package com.cloudera.navigator.sdk.util;

import com.google.common.base.Optional;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/navigator/sdk/util/SSLSocketFactoryHelper.class */
public class SSLSocketFactoryHelper {
    private static final String JAVAX_DEFAULT_KEYSTORE = "javax.net.ssl.keystore";
    private static final String JAVAX_DEFAULT_TRUSTSTORE = "javax.net.ssl.trustStore";
    private static final String KEY_STORE = "keystore";
    private static final String TRUST_STORE = "truststore";
    private static final String SSL = "SSL";
    private final char[] trustStorePassword;
    private final char[] keystorePassword;
    private final boolean realTrust;
    private final boolean verifyHostname;
    private final String sslVersion;
    private final String trustManagerFactoryName;
    private final String keyStoreFile;
    private final String trustStoreFile;
    private static final SSLContext trustAllSslContext;
    private static final Logger LOGGER = LoggerFactory.getLogger(SSLSocketFactoryHelper.class);
    private static final String KEYSTORE_TYPE = KeyStore.getDefaultType();
    private static final TrustManager[] trustAllCerts = {new X509TrustManager() { // from class: com.cloudera.navigator.sdk.util.SSLSocketFactoryHelper.1
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }};

    public SSLSocketFactoryHelper(Optional<TLSConfiguration> optional) {
        if (!optional.isPresent()) {
            this.realTrust = false;
            this.verifyHostname = false;
            this.sslVersion = null;
            this.trustManagerFactoryName = null;
            this.keyStoreFile = null;
            this.trustStoreFile = null;
            this.keystorePassword = null;
            this.trustStorePassword = null;
            return;
        }
        TLSConfiguration tLSConfiguration = optional.get();
        this.realTrust = tLSConfiguration.isTLSEnabledInCM();
        this.verifyHostname = tLSConfiguration.isTLSHostnameVerificationDesired();
        this.sslVersion = tLSConfiguration.getSSLVersion();
        this.trustManagerFactoryName = tLSConfiguration.getTrustManagerFactoryName();
        this.keyStoreFile = tLSConfiguration.getTLSKeyStoreFile();
        this.keystorePassword = tLSConfiguration.getTLSKeyStorePassword();
        this.trustStoreFile = tLSConfiguration.getTLSTrustStoreFile();
        this.trustStorePassword = tLSConfiguration.getTLSTrustStorePassword();
    }

    private Optional<KeyStore> createKeyStoreFromFile(String str, String str2, char[] cArr) {
        LOGGER.info("creating {} from file {}", str, str2);
        if (StringUtils.isEmpty(str2)) {
            LOGGER.info("{} file path is not set, not creating a {}", str, str);
            return Optional.absent();
        }
        File file = new File(str2);
        if (file.exists()) {
            LOGGER.info("Using client {} found at [{}].", str, str2);
            try {
                KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
                try {
                    FileInputStream fileInputStream = new FileInputStream(file);
                    Throwable th = null;
                    try {
                        try {
                            keyStore.load(fileInputStream, cArr);
                            Optional<KeyStore> of = Optional.of(keyStore);
                            if (fileInputStream != null) {
                                if (0 != 0) {
                                    try {
                                        fileInputStream.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    fileInputStream.close();
                                }
                            }
                            return of;
                        } finally {
                        }
                    } catch (Throwable th3) {
                        if (fileInputStream != null) {
                            if (th != null) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                        throw th3;
                    }
                } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
                    LOGGER.error("Could not load {} file [{}].", new Object[]{str, file, e});
                }
            } catch (KeyStoreException e2) {
                LOGGER.error("Could not create client {} object", str, e2);
                return Optional.absent();
            }
        } else {
            LOGGER.warn("{} file [{}] does not exist but is configured", str, str2);
        }
        return Optional.absent();
    }

    public Optional<SSLSocketFactory> buildSSLSocketFactory() {
        TrustManager[] trustManagerArr;
        try {
            SSLContext sSLContext = SSLContext.getInstance(this.sslVersion);
            KeyManager[] keyManagerArr = null;
            SecureRandom secureRandom = null;
            if (this.realTrust) {
                keyManagerArr = buildKeyStoreManagers();
                trustManagerArr = buildTrustStoreManagers();
                secureRandom = new SecureRandom();
            } else {
                LOGGER.warn("Initializing client SSLContext with BogusTrustManager. All certificates are trusted.");
                trustManagerArr = trustAllCerts;
            }
            sSLContext.init(keyManagerArr, trustManagerArr, secureRandom);
            if (this.verifyHostname) {
                LOGGER.info("Enabling Host Name Verification");
                sSLContext.getDefaultSSLParameters().setEndpointIdentificationAlgorithm("HTTPS");
            }
            return Optional.of(sSLContext.getSocketFactory());
        } catch (GeneralSecurityException e) {
            LOGGER.error("Error configuring SSL Sockets", e);
            return Optional.absent();
        }
    }

    private KeyManager[] buildKeyStoreManagers() throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException {
        Optional<KeyStore> createKeyStoreFromFile = createKeyStoreFromFile(KEY_STORE, this.keyStoreFile, this.keystorePassword);
        if (!createKeyStoreFromFile.isPresent()) {
            LOGGER.info("Initializing client SSLContext with JVM default keystore [{}], JVM default keystore and specified random number generator.", System.getProperty(JAVAX_DEFAULT_KEYSTORE));
            return null;
        }
        KeyStore keyStore = createKeyStoreFromFile.get();
        LOGGER.info("Initializing client SSLContext with keystore [{}] JVM default keystore and specified random number generator.", keyStore);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.trustManagerFactoryName);
        keyManagerFactory.init(keyStore, this.keystorePassword);
        return keyManagerFactory.getKeyManagers();
    }

    private TrustManager[] buildTrustStoreManagers() throws NoSuchAlgorithmException, KeyStoreException {
        Optional<KeyStore> createKeyStoreFromFile = createKeyStoreFromFile(TRUST_STORE, this.trustStoreFile, this.trustStorePassword);
        if (!createKeyStoreFromFile.isPresent()) {
            LOGGER.info("Initializing client SSLContext with JVM default truststore [{}], JVM default keystore and specified random number generator.", System.getProperty(JAVAX_DEFAULT_TRUSTSTORE));
            return null;
        }
        KeyStore keyStore = createKeyStoreFromFile.get();
        LOGGER.info("Initializing client SSLContext with truststore [{}] JVM default keystore and specified random number generator.", keyStore);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this.trustManagerFactoryName);
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    static {
        try {
            trustAllSslContext = SSLContext.getInstance(SSL);
            trustAllSslContext.init(null, trustAllCerts, new SecureRandom());
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }
}
