package eu.radoop.connections.proxy;

import com.rapidminer.RapidMiner;
import com.rapidminer.gui.tools.VersionNumber;
import com.rapidminer.tools.TempFileTools;
import com.rapidminer.tools.net.UserProvidedTLSCertificateLoader;
import eu.radoop.RadoopConf;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.HexFormat;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.BiFunction;
import java.util.function.Function;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import java.util.stream.Stream;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;

/* loaded from: input_file:eu/radoop/connections/proxy/KeyStoreUtils.class */
public class KeyStoreUtils {
    private static final String CERTIFICATE_INFO_CLASS_NAME = "com.rapidminer.tools.net.CertificateInfo";
    private static final String USER_CERT_PREFIX = "user_cert_";
    private static final String X509 = "X.509";
    private static final char SEPARATOR = '_';
    private static final String TMP_PREFIX = "cacerts-rm";
    private static final String TMP_SUFFIX = "jks";
    private final Set<Certificate> loadedCerts = Collections.synchronizedSet(new HashSet());
    private static KeyStoreUtils INSTANCE;
    private static final VersionNumber CERTIFICATE_API_VERSION_NUMBER = new VersionNumber(10, 5, 0);
    private static final Logger logger = Logger.getLogger(KeyStoreUtils.class.getName());
    private static final UserProvidedTLSCertificateLoader certLoader = UserProvidedTLSCertificateLoader.INSTANCE;

    private KeyStoreUtils() {
    }

    public static synchronized KeyStoreUtils getInstance() {
        if (INSTANCE == null) {
            INSTANCE = new KeyStoreUtils();
        }
        return INSTANCE;
    }

    public synchronized void reloadCertificates(Path path, String str) {
        try {
            logger.finest(() -> {
                return String.format("Probing to load new trusted certificates of %s from file %s", str, path);
            });
            Collection<? extends Certificate> newCertificatesCollection = getNewCertificatesCollection(path);
            if (newCertificatesCollection.isEmpty()) {
                logger.finest("No certificate found in provided file");
                return;
            }
            if (this.loadedCerts.containsAll(newCertificatesCollection)) {
                logger.finest("Every certificate in the specified file has been loaded into truststore before");
                return;
            }
            logger.info(() -> {
                return String.format("Loading trusted certificates for %s radoop-proxy connection", str);
            });
            Stream<? extends Certificate> filter = newCertificatesCollection.stream().filter(certificate -> {
                return certificate instanceof X509Certificate;
            });
            Class<X509Certificate> cls = X509Certificate.class;
            Objects.requireNonNull(X509Certificate.class);
            filter.map((v1) -> {
                return r1.cast(v1);
            }).forEach(x509Certificate -> {
                logger.info(() -> {
                    return String.format("Certificate DN:      %s", x509Certificate.getSubjectDN());
                });
                try {
                    String certificateFingerprint = getCertificateFingerprint(x509Certificate, MessageDigestAlgorithms.SHA_1);
                    String certificateFingerprint2 = getCertificateFingerprint(x509Certificate, MessageDigestAlgorithms.SHA_256);
                    logger.info(() -> {
                        return String.format("Fingerprint SHA-1:   %s", certificateFingerprint);
                    });
                    logger.info(() -> {
                        return String.format("Fingerprint SHA-256: %s", certificateFingerprint2);
                    });
                } catch (NoSuchAlgorithmException | CertificateEncodingException e) {
                    logger.log(Level.SEVERE, "Failed to compute fingerprint", e);
                }
            });
            Map<Object, Certificate> allRequiredCertificates = getAllRequiredCertificates(path, newCertificatesCollection);
            setNewTrustStoreAndPassword(createNewKeystore(allRequiredCertificates));
            getMethodAsAccessible(certLoader.getClass(), "refreshTrustStoreInDefaultSSLContext", new Class[0]).invoke(certLoader, new Object[0]);
            logger.info(String.format("The new cert store contains %s trusted certificates", Integer.valueOf(allRequiredCertificates.size())));
            this.loadedCerts.addAll(newCertificatesCollection);
        } catch (CertificateException e) {
            logger.log(Level.SEVERE, String.format("Couldn't read certificates from selected file %s within %s connection object.", path, str), (Throwable) e);
            throw new IllegalArgumentException(String.format("Couldn't read certificates from selected file %s within %s connection object.", path.getFileName().toString(), str), e);
        } catch (Throwable th) {
            logger.log(Level.SEVERE, "Loading of user provided certificates failed for " + str, th);
            throw new IllegalStateException("Loading of user provided certificates failed for " + str, th);
        }
    }

    private static void setNewTrustStoreAndPassword(KeyStore keyStore) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        String uuid = UUID.randomUUID().toString();
        Path createTempFile = TempFileTools.createTempFile(TMP_PREFIX, "jks", false);
        OutputStream newOutputStream = Files.newOutputStream(createTempFile, new OpenOption[0]);
        try {
            keyStore.store(newOutputStream, uuid.toCharArray());
            if (newOutputStream != null) {
                newOutputStream.close();
            }
            System.setProperty(RadoopConf.JAVAX_NET_SSL_TRUSTSTORE, createTempFile.toAbsolutePath().toString());
            System.setProperty("javax.net.ssl.trustStorePassword", uuid);
        } catch (Throwable th) {
            if (newOutputStream != null) {
                try {
                    newOutputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static KeyStore createNewKeystore(Map<Object, Certificate> map) throws IllegalAccessException, InvocationTargetException {
        return (KeyStore) getMethodAsAccessible(certLoader.getClass(), "createKeyStore", Map.class).invoke(certLoader, map);
    }

    private Map<Object, Certificate> getAllRequiredCertificates(Path path, Collection<? extends Certificate> collection) throws NoSuchAlgorithmException, KeyStoreException {
        BiFunction<Integer, String, Object> keyFunctionForNewCertificates = getKeyFunctionForNewCertificates();
        HashMap hashMap = new HashMap(getCertificatesMap(getKeyFunctionForOldCertificates()));
        hashMap.putAll(readCertificates(collection, path, keyFunctionForNewCertificates));
        return hashMap;
    }

    private static Function<Integer, Object> getKeyFunctionForOldCertificates() {
        return RapidMiner.getVersion().isAtLeast(CERTIFICATE_API_VERSION_NUMBER) ? getCertificateInfoSupplier() : getStringSupplier();
    }

    private static BiFunction<Integer, String, Object> getKeyFunctionForNewCertificates() {
        return RapidMiner.getVersion().isAtLeast(CERTIFICATE_API_VERSION_NUMBER) ? getUserCertificatesCertificateInfoSupplier() : getUserCertificatesStringSupplier();
    }

    private static Method getMethodAsAccessible(Class<?> cls, String str, Class<?>... clsArr) {
        try {
            Method declaredMethod = cls.getDeclaredMethod(str, clsArr);
            declaredMethod.setAccessible(true);
            return declaredMethod;
        } catch (NoSuchMethodException e) {
            throw new RuntimeException(e);
        }
    }

    private Collection<? extends Certificate> getNewCertificatesCollection(Path path) throws CertificateException {
        if (!path.toFile().exists()) {
            return Collections.emptyList();
        }
        String path2 = path.getFileName().toString();
        CertificateFactory certificateFactory = CertificateFactory.getInstance(X509);
        try {
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            try {
                Collection<? extends Certificate> generateCertificates = certificateFactory.generateCertificates(newInputStream);
                if (newInputStream != null) {
                    newInputStream.close();
                }
                return generateCertificates;
            } finally {
            }
        } catch (IOException e) {
            logger.log(Level.WARNING, "Could not find any certificates in " + path2, (Throwable) e);
            return Collections.emptyList();
        }
    }

    private Map<Object, Certificate> readCertificates(Collection<? extends Certificate> collection, Path path, BiFunction<Integer, String, Object> biFunction) {
        String path2 = path.getFileName().toString();
        ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
        int i = 0;
        Iterator<? extends Certificate> it = collection.iterator();
        while (it.hasNext()) {
            concurrentHashMap.put(biFunction.apply(Integer.valueOf(i), path2), it.next());
            i++;
        }
        Logger logger2 = logger;
        Object[] objArr = new Object[3];
        objArr[0] = Integer.valueOf(i);
        objArr[1] = i != 1 ? "s" : "";
        objArr[2] = path2;
        logger2.finest(String.format("Found %d certificate%s in %s", objArr));
        return concurrentHashMap;
    }

    private static BiFunction<Integer, String, Object> getUserCertificatesStringSupplier() {
        return (num, str) -> {
            return String.format("%s%s%d%s%s", USER_CERT_PREFIX, '_', num, '_', str);
        };
    }

    private static BiFunction<Integer, String, Object> getUserCertificatesCertificateInfoSupplier() {
        return (num, str) -> {
            Object certificateInfoInstance = getCertificateInfoInstance();
            try {
                getMethodAsAccessible(certificateInfoInstance.getClass(), "setFileName", String.class).invoke(certificateInfoInstance, str);
                return certificateInfoInstance;
            } catch (IllegalAccessException | InvocationTargetException e) {
                throw new RuntimeException(e);
            }
        };
    }

    private Map<Object, Certificate> getCertificatesMap(Function<Integer, Object> function) throws NoSuchAlgorithmException, KeyStoreException {
        List<X509Certificate> currentCertificates = getCurrentCertificates();
        Stream<Integer> boxed = IntStream.range(0, currentCertificates.size()).boxed();
        Objects.requireNonNull(currentCertificates);
        return (Map) boxed.collect(Collectors.toMap(function, (v1) -> {
            return r2.get(v1);
        }));
    }

    private static Function<Integer, Object> getStringSupplier() {
        return num -> {
            return String.format("jre_cert_%d", num);
        };
    }

    private static Function<Integer, Object> getCertificateInfoSupplier() {
        return num -> {
            return getCertificateInfoInstance();
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Object getCertificateInfoInstance() {
        try {
            Constructor<?> declaredConstructor = Class.forName(CERTIFICATE_INFO_CLASS_NAME).getDeclaredConstructor(new Class[0]);
            declaredConstructor.setAccessible(true);
            return declaredConstructor.newInstance(new Object[0]);
        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException | NoSuchMethodException | InvocationTargetException e) {
            throw new RuntimeException(e);
        }
    }

    private List<X509Certificate> getCurrentCertificates() throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        Stream stream = Arrays.stream(trustManagerFactory.getTrustManagers());
        Class<X509TrustManager> cls = X509TrustManager.class;
        Objects.requireNonNull(X509TrustManager.class);
        Stream filter = stream.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<X509TrustManager> cls2 = X509TrustManager.class;
        Objects.requireNonNull(X509TrustManager.class);
        List<X509Certificate> list = (List) filter.map((v1) -> {
            return r1.cast(v1);
        }).map(x509TrustManager -> {
            return Arrays.asList(x509TrustManager.getAcceptedIssuers());
        }).flatMap((v0) -> {
            return v0.stream();
        }).collect(Collectors.toList());
        logger.info(String.format("Found %d currently accepted certificates.", Integer.valueOf(list.size())));
        return list;
    }

    static String getCertificateFingerprint(X509Certificate x509Certificate, String str) throws NoSuchAlgorithmException, CertificateEncodingException {
        return HexFormat.of().formatHex(MessageDigest.getInstance(str).digest(x509Certificate.getEncoded()));
    }
}
