! Neither certificate chain nor public key found!"
            r3.<init>(r4, r5)
            throw r3
        L7a:
            org.eclipse.californium.elements.util.SslContextUtil$IncompleteCredentialsException r3 = new org.eclipse.californium.elements.util.SslContextUtil$IncompleteCredentialsException
            r3.<init>(r4, r6)
            throw r3
        L80:
            if (r4 == 0) goto Leb
            boolean r1 = r4.isEmpty()
            if (r1 != 0) goto Le3
            if (r6 == 0) goto Ldb
            java.security.KeyStore r5 = loadKeyStore(r3, r5, r0)
            java.lang.Class<java.security.KeyStore$PrivateKeyEntry> r0 = java.security.KeyStore.PrivateKeyEntry.class
            boolean r0 = r5.entryInstanceOf(r4, r0)
            if (r0 == 0) goto Lb7
            java.security.KeyStore$PasswordProtection r0 = new java.security.KeyStore$PasswordProtection
            r0.<init>(r6)
            java.security.KeyStore$Entry r5 = r5.getEntry(r4, r0)
            boolean r6 = r5 instanceof java.security.KeyStore.PrivateKeyEntry
            if (r6 == 0) goto Lb7
            java.security.KeyStore$PrivateKeyEntry r5 = (java.security.KeyStore.PrivateKeyEntry) r5
            java.security.cert.Certificate[] r3 = r5.getCertificateChain()
            java.security.cert.X509Certificate[] r3 = asX509Certificates(r3)
            org.eclipse.californium.elements.util.SslContextUtil$Credentials r4 = new org.eclipse.californium.elements.util.SslContextUtil$Credentials
            java.security.PrivateKey r5 = r5.getPrivateKey()
            r4.<init>(r5, r2, r3)
            return r4
        Lb7:
            java.lang.StringBuilder r5 = new java.lang.StringBuilder
            r5.<init>()
            java.lang.String r6 = "no credentials found for '"
            r5.append(r6)
            r5.append(r4)
            java.lang.String r4 = "' in '"
            r5.append(r4)
            r5.append(r3)
            java.lang.String r3 = "'!"
            r5.append(r3)
            java.lang.IllegalArgumentException r3 = new java.lang.IllegalArgumentException
            java.lang.String r4 = r5.toString()
            r3.<init>(r4)
            throw r3
        Ldb:
            java.lang.NullPointerException r3 = new java.lang.NullPointerException
            java.lang.String r4 = "keyPassword must be provided!"
            r3.<init>(r4)
            throw r3
        Le3:
            java.lang.IllegalArgumentException r3 = new java.lang.IllegalArgumentException
            java.lang.String r4 = "alias must not be empty!"
            r3.<init>(r4)
            throw r3
        Leb:
            java.lang.NullPointerException r3 = new java.lang.NullPointerException
            java.lang.String r4 = "alias must be provided!"
            r3.<init>(r4)
            throw r3
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.californium.elements.util.SslContextUtil.loadCredentials(java.lang.String, java.lang.String, char[], char[]):org.eclipse.californium.elements.util.SslContextUtil$Credentials");
    }

    public static KeyManager[] loadKeyManager(String str, String str2, char[] cArr, char[] cArr2) throws IOException, GeneralSecurityException {
        KeyStoreType keyStoreTypeFromUri = getKeyStoreTypeFromUri(str);
        if (keyStoreTypeFromUri.simpleStore != null) {
            Credentials loadSimpleKeyStore = loadSimpleKeyStore(str, keyStoreTypeFromUri);
            if (loadSimpleKeyStore.privateKey == null) {
                throw new IllegalArgumentException("credentials missing! No private key found!");
            }
            if (loadSimpleKeyStore.chain != null) {
                return createKeyManager(DEFAULT_ALIAS, loadSimpleKeyStore.privateKey, loadSimpleKeyStore.chain);
            }
            throw new IllegalArgumentException("credentials missing! No certificate chain found!");
        }
        if (cArr2 == null) {
            throw new NullPointerException("keyPassword must be provided!");
        }
        KeyStore loadKeyStore = loadKeyStore(str, cArr, keyStoreTypeFromUri);
        if (str2 != null && !str2.isEmpty()) {
            boolean z = false;
            Pattern compile = Pattern.compile(str2);
            KeyStore keyStore = KeyStore.getInstance(loadKeyStore.getType());
            keyStore.load(null);
            Enumeration<String> aliases = loadKeyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (compile.matcher(nextElement).matches()) {
                    KeyStore.Entry entry = loadKeyStore.getEntry(nextElement, new KeyStore.PasswordProtection(cArr2));
                    if (entry == null) {
                        StringBuilder sb = new StringBuilder();
                        sb.append("key stores '");
                        sb.append(str);
                        sb.append("' doesn't contain credentials for '");
                        sb.append(nextElement);
                        sb.append("'");
                        throw new GeneralSecurityException(sb.toString());
                    }
                    keyStore.setEntry(nextElement, entry, new KeyStore.PasswordProtection(cArr2));
                    z = true;
                }
            }
            if (!z) {
                StringBuilder sb2 = new StringBuilder();
                sb2.append("no credentials found in '");
                sb2.append(str);
                sb2.append("' for '");
                sb2.append(str2);
                sb2.append("'!");
                throw new GeneralSecurityException(sb2.toString());
            }
            loadKeyStore = keyStore;
        }
        return createKeyManager(loadKeyStore, cArr2);
    }

    private static KeyStore loadKeyStore(String str, char[] cArr, KeyStoreType keyStoreType) throws GeneralSecurityException, IOException {
        if (cArr == null) {
            throw new NullPointerException("storePassword must be provided!");
        }
        InputStream inputStreamFromUri = getInputStreamFromUri(str);
        KeyStore keyStore = KeyStore.getInstance(keyStoreType.type);
        try {
            try {
                keyStore.load(inputStreamFromUri, cArr);
                return keyStore;
            } catch (IOException e) {
                StringBuilder sb = new StringBuilder();
                sb.append(e);
                sb.append(", URI: ");
                sb.append(str);
                sb.append(", type: ");
                sb.append(keyStoreType.type);
                sb.append(Constants.SPACE_COMMA_STRING);
                sb.append(keyStore.getProvider().getName());
                throw new IOException(sb.toString());
            }
        } finally {
            inputStreamFromUri.close();
        }
    }

    public static Credentials loadPemCredentials(InputStream inputStream) throws GeneralSecurityException, IOException {
        PemReader pemReader = new PemReader(inputStream);
        try {
            Asn1DerDecoder.Keys keys = new Asn1DerDecoder.Keys();
            ArrayList<Certificate> arrayList = new ArrayList();
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (true) {
                String readNextBegin = pemReader.readNextBegin();
                if (readNextBegin == null) {
                    if (keys.getPrivateKey() != null || keys.getPublicKey() != null) {
                        List<? extends Certificate> certificates = certificateFactory.generateCertPath(arrayList).getCertificates();
                        return new Credentials(keys.getPrivateKey(), keys.getPublicKey(), (X509Certificate[]) certificates.toArray(new X509Certificate[certificates.size()]));
                    }
                    if (arrayList.isEmpty()) {
                        return new Credentials(null);
                    }
                    ArrayList arrayList2 = new ArrayList();
                    for (Certificate certificate : arrayList) {
                        if (!arrayList2.contains(certificate)) {
                            arrayList2.add(certificate);
                        }
                    }
                    if (arrayList2.size() == arrayList.size()) {
                        try {
                            List<? extends Certificate> certificates2 = certificateFactory.generateCertPath(arrayList).getCertificates();
                            return new Credentials(null, null, (X509Certificate[]) certificates2.toArray(new X509Certificate[certificates2.size()]));
                        } catch (GeneralSecurityException unused) {
                        }
                    }
                    return new Credentials((Certificate[]) arrayList2.toArray(new Certificate[arrayList2.size()]));
                }
                byte[] readToEnd = pemReader.readToEnd();
                if (readToEnd != null) {
                    if (readNextBegin.contains("CERTIFICATE")) {
                        arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(readToEnd)));
                    } else if (readNextBegin.contains("PRIVATE KEY")) {
                        Asn1DerDecoder.Keys readPrivateKey = Asn1DerDecoder.readPrivateKey(readToEnd);
                        if (readPrivateKey == null) {
                            throw new GeneralSecurityException("private key type not supported!");
                        }
                        keys.add(readPrivateKey);
                    } else if (readNextBegin.contains("PUBLIC KEY")) {
                        PublicKey readSubjectPublicKey = Asn1DerDecoder.readSubjectPublicKey(readToEnd);
                        if (readSubjectPublicKey == null) {
                            throw new GeneralSecurityException("public key type not supported!");
                        }
                        keys.setPublicKey(readSubjectPublicKey);
                    } else {
                        LOGGER.warn("{} not supported!", readNextBegin);
                    }
                }
            }
        } finally {
            pemReader.close();
        }
    }

    public static PrivateKey loadPrivateKey(String str, String str2, char[] cArr, char[] cArr2) throws IOException, GeneralSecurityException {
        KeyStoreType keyStoreTypeFromUri = getKeyStoreTypeFromUri(str);
        if (keyStoreTypeFromUri.simpleStore != null) {
            Credentials loadSimpleKeyStore = loadSimpleKeyStore(str, keyStoreTypeFromUri);
            if (loadSimpleKeyStore.privateKey != null) {
                return loadSimpleKeyStore.privateKey;
            }
        } else {
            if (str2 == null) {
                throw new NullPointerException("alias must be provided!");
            }
            if (str2.isEmpty()) {
                throw new IllegalArgumentException("alias must not be empty!");
            }
            if (cArr2 == null) {
                throw new NullPointerException("keyPassword must be provided!");
            }
            KeyStore loadKeyStore = loadKeyStore(str, cArr, keyStoreTypeFromUri);
            if (loadKeyStore.entryInstanceOf(str2, KeyStore.PrivateKeyEntry.class)) {
                KeyStore.Entry entry = loadKeyStore.getEntry(str2, new KeyStore.PasswordProtection(cArr2));
                if (entry instanceof KeyStore.PrivateKeyEntry) {
                    return ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
                }
            }
        }
        StringBuilder sb = new StringBuilder();
        sb.append("no private key found for '");
        sb.append(str2);
        sb.append("' in '");
        sb.append(str);
        sb.append("'!");
        throw new IllegalArgumentException(sb.toString());
    }

    public static PublicKey loadPublicKey(String str, String str2, char[] cArr) throws IOException, GeneralSecurityException {
        KeyStoreType keyStoreTypeFromUri = getKeyStoreTypeFromUri(str);
        if (keyStoreTypeFromUri.simpleStore == null) {
            if (str2 == null) {
                throw new NullPointerException("alias must be provided!");
            }
            if (str2.isEmpty()) {
                throw new IllegalArgumentException("alias must not be empty!");
            }
            return loadKeyStore(str, cArr, keyStoreTypeFromUri).getCertificateChain(str2)[0].getPublicKey();
        }
        Credentials loadSimpleKeyStore = loadSimpleKeyStore(str, keyStoreTypeFromUri);
        if (loadSimpleKeyStore.publicKey != null) {
            return loadSimpleKeyStore.publicKey;
        }
        StringBuilder sb = new StringBuilder();
        sb.append("no public key found for '");
        sb.append(str2);
        sb.append("' in '");
        sb.append(str);
        sb.append("'!");
        throw new IllegalArgumentException(sb.toString());
    }

    private static Credentials loadSimpleKeyStore(String str, KeyStoreType keyStoreType) throws GeneralSecurityException, IOException {
        InputStream inputStreamFromUri = getInputStreamFromUri(str);
        try {
            return keyStoreType.simpleStore.load(inputStreamFromUri);
        } finally {
            inputStreamFromUri.close();
        }
    }

    public static TrustManager[] loadTrustManager(String str, String str2, char[] cArr) throws IOException, GeneralSecurityException {
        return createTrustManager("trusts", loadTrustedCertificates(str, str2, cArr));
    }

    public static Certificate[] loadTrustedCertificates(String str) throws IOException, GeneralSecurityException {
        if (str == null) {
            throw new NullPointerException("trust must be provided!");
        }
        String[] split = str.split("#", 3);
        if (1 == split.length && getKeyStoreTypeFromUri(split[0]).simpleStore != null) {
            return loadTrustedCertificates(split[0], null, null);
        }
        if (3 == split.length) {
            return loadTrustedCertificates(split[0], split[2], StringUtil.hex2CharArray(split[1]));
        }
        throw new IllegalArgumentException("trust must comply the pattern <keystore#hexstorepwd#aliaspattern>");
    }

    public static Certificate[] loadTrustedCertificates(String str, String str2, char[] cArr) throws IOException, GeneralSecurityException {
        KeyStoreType keyStoreTypeFromUri = getKeyStoreTypeFromUri(str);
        if (keyStoreTypeFromUri.simpleStore != null) {
            Credentials loadSimpleKeyStore = loadSimpleKeyStore(str, keyStoreTypeFromUri);
            if (loadSimpleKeyStore.trusts != null) {
                return loadSimpleKeyStore.trusts;
            }
            StringBuilder sb = new StringBuilder();
            sb.append("no trusted x509 certificates found in '");
            sb.append(str);
            sb.append("'!");
            throw new IllegalArgumentException(sb.toString());
        }
        KeyStore loadKeyStore = loadKeyStore(str, cArr, keyStoreTypeFromUri);
        Pattern pattern = null;
        if (str2 != null && !str2.isEmpty()) {
            pattern = Pattern.compile(str2);
        }
        ArrayList arrayList = new ArrayList();
        Enumeration<String> aliases = loadKeyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (pattern == null || pattern.matcher(nextElement).matches()) {
                Certificate certificate = loadKeyStore.getCertificate(nextElement);
                if (!arrayList.contains(certificate)) {
                    arrayList.add(certificate);
                }
            }
        }
        if (!arrayList.isEmpty()) {
            return (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]);
        }
        StringBuilder sb2 = new StringBuilder();
        sb2.append("no trusted x509 certificates found in '");
        sb2.append(str);
        sb2.append("' for '");
        sb2.append(str2);
        sb2.append("'!");
        throw new IllegalArgumentException(sb2.toString());
    }
}
