package io.dropwizard.client;

import io.dropwizard.client.ssl.TlsConfiguration;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier;
import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
import org.apache.hc.client5.http.ssl.TrustSelfSignedStrategy;
import org.apache.hc.core5.ssl.PrivateKeyStrategy;
import org.apache.hc.core5.ssl.SSLContextBuilder;
import org.apache.hc.core5.ssl.SSLInitializationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/dropwizard/client/DropwizardSSLConnectionSocketFactory.class */
public class DropwizardSSLConnectionSocketFactory {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DropwizardSSLConnectionSocketFactory.class);
    private final TlsConfiguration configuration;
    final HostnameVerifier verifier;

    public DropwizardSSLConnectionSocketFactory(TlsConfiguration tlsConfiguration) {
        this(tlsConfiguration, null);
    }

    public DropwizardSSLConnectionSocketFactory(TlsConfiguration tlsConfiguration, HostnameVerifier hostnameVerifier) {
        this.configuration = tlsConfiguration;
        this.verifier = hostnameVerifier;
    }

    public SSLConnectionSocketFactory getSocketFactory() throws SSLInitializationException {
        return new SSLConnectionSocketFactory(buildSslContext(), getSupportedProtocols(), getSupportedCiphers(), chooseHostnameVerifier());
    }

    private String[] getSupportedCiphers() {
        List<String> supportedCiphers = this.configuration.getSupportedCiphers();
        if (supportedCiphers == null) {
            return null;
        }
        return (String[]) supportedCiphers.toArray(new String[0]);
    }

    private String[] getSupportedProtocols() {
        List<String> supportedProtocols = this.configuration.getSupportedProtocols();
        if (supportedProtocols == null) {
            return null;
        }
        return (String[]) supportedProtocols.toArray(new String[0]);
    }

    private HostnameVerifier chooseHostnameVerifier() {
        return this.configuration.isVerifyHostname() ? this.verifier != null ? this.verifier : new DefaultHostnameVerifier() : new NoopHostnameVerifier();
    }

    private SSLContext buildSslContext() throws SSLInitializationException {
        try {
            SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
            sSLContextBuilder.setProtocol(this.configuration.getProtocol());
            String provider = this.configuration.getProvider();
            if (provider != null) {
                sSLContextBuilder.setProvider(provider);
            }
            loadKeyMaterial(sSLContextBuilder);
            loadTrustMaterial(sSLContextBuilder);
            return sSLContextBuilder.build();
        } catch (Exception e) {
            throw new SSLInitializationException(e.getMessage(), e);
        }
    }

    private PrivateKeyStrategy choosePrivateKeyStrategy() {
        PrivateKeyStrategy privateKeyStrategy = null;
        if (this.configuration.getCertAlias() != null) {
            privateKeyStrategy = (map, sSLParameters) -> {
                return this.configuration.getCertAlias();
            };
        }
        return privateKeyStrategy;
    }

    private void loadKeyMaterial(SSLContextBuilder sSLContextBuilder) throws Exception {
        if (this.configuration.getKeyStorePath() != null) {
            sSLContextBuilder.loadKeyMaterial(loadKeyStore(this.configuration.getKeyStoreType(), this.configuration.getKeyStorePath(), (String) Objects.requireNonNull(this.configuration.getKeyStorePassword()), this.configuration.getKeyStoreProvider()), ((String) Objects.requireNonNull(this.configuration.getKeyStorePassword())).toCharArray(), choosePrivateKeyStrategy());
        }
    }

    private void loadTrustMaterial(SSLContextBuilder sSLContextBuilder) throws Exception {
        KeyStore keyStore = null;
        if (this.configuration.getTrustStorePath() != null) {
            keyStore = loadKeyStore(this.configuration.getTrustStoreType(), this.configuration.getTrustStorePath(), (String) Objects.requireNonNull(this.configuration.getTrustStorePassword()), this.configuration.getTrustStoreProvider());
        }
        TrustSelfSignedStrategy trustSelfSignedStrategy = null;
        if (this.configuration.isTrustSelfSignedCertificates()) {
            trustSelfSignedStrategy = new TrustSelfSignedStrategy();
        }
        sSLContextBuilder.loadTrustMaterial(keyStore, trustSelfSignedStrategy);
    }

    private static KeyStore loadKeyStore(String str, File file, String str2, String str3) throws Exception {
        KeyStore keyStore;
        if (str3 == null) {
            keyStore = KeyStore.getInstance(str);
        } else {
            try {
                keyStore = KeyStore.getInstance(str, str3);
            } catch (KeyStoreException e) {
                log.warn("Keystore of type: {} is not supported for provider: {}. Trying out other providers...", str, str3);
                keyStore = KeyStore.getInstance(str);
            }
        }
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            keyStore.load(fileInputStream, str2.toCharArray());
            fileInputStream.close();
            return keyStore;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
