package org.snmp4j.transport.tls;

import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.snmp4j.TransportStateReference;
import org.snmp4j.event.CounterEvent;
import org.snmp4j.log.LogAdapter;
import org.snmp4j.log.LogFactory;
import org.snmp4j.mp.CounterSupport;
import org.snmp4j.mp.SnmpConstants;
import org.snmp4j.smi.OctetString;

/* loaded from: classes4.dex */
public class TLSTMUtil {
    private static final LogAdapter logger = LogFactory.getLogger((Class<?>) TLSTMUtil.class);
    private static final int MD_SHA_PREFIX_LENGTH = 3;

    private static /* synthetic */ void $closeResource(Throwable th, AutoCloseable autoCloseable) {
        if (th == null) {
            autoCloseable.close();
            return;
        }
        try {
            autoCloseable.close();
        } catch (Throwable th2) {
            th.addSuppressed(th2);
        }
    }

    public static SSLContext createSSLContext(String str, String str2, String str3, String str4, String str5, TransportStateReference transportStateReference, TLSTMTrustManagerFactory tLSTMTrustManagerFactory, boolean z, TlsTmSecurityCallback<X509Certificate> tlsTmSecurityCallback, String str6) throws GeneralSecurityException {
        SSLContext sSLContext = SSLContext.getInstance(str);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunPKIX");
        try {
            FileInputStream fileInputStream = new FileInputStream(str2);
            try {
                fileInputStream = new FileInputStream(str4);
                try {
                    KeyStore keyStore = KeyStore.getInstance("JKS");
                    keyStore.load(fileInputStream, str3 != null ? str3.toCharArray() : null);
                    LogAdapter logAdapter = logger;
                    if (logAdapter.isInfoEnabled()) {
                        logAdapter.info("KeyStore '" + str2 + "' contains: " + Collections.list(keyStore.aliases()));
                    }
                    filterCertificates(keyStore, transportStateReference, tlsTmSecurityCallback, str6);
                    KeyStore keyStore2 = KeyStore.getInstance("JKS");
                    keyStore2.load(fileInputStream, str5 != null ? str5.toCharArray() : null);
                    if (logAdapter.isInfoEnabled()) {
                        logAdapter.info("TrustStore '" + str4 + "' contains: " + Collections.list(keyStore2.aliases()));
                    }
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore, str3 != null ? str3.toCharArray() : null);
                    trustManagerFactory.init(keyStore2);
                    TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                    if (logAdapter.isDebugEnabled()) {
                        logAdapter.debug("SSL context initializing with TrustManagers: " + Arrays.asList(trustManagers) + " and factory " + tLSTMTrustManagerFactory.getClass().getName());
                    }
                    sSLContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{tLSTMTrustManagerFactory.create((X509TrustManager) trustManagers[0], z, transportStateReference)}, null);
                    $closeResource(null, fileInputStream);
                    $closeResource(null, fileInputStream);
                    return sSLContext;
                } finally {
                }
            } finally {
            }
        } catch (FileNotFoundException e) {
            String str7 = "Failed to initialize SSLContext because of a FileNotFoundException: " + e.getMessage();
            logger.error(str7, e);
            throw new KeyStoreException(str7, e);
        } catch (IOException e2) {
            String str8 = "Failed to initialize SSLContext because of an IOException: " + e2.getMessage();
            logger.error(str8, e2);
            throw new KeyStoreException(str8, e2);
        } catch (NullPointerException e3) {
            logger.error("Failed to initialize SSLContext because of missing key store (javax.net.ssl.keyStore)");
            throw new KeyStoreException("Failed to initialize SSLContext because of missing key store (javax.net.ssl.keyStore)", e3);
        } catch (KeyManagementException e4) {
            logger.error("Failed to initialize SSLContext because of a KeyManagementException: " + e4.getMessage(), e4);
            throw e4;
        } catch (KeyStoreException e5) {
            logger.error("Failed to initialize SSLContext because of a KeyStoreException: " + e5.getMessage(), e5);
            throw e5;
        } catch (UnrecoverableKeyException e6) {
            logger.error("Failed to initialize SSLContext because of an UnrecoverableKeyException: " + e6.getMessage(), e6);
            throw e6;
        } catch (CertificateException e7) {
            logger.error("Failed to initialize SSLContext because of a CertificateException: " + e7.getMessage(), e7);
            throw e7;
        }
    }

    private static void filterCertificates(KeyStore keyStore, TransportStateReference transportStateReference, TlsTmSecurityCallback<X509Certificate> tlsTmSecurityCallback, String str) {
        String localCertificateAlias;
        if (tlsTmSecurityCallback != null && transportStateReference != null && (localCertificateAlias = tlsTmSecurityCallback.getLocalCertificateAlias(transportStateReference.getAddress())) != null) {
            str = localCertificateAlias;
        }
        if (str != null) {
            try {
                Certificate[] certificateChain = keyStore.getCertificateChain(str);
                if (certificateChain == null) {
                    logger.warn("Local certificate with alias '" + str + "' not found. Known aliases are: " + Collections.list(keyStore.aliases()));
                    return;
                }
                ArrayList arrayList = new ArrayList(certificateChain.length);
                for (Certificate certificate : certificateChain) {
                    String certificateAlias = keyStore.getCertificateAlias(certificate);
                    if (certificateAlias != null) {
                        arrayList.add(certificateAlias);
                    }
                }
                Iterator it = Collections.list(keyStore.aliases()).iterator();
                while (it.hasNext()) {
                    String str2 = (String) it.next();
                    if (!arrayList.contains(str2)) {
                        keyStore.deleteEntry(str2);
                    }
                }
            } catch (KeyStoreException e) {
                logger.error("Failed to get certificate chain for alias " + str + ": " + e.getMessage(), e);
            }
        }
    }

    public static OctetString getFingerprint(X509Certificate x509Certificate) {
        char charAt;
        try {
            String sigAlgName = x509Certificate.getSigAlgName();
            if (sigAlgName.contains(JsonPOJOBuilder.DEFAULT_WITH_PREFIX)) {
                sigAlgName = sigAlgName.substring(0, sigAlgName.indexOf(JsonPOJOBuilder.DEFAULT_WITH_PREFIX));
            }
            int length = sigAlgName.length();
            int i = MD_SHA_PREFIX_LENGTH;
            if (length > i && ((charAt = sigAlgName.charAt(i)) == '1' || charAt == '2')) {
                sigAlgName = sigAlgName.substring(0, i) + "-" + sigAlgName.substring(i);
            }
            MessageDigest messageDigest = MessageDigest.getInstance(sigAlgName);
            messageDigest.update(x509Certificate.getEncoded());
            return new OctetString(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            logger.error("No such digest algorithm exception while getting fingerprint from " + x509Certificate + ": " + e.getMessage(), e);
            return null;
        } catch (CertificateEncodingException e2) {
            logger.error("Certificate encoding exception while getting fingerprint from " + x509Certificate + ": " + e2.getMessage(), e2);
            return null;
        }
    }

    public static OctetString getIpAddressFromSubjAltName(Collection<List<?>> collection) {
        Object subjAltName = getSubjAltName(collection, 7);
        if (subjAltName == null) {
            return null;
        }
        String lowerCase = ((String) subjAltName).toLowerCase();
        if (lowerCase.indexOf(58) < 0) {
            return new OctetString(lowerCase);
        }
        StringBuilder sb = new StringBuilder(16);
        for (String str : lowerCase.split(":")) {
            for (int length = 2 - str.length(); length > 0; length--) {
                sb.append('0');
            }
            sb.append(str);
        }
        return new OctetString(sb.toString());
    }

    public static Object getSubjAltName(Collection<List<?>> collection, int i) {
        if (collection == null) {
            return null;
        }
        for (List<?> list : collection) {
            if (((Integer) list.get(0)).intValue() == i) {
                return list.get(1);
            }
        }
        return null;
    }

    public static boolean isMatchingFingerprint(X509Certificate[] x509CertificateArr, OctetString octetString, boolean z, CounterSupport counterSupport, LogAdapter logAdapter, Object obj) throws CertificateException {
        X509Certificate x509Certificate = x509CertificateArr[0];
        if (octetString == null || octetString.length() <= 0) {
            return false;
        }
        OctetString fingerprint = getFingerprint(x509Certificate);
        if (logAdapter.isDebugEnabled()) {
            logAdapter.debug("Comparing certificate fingerprint " + fingerprint + " with " + octetString);
        }
        if (fingerprint == null) {
            logAdapter.error("Failed to determine fingerprint for certificate " + x509Certificate + " and algorithm " + x509Certificate.getSigAlgName());
        } else if (fingerprint.equals(octetString)) {
            if (!logAdapter.isInfoEnabled()) {
                return true;
            }
            logAdapter.info("Peer is trusted by fingerprint '" + octetString + "' of certificate: '" + x509Certificate + "'");
            return true;
        }
        counterSupport.fireIncrementCounter(new CounterEvent(obj, z ? SnmpConstants.snmpTlstmSessionInvalidServerCertificates : SnmpConstants.snmpTlstmSessionInvalidClientCertificates));
        throw new CertificateException("No fingerprint of provided certificates " + Arrays.asList(x509CertificateArr) + " matched " + octetString.toHexString());
    }
}
