package de.fraunhofer.iosb.ilt.faaast.service.util;

import de.fraunhofer.iosb.ilt.faaast.service.certificate.util.KeyStoreHelper;
import de.fraunhofer.iosb.ilt.faaast.service.config.CertificateConfig;
import java.io.File;
import java.io.IOException;
import java.net.http.HttpClient;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.Objects;
import java.util.Properties;
import java.util.stream.Stream;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:de/fraunhofer/iosb/ilt/faaast/service/util/SslHelper.class */
public class SslHelper {
    private static final String PROTOCOL_TLS = "TLSv1.2";
    private static final String KEY_DISABLE_HOSTNAME_VERIFICATION = "jdk.internal.httpclient.disableHostnameVerification";

    private SslHelper() {
    }

    public static HttpClient newClientAcceptingAllCertificates() throws KeyManagementException, NoSuchAlgorithmException {
        return disableHostnameVerification(HttpClient.newBuilder().sslContext(newContextAcceptingAllCertificates()));
    }

    public static HttpClient disableHostnameVerification(HttpClient.Builder builder) {
        Properties properties = System.getProperties();
        Boolean valueOf = Boolean.valueOf(Boolean.parseBoolean(properties.getProperty(KEY_DISABLE_HOSTNAME_VERIFICATION)));
        properties.setProperty(KEY_DISABLE_HOSTNAME_VERIFICATION, Boolean.TRUE.toString());
        HttpClient build = builder.build();
        properties.setProperty(KEY_DISABLE_HOSTNAME_VERIFICATION, valueOf.toString());
        return build;
    }

    public static SSLContext newContextAcceptingAllCertificates() throws KeyManagementException, NoSuchAlgorithmException {
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(null, new TrustManager[]{new X509TrustManager() { // from class: de.fraunhofer.iosb.ilt.faaast.service.util.SslHelper.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }}, new SecureRandom());
        return sSLContext;
    }

    public static HttpClient newClientAcceptingCertificates(File file, String str, String str2) throws GeneralSecurityException, IOException {
        return HttpClient.newBuilder().sslContext(newContextAcceptingCertificates(file, str, str2)).build();
    }

    public static SSLContext newContextAcceptingCertificates(File file, String str, String str2) throws GeneralSecurityException, IOException {
        final List<X509Certificate> loadCertificatesFromKeyStore = loadCertificatesFromKeyStore(file, str, str2);
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        final X509TrustManager x509TrustManager = (X509TrustManager) Stream.of((Object[]) trustManagerFactory.getTrustManagers()).filter(trustManager -> {
            return X509TrustManager.class.isAssignableFrom(trustManager.getClass());
        }).findFirst().orElseThrow(() -> {
            return new IllegalArgumentException("unable to find default trust manager");
        });
        sSLContext.init(null, new TrustManager[]{new X509TrustManager() { // from class: de.fraunhofer.iosb.ilt.faaast.service.util.SslHelper.2
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str3) throws CertificateException {
                x509TrustManager.checkClientTrusted(x509CertificateArr, str3);
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str3) throws CertificateException {
                if (x509CertificateArr.length == 1 && loadCertificatesFromKeyStore.contains(x509CertificateArr[0])) {
                    return;
                }
                x509TrustManager.checkServerTrusted(x509CertificateArr, str3);
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return x509TrustManager.getAcceptedIssuers();
            }
        }}, new SecureRandom());
        return sSLContext;
    }

    public static SSLContext newContextAcceptingCertificates(CertificateConfig certificateConfig) throws GeneralSecurityException, IOException {
        return (Objects.isNull(certificateConfig) || Objects.isNull(certificateConfig.getKeyStorePath()) || StringHelper.isEmpty(certificateConfig.getKeyStorePath())) ? SSLContext.getDefault() : newContextAcceptingCertificates(new File(certificateConfig.getKeyStorePath()), certificateConfig.getKeyStoreType(), certificateConfig.getKeyStorePassword());
    }

    private static List<X509Certificate> loadCertificatesFromKeyStore(File file, String str, String str2) throws IOException, GeneralSecurityException {
        ArrayList arrayList = new ArrayList();
        if (Objects.nonNull(file)) {
            KeyStore load = KeyStoreHelper.load(file, str, str2);
            Enumeration<String> aliases = load.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = load.getCertificate(aliases.nextElement());
                if (Objects.nonNull(certificate) && X509Certificate.class.isAssignableFrom(certificate.getClass())) {
                    arrayList.add((X509Certificate) certificate);
                }
            }
        }
        return arrayList;
    }
}
