package com.paypal.base;

import com.paypal.base.codec.binary.Base64;
import com.paypal.base.exception.SSLConfigurationException;
import com.paypal.base.rest.PayPalRESTException;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.zip.CRC32;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/rest-api-sdk-1.14.0.jar:com/paypal/base/SSLUtil.class */
public abstract class SSLUtil {
    private static final Logger log = LoggerFactory.getLogger(SSLUtil.class);
    private static final KeyManagerFactory KMF;
    private static final Map<String, KeyStore> STOREMAP;
    private static final Map<String, String> CONFIG_MAP;

    public static SSLContext getSSLContext(KeyManager[] keyManagerArr) throws SSLConfigurationException {
        SSLContext sSLContext;
        try {
            String str = CONFIG_MAP.get("sslutil.protocol");
            try {
                sSLContext = SSLContext.getInstance("TLSv1.2");
            } catch (NoSuchAlgorithmException e) {
                log.warn("WARNING: Your system does not support TLSv1.2. Per PCI Security Council mandate (https://github.com/paypal/TLS-update), you MUST update to latest security library.");
                sSLContext = SSLContext.getInstance(str);
            }
            sSLContext.init(keyManagerArr, null, null);
            return sSLContext;
        } catch (Exception e2) {
            throw new SSLConfigurationException(e2.getMessage(), e2);
        }
    }

    private static KeyStore p12ToKeyStore(String str, String str2) throws NoSuchProviderException, KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = STOREMAP.get(str);
        if (keyStore == null) {
            keyStore = KeyStore.getInstance("PKCS12", CONFIG_MAP.get("sslutil.jre"));
            FileInputStream fileInputStream = null;
            try {
                fileInputStream = new FileInputStream(str);
                keyStore.load(fileInputStream, str2.toCharArray());
                STOREMAP.put(str, keyStore);
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        }
        return keyStore;
    }

    public static SSLContext setupClientSSL(String str, String str2) throws SSLConfigurationException {
        try {
            KMF.init(p12ToKeyStore(str, str2), str2.toCharArray());
            return getSSLContext(KMF.getKeyManagers());
        } catch (IOException e) {
            throw new SSLConfigurationException(e.getMessage(), e);
        } catch (KeyStoreException e2) {
            throw new SSLConfigurationException(e2.getMessage(), e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new SSLConfigurationException(e3.getMessage(), e3);
        } catch (NoSuchProviderException e4) {
            throw new SSLConfigurationException(e4.getMessage(), e4);
        } catch (UnrecoverableKeyException e5) {
            throw new SSLConfigurationException(e5.getMessage(), e5);
        } catch (CertificateException e6) {
            throw new SSLConfigurationException(e6.getMessage(), e6);
        }
    }

    public static boolean validateCertificateChain(Collection<X509Certificate> collection, Collection<X509Certificate> collection2, String str) throws PayPalRESTException {
        try {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) Arrays.asList((X509Certificate[]) collection.toArray(new X509Certificate[0])).toArray(new X509Certificate[0]);
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, "".toCharArray());
            int i = 0;
            Iterator<X509Certificate> it = collection2.iterator();
            while (it.hasNext()) {
                keyStore.setCertificateEntry("paypalCert" + i, it.next());
                i++;
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    try {
                        ((X509TrustManager) trustManager).checkClientTrusted(x509CertificateArr, (str == null || str == "") ? "RSA" : str);
                        for (X509Certificate x509Certificate : x509CertificateArr) {
                            x509Certificate.checkValidity();
                            boolean z = false;
                            for (String str2 : x509Certificate.getSubjectX500Principal().getName().split(",")) {
                                if (str2.startsWith("CN=messageverificationcerts") && str2.endsWith(".paypal.com")) {
                                    z = true;
                                }
                            }
                            if (!z) {
                                throw new PayPalRESTException("CN of client certificate does not match with trusted CN");
                            }
                        }
                        return true;
                    } catch (CertificateException e) {
                        throw new PayPalRESTException(e);
                    }
                }
            }
            return false;
        } catch (Exception e2) {
            throw new PayPalRESTException(e2);
        }
    }

    public static InputStream downloadCertificateFromPath(String str) throws PayPalRESTException {
        return downloadCertificateFromPath(str, ConfigManager.getDefaultSDKMap());
    }

    public static InputStream downloadCertificateFromPath(String str, Map<String, String> map) throws PayPalRESTException {
        if (str == null || str.trim() == "") {
            throw new PayPalRESTException("Certificate Path cannot be empty");
        }
        try {
            HashMap hashMap = new HashMap();
            HttpConfiguration generateHttpConfiguration = generateHttpConfiguration(str, map);
            HttpConnection connection = ConnectionManager.getInstance().getConnection();
            connection.createAndconfigureHttpConnection(generateHttpConfiguration);
            URL url = new URL(str);
            hashMap.put("Host", url.getHost());
            return connection.executeWithStream(url.toString(), "", hashMap);
        } catch (Exception e) {
            throw new PayPalRESTException(e);
        }
    }

    private static HttpConfiguration generateHttpConfiguration(String str, Map<String, String> map) {
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setEndPointUrl(str);
        httpConfiguration.setConnectionTimeout(Integer.parseInt(map.get("http.ConnectionTimeOut")));
        httpConfiguration.setMaxRetry(Integer.parseInt(map.get("http.Retry")));
        httpConfiguration.setReadTimeout(Integer.parseInt(map.get("http.ReadTimeOut")));
        httpConfiguration.setMaxHttpConnection(Integer.parseInt(map.get("http.MaxConnection")));
        httpConfiguration.setHttpMethod("GET");
        boolean parseBoolean = Boolean.parseBoolean(map.get("http.UseProxy"));
        if (parseBoolean) {
            httpConfiguration.setProxySet(parseBoolean);
            httpConfiguration.setProxyHost(map.get("http.ProxyHost"));
            httpConfiguration.setProxyPort(Integer.parseInt(map.get("http.ProxyPort")));
            String str2 = map.get("http.ProxyUserName");
            if (str2 != null) {
                httpConfiguration.setProxyUserName(str2);
                httpConfiguration.setProxyPassword(map.get("http.ProxyPassword"));
            }
        }
        return httpConfiguration;
    }

    public static Collection<X509Certificate> getCertificateFromStream(InputStream inputStream) throws PayPalRESTException {
        if (inputStream == null) {
            throw new PayPalRESTException("Certificate Not Found");
        }
        try {
            return CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificates(inputStream);
        } catch (CertificateException e) {
            throw new PayPalRESTException(e);
        }
    }

    public static long crc32(String str) {
        if (str == null) {
            return -1L;
        }
        try {
            byte[] bytes = str.getBytes("UTF-8");
            CRC32 crc32 = new CRC32();
            crc32.update(bytes, 0, bytes.length);
            return crc32.getValue();
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    public static Boolean validateData(Collection<X509Certificate> collection, String str, String str2, String str3, String str4, String str5) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        Signature signature = Signature.getInstance(str);
        signature.initVerify(((X509Certificate[]) collection.toArray(new X509Certificate[0]))[0].getPublicKey());
        signature.update(str3.getBytes());
        return Boolean.valueOf(signature.verify(Base64.decodeBase64(str2.getBytes())));
    }

    static {
        try {
            KMF = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            STOREMAP = new HashMap();
            CONFIG_MAP = SDKUtil.combineDefaultMap(ConfigManager.getInstance().getConfigurationMap());
        } catch (NoSuchAlgorithmException e) {
            throw new ExceptionInInitializerError(e);
        }
    }
}
