package org.gephi.com.mysql.cj.protocol;

import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import org.gephi.com.mysql.cj.ServerVersion;
import org.gephi.com.mysql.cj.conf.PropertyDefinitions;
import org.gephi.com.mysql.cj.conf.PropertyKey;
import org.gephi.com.mysql.cj.conf.PropertySet;
import org.gephi.com.mysql.cj.conf.RuntimeProperty;
import org.gephi.com.mysql.cj.exceptions.CJCommunicationsException;
import org.gephi.com.mysql.cj.exceptions.ExceptionFactory;
import org.gephi.com.mysql.cj.exceptions.ExceptionInterceptor;
import org.gephi.com.mysql.cj.exceptions.FeatureNotAvailableException;
import org.gephi.com.mysql.cj.exceptions.RSAException;
import org.gephi.com.mysql.cj.exceptions.SSLParamsException;
import org.gephi.com.mysql.cj.log.Log;
import org.gephi.com.mysql.cj.util.Base64Decoder;
import org.gephi.com.mysql.cj.util.StringUtils;
import org.gephi.java.io.IOException;
import org.gephi.java.io.InputStream;
import org.gephi.java.lang.Class;
import org.gephi.java.lang.Exception;
import org.gephi.java.lang.Object;
import org.gephi.java.lang.String;
import org.gephi.java.lang.StringBuilder;
import org.gephi.java.lang.System;
import org.gephi.java.lang.Throwable;
import org.gephi.java.lang.invoke.LambdaMetafactory;
import org.gephi.java.net.MalformedURLException;
import org.gephi.java.net.Socket;
import org.gephi.java.net.URL;
import org.gephi.java.security.InvalidKeyException;
import org.gephi.java.security.KeyFactory;
import org.gephi.java.security.KeyManagementException;
import org.gephi.java.security.KeyStore;
import org.gephi.java.security.KeyStoreException;
import org.gephi.java.security.NoSuchAlgorithmException;
import org.gephi.java.security.SecureRandom;
import org.gephi.java.security.Signature;
import org.gephi.java.security.SignatureException;
import org.gephi.java.security.UnrecoverableKeyException;
import org.gephi.java.security.cert.CertPathValidator;
import org.gephi.java.security.cert.CertificateException;
import org.gephi.java.security.cert.CertificateFactory;
import org.gephi.java.security.cert.PKIXParameters;
import org.gephi.java.security.cert.TrustAnchor;
import org.gephi.java.security.cert.X509Certificate;
import org.gephi.java.security.interfaces.RSAPrivateKey;
import org.gephi.java.security.interfaces.RSAPublicKey;
import org.gephi.java.security.spec.InvalidKeySpecException;
import org.gephi.java.security.spec.PKCS8EncodedKeySpec;
import org.gephi.java.security.spec.X509EncodedKeySpec;
import org.gephi.java.util.ArrayList;
import org.gephi.java.util.Arrays;
import org.gephi.java.util.Base64;
import org.gephi.java.util.Iterator;
import org.gephi.java.util.List;
import org.gephi.java.util.Properties;
import org.gephi.java.util.function.Consumer;
import org.gephi.java.util.function.Function;
import org.gephi.java.util.function.Predicate;
import org.gephi.java.util.stream.Collectors;
import org.gephi.java.util.stream.Stream;
import org.gephi.javax.crypto.BadPaddingException;
import org.gephi.javax.crypto.Cipher;
import org.gephi.javax.crypto.IllegalBlockSizeException;
import org.gephi.javax.crypto.NoSuchPaddingException;
import org.gephi.javax.net.ssl.KeyManager;
import org.gephi.javax.net.ssl.KeyManagerFactory;
import org.gephi.javax.net.ssl.SSLContext;
import org.gephi.javax.net.ssl.SSLSocket;
import org.gephi.javax.net.ssl.TrustManager;
import org.gephi.javax.net.ssl.TrustManagerFactory;
import org.gephi.javax.net.ssl.X509TrustManager;

/* loaded from: input_file:org/gephi/com/mysql/cj/protocol/ExportControlled.class */
public class ExportControlled extends Object {
    private static final String TLS_SETTINGS_RESOURCE = "/org/gephi/com/mysql/cj/TlsSettings.properties";
    private static final String TLSv1_3 = "TLSv1.3";
    private static final String TLSv1_2 = "TLSv1.2";
    private static final String TLSv1_1 = "TLSv1.1";
    private static final String TLSv1 = "TLSv1";
    private static final String[] KNOWN_TLS_PROTOCOLS = {TLSv1_3, TLSv1_2, TLSv1_1, TLSv1};
    private static final String[] VALID_TLS_PROTOCOLS = {TLSv1_3, TLSv1_2};
    private static final List<String> ALLOWED_CIPHERS = new ArrayList();
    private static final List<String> RESTRICTED_CIPHER_SUBSTR = new ArrayList();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/gephi/com/mysql/cj/protocol/ExportControlled$KeyStoreConf.class */
    public static class KeyStoreConf extends Object {
        public String keyStoreUrl;
        public String keyStorePassword;
        public String keyStoreType;

        public KeyStoreConf() {
            this.keyStoreUrl = null;
            this.keyStorePassword = null;
            this.keyStoreType = "JKS";
        }

        public KeyStoreConf(String string, String string2, String string3) {
            this.keyStoreUrl = null;
            this.keyStorePassword = null;
            this.keyStoreType = "JKS";
            this.keyStoreUrl = string;
            this.keyStorePassword = string2;
            this.keyStoreType = string3;
        }
    }

    /* loaded from: input_file:org/gephi/com/mysql/cj/protocol/ExportControlled$X509TrustManagerWrapper.class */
    public static class X509TrustManagerWrapper extends Object implements X509TrustManager {
        private X509TrustManager origTm;
        private boolean verifyServerCert;
        private String hostName;
        private CertificateFactory certFactory;
        private PKIXParameters validatorParams;
        private CertPathValidator validator;

        public X509TrustManagerWrapper(X509TrustManager x509TrustManager, boolean z, String string) throws CertificateException {
            this.origTm = null;
            this.verifyServerCert = false;
            this.hostName = null;
            this.certFactory = null;
            this.validatorParams = null;
            this.validator = null;
            this.origTm = x509TrustManager;
            this.verifyServerCert = z;
            this.hostName = string;
            if (z) {
                try {
                    this.validatorParams = new PKIXParameters(Arrays.stream(x509TrustManager.getAcceptedIssuers()).map((Function) LambdaMetafactory.metafactory(MethodHandles.lookup(), "apply", MethodType.methodType(Function.class), MethodType.methodType(Object.class, Object.class), MethodHandles.lookup().findStatic(X509TrustManagerWrapper.class, "lambda$new$0", MethodType.methodType(TrustAnchor.class, X509Certificate.class)), MethodType.methodType(TrustAnchor.class, X509Certificate.class)).dynamicInvoker().invoke() /* invoke-custom */).collect(Collectors.toSet()));
                    this.validatorParams.setRevocationEnabled(false);
                    this.validator = CertPathValidator.getInstance("PKIX");
                    this.certFactory = CertificateFactory.getInstance("X.509");
                } catch (Exception e) {
                    throw new CertificateException(e);
                }
            }
        }

        public X509TrustManagerWrapper(boolean z, String string) {
            this.origTm = null;
            this.verifyServerCert = false;
            this.hostName = null;
            this.certFactory = null;
            this.validatorParams = null;
            this.validator = null;
            this.verifyServerCert = z;
            this.hostName = string;
        }

        public X509Certificate[] getAcceptedIssuers() {
            return this.origTm != null ? this.origTm.getAcceptedIssuers() : new X509Certificate[0];
        }

        /* JADX WARN: Code restructure failed: missing block: B:68:0x01a5, code lost:
        
            r11 = r0.getValue().toString();
         */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public void checkServerTrusted(org.gephi.java.security.cert.X509Certificate[] r6, org.gephi.java.lang.String r7) throws org.gephi.java.security.cert.CertificateException {
            /*
                Method dump skipped, instructions count: 510
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: org.gephi.com.mysql.cj.protocol.ExportControlled.X509TrustManagerWrapper.checkServerTrusted(org.gephi.java.security.cert.X509Certificate[], org.gephi.java.lang.String):void");
        }

        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String string) throws CertificateException {
            this.origTm.checkClientTrusted(x509CertificateArr, string);
        }

        private boolean verifyHostName(String string) {
            int indexOf = string.indexOf(42);
            if (indexOf < 0 || indexOf >= string.indexOf(46)) {
                return this.hostName.equalsIgnoreCase(string);
            }
            String substring = string.substring(0, indexOf);
            String substring2 = string.substring(indexOf + 1);
            return StringUtils.startsWithIgnoreCase(this.hostName, substring) && StringUtils.endsWithIgnoreCase(this.hostName, substring2) && this.hostName.substring(substring.length(), this.hostName.length() - substring2.length()).indexOf(46) == -1;
        }

        private static /* synthetic */ TrustAnchor lambda$new$0(X509Certificate x509Certificate) {
            return new TrustAnchor(x509Certificate, (byte[]) null);
        }
    }

    private ExportControlled() {
    }

    public static boolean enabled() {
        return true;
    }

    private static String[] getAllowedCiphers(PropertySet propertySet, List<String> list) {
        Stream filter;
        String value = propertySet.getStringProperty(PropertyKey.tlsCiphersuites).getValue();
        if (StringUtils.isNullOrEmpty(value)) {
            filter = list.stream();
        } else {
            Stream stream = Arrays.stream(value.split("\\s*,\\s*"));
            list.getClass();
            filter = stream.filter((Predicate) LambdaMetafactory.metafactory(MethodHandles.lookup(), "test", MethodType.methodType(Predicate.class, List.class), MethodType.methodType(Boolean.TYPE, Object.class), MethodHandles.lookup().findVirtual(List.class, "contains", MethodType.methodType(Boolean.TYPE, Object.class)), MethodType.methodType(Boolean.TYPE, String.class)).dynamicInvoker().invoke(list) /* invoke-custom */);
        }
        List<String> list2 = ALLOWED_CIPHERS;
        list2.getClass();
        return filter.filter((Predicate) LambdaMetafactory.metafactory(MethodHandles.lookup(), "test", MethodType.methodType(Predicate.class, List.class), MethodType.methodType(Boolean.TYPE, Object.class), MethodHandles.lookup().findVirtual(List.class, "contains", MethodType.methodType(Boolean.TYPE, Object.class)), MethodType.methodType(Boolean.TYPE, String.class)).dynamicInvoker().invoke(list2) /* invoke-custom */).filter((Predicate) LambdaMetafactory.metafactory(MethodHandles.lookup(), "test", MethodType.methodType(Predicate.class), MethodType.methodType(Boolean.TYPE, Object.class), MethodHandles.lookup().findStatic(ExportControlled.class, "lambda$getAllowedCiphers$5", MethodType.methodType(Boolean.TYPE, String.class)), MethodType.methodType(Boolean.TYPE, String.class)).dynamicInvoker().invoke() /* invoke-custom */).collect(Collectors.toList()).toArray(new String[0]);
    }

    private static String[] getAllowedProtocols(PropertySet propertySet, ServerVersion serverVersion, String[] stringArr) {
        List<String> arrayList;
        RuntimeProperty<String> stringProperty = propertySet.getStringProperty(PropertyKey.tlsVersions);
        if (stringProperty == null || !stringProperty.isExplicitlySet()) {
            arrayList = new ArrayList<>(Arrays.asList(VALID_TLS_PROTOCOLS));
        } else {
            if (stringProperty.getValue() == null) {
                throw ((SSLParamsException) ExceptionFactory.createException((Class) SSLParamsException.class, (String) "Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv1.3."));
            }
            arrayList = getValidProtocols(stringProperty.getValue().split("\\s*,\\s*"));
        }
        List asList = Arrays.asList(stringArr);
        ArrayList arrayList2 = new ArrayList();
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            String next = it2.next();
            if (asList.contains(next)) {
                arrayList2.add(next);
            }
        }
        return arrayList2.toArray(new String[0]);
    }

    private static List<String> getValidProtocols(String[] stringArr) {
        List collect = Arrays.stream(stringArr).filter((Predicate) LambdaMetafactory.metafactory(MethodHandles.lookup(), "test", MethodType.methodType(Predicate.class), MethodType.methodType(Boolean.TYPE, Object.class), MethodHandles.lookup().findStatic(ExportControlled.class, "lambda$getValidProtocols$6", MethodType.methodType(Boolean.TYPE, String.class)), MethodType.methodType(Boolean.TYPE, String.class)).dynamicInvoker().invoke() /* invoke-custom */).collect(Collectors.toList());
        if (collect.size() == 0) {
            throw ((SSLParamsException) ExceptionFactory.createException((Class) SSLParamsException.class, (String) "Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv1.3."));
        }
        ArrayList arrayList = new ArrayList();
        for (Object object : KNOWN_TLS_PROTOCOLS) {
            if (collect.contains(object)) {
                arrayList.add(object);
            }
        }
        if (arrayList.size() == 0) {
            throw ((SSLParamsException) ExceptionFactory.createException((Class) SSLParamsException.class, (String) "Specified list of TLS versions only contains non valid TLS protocols. Accepted values are TLSv1.2 and TLSv1.3."));
        }
        ArrayList arrayList2 = new ArrayList();
        for (Object object2 : VALID_TLS_PROTOCOLS) {
            if (arrayList.contains(object2)) {
                arrayList2.add(object2);
            }
        }
        if (arrayList2.size() == 0) {
            throw ((SSLParamsException) ExceptionFactory.createException((Class) SSLParamsException.class, (String) "TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3."));
        }
        return arrayList2;
    }

    public static void checkValidProtocols(List<String> list) {
        getValidProtocols(list.toArray(new String[0]));
    }

    private static KeyStoreConf getTrustStoreConf(PropertySet propertySet, boolean z) {
        String value = propertySet.getStringProperty(PropertyKey.trustCertificateKeyStoreUrl).getValue();
        String value2 = propertySet.getStringProperty(PropertyKey.trustCertificateKeyStorePassword).getValue();
        String value3 = propertySet.getStringProperty(PropertyKey.trustCertificateKeyStoreType).getValue();
        if (propertySet.getBooleanProperty(PropertyKey.fallbackToSystemTrustStore).getValue().booleanValue() && StringUtils.isNullOrEmpty(value)) {
            value = System.getProperty("org.gephi.javax.net.ssl.trustStore");
            value2 = System.getProperty("org.gephi.javax.net.ssl.trustStorePassword");
            value3 = System.getProperty("org.gephi.javax.net.ssl.trustStoreType");
            if (StringUtils.isNullOrEmpty(value3)) {
                value3 = propertySet.getStringProperty(PropertyKey.trustCertificateKeyStoreType).getInitialValue();
            }
            if (!StringUtils.isNullOrEmpty(value)) {
                try {
                    new URL(value);
                } catch (MalformedURLException e) {
                    value = new StringBuilder().append("file:").append(value).toString();
                }
            }
        }
        if (z && StringUtils.isNullOrEmpty(value)) {
            throw new CJCommunicationsException((String) "No truststore provided to verify the Server certificate.");
        }
        return new KeyStoreConf(value, value2, value3);
    }

    private static KeyStoreConf getKeyStoreConf(PropertySet propertySet) {
        String value = propertySet.getStringProperty(PropertyKey.clientCertificateKeyStoreUrl).getValue();
        String value2 = propertySet.getStringProperty(PropertyKey.clientCertificateKeyStorePassword).getValue();
        String value3 = propertySet.getStringProperty(PropertyKey.clientCertificateKeyStoreType).getValue();
        if (propertySet.getBooleanProperty(PropertyKey.fallbackToSystemKeyStore).getValue().booleanValue() && StringUtils.isNullOrEmpty(value)) {
            value = System.getProperty("org.gephi.javax.net.ssl.keyStore");
            value2 = System.getProperty("org.gephi.javax.net.ssl.keyStorePassword");
            value3 = System.getProperty("org.gephi.javax.net.ssl.keyStoreType");
            if (StringUtils.isNullOrEmpty(value3)) {
                value3 = propertySet.getStringProperty(PropertyKey.clientCertificateKeyStoreType).getInitialValue();
            }
            if (!StringUtils.isNullOrEmpty(value)) {
                try {
                    new URL(value);
                } catch (MalformedURLException e) {
                    value = new StringBuilder().append("file:").append(value).toString();
                }
            }
        }
        return new KeyStoreConf(value, value2, value3);
    }

    public static Socket performTlsHandshake(Socket socket, SocketConnection socketConnection, ServerVersion serverVersion, Log log) throws IOException, SSLParamsException, FeatureNotAvailableException {
        KeyStoreConf trustStoreConf;
        PropertySet propertySet = socketConnection.getPropertySet();
        PropertyDefinitions.SslMode value = propertySet.getEnumProperty(PropertyKey.sslMode).getValue();
        boolean z = value == PropertyDefinitions.SslMode.VERIFY_CA || value == PropertyDefinitions.SslMode.VERIFY_IDENTITY;
        boolean booleanValue = propertySet.getBooleanProperty(PropertyKey.fallbackToSystemTrustStore).getValue().booleanValue();
        if (z) {
            trustStoreConf = getTrustStoreConf(propertySet, serverVersion == null && z && !booleanValue);
        } else {
            trustStoreConf = new KeyStoreConf();
        }
        SSLSocket createSocket = getSSLContext(getKeyStoreConf(propertySet), trustStoreConf, booleanValue, z, value == PropertyDefinitions.SslMode.VERIFY_IDENTITY ? socketConnection.getHost() : null, socketConnection.getExceptionInterceptor()).getSocketFactory().createSocket(socket, socketConnection.getHost(), socketConnection.getPort(), true);
        createSocket.setEnabledProtocols(getAllowedProtocols(propertySet, serverVersion, createSocket.getSupportedProtocols()));
        String[] allowedCiphers = getAllowedCiphers(propertySet, Arrays.asList(createSocket.getEnabledCipherSuites()));
        if (allowedCiphers != null) {
            createSocket.setEnabledCipherSuites(allowedCiphers);
        }
        createSocket.startHandshake();
        return createSocket;
    }

    public static SSLContext getSSLContext(KeyStoreConf keyStoreConf, KeyStoreConf keyStoreConf2, boolean z, boolean z2, String string, ExceptionInterceptor exceptionInterceptor) throws SSLParamsException {
        String string2 = keyStoreConf.keyStoreUrl;
        String string3 = keyStoreConf.keyStoreType;
        String string4 = keyStoreConf.keyStorePassword;
        String string5 = keyStoreConf2.keyStoreUrl;
        String string6 = keyStoreConf2.keyStoreType;
        String string7 = keyStoreConf2.keyStorePassword;
        KeyManager[] keyManagerArr = null;
        ArrayList arrayList = new ArrayList();
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            if (!StringUtils.isNullOrEmpty(string2)) {
                InputStream inputStream = null;
                try {
                    try {
                        try {
                            try {
                                if (!StringUtils.isNullOrEmpty(string3)) {
                                    KeyStore keyStore = KeyStore.getInstance(string3);
                                    URL url = new URL(string2);
                                    char[] charArray = string4 == null ? new char[0] : string4.toCharArray();
                                    inputStream = url.openStream();
                                    keyStore.load(inputStream, charArray);
                                    keyManagerFactory.init(keyStore, charArray);
                                    keyManagerArr = keyManagerFactory.getKeyManagers();
                                }
                            } finally {
                            }
                        } catch (KeyStoreException e) {
                            throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, new StringBuilder().append("Could not create KeyStore instance [").append(e.getMessage()).append("]").toString(), e, exceptionInterceptor));
                        } catch (IOException e2) {
                            throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, new StringBuilder().append("Cannot open ").append(string2).append(" [").append(e2.getMessage()).append("]").toString(), e2, exceptionInterceptor));
                        }
                    } catch (NoSuchAlgorithmException e3) {
                        throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, new StringBuilder().append("Unsupported keystore algorithm [").append(e3.getMessage()).append("]").toString(), e3, exceptionInterceptor));
                    } catch (MalformedURLException e4) {
                        throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, new StringBuilder().append(string2).append(" does not appear to be a valid URL.").toString(), e4, exceptionInterceptor));
                    }
                } catch (UnrecoverableKeyException e5) {
                    throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, "Could not recover keys from client keystore.  Check password?", e5, exceptionInterceptor));
                } catch (CertificateException e6) {
                    throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, new StringBuilder().append("Could not load client").append(string3).append(" keystore from ").append(string2).toString(), e6, exceptionInterceptor));
                }
            }
            InputStream inputStream2 = null;
            try {
                try {
                    try {
                        try {
                            KeyStore keyStore2 = null;
                            if (!StringUtils.isNullOrEmpty(string5) && !StringUtils.isNullOrEmpty(string6)) {
                                char[] charArray2 = string7 == null ? new char[0] : string7.toCharArray();
                                inputStream2 = new URL(string5).openStream();
                                keyStore2 = KeyStore.getInstance(string6);
                                keyStore2.load(inputStream2, charArray2);
                            }
                            if (keyStore2 != null || (z2 && z)) {
                                trustManagerFactory.init(keyStore2);
                                for (X509TrustManagerWrapper x509TrustManagerWrapper : trustManagerFactory.getTrustManagers()) {
                                    arrayList.add(x509TrustManagerWrapper instanceof X509TrustManager ? new X509TrustManagerWrapper(x509TrustManagerWrapper, z2, string) : x509TrustManagerWrapper);
                                }
                            }
                            if (inputStream2 != null) {
                                try {
                                    inputStream2.close();
                                } catch (IOException e7) {
                                }
                            }
                            if (arrayList.size() == 0) {
                                arrayList.add(new X509TrustManagerWrapper(z2, string));
                            }
                            try {
                                SSLContext sSLContext = SSLContext.getInstance("TLS");
                                sSLContext.init(keyManagerArr, arrayList.toArray(new TrustManager[arrayList.size()]), (SecureRandom) null);
                                return sSLContext;
                            } catch (KeyManagementException e8) {
                                throw new SSLParamsException(new StringBuilder().append("KeyManagementException: ").append(e8.getMessage()).toString(), e8);
                            } catch (NoSuchAlgorithmException e9) {
                                throw new SSLParamsException("TLS is not a valid SSL protocol.", e9);
                            }
                        } finally {
                            if (inputStream2 != null) {
                                try {
                                    inputStream2.close();
                                } catch (IOException e10) {
                                }
                            }
                        }
                    } catch (MalformedURLException e11) {
                        throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, new StringBuilder().append(string5).append(" does not appear to be a valid URL.").toString(), e11, exceptionInterceptor));
                    }
                } catch (KeyStoreException e12) {
                    throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, new StringBuilder().append("Could not create KeyStore instance [").append(e12.getMessage()).append("]").toString(), e12, exceptionInterceptor));
                } catch (IOException e13) {
                    throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, new StringBuilder().append("Cannot open ").append(string5).append(" [").append(e13.getMessage()).append("]").toString(), e13, exceptionInterceptor));
                }
            } catch (NoSuchAlgorithmException e14) {
                throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, new StringBuilder().append("Unsupported keystore algorithm [").append(e14.getMessage()).append("]").toString(), e14, exceptionInterceptor));
            } catch (CertificateException e15) {
                throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, new StringBuilder().append("Could not load trust").append(string6).append(" keystore from ").append(string5).toString(), e15, exceptionInterceptor));
            }
        } catch (NoSuchAlgorithmException e16) {
            throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, "Default algorithm definitions for TrustManager and/or KeyManager are invalid.  Check java security properties file.", e16, exceptionInterceptor));
        }
    }

    public static boolean isSSLEstablished(Socket socket) {
        if (socket == null) {
            return false;
        }
        return SSLSocket.class.isAssignableFrom(socket.getClass());
    }

    public static RSAPublicKey decodeRSAPublicKey(String string) throws RSAException {
        if (string == null) {
            throw ((RSAException) ExceptionFactory.createException((Class) RSAException.class, (String) "Key parameter is null"));
        }
        int indexOf = string.indexOf("\n") + 1;
        try {
            return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64Decoder.decode(string.getBytes(), indexOf, string.indexOf("-----END PUBLIC KEY-----") - indexOf)));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw ((RSAException) ExceptionFactory.createException((Class) RSAException.class, (String) "Unable to decode public key", (Throwable) e));
        }
    }

    public static byte[] encryptWithRSAPublicKey(byte[] bArr, RSAPublicKey rSAPublicKey, String string) throws RSAException {
        try {
            Cipher cipher = Cipher.getInstance(string);
            cipher.init(1, rSAPublicKey);
            return cipher.doFinal(bArr);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException e) {
            throw ((RSAException) ExceptionFactory.createException((Class) RSAException.class, e.getMessage(), (Throwable) e));
        }
    }

    public static byte[] encryptWithRSAPublicKey(byte[] bArr, RSAPublicKey rSAPublicKey) throws RSAException {
        return encryptWithRSAPublicKey(bArr, rSAPublicKey, "RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
    }

    public static RSAPrivateKey decodeRSAPrivateKey(String string) throws RSAException {
        if (string == null) {
            throw ((RSAException) ExceptionFactory.createException((Class) RSAException.class, (String) "Key parameter is null"));
        }
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(string.replace("-----BEGIN PRIVATE KEY-----", "").replaceAll("\\R", "").replace("-----END PRIVATE KEY-----", ""))));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw ((RSAException) ExceptionFactory.createException((Class) RSAException.class, (String) "Unable to decode private key", (Throwable) e));
        }
    }

    public static byte[] sign(byte[] bArr, RSAPrivateKey rSAPrivateKey) throws RSAException {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(rSAPrivateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) {
            throw ((RSAException) ExceptionFactory.createException((Class) RSAException.class, e.getMessage(), (Throwable) e));
        }
    }

    private static /* synthetic */ boolean lambda$getValidProtocols$6(String string) {
        return !StringUtils.isNullOrEmpty(string.trim());
    }

    private static /* synthetic */ boolean lambda$getAllowedCiphers$5(String string) {
        return !RESTRICTED_CIPHER_SUBSTR.stream().filter((Predicate) LambdaMetafactory.metafactory(MethodHandles.lookup(), "test", MethodType.methodType(Predicate.class, String.class), MethodType.methodType(Boolean.TYPE, Object.class), MethodHandles.lookup().findStatic(ExportControlled.class, "lambda$null$4", MethodType.methodType(Boolean.TYPE, String.class, String.class)), MethodType.methodType(Boolean.TYPE, String.class)).dynamicInvoker().invoke(string) /* invoke-custom */).findFirst().isPresent();
    }

    private static /* synthetic */ boolean lambda$null$4(String string, String string2) {
        return string.contains(string2);
    }

    private static /* synthetic */ void lambda$static$3(String string) {
        RESTRICTED_CIPHER_SUBSTR.add(string.trim());
    }

    private static /* synthetic */ void lambda$static$2(String string) {
        ALLOWED_CIPHERS.add(new StringBuilder().append("TLS_").append(string.trim()).toString());
        ALLOWED_CIPHERS.add(new StringBuilder().append("SSL_").append(string.trim()).toString());
    }

    private static /* synthetic */ void lambda$static$1(String string) {
        ALLOWED_CIPHERS.add(new StringBuilder().append("TLS_").append(string.trim()).toString());
        ALLOWED_CIPHERS.add(new StringBuilder().append("SSL_").append(string.trim()).toString());
    }

    private static /* synthetic */ void lambda$static$0(String string) {
        ALLOWED_CIPHERS.add(new StringBuilder().append("TLS_").append(string.trim()).toString());
        ALLOWED_CIPHERS.add(new StringBuilder().append("SSL_").append(string.trim()).toString());
    }

    static {
        try {
            Properties properties = new Properties();
            properties.load(ExportControlled.class.getResourceAsStream(TLS_SETTINGS_RESOURCE));
            Arrays.stream(properties.getProperty("TLSCiphers.Mandatory").split("\\s*,\\s*")).forEach((Consumer) LambdaMetafactory.metafactory(MethodHandles.lookup(), "accept", MethodType.methodType(Consumer.class), MethodType.methodType(Void.TYPE, Object.class), MethodHandles.lookup().findStatic(ExportControlled.class, "lambda$static$0", MethodType.methodType(Void.TYPE, String.class)), MethodType.methodType(Void.TYPE, String.class)).dynamicInvoker().invoke() /* invoke-custom */);
            Arrays.stream(properties.getProperty("TLSCiphers.Approved").split("\\s*,\\s*")).forEach((Consumer) LambdaMetafactory.metafactory(MethodHandles.lookup(), "accept", MethodType.methodType(Consumer.class), MethodType.methodType(Void.TYPE, Object.class), MethodHandles.lookup().findStatic(ExportControlled.class, "lambda$static$1", MethodType.methodType(Void.TYPE, String.class)), MethodType.methodType(Void.TYPE, String.class)).dynamicInvoker().invoke() /* invoke-custom */);
            Arrays.stream(properties.getProperty("TLSCiphers.Deprecated").split("\\s*,\\s*")).forEach((Consumer) LambdaMetafactory.metafactory(MethodHandles.lookup(), "accept", MethodType.methodType(Consumer.class), MethodType.methodType(Void.TYPE, Object.class), MethodHandles.lookup().findStatic(ExportControlled.class, "lambda$static$2", MethodType.methodType(Void.TYPE, String.class)), MethodType.methodType(Void.TYPE, String.class)).dynamicInvoker().invoke() /* invoke-custom */);
            Arrays.stream(properties.getProperty("TLSCiphers.Unacceptable.Mask").split("\\s*,\\s*")).forEach((Consumer) LambdaMetafactory.metafactory(MethodHandles.lookup(), "accept", MethodType.methodType(Consumer.class), MethodType.methodType(Void.TYPE, Object.class), MethodHandles.lookup().findStatic(ExportControlled.class, "lambda$static$3", MethodType.methodType(Void.TYPE, String.class)), MethodType.methodType(Void.TYPE, String.class)).dynamicInvoker().invoke() /* invoke-custom */);
        } catch (IOException e) {
            throw ExceptionFactory.createException("Unable to load TlsSettings.properties");
        }
    }
}
