package com.oscar.ssl;

import com.oscar.util.OSQLException;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.lang.reflect.Field;
import java.net.Socket;
import java.security.AlgorithmParameters;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.sql.SQLException;
import java.util.Collection;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.x500.X500Principal;
import sun.misc.BASE64Decoder;

/* loaded from: input_file:com/oscar/ssl/LazyKeyManager.class */
public class LazyKeyManager implements X509KeyManager {
    private final String certfile;
    private final String keyfile;
    private final boolean defaultfile;
    private final String password;
    private X509Certificate[] cert = null;
    private PrivateKey key = null;
    private OSQLException error = null;

    public LazyKeyManager(String str, String str2, String str3, boolean z) {
        this.certfile = str;
        this.keyfile = str2;
        this.defaultfile = z;
        this.password = str3;
    }

    public void throwKeyManagerException() throws OSQLException {
        if (this.error != null) {
            throw this.error;
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        if (this.certfile == null) {
            return null;
        }
        if (principalArr == null || principalArr.length == 0) {
            return "user";
        }
        X509Certificate[] certificateChain = getCertificateChain("user");
        if (certificateChain == null) {
            return null;
        }
        X509Certificate x509Certificate = certificateChain[certificateChain.length - 1];
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        String algorithm = x509Certificate.getPublicKey().getAlgorithm();
        boolean z = false;
        boolean z2 = false;
        if (strArr == null || strArr.length <= 0) {
            z = true;
        } else {
            for (String str : strArr) {
                if (str.equalsIgnoreCase(algorithm)) {
                    z = true;
                }
            }
        }
        if (z) {
            for (Principal principal : principalArr) {
                if (issuerX500Principal.equals(principal)) {
                    z2 = z;
                }
            }
        }
        if (z2) {
            return "user";
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        if (this.cert == null && this.certfile != null) {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                FileInputStream fileInputStream = null;
                try {
                    try {
                        try {
                            fileInputStream = new FileInputStream(this.certfile);
                            Collection<? extends Certificate> generateCertificates = certificateFactory.generateCertificates(fileInputStream);
                            if (fileInputStream != null) {
                                try {
                                    fileInputStream.close();
                                } catch (IOException e) {
                                    if (!this.defaultfile) {
                                        this.error = new OSQLException("Could not close SSL certificate file " + this.certfile, "", -1, (Throwable) e);
                                    }
                                }
                            }
                            this.cert = (X509Certificate[]) generateCertificates.toArray(new X509Certificate[0]);
                        } catch (FileNotFoundException e2) {
                            if (!this.defaultfile) {
                                this.error = new OSQLException("Could not open SSL certificate file " + this.certfile, "", -1, (Throwable) e2);
                            }
                            if (fileInputStream != null) {
                                try {
                                    fileInputStream.close();
                                } catch (IOException e3) {
                                    if (!this.defaultfile) {
                                        this.error = new OSQLException("Could not close SSL certificate file " + this.certfile, "", -1, (Throwable) e3);
                                    }
                                }
                            }
                            return null;
                        }
                    } catch (Throwable th) {
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e4) {
                                if (!this.defaultfile) {
                                    this.error = new OSQLException("Could not close SSL certificate file " + this.certfile, "", -1, (Throwable) e4);
                                }
                            }
                        }
                        throw th;
                    }
                } catch (CertificateException e5) {
                    this.error = new OSQLException("Loading the SSL certificate " + this.certfile + " into a KeyManager failed.", "", -1, (Throwable) e5);
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e6) {
                            if (!this.defaultfile) {
                                this.error = new OSQLException("Could not close SSL certificate file " + this.certfile, "", -1, (Throwable) e6);
                            }
                        }
                    }
                    return null;
                }
            } catch (CertificateException e7) {
                this.error = new OSQLException("Could not find a java cryptographic algorithm: X.509 CertificateFactory not available.", "", -1, (Throwable) e7);
                return null;
            }
        }
        return this.cert;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        String chooseClientAlias = chooseClientAlias(new String[]{str}, principalArr, (Socket) null);
        return chooseClientAlias == null ? new String[0] : new String[]{chooseClientAlias};
    }

    private static byte[] readFileFully(String str) throws IOException {
        RandomAccessFile randomAccessFile = new RandomAccessFile(str, "r");
        try {
            byte[] bArr = new byte[(int) randomAccessFile.length()];
            randomAccessFile.readFully(bArr);
            randomAccessFile.close();
            return bArr;
        } catch (Throwable th) {
            randomAccessFile.close();
            throw th;
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        try {
            if (this.key == null && this.keyfile != null) {
                X509Certificate[] certificateChain = getCertificateChain("user");
                if (certificateChain == null || certificateChain.length == 0) {
                    return null;
                }
                try {
                    byte[] decodeBuffer = new BASE64Decoder().decodeBuffer(new String(readFileFully(this.keyfile)).replaceFirst("-----BEGIN.*-----", "").replaceFirst("-----END.*-----", "").replaceAll("\\s", ""));
                    KeyFactory keyFactory = KeyFactory.getInstance(certificateChain[0].getPublicKey().getAlgorithm());
                    try {
                        this.key = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(decodeBuffer));
                    } catch (InvalidKeySpecException e) {
                        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(decodeBuffer);
                        try {
                            String loadAlgName = loadAlgName(encryptedPrivateKeyInfo);
                            SecretKey generateSecret = SecretKeyFactory.getInstance(loadAlgName).generateSecret(new PBEKeySpec(this.password.toCharArray()));
                            Cipher cipher = Cipher.getInstance(loadAlgName);
                            cipher.init(2, generateSecret, encryptedPrivateKeyInfo.getAlgParameters());
                            this.key = keyFactory.generatePrivate(encryptedPrivateKeyInfo.getKeySpec(cipher));
                        } catch (Exception e2) {
                            this.error = new OSQLException("Could not read SSL key file " + this.keyfile + ". Cause: " + e2.toString(), "", -1, (Throwable) e2);
                        }
                    }
                } catch (FileNotFoundException e3) {
                    if (this.defaultfile) {
                        return null;
                    }
                    throw e3;
                }
            }
        } catch (IOException e4) {
            this.error = new OSQLException("Could not read SSL key file " + this.keyfile, "", -1, (Throwable) e4);
        } catch (NoSuchAlgorithmException e5) {
            this.error = new OSQLException("Could not find a java cryptographic algorithm: " + e5.getMessage(), "", -1, (Throwable) e5);
        }
        return this.key;
    }

    private String loadAlgName(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo) throws Exception {
        if (encryptedPrivateKeyInfo.getAlgName().equals("PBEWithHmacSHA1AndAES_256")) {
            return encryptedPrivateKeyInfo.getAlgName();
        }
        if (!encryptedPrivateKeyInfo.getAlgName().equals("1.2.840.113549.1.5.13")) {
            throw new SQLException("not PBES2", "");
        }
        AlgorithmParameters algParameters = encryptedPrivateKeyInfo.getAlgParameters();
        return (String) access(Class.forName("com.sun.crypto.provider.PBES2Parameters"), "pbes2AlgorithmName").get(access(algParameters.getClass(), "paramSpi").get(algParameters));
    }

    static Field access(Class<?> cls, String str) throws Exception {
        Field declaredField = cls.getDeclaredField(str);
        declaredField.setAccessible(true);
        return declaredField;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return new String[0];
    }
}
