package com.gentics.mesh.rest.client.impl;

import com.gentics.mesh.rest.client.MeshRestClientConfig;
import com.gentics.mesh.util.UUIDUtil;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.Iterator;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.Dispatcher;
import okhttp3.OkHttpClient;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;

/* loaded from: input_file:com/gentics/mesh/rest/client/impl/OkHttpClientUtil.class */
public final class OkHttpClientUtil {
    private static final Logger log = LoggerFactory.getLogger(OkHttpClientUtil.class);

    private OkHttpClientUtil() {
    }

    public static OkHttpClient createClient(MeshRestClientConfig meshRestClientConfig) {
        Dispatcher dispatcher = new Dispatcher();
        dispatcher.setMaxRequestsPerHost(64);
        OkHttpClient.Builder dispatcher2 = new OkHttpClient.Builder().callTimeout(Duration.ofMinutes(1L)).connectTimeout(Duration.ofMinutes(1L)).writeTimeout(Duration.ofMinutes(1L)).readTimeout(Duration.ofMinutes(1L)).dispatcher(dispatcher);
        initializeHttpClient(dispatcher2, meshRestClientConfig);
        return dispatcher2.build();
    }

    private static void initializeHttpClient(OkHttpClient.Builder builder, MeshRestClientConfig meshRestClientConfig) {
        KeyManager[] keyManagerArr = null;
        TrustManager[] trustManagerArr = null;
        byte[] clientKey = meshRestClientConfig.getClientKey();
        byte[] clientCert = meshRestClientConfig.getClientCert();
        if (clientKey != null && clientCert != null) {
            try {
                keyManagerArr = getKeyManagersPem(meshRestClientConfig);
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
                rethrow(e, "Could not create key managers");
            }
        } else if (log.isDebugEnabled()) {
            log.debug("Not sending client certificate");
        }
        if (meshRestClientConfig.getTrustedCAs() == null || meshRestClientConfig.getTrustedCAs().isEmpty()) {
            if (log.isDebugEnabled()) {
                log.debug("No trusted CA found. Trusting all CA's");
            }
            trustManagerArr = getDummyTrustManager();
        } else {
            try {
                trustManagerArr = getTrustManagers(meshRestClientConfig);
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
                rethrow(e2, "Could not create trust managers");
            }
        }
        SSLContext sSLContext = null;
        try {
            log.debug("Creating SSL context");
            sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerArr, trustManagerArr, null);
        } catch (KeyManagementException | NoSuchAlgorithmException e3) {
            rethrow(e3, "Could not create SSL context");
        }
        if (!meshRestClientConfig.isVerifyHostnames()) {
            log.debug("Disabling hostname verification");
            builder.hostnameVerifier((str, sSLSession) -> {
                return true;
            });
        }
        if (sSLContext != null) {
            builder.sslSocketFactory(sSLContext.getSocketFactory(), (X509TrustManager) trustManagerArr[0]);
        }
    }

    private static KeyManager[] getKeyManagersPem(MeshRestClientConfig meshRestClientConfig) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, IOException, CertificateException {
        char[] charArray = UUIDUtil.randomUUID().toCharArray();
        byte[] clientKey = meshRestClientConfig.getClientKey();
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(meshRestClientConfig.getClientCert()));
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        String name = x509Certificate.getSubjectX500Principal().getName();
        PEMParser pEMParser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(clientKey)));
        try {
            log.debug("Read client key PEM file");
            PrivateKey privateKey = new JcaPEMKeyConverter().getPrivateKey((PrivateKeyInfo) pEMParser.readObject());
            keyStore.load(null);
            keyStore.setCertificateEntry(name + "Cert", x509Certificate);
            keyStore.setKeyEntry(name + "Key", privateKey, charArray, new Certificate[]{x509Certificate});
            keyManagerFactory.init(keyStore, charArray);
            pEMParser.close();
            return keyManagerFactory.getKeyManagers();
        } catch (Throwable th) {
            try {
                pEMParser.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static TrustManager[] getTrustManagers(MeshRestClientConfig meshRestClientConfig) throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        keyStore.load(null);
        Iterator<byte[]> it = meshRestClientConfig.getTrustedCAs().iterator();
        while (it.hasNext()) {
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(it.next()));
            keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName(), x509Certificate);
        }
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    private static TrustManager[] getDummyTrustManager() {
        return new TrustManager[]{new X509TrustManager() { // from class: com.gentics.mesh.rest.client.impl.OkHttpClientUtil.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};
    }

    private static void rethrow(Throwable th, String str) {
        log.error(str + ": " + th.getMessage());
        throw new RuntimeException(th);
    }
}
