package org.jclouds.docker.suppliers;

import com.google.common.base.Charsets;
import com.google.common.base.Throwables;
import com.google.common.io.Files;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.StringReader;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.jclouds.crypto.Pems;
import org.jclouds.util.Closeables2;

/* loaded from: input_file:docker-2.2.1.jar:org/jclouds/docker/suppliers/SSLContextBuilder.class */
public class SSLContextBuilder {
    private KeyManager[] keyManagers;
    private TrustManager[] trustManagers;

    /* loaded from: input_file:docker-2.2.1.jar:org/jclouds/docker/suppliers/SSLContextBuilder$InMemoryKeyManager.class */
    private static class InMemoryKeyManager extends X509ExtendedKeyManager {
        private static final String DEFAULT_ALIAS = "docker";
        private final X509Certificate certificate;
        private final PrivateKey privateKey;

        public InMemoryKeyManager(X509Certificate x509Certificate, PrivateKey privateKey) throws CertificateException {
            this.certificate = x509Certificate;
            this.privateKey = privateKey;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return DEFAULT_ALIAS;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return DEFAULT_ALIAS;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return new X509Certificate[]{this.certificate};
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return new String[]{DEFAULT_ALIAS};
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.privateKey;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return new String[]{DEFAULT_ALIAS};
        }
    }

    public static final boolean isClientKeyAndCertificateData(String str, String str2) {
        return (str.startsWith(Pems.PRIVATE_PKCS1_MARKER) || str.startsWith(Pems.PRIVATE_PKCS8_MARKER)) && str2.startsWith(Pems.CERTIFICATE_X509_MARKER);
    }

    public SSLContextBuilder clientKeyAndCertificatePaths(String str, String str2) throws IOException, CertificateException {
        keyManager(new InMemoryKeyManager(getCertificate(loadFile(str2)), getKey(loadFile(str))));
        return this;
    }

    public SSLContextBuilder clientKeyAndCertificateData(String str, String str2) throws CertificateException {
        keyManager(new InMemoryKeyManager(getCertificate(str2), getKey(str)));
        return this;
    }

    public SSLContextBuilder caCertificatePath(String str) {
        try {
            this.trustManagers = getTrustManagerWithCaCert(loadFile(str));
            return this;
        } catch (IOException e) {
            throw Throwables.propagate(e);
        }
    }

    public SSLContextBuilder caCertificateData(String str) {
        this.trustManagers = getTrustManagerWithCaCert(str);
        return this;
    }

    public SSLContextBuilder keyManager(KeyManager keyManager) {
        this.keyManagers = new KeyManager[]{keyManager};
        return this;
    }

    public SSLContextBuilder trustManager(TrustManager trustManager) {
        this.trustManagers = new TrustManager[]{trustManager};
        return this;
    }

    public SSLContext build() throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(this.keyManagers, this.trustManagers, new SecureRandom());
        return sSLContext;
    }

    private TrustManager[] getTrustManagerWithCaCert(String str) {
        try {
            X509Certificate certificate = getCertificate(str);
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setCertificateEntry("ca", certificate);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory.getTrustManagers();
        } catch (IOException e) {
            throw Throwables.propagate(e);
        } catch (GeneralSecurityException e2) {
            throw Throwables.propagate(e2);
        }
    }

    private static X509Certificate getCertificate(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes(Charsets.UTF_8)));
        } catch (CertificateException e) {
            throw new RuntimeException("Invalid certificate", e);
        }
    }

    private static PrivateKey getKey(String str) {
        PEMParser pEMParser = new PEMParser(new StringReader(str));
        try {
            try {
                Object readObject = pEMParser.readObject();
                if (Security.getProvider("BC") == null) {
                    Security.addProvider(new BouncyCastleProvider());
                }
                PrivateKey privateKey = new JcaPEMKeyConverter().setProvider("BC").getKeyPair((PEMKeyPair) readObject).getPrivate();
                Closeables2.closeQuietly(pEMParser);
                return privateKey;
            } catch (IOException e) {
                throw new RuntimeException("Invalid private key", e);
            }
        } catch (Throwable th) {
            Closeables2.closeQuietly(pEMParser);
            throw th;
        }
    }

    private static String loadFile(String str) throws IOException {
        return Files.toString(new File(str), Charsets.UTF_8);
    }
}
