package de.svws_nrw.base.crypto;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:de/svws_nrw/base/crypto/TLSUtils.class */
public final class TLSUtils {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/svws_nrw/base/crypto/TLSUtils$InterceptingTrustManager.class */
    public static class InterceptingTrustManager implements X509TrustManager {
        private final X509TrustManager tm;
        private X509Certificate[] chain;

        InterceptingTrustManager(X509TrustManager x509TrustManager) {
            this.tm = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.chain = x509CertificateArr;
            this.tm.checkServerTrusted(x509CertificateArr, str);
        }
    }

    private TLSUtils() {
        throw new IllegalStateException("Instantiation not allowed");
    }

    public static boolean queryServerCertificates(String str, List<X509Certificate> list) throws SSLException {
        boolean z;
        int i;
        URI create = URI.create(str);
        String host = create.getHost();
        int port = create.getPort();
        if (port < 1) {
            String scheme = create.getScheme();
            boolean z2 = -1;
            switch (scheme.hashCode()) {
                case 3213448:
                    if (scheme.equals("http")) {
                        z2 = false;
                        break;
                    }
                    break;
                case 99617003:
                    if (scheme.equals("https")) {
                        z2 = true;
                        break;
                    }
                    break;
            }
            switch (z2) {
                case false:
                    i = 80;
                    break;
                case true:
                    i = 443;
                    break;
                default:
                    i = 443;
                    break;
            }
            port = i;
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            InterceptingTrustManager interceptingTrustManager = new InterceptingTrustManager((X509TrustManager) trustManagerFactory.getTrustManagers()[0]);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new InterceptingTrustManager[]{interceptingTrustManager}, null);
            try {
                SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket(host, port);
                try {
                    sSLSocket.setSoTimeout(10000);
                    sSLSocket.startHandshake();
                    z = true;
                    if (sSLSocket != null) {
                        sSLSocket.close();
                    }
                } finally {
                }
            } catch (IOException e) {
                z = false;
            }
            if (interceptingTrustManager.chain == null) {
                throw new SSLException("Die Server-Zertifikate konnten bei dem Handshake nicht bestimmt werden.");
            }
            list.clear();
            list.addAll(Arrays.asList(interceptingTrustManager.chain));
            return z;
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e2) {
            throw new SSLException("Fehler beim Erstellen der SSLSocketFactory", e2);
        }
    }

    public static boolean queryServerCertificatesBase64(String str, List<String> list) throws SSLException {
        ArrayList arrayList = new ArrayList();
        boolean queryServerCertificates = queryServerCertificates(str, arrayList);
        try {
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                list.add(encodeCertFileBase64((X509Certificate) it.next()));
            }
            return queryServerCertificates;
        } catch (CertificateException e) {
            throw new SSLException("Fehler bei der Umwandlung der X509-Zertifikate nach Base64", e);
        }
    }

    public static String encodeCertBase64(X509Certificate x509Certificate) throws CertificateException {
        try {
            return Base64.getEncoder().encodeToString(x509Certificate.getEncoded());
        } catch (CertificateEncodingException e) {
            throw new CertificateException("Das Zertifikat kann nicht serialisiert werden.", e);
        }
    }

    public static X509Certificate decodeCertBase64(String str) throws CertificateException {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(str)));
        } catch (CertificateException e) {
            throw new CertificateException("Fehler beim Dekodieren des Zertifikats.", e);
        }
    }

    public static String encodeCertFileBase64(X509Certificate x509Certificate) throws CertificateException {
        try {
            return "-----BEGIN CERTIFICATE-----\n" + Base64.getMimeEncoder().encodeToString(x509Certificate.getEncoded()) + "\n-----END CERTIFICATE-----\n";
        } catch (CertificateEncodingException e) {
            throw new CertificateException("Das Zertifikat kann nicht serialisiert werden.", e);
        }
    }

    public static X509Certificate decodeCertFileBase64(String str) throws CertificateException {
        String[] split = str.split("-----BEGIN CERTIFICATE-----\r*\n*");
        if (split.length != 2) {
            throw new IllegalArgumentException("Das Zertifikat kann nicht eingelesen werden. Überprüfen sie das Dateiformat.");
        }
        String[] split2 = split[1].split("\r*\n*-----END CERTIFICATE-----");
        if (split2.length != 2) {
            throw new IllegalArgumentException("Das Zertifikat kann nicht eingelesen werden. Überprüfen sie das Dateiformat.");
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.getMimeDecoder().decode(split2[0])));
        } catch (CertificateException e) {
            throw new CertificateException("Fehler beim Dekodieren des Zertifikats.", e);
        }
    }

    public static String encodeCertListJson(List<X509Certificate> list) throws CertificateException {
        boolean z = true;
        StringBuilder sb = new StringBuilder("[");
        for (X509Certificate x509Certificate : list) {
            if (z) {
                z = false;
            } else {
                sb.append(",");
            }
            sb.append("\"").append(encodeCertBase64(x509Certificate)).append("\"");
        }
        sb.append("]");
        return sb.toString();
    }

    public static List<X509Certificate> decodeCertListJson(String str) throws CertificateException {
        ArrayList arrayList = new ArrayList();
        for (String str2 : str.replace("[", "").replace("]", "").trim().split(",")) {
            arrayList.add(decodeCertBase64(str2.trim().replace("\"", "")));
        }
        return arrayList;
    }

    public static SSLContext getTLSContextFromKeystore(KeyStore keyStore) throws GeneralSecurityException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
        return sSLContext;
    }
}
