package technicianlp.reauth.mojangfix;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.stream.Stream;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import technicianlp.reauth.ReAuth;

/* loaded from: input_file:technicianlp/reauth/mojangfix/CertWorkaround.class */
public final class CertWorkaround {
    private static final String MICROSOFT2017 = "microsoftrsarootcertificateauthority2017";
    private static final String AMAZON1 = "amazonrootca1";
    private static final String DIGICERT2 = "digicertglobalrootg2";
    private static SSLSocketFactory socketFactory = null;

    /* JADX INFO: Access modifiers changed from: private */
    @FunctionalInterface
    /* loaded from: input_file:technicianlp/reauth/mojangfix/CertWorkaround$CertificateCheckConsumer.class */
    public interface CertificateCheckConsumer {
        void check(X509ExtendedTrustManager x509ExtendedTrustManager) throws CertificateException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:technicianlp/reauth/mojangfix/CertWorkaround$CombinedX509ExtendedTrustManager.class */
    public static final class CombinedX509ExtendedTrustManager extends X509ExtendedTrustManager {
        private final List<X509ExtendedTrustManager> trustManagers;

        private CombinedX509ExtendedTrustManager(X509ExtendedTrustManager... x509ExtendedTrustManagerArr) {
            this.trustManagers = new ArrayList(Arrays.asList(x509ExtendedTrustManagerArr));
            if (this.trustManagers.isEmpty()) {
                throw new IllegalArgumentException("At least one X509ExtendedTrustManager is required");
            }
            if (this.trustManagers.contains(null)) {
                throw new IllegalArgumentException("X509ExtendedTrustManager cannot be null");
            }
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            check(x509ExtendedTrustManager -> {
                x509ExtendedTrustManager.checkClientTrusted(x509CertificateArr, str, socket);
            });
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            check(x509ExtendedTrustManager -> {
                x509ExtendedTrustManager.checkServerTrusted(x509CertificateArr, str, socket);
            });
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            check(x509ExtendedTrustManager -> {
                x509ExtendedTrustManager.checkClientTrusted(x509CertificateArr, str, sSLEngine);
            });
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            check(x509ExtendedTrustManager -> {
                x509ExtendedTrustManager.checkServerTrusted(x509CertificateArr, str, sSLEngine);
            });
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            check(x509ExtendedTrustManager -> {
                x509ExtendedTrustManager.checkClientTrusted(x509CertificateArr, str);
            });
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            check(x509ExtendedTrustManager -> {
                x509ExtendedTrustManager.checkServerTrusted(x509CertificateArr, str);
            });
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return (X509Certificate[]) this.trustManagers.stream().map((v0) -> {
                return v0.getAcceptedIssuers();
            }).flatMap((v0) -> {
                return Arrays.stream(v0);
            }).toArray(i -> {
                return new X509Certificate[i];
            });
        }

        private void check(CertificateCheckConsumer certificateCheckConsumer) throws CertificateException {
            LinkedList linkedList = new LinkedList();
            Iterator<X509ExtendedTrustManager> it = this.trustManagers.iterator();
            while (it.hasNext()) {
                try {
                    certificateCheckConsumer.check(it.next());
                    return;
                } catch (CertificateException e) {
                    linkedList.add(e);
                }
            }
            CertificateException certificateException = (CertificateException) linkedList.removeLast();
            certificateException.getClass();
            linkedList.forEach((v1) -> {
                r1.addSuppressed(v1);
            });
            throw certificateException;
        }
    }

    public static SSLSocketFactory getSocketFactory() {
        return socketFactory;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void checkCertificates() {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            X509Certificate loadCertificate = loadCertificate(certificateFactory, MICROSOFT2017);
            X509Certificate loadCertificate2 = loadCertificate(certificateFactory, AMAZON1);
            X509Certificate loadCertificate3 = loadCertificate(certificateFactory, DIGICERT2);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            List<X509Certificate> trustedCerts = getTrustedCerts(trustManagerFactory);
            HashMap hashMap = new HashMap();
            if (!trustedCerts.contains(loadCertificate)) {
                hashMap.put(MICROSOFT2017, loadCertificate);
            }
            if (!trustedCerts.contains(loadCertificate2)) {
                hashMap.put(AMAZON1, loadCertificate2);
            }
            if (!trustedCerts.contains(loadCertificate3)) {
                hashMap.put(DIGICERT2, loadCertificate3);
            }
            if (hashMap.isEmpty()) {
                return;
            }
            ReAuth.log.warn("Certificates required for authentication are untrusted by default");
            CombinedX509ExtendedTrustManager combinedX509ExtendedTrustManager = new CombinedX509ExtendedTrustManager(new X509ExtendedTrustManager[]{findX509ExtendedTrustManager(trustManagerFactory), findX509ExtendedTrustManager(createTrustFactory(hashMap))});
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new X509ExtendedTrustManager[]{combinedX509ExtendedTrustManager}, null);
            socketFactory = sSLContext.getSocketFactory();
            ReAuth.log.info("Successfully built SSLSocketFactory");
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    private static X509Certificate loadCertificate(CertificateFactory certificateFactory, String str) throws CertificateException, IOException {
        InputStream resourceAsStream = CertWorkaround.class.getResourceAsStream("/resources/reauth/certs/" + str + ".pem");
        Throwable th = null;
        try {
            if (resourceAsStream == null) {
                throw new FileNotFoundException("Certificate " + str + " is unavailable");
            }
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(resourceAsStream);
            if (resourceAsStream != null) {
                if (0 != 0) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
            return x509Certificate;
        } catch (Throwable th3) {
            if (resourceAsStream != null) {
                if (0 != 0) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
            throw th3;
        }
    }

    private static List<X509Certificate> getTrustedCerts(TrustManagerFactory trustManagerFactory) {
        X509ExtendedTrustManager findX509ExtendedTrustManager = findX509ExtendedTrustManager(trustManagerFactory);
        return findX509ExtendedTrustManager != null ? new ArrayList(Arrays.asList(findX509ExtendedTrustManager.getAcceptedIssuers())) : new ArrayList();
    }

    private static TrustManagerFactory createTrustFactory(Map<String, X509Certificate> map) throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        for (Map.Entry<String, X509Certificate> entry : map.entrySet()) {
            ReAuth.log.info("Adding Certificate {} to trust", new Object[]{entry.getKey()});
            keyStore.setCertificateEntry(entry.getKey(), entry.getValue());
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    private static X509ExtendedTrustManager findX509ExtendedTrustManager(TrustManagerFactory trustManagerFactory) {
        Stream stream = Arrays.stream(trustManagerFactory.getTrustManagers());
        Class<X509ExtendedTrustManager> cls = X509ExtendedTrustManager.class;
        X509ExtendedTrustManager.class.getClass();
        Stream filter = stream.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<X509ExtendedTrustManager> cls2 = X509ExtendedTrustManager.class;
        X509ExtendedTrustManager.class.getClass();
        return (X509ExtendedTrustManager) filter.map((v1) -> {
            return r1.cast(v1);
        }).findFirst().orElse(null);
    }
}
