package edu.internet2.middleware.subject.provider;

import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:edu/internet2/middleware/subject/provider/LdapPEMSocketFactory.class */
public class LdapPEMSocketFactory {
    private String caFilename;
    private String certFilename;
    private String keyFilename;
    private SSLSocketFactory socketFactory;
    private TrustManager[] trustManagers;
    private KeyManager[] keyManagers;
    private static Log log = LogFactory.getLog(LdapPEMSocketFactory.class);

    public LdapPEMSocketFactory(String str, String str2, String str3) {
        this.caFilename = str;
        this.certFilename = str2;
        this.keyFilename = str3;
        initManagers();
        initSocketFactory();
    }

    public SSLSocketFactory getSocketFactory() {
        return this.socketFactory;
    }

    protected void initSocketFactory() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(this.keyManagers, this.trustManagers, new SecureRandom());
            this.socketFactory = sSLContext.getSocketFactory();
        } catch (Exception e) {
            log.error("ldap source initSF error: " + e);
        }
    }

    protected void initManagers() {
        try {
            X509Certificate x509Certificate = null;
            if (this.caFilename != null) {
                x509Certificate = readCertificate(this.caFilename);
            }
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setCertificateEntry("CACERT", x509Certificate);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            this.trustManagers = trustManagerFactory.getTrustManagers();
        } catch (Exception e) {
            log.error("ldap source cacert error: " + e);
        }
        if (this.certFilename == null || this.keyFilename == null) {
            return;
        }
        char[] cArr = {0};
        try {
            X509Certificate readCertificate = readCertificate(this.certFilename);
            PrivateKey readKey = new PKCS1().readKey(this.keyFilename);
            KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore2.load(null, null);
            keyStore2.setKeyEntry("CERT", readKey, cArr, new X509Certificate[]{readCertificate});
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore2, cArr);
            this.keyManagers = keyManagerFactory.getKeyManagers();
        } catch (Exception e2) {
            log.error("ldap source cert/key error: " + e2);
        }
    }

    protected X509Certificate readCertificate(String str) {
        try {
            try {
                return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(str));
            } catch (CertificateException e) {
                log.error("ldap source bad cert: " + e);
                return null;
            }
        } catch (IOException e2) {
            log.error("ldap source bad cert file: " + e2);
            return null;
        }
    }
}
