package com.braincube.extension.utils;

import feign.Client;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.net.ssl.SSLContext;
import javax.xml.bind.DatatypeConverter;
import org.apache.http.ssl.SSLContexts;

/* loaded from: input_file:com/braincube/extension/utils/SSLContextManager.class */
public class SSLContextManager {
    private static SSLContext initSSLContext(String str, String str2, String str3) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException, InvalidKeySpecException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(new RuntimePermission("setFactory"));
        }
        byte[] parseDERFromPEM = parseDERFromPEM(str.getBytes(), "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----");
        byte[] parseDERFromPEM2 = parseDERFromPEM(str2.getBytes(), "-----BEGIN PRIVATE KEY-----", "-----END PRIVATE KEY-----");
        X509Certificate generateCertificateFromDER = generateCertificateFromDER(parseDERFromPEM);
        RSAPrivateKey generatePrivateKeyFromDER = generatePrivateKeyFromDER(parseDERFromPEM2);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null);
        keyStore.setCertificateEntry("cert-alias", generateCertificateFromDER);
        keyStore.setKeyEntry("key-alias", generatePrivateKeyFromDER, str3.toCharArray(), new X509Certificate[]{generateCertificateFromDER});
        return SSLContexts.custom().loadKeyMaterial(keyStore, str3.toCharArray()).loadTrustMaterial((x509CertificateArr, str4) -> {
            return true;
        }).build();
    }

    private static byte[] parseDERFromPEM(byte[] bArr, String str, String str2) {
        return DatatypeConverter.parseBase64Binary(new String(bArr).split(str)[1].split(str2)[0]);
    }

    private static RSAPrivateKey generatePrivateKeyFromDER(byte[] bArr) throws InvalidKeySpecException, NoSuchAlgorithmException {
        return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    private static X509Certificate generateCertificateFromDER(byte[] bArr) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    public static Client getClientSSL(String str, String str2, String str3) throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException, InvalidKeySpecException {
        return new Client.Default(initSSLContext(str, str2, str3).getSocketFactory(), null);
    }
}
