package org.jenkinsci.remoting.protocol.cert;

import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import java.io.IOException;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import org.junit.rules.TestRule;
import org.junit.runner.Description;
import org.junit.runners.model.Statement;

/* loaded from: input_file:org/jenkinsci/remoting/protocol/cert/SSLContextRule.class */
public class SSLContextRule implements TestRule {
    private final List<KeyWithChain> keys;
    private final List<X509CertificateRule> certificates;
    private final String id;
    private SSLContext context;
    private boolean validityChecking;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jenkinsci/remoting/protocol/cert/SSLContextRule$KeyWithChain.class */
    public static class KeyWithChain {
        private final RSAKeyPairRule key;
        private final X509CertificateRule[] chain;

        public KeyWithChain(RSAKeyPairRule rSAKeyPairRule, X509CertificateRule... x509CertificateRuleArr) {
            this.key = rSAKeyPairRule;
            this.chain = x509CertificateRuleArr;
        }
    }

    @Target({ElementType.METHOD, ElementType.TYPE})
    @Retention(RetentionPolicy.RUNTIME)
    /* loaded from: input_file:org/jenkinsci/remoting/protocol/cert/SSLContextRule$Skip.class */
    public @interface Skip {
        String[] value() default {};
    }

    public SSLContextRule() {
        this("");
    }

    public SSLContextRule(String str) {
        this.keys = new ArrayList();
        this.certificates = new ArrayList();
        this.id = str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static KeyStore createKeyStore(@CheckForNull List<X509CertificateRule> list, @CheckForNull List<KeyWithChain> list2, @NonNull char[] cArr) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        int i = 1;
        keyStore.load(null, cArr);
        if (list != null) {
            Iterator<X509CertificateRule> it = list.iterator();
            while (it.hasNext()) {
                keyStore.setCertificateEntry("cert-" + i, it.next().certificate());
                i++;
            }
        }
        if (list2 != null) {
            for (KeyWithChain keyWithChain : list2) {
                Certificate[] certificateArr = new Certificate[keyWithChain.chain.length];
                for (int i2 = 0; i2 < keyWithChain.chain.length; i2++) {
                    certificateArr[i2] = keyWithChain.chain[i2].certificate();
                }
                keyStore.setKeyEntry("alias-" + i, keyWithChain.key.getPrivate(), cArr, certificateArr);
                i++;
            }
        }
        return keyStore;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static <TYPE, SUBTYPE extends TYPE> SUBTYPE findFirst(Class<SUBTYPE> cls, TYPE... typeArr) {
        if (typeArr == null) {
            return null;
        }
        for (TYPE type : typeArr) {
            if (cls.isInstance(type)) {
                return cls.cast(type);
            }
        }
        return null;
    }

    public SSLContextRule as(RSAKeyPairRule rSAKeyPairRule, X509CertificateRule... x509CertificateRuleArr) {
        this.keys.add(new KeyWithChain(rSAKeyPairRule, x509CertificateRuleArr));
        return this;
    }

    public SSLContextRule trusting(X509CertificateRule x509CertificateRule) {
        this.certificates.add(x509CertificateRule);
        return this;
    }

    public SSLContextRule withValidityChecking() {
        this.validityChecking = true;
        return this;
    }

    public SSLContextRule withoutValidityChecking() {
        this.validityChecking = false;
        return this;
    }

    public SSLContext context() {
        return this.context;
    }

    public String getProtocol() {
        return this.context.getProtocol();
    }

    public Provider getProvider() {
        return this.context.getProvider();
    }

    public SSLSocketFactory getSocketFactory() {
        return this.context.getSocketFactory();
    }

    public SSLServerSocketFactory getServerSocketFactory() {
        return this.context.getServerSocketFactory();
    }

    public SSLEngine createSSLEngine() {
        return this.context.createSSLEngine();
    }

    public SSLEngine createSSLEngine(String str, int i) {
        return this.context.createSSLEngine(str, i);
    }

    public SSLSessionContext getServerSessionContext() {
        return this.context.getServerSessionContext();
    }

    public SSLSessionContext getClientSessionContext() {
        return this.context.getClientSessionContext();
    }

    public SSLParameters getDefaultSSLParameters() {
        return this.context.getDefaultSSLParameters();
    }

    public SSLParameters getSupportedSSLParameters() {
        return this.context.getSupportedSSLParameters();
    }

    public Statement apply(final Statement statement, Description description) {
        Skip skip = (Skip) description.getAnnotation(Skip.class);
        return (skip == null || !(skip.value().length == 0 || Arrays.asList(skip.value()).contains(this.id))) ? new Statement() { // from class: org.jenkinsci.remoting.protocol.cert.SSLContextRule.1
            public void evaluate() throws Throwable {
                SSLContextRule.this.context = SSLContext.getInstance("TLS");
                char[] charArray = "password".toCharArray();
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(SSLContextRule.createKeyStore(null, SSLContextRule.this.keys, charArray), charArray);
                KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(SSLContextRule.createKeyStore(SSLContextRule.this.certificates, null, charArray));
                TrustManager[] trustManagerArr = new TrustManager[1];
                trustManagerArr[0] = SSLContextRule.this.validityChecking ? new ValidityCheckingX509ExtendedTrustManager((X509ExtendedTrustManager) SSLContextRule.findFirst(X509ExtendedTrustManager.class, trustManagerFactory.getTrustManagers())) : (TrustManager) SSLContextRule.findFirst(X509ExtendedTrustManager.class, trustManagerFactory.getTrustManagers());
                SSLContextRule.this.context.init(keyManagers, trustManagerArr, null);
                try {
                    statement.evaluate();
                    SSLContextRule.this.context = null;
                } catch (Throwable th) {
                    SSLContextRule.this.context = null;
                    throw th;
                }
            }
        } : statement;
    }
}
