package pl.skidam.automodpack_core.protocol;

import am_libs.org.apache.hc.client5.http.ssl.DefaultHostnameVerifier;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.net.Socket;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Consumer;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import pl.skidam.automodpack_core.GlobalVariables;
import pl.skidam.automodpack_core.config.Jsons;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: DownloadClient.java */
/* loaded from: input_file:pl/skidam/automodpack_core/protocol/PreValidationConnection.class */
public class PreValidationConnection {
    private final SSLSocket socket;
    private final X509Certificate unvalidatedCertificate;

    public PreValidationConnection(Jsons.ModpackAddresses modpackAddresses, KeyStore keyStore) throws IOException, KeyStoreException {
        Socket socket = new Socket();
        socket.connect(modpackAddresses.hostAddress, 15000);
        socket.setSoTimeout(15000);
        DataOutputStream dataOutputStream = new DataOutputStream(socket.getOutputStream());
        DataInputStream dataInputStream = new DataInputStream(socket.getInputStream());
        dataOutputStream.writeInt(NetUtils.MAGIC_AMMC);
        dataOutputStream.flush();
        int readInt = dataInputStream.readInt();
        if (readInt != 1095585611) {
            socket.close();
            throw new IOException("Invalid handshake response from server: " + readInt);
        }
        AtomicReference atomicReference = new AtomicReference();
        Objects.requireNonNull(atomicReference);
        SSLSocket sSLSocket = (SSLSocket) createSSLContext(keyStore, (v1) -> {
            r2.set(v1);
        }).getSocketFactory().createSocket(socket, modpackAddresses.hostAddress.getHostString(), modpackAddresses.hostAddress.getPort(), true);
        sSLSocket.setEnabledProtocols(new String[]{"TLSv1.3"});
        sSLSocket.setEnabledCipherSuites(new String[]{"TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256"});
        SSLParameters sSLParameters = new SSLParameters();
        sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
        sSLSocket.setSSLParameters(sSLParameters);
        SSLSession session = sSLSocket.getSession();
        X509Certificate x509Certificate = null;
        X509Certificate x509Certificate2 = null;
        X509Certificate[] x509CertificateArr = (X509Certificate[]) atomicReference.get();
        if (x509CertificateArr != null && x509CertificateArr.length > 0) {
            x509Certificate = x509CertificateArr[0];
        }
        if (x509Certificate == null) {
            throw new IOException("No certificate found in server's response");
        }
        if (!session.isValid()) {
            sSLSocket.close();
            x509Certificate2 = x509Certificate;
        }
        if (!isSelfSigned(x509Certificate)) {
            DefaultHostnameVerifier defaultHostnameVerifier = new DefaultHostnameVerifier();
            if (defaultHostnameVerifier.verify(modpackAddresses.hostAddress.getHostString(), session) && defaultHostnameVerifier.verify(modpackAddresses.serverAddress.getHostString(), session)) {
                GlobalVariables.LOGGER.info("Signed certificate validation succeeded for {} and {}", modpackAddresses.hostAddress.getHostString(), modpackAddresses.serverAddress.getHostString());
            } else {
                sSLSocket.close();
                x509Certificate2 = x509Certificate;
                GlobalVariables.LOGGER.error("Certificate validation failed: certificate doesn't match the required domains {} and {}", modpackAddresses.hostAddress.getHostString(), modpackAddresses.serverAddress.getHostString());
            }
        }
        this.unvalidatedCertificate = x509Certificate2;
        this.socket = sSLSocket;
    }

    private static boolean isSelfSigned(X509Certificate x509Certificate) {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SSLSocket getSocket() {
        return this.socket;
    }

    public X509Certificate getUnvalidatedCertificate() {
        return this.unvalidatedCertificate;
    }

    private SSLContext createSSLContext(KeyStore keyStore, Consumer<X509Certificate[]> consumer) throws KeyStoreException {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.3");
            try {
                sSLContext.init(null, new TrustManager[]{new CustomizableTrustManager(keyStore, consumer)}, new SecureRandom());
                return sSLContext;
            } catch (KeyManagementException e) {
                throw new RuntimeException("Failed to initialize SSLContext", e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("TLS 1.3 is not supported", e2);
        }
    }
}
