package io.wcm.caravan.commons.httpclient.impl.helpers;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import io.wcm.caravan.commons.httpclient.HttpClientConfig;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.conn.ssl.SSLInitializationException;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:io/wcm/caravan/commons/httpclient/impl/helpers/CertificateLoader.class */
public final class CertificateLoader {
    public static final String SSL_CONTEXT_TYPE_DEFAULT = "TLS";
    public static final String KEY_MANAGER_TYPE_DEFAULT = "SunX509";
    public static final String KEY_STORE_TYPE_DEFAULT = "PKCS12";
    public static final String TRUST_MANAGER_TYPE_DEFAULT = "SunX509";
    public static final String TRUST_STORE_TYPE_DEFAULT = "JKS";

    private CertificateLoader() {
    }

    @SuppressFBWarnings({"NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE"})
    @NotNull
    public static SSLContext buildSSLContext(@NotNull HttpClientConfig httpClientConfig) throws IOException, GeneralSecurityException {
        KeyManagerFactory keyManagerFactory = null;
        if (isSslKeyManagerEnabled(httpClientConfig)) {
            keyManagerFactory = getKeyManagerFactory(httpClientConfig.getKeyStorePath(), new StoreProperties(httpClientConfig.getKeyStorePassword(), httpClientConfig.getKeyManagerType(), httpClientConfig.getKeyStoreType(), httpClientConfig.getKeyStoreProvider()));
        }
        TrustManagerFactory trustManagerFactory = null;
        if (isSslTrustStoreEnbaled(httpClientConfig)) {
            trustManagerFactory = getTrustManagerFactory(httpClientConfig.getTrustStorePath(), new StoreProperties(httpClientConfig.getTrustStorePassword(), httpClientConfig.getTrustManagerType(), httpClientConfig.getTrustStoreType(), httpClientConfig.getTrustStoreProvider()));
        }
        SSLContext sSLContext = SSLContext.getInstance(httpClientConfig.getSslContextType());
        sSLContext.init(keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null, trustManagerFactory != null ? trustManagerFactory.getTrustManagers() : null, null);
        return sSLContext;
    }

    @NotNull
    public static KeyManagerFactory getKeyManagerFactory(@NotNull String str, @NotNull StoreProperties storeProperties) throws IOException, GeneralSecurityException {
        InputStream resourceAsStream = getResourceAsStream(str);
        if (resourceAsStream == null) {
            throw new FileNotFoundException("Certificate file not found: " + getFilenameInfo(str));
        }
        try {
            return getKeyManagerFactory(resourceAsStream, storeProperties);
        } finally {
            try {
                resourceAsStream.close();
            } catch (IOException e) {
            }
        }
    }

    @NotNull
    private static KeyManagerFactory getKeyManagerFactory(@NotNull InputStream inputStream, @NotNull StoreProperties storeProperties) throws IOException, GeneralSecurityException {
        KeyStore keyStore = StringUtils.isNotBlank(storeProperties.getProvider()) ? KeyStore.getInstance(storeProperties.getType(), storeProperties.getProvider()) : KeyStore.getInstance(storeProperties.getType());
        keyStore.load(inputStream, storeProperties.getPassword().toCharArray());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(storeProperties.getManagerType());
        keyManagerFactory.init(keyStore, storeProperties.getPassword().toCharArray());
        return keyManagerFactory;
    }

    @NotNull
    public static TrustManagerFactory getTrustManagerFactory(@NotNull String str, @NotNull StoreProperties storeProperties) throws IOException, GeneralSecurityException {
        InputStream resourceAsStream = getResourceAsStream(str);
        if (resourceAsStream == null) {
            throw new FileNotFoundException("Certificate file not found: " + getFilenameInfo(str));
        }
        try {
            return getTrustManagerFactory(resourceAsStream, storeProperties);
        } finally {
            try {
                resourceAsStream.close();
            } catch (IOException e) {
            }
        }
    }

    @NotNull
    private static TrustManagerFactory getTrustManagerFactory(@NotNull InputStream inputStream, @NotNull StoreProperties storeProperties) throws IOException, GeneralSecurityException {
        KeyStore keyStore = StringUtils.isNotBlank(storeProperties.getProvider()) ? KeyStore.getInstance(storeProperties.getType(), storeProperties.getProvider()) : KeyStore.getInstance(storeProperties.getType());
        keyStore.load(inputStream, storeProperties.getPassword().toCharArray());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(storeProperties.getManagerType());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    @Nullable
    private static InputStream getResourceAsStream(@NotNull String str) throws IOException {
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        File file = new File(str);
        return (file.exists() && file.isFile()) ? new FileInputStream(file) : CertificateLoader.class.getResourceAsStream(str);
    }

    @Nullable
    private static String getFilenameInfo(@Nullable String str) {
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        try {
            return new File(str).getCanonicalPath();
        } catch (IOException e) {
            return new File(str).getAbsolutePath();
        }
    }

    public static boolean isSslKeyManagerEnabled(@NotNull HttpClientConfig httpClientConfig) {
        return StringUtils.isNotEmpty(httpClientConfig.getSslContextType()) && StringUtils.isNotEmpty(httpClientConfig.getKeyManagerType()) && StringUtils.isNotEmpty(httpClientConfig.getKeyStoreType()) && StringUtils.isNotEmpty(httpClientConfig.getKeyStorePath());
    }

    public static boolean isSslTrustStoreEnbaled(@NotNull HttpClientConfig httpClientConfig) {
        return StringUtils.isNotEmpty(httpClientConfig.getSslContextType()) && StringUtils.isNotEmpty(httpClientConfig.getTrustManagerType()) && StringUtils.isNotEmpty(httpClientConfig.getTrustStoreType()) && StringUtils.isNotEmpty(httpClientConfig.getTrustStorePath());
    }

    @NotNull
    public static SSLContext createDefaultSSlContext() throws SSLInitializationException {
        try {
            SSLContext sSLContext = SSLContext.getInstance(SSL_CONTEXT_TYPE_DEFAULT);
            sSLContext.init(null, null, null);
            return sSLContext;
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new SSLInitializationException(e.getMessage(), e);
        }
    }
}
