package com.ghc.ssl;

import com.ghc.identity.AuthenticationManager;
import com.ghc.identity.IdentityStoreResource;
import com.ghc.ssl.provider.GHSSLContextSPI;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/ghc/ssl/SSLRegistry.class */
public enum SSLRegistry {
    INSTANCE;

    Map<String, KeyTrustManager> endpoints = new ConcurrentHashMap();
    public static final KeyTrustManager trustAll = new KeyTrustManager("Internal", null, null, "Default Trust All", null);
    public static final HostnameVerifier verifyAll = new HostnameVerifier() { // from class: com.ghc.ssl.SSLRegistry.1
        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }
    };
    private static final Logger log = Logger.getLogger(SSLRegistry.class.getName());

    /* loaded from: input_file:com/ghc/ssl/SSLRegistry$KeyTrustManager.class */
    public static class KeyTrustManager {
        private final String desription;
        public final SslSettings settings;
        public final String id;
        public final KeyManager[] keyManagers;
        public final X509TrustManager[] trustManagers;

        KeyTrustManager(String str, KeyManager[] keyManagerArr, X509TrustManager[] x509TrustManagerArr, String str2, SslSettings sslSettings) {
            this.id = str;
            this.keyManagers = keyManagerArr;
            this.trustManagers = x509TrustManagerArr;
            this.desription = str2;
            this.settings = sslSettings;
        }

        public String toString() {
            return this.desription;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/ghc/ssl/SSLRegistry$LoggingKeyManager.class */
    public class LoggingKeyManager extends X509ExtendedKeyManager {
        private final X509ExtendedKeyManager delegate;

        public LoggingKeyManager(X509ExtendedKeyManager x509ExtendedKeyManager) {
            this.delegate = x509ExtendedKeyManager;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
            SSLRegistry.log.log(Level.FINEST, "Lookup for " + principalArr);
            if (this.delegate != null) {
                return this.delegate.chooseEngineClientAlias(strArr, principalArr, sSLEngine);
            }
            return null;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
            SSLRegistry.log.log(Level.FINEST, "Lookup for " + principalArr);
            if (this.delegate != null) {
                return this.delegate.chooseEngineServerAlias(str, principalArr, sSLEngine);
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            SSLRegistry.log.log(Level.FINEST, "Lookup for " + str);
            if (this.delegate != null) {
                return this.delegate.getCertificateChain(str);
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            SSLRegistry.log.log(Level.FINEST, "Lookup for " + str);
            if (this.delegate != null) {
                return this.delegate.getPrivateKey(str);
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            SSLRegistry.log.log(Level.FINEST, "Lookup for " + principalArr);
            if (this.delegate != null) {
                return this.delegate.getClientAliases(str, principalArr);
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            SSLRegistry.log.log(Level.FINEST, "Lookup for " + principalArr);
            if (this.delegate != null) {
                return this.delegate.getServerAliases(str, principalArr);
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            SSLRegistry.log.log(Level.FINEST, "Lookup for " + principalArr);
            if (this.delegate != null) {
                return this.delegate.chooseClientAlias(strArr, principalArr, socket);
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            SSLRegistry.log.log(Level.FINEST, "Lookup for " + principalArr);
            if (this.delegate != null) {
                return this.delegate.chooseServerAlias(str, principalArr, socket);
            }
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/ghc/ssl/SSLRegistry$LoggingTrustManager.class */
    public class LoggingTrustManager implements X509TrustManager {
        private final X509TrustManager delegate;

        public LoggingTrustManager(X509TrustManager x509TrustManager) {
            this.delegate = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                try {
                    this.delegate.checkClientTrusted(x509CertificateArr, str);
                } catch (Exception e) {
                    e.getLocalizedMessage();
                    throw e;
                }
            } finally {
                if (x509CertificateArr.length > 0) {
                    SSLRegistry.log.log(Level.FINEST, "Checking " + x509CertificateArr[(char) 0].getSubjectDN() + " => OK");
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                try {
                    this.delegate.checkServerTrusted(x509CertificateArr, str);
                } catch (Exception e) {
                    e.getLocalizedMessage();
                    throw e;
                }
            } finally {
                if (x509CertificateArr.length > 0) {
                    SSLRegistry.log.log(Level.FINEST, "Checking " + x509CertificateArr[(char) 0].getSubjectDN() + " => OK");
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.delegate.getAcceptedIssuers();
        }
    }

    SSLRegistry() {
    }

    public void registerConnection(String str, int i, String str2) {
        SslSettings sslSettings = new SslSettings();
        sslSettings.setUseSsl(true);
        registerConnection(str, i, sslSettings, str2);
    }

    public void registerConnection(String str, int i, SslSettings sslSettings, String str2) {
        if (i == -1) {
            i = 443;
        }
        SslSettingsValidation validate = SslSettingsValidation.validate(AuthenticationManager.getInstance(), sslSettings);
        if (!validate.serverSettingsValid()) {
            StringBuilder sb = new StringBuilder();
            validate.reportServerAndClientMessages(sb);
            throw new SSLConfigurationException(sb.toString());
        }
        KeyManager[] keyManagerArr = {new LoggingKeyManager(null)};
        if (sslSettings.getClientIdentityStoreId() != null) {
            keyManagerArr = new KeyManager[]{new SSLKeyManager(AuthenticationManager.getInstance().getIdentityStore(sslSettings.getClientIdentityStoreId()), null, false)};
        }
        String str3 = "Trust All";
        X509TrustManager[] x509TrustManagerArr = null;
        if (sslSettings.getClientTrustStoreId() != null) {
            IdentityStoreResource identityStore = AuthenticationManager.getInstance().getIdentityStore(sslSettings.getClientTrustStoreId());
            str3 = identityStore.getName();
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(identityStore.getKeyStore());
                x509TrustManagerArr = new X509TrustManager[trustManagerFactory.getTrustManagers().length];
                int i2 = 0;
                for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                    if (trustManager instanceof X509TrustManager) {
                        int i3 = i2;
                        i2++;
                        x509TrustManagerArr[i3] = new LoggingTrustManager((X509TrustManager) trustManager);
                    }
                }
            } catch (Exception e) {
                log.log(Level.SEVERE, "Unable to build trust manager for " + str + ":" + i + " - " + e.getLocalizedMessage());
            }
        } else {
            x509TrustManagerArr = new X509TrustManager[]{new LoggingTrustManager(new AllTrustingTrustManager())};
        }
        KeyTrustManager put = this.endpoints.put(getKey(str, i), new KeyTrustManager(str2, keyManagerArr, x509TrustManagerArr, str3, sslSettings));
        if (put != null) {
            log.log(put.settings.equals(sslSettings) ? Level.INFO : Level.WARNING, "Alternative source registering details for " + str + ":" + i);
        } else {
            log.log(Level.FINEST, "Registered new ssl material details for " + str + ":" + i);
        }
        HttpsURLConnection.setDefaultHostnameVerifier(verifyAll);
    }

    private String getKey(String str, int i) {
        try {
            return String.valueOf(InetAddress.getByName(str).getHostAddress()) + "__" + i;
        } catch (UnknownHostException unused) {
            log.log(Level.FINER, "Unable to obtain host details for " + str);
            return String.valueOf(str) + "__" + i;
        }
    }

    public KeyTrustManager getKTM(String str, int i) {
        KeyTrustManager keyTrustManager = this.endpoints.get(getKey(str, i));
        if (keyTrustManager != null) {
            log.log(Level.FINER, "Found SSL material registered for " + str + ":" + i + " - " + keyTrustManager);
        } else {
            log.log(Level.FINER, "No SSL material registered for " + str + ":" + i + ", using default.");
        }
        return keyTrustManager;
    }

    public void updateContextForEndpoint(String str, int i, GHSSLContextSPI gHSSLContextSPI) {
        KeyTrustManager ktm = getKTM(str, i);
        if (ktm != null) {
            try {
                gHSSLContextSPI.updateManagers(ktm.keyManagers, ktm.trustManagers);
            } catch (Throwable th) {
                log.log(Level.WARNING, "Error whilst updating ssl key material for " + str + ":" + i + " - " + th.getLocalizedMessage());
            }
        }
    }

    public X509TrustManager[] getTrustManagers(String str, int i) {
        return getKTM(str, i).trustManagers;
    }

    /* renamed from: values, reason: to resolve conflict with enum method */
    public static SSLRegistry[] valuesCustom() {
        SSLRegistry[] valuesCustom = values();
        int length = valuesCustom.length;
        SSLRegistry[] sSLRegistryArr = new SSLRegistry[length];
        System.arraycopy(valuesCustom, 0, sSLRegistryArr, 0, length);
        return sSLRegistryArr;
    }
}
