package tigase.io;

import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import tigase.cert.CertificateUtil;
import tigase.kernel.beans.Inject;

/* loaded from: input_file:tigase/io/SSLContextContainerAbstract.class */
public abstract class SSLContextContainerAbstract implements SSLContextContainerIfc {
    private static final Logger log = Logger.getLogger(SSLContextContainerAbstract.class.getCanonicalName());

    @Inject
    private final CertificateContainerIfc certificateContainer;
    private SecureRandom secureRandom = new SecureRandom();

    /* loaded from: input_file:tigase/io/SSLContextContainerAbstract$SSLHolder.class */
    protected class SSLHolder {
        final X509Certificate domainCertificate;
        final SSLContext sslContext;
        final TrustManager[] tms;

        public SSLHolder(TrustManager[] trustManagerArr, SSLContext sSLContext, X509Certificate x509Certificate) {
            this.tms = trustManagerArr;
            this.sslContext = sSLContext;
            this.domainCertificate = x509Certificate;
        }

        public SSLContext getSSLContext() {
            return this.sslContext;
        }

        public boolean isValid(TrustManager[] trustManagerArr) {
            return trustManagerArr == this.tms;
        }

        public String toString() {
            StringBuffer stringBuffer = new StringBuffer("SSLHolder{");
            if (this.domainCertificate != null) {
                stringBuffer.append("domainCertificate=subject: ").append(CertificateUtil.getCertCName(this.domainCertificate)).append(", altNames: ").append(CertificateUtil.getCertAltCName(this.domainCertificate)).append(", issuer: ").append(this.domainCertificate.getIssuerDN());
            }
            stringBuffer.append(", sslContext=").append(this.sslContext);
            stringBuffer.append(", tms=").append(this.tms == null ? "null" : Arrays.asList(this.tms).toString());
            stringBuffer.append('}');
            return stringBuffer.toString();
        }
    }

    public static <T> T find(Map<String, T> map, String str) {
        T t;
        String lowerCase = str != null ? str.toLowerCase() : str;
        if (map.containsKey(lowerCase)) {
            return map.get(lowerCase);
        }
        if (map.containsKey("*." + lowerCase)) {
            return map.get("*." + lowerCase);
        }
        int indexOf = lowerCase.indexOf(".");
        if (indexOf < 0 || (t = map.get("*" + lowerCase.substring(indexOf))) == null) {
            return null;
        }
        map.put(lowerCase, t);
        return t;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void removeMatchedDomains(Map<String, ?> map, Set<String> set) {
        map.keySet().removeAll(set);
        Set set2 = (Set) set.stream().filter(str -> {
            return str.startsWith("*.");
        }).map(str2 -> {
            return str2.substring(2);
        }).collect(Collectors.toSet());
        map.keySet().removeIf(str3 -> {
            return set2.contains(str3.substring(str3.indexOf(".") + 1));
        });
    }

    public SSLContextContainerAbstract(CertificateContainerIfc certificateContainerIfc) {
        this.certificateContainer = certificateContainerIfc;
    }

    @Override // tigase.io.SSLContextContainerIfc
    public void addCertificates(Map<String, String> map) throws CertificateParsingException {
        this.certificateContainer.addCertificates(map);
    }

    @Override // tigase.io.SSLContextContainerIfc
    public SSLContext getSSLContext(String str, String str2, boolean z) {
        return getSSLContext(str, str2, z, null);
    }

    @Override // tigase.io.SSLContextContainerIfc
    public KeyStore getTrustStore() {
        if (this.certificateContainer != null) {
            return this.certificateContainer.getTrustStore();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyManager[] createCertificate(String str) throws Exception {
        return this.certificateContainer.createCertificate(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SSLHolder createContextHolder(String str, String str2, String str3, boolean z, TrustManager[] trustManagerArr) throws Exception {
        String lowerCase = str2 != null ? str2.toLowerCase() : str2;
        String lowerCase2 = str3 != null ? str3.toLowerCase() : str3;
        KeyManager[] keyManagers = getKeyManagers(lowerCase);
        if (keyManagers == null) {
            if (z) {
                SSLContext sSLContext = SSLContext.getInstance(str);
                sSLContext.init(null, trustManagerArr, this.secureRandom);
                SSLHolder sSLHolder = new SSLHolder(trustManagerArr, sSLContext, null);
                if (log.isLoggable(Level.FINEST)) {
                    log.log(Level.FINEST, "Created new SSLHolder: {0} for domain: {1} (with alias: {2})", (Object[]) new String[]{String.valueOf(sSLHolder), lowerCase, lowerCase2, String.valueOf(z)});
                }
                return sSLHolder;
            }
            if (log.isLoggable(Level.INFO)) {
                log.log(Level.INFO, "Key manager for hostname: {0} doesn't exist, generating new one", (Object[]) new String[]{lowerCase});
            }
            keyManagers = createCertificate(lowerCase2);
        }
        X509Certificate x509Certificate = null;
        if (keyManagers.length > 0 && (keyManagers[0] instanceof X509KeyManager)) {
            X509KeyManager x509KeyManager = (X509KeyManager) keyManagers[0];
            X509Certificate[] certificateChain = x509KeyManager.getCertificateChain(lowerCase2);
            if (certificateChain == null) {
                certificateChain = x509KeyManager.getCertificateChain("*." + lowerCase2);
            }
            if (certificateChain == null) {
                certificateChain = x509KeyManager.getCertificateChain(getParentWildcardDomain(lowerCase2));
            }
            x509Certificate = (certificateChain == null || certificateChain.length == 0) ? null : certificateChain[0];
        }
        SSLContext sSLContext2 = SSLContext.getInstance(str);
        sSLContext2.init(keyManagers, trustManagerArr, this.secureRandom);
        SSLHolder sSLHolder2 = new SSLHolder(trustManagerArr, sSLContext2, x509Certificate);
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "Created new SSLHolder: {0} for domain: {1} (with alias: {2})", (Object[]) new String[]{String.valueOf(sSLHolder2), lowerCase, lowerCase2, String.valueOf(z)});
        }
        return sSLHolder2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getDefCertAlias() {
        return this.certificateContainer.getDefCertAlias();
    }

    protected KeyManager[] getKeyManagers(String str) {
        return this.certificateContainer.getKeyManagers(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TrustManager[] getTrustManagers() {
        return this.certificateContainer.getTrustManagers();
    }

    private String getParentWildcardDomain(String str) {
        return str.indexOf(46) > 0 ? "*" + str.substring(str.indexOf(46)) : str;
    }
}
