package org.dataone.solr.client.solrj.impl;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.httpclient.protocol.Protocol;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.X509CertificateObject;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.dataone.configuration.Settings;
import org.jsslutils.extra.apachehttpclient.SslContextedSecureProtocolSocketFactory;
import org.jsslutils.sslcontext.SSLContextFactory;

/* loaded from: input_file:org/dataone/solr/client/solrj/impl/CommonsHttpClientProtocolRegistry.class */
public class CommonsHttpClientProtocolRegistry {
    private static Log log = LogFactory.getLog(CommonsHttpClientProtocolRegistry.class);
    private static String keyStorePassword = Settings.getConfiguration().getString("certificate.keystore.password");
    private static String keyStoreType = Settings.getConfiguration().getString("certificate.keystore.type", KeyStore.getDefaultType());
    private static String clientCertificateLocation = Settings.getConfiguration().getString("D1Client.certificate.directory") + File.separator + Settings.getConfiguration().getString("D1Client.certificate.filename");
    private static boolean useDefaultTruststore = Settings.getConfiguration().getBoolean("certificate.truststore.useDefault", true);
    private static CommonsHttpClientProtocolRegistry commonsHttpClientProtocolRegistry;

    public static CommonsHttpClientProtocolRegistry createInstance() throws SSLContextFactory.SSLContextFactoryException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, KeyManagementException, CertificateException, IOException {
        if (commonsHttpClientProtocolRegistry == null) {
            commonsHttpClientProtocolRegistry = new CommonsHttpClientProtocolRegistry();
            Protocol.registerProtocol("https", new Protocol("https", new SslContextedSecureProtocolSocketFactory(getSslClientContext(), false), 443));
        }
        return commonsHttpClientProtocolRegistry;
    }

    private static SSLContext getSslClientContext() throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, KeyManagementException, CertificateException, IOException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        X509TrustManager trustManager = getTrustManager();
        KeyStore keyStore = null;
        try {
            keyStore = getKeyStore();
        } catch (FileNotFoundException e) {
            log.warn("Client certificate could not be located. Setting up SocketFactory without it." + e.getMessage());
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());
        sSLContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{trustManager}, new SecureRandom());
        return sSLContext;
    }

    private static X509TrustManager getTrustManager() throws NoSuchAlgorithmException, KeyStoreException {
        if (!useDefaultTruststore) {
            return new X509TrustManager() { // from class: org.dataone.solr.client.solrj.impl.CommonsHttpClientProtocolRegistry.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    CommonsHttpClientProtocolRegistry.log.debug("checkClientTrusted - " + str);
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    CommonsHttpClientProtocolRegistry.log.debug("checkServerTrusted - " + str);
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    CommonsHttpClientProtocolRegistry.log.debug("getAcceptedIssuers");
                    return null;
                }
            };
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        log.debug("JVM Default Trust Managers:");
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            log.debug(trustManager);
            if (trustManager instanceof X509TrustManager) {
                X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
                log.debug("Accepted issuers count : " + x509TrustManager.getAcceptedIssuers().length);
                return x509TrustManager;
            }
        }
        return null;
    }

    private static KeyStore getKeyStore() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        X509CertificateObject x509CertificateObject = null;
        PrivateKey privateKey = null;
        Security.addProvider(new BouncyCastleProvider());
        PEMParser pEMParser = null;
        try {
            pEMParser = new PEMParser(new FileReader(clientCertificateLocation));
            JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
            while (true) {
                Object readObject = pEMParser.readObject();
                if (readObject == null) {
                    IOUtils.closeQuietly(pEMParser);
                    KeyStore keyStore = KeyStore.getInstance(keyStoreType);
                    keyStore.load(null, keyStorePassword.toCharArray());
                    keyStore.setKeyEntry("dataone", privateKey, keyStorePassword.toCharArray(), new Certificate[]{x509CertificateObject});
                    return keyStore;
                }
                if (readObject instanceof PrivateKeyInfo) {
                    privateKey = jcaPEMKeyConverter.getPrivateKey((PrivateKeyInfo) readObject);
                } else if (readObject instanceof PEMKeyPair) {
                    privateKey = jcaPEMKeyConverter.getPrivateKey(((PEMKeyPair) readObject).getPrivateKeyInfo());
                } else if (readObject instanceof X509CertificateHolder) {
                    try {
                        x509CertificateObject = new X509CertificateObject(((X509CertificateHolder) readObject).toASN1Structure());
                    } catch (CertificateParsingException e) {
                        log.warn("Could not parse x509 certificate", e);
                    }
                }
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(pEMParser);
            throw th;
        }
    }
}
