package com.github.tomakehurst.wiremock.http.ssl;

import com.github.tomakehurst.wiremock.common.ArrayFunctions;
import com.github.tomakehurst.wiremock.common.Exceptions;
import com.github.tomakehurst.wiremock.common.ListFunctions;
import com.github.tomakehurst.wiremock.common.Pair;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import org.springframework.boot.ssl.SslBundle;

/* loaded from: input_file:com/github/tomakehurst/wiremock/http/ssl/SSLContextBuilder.class */
public class SSLContextBuilder {
    private final Set<KeyManager> keyManagers = new LinkedHashSet();
    private final Set<TrustManager> trustManagers = new LinkedHashSet();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/github/tomakehurst/wiremock/http/ssl/SSLContextBuilder$TrustManagerDelegate.class */
    public static class TrustManagerDelegate extends X509ExtendedTrustManager {
        private final X509ExtendedTrustManager trustManager;
        private final TrustStrategy trustStrategy;

        TrustManagerDelegate(X509ExtendedTrustManager x509ExtendedTrustManager, TrustStrategy trustStrategy) {
            this.trustManager = x509ExtendedTrustManager;
            this.trustStrategy = trustStrategy;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.trustManager.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (this.trustStrategy.isTrusted(x509CertificateArr, str)) {
                return;
            }
            this.trustManager.checkServerTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.trustManager.getAcceptedIssuers();
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            this.trustManager.checkClientTrusted(x509CertificateArr, str, socket);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            if (this.trustStrategy.isTrusted(x509CertificateArr, str, socket)) {
                return;
            }
            this.trustManager.checkServerTrusted(x509CertificateArr, str, socket);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            this.trustManager.checkClientTrusted(x509CertificateArr, str, sSLEngine);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            if (this.trustStrategy.isTrusted(x509CertificateArr, str, sSLEngine)) {
                return;
            }
            this.trustManager.checkServerTrusted(x509CertificateArr, str, sSLEngine);
        }
    }

    public static SSLContextBuilder create() {
        return new SSLContextBuilder();
    }

    public SSLContextBuilder loadTrustMaterial(KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException {
        return loadTrustMaterial(keyStore, null);
    }

    public SSLContextBuilder loadTrustMaterial(KeyStore keyStore, TrustStrategy trustStrategy) throws NoSuchAlgorithmException, KeyStoreException {
        Pair splitByType = ListFunctions.splitByType((TrustManager[]) ArrayFunctions.concat(loadTrustManagers(keyStore, TrustManagerFactory.getDefaultAlgorithm()), loadDefaultTrustManagers()), X509ExtendedTrustManager.class);
        List list = (List) splitByType.a;
        List list2 = (List) splitByType.b;
        if (!list2.isEmpty()) {
            CompositeTrustManager compositeTrustManager = new CompositeTrustManager(list2);
            this.trustManagers.add(trustStrategy == null ? compositeTrustManager : addStrategy(compositeTrustManager, trustStrategy));
        }
        this.trustManagers.addAll(list);
        return this;
    }

    public SSLContextBuilder loadTrustMaterial(TrustStrategy trustStrategy) {
        Collections.addAll(this.trustManagers, addStrategy(loadDefaultTrustManagers(), trustStrategy));
        return this;
    }

    private TrustManager[] loadTrustManagers(KeyStore keyStore, String str) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        return trustManagers == null ? new TrustManager[0] : trustManagers;
    }

    private TrustManager[] loadDefaultTrustManagers() {
        try {
            return loadTrustManagers(null, TrustManagerFactory.getDefaultAlgorithm());
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            return (TrustManager[]) Exceptions.throwUnchecked(e, null);
        }
    }

    private TrustManager[] addStrategy(TrustManager[] trustManagerArr, TrustStrategy trustStrategy) {
        TrustManager[] trustManagerArr2 = new TrustManager[trustManagerArr.length];
        for (int i = 0; i < trustManagerArr.length; i++) {
            trustManagerArr2[i] = addStrategy(trustManagerArr[i], trustStrategy);
        }
        return trustManagerArr2;
    }

    private TrustManager addStrategy(TrustManager trustManager, TrustStrategy trustStrategy) {
        return trustManager instanceof X509ExtendedTrustManager ? new TrustManagerDelegate((X509ExtendedTrustManager) trustManager, trustStrategy) : trustManager;
    }

    public SSLContextBuilder loadKeyMaterial(KeyStore keyStore, char[] cArr) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, cArr);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (keyManagers != null) {
            Collections.addAll(this.keyManagers, keyManagers);
        }
        return this;
    }

    protected void initSSLContext(SSLContext sSLContext, Collection<KeyManager> collection, Collection<TrustManager> collection2) throws KeyManagementException {
        sSLContext.init(!collection.isEmpty() ? (KeyManager[]) collection.toArray(new KeyManager[0]) : null, !collection2.isEmpty() ? (TrustManager[]) collection2.toArray(new TrustManager[0]) : null, null);
    }

    public SSLContext build() throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sSLContext = SSLContext.getInstance(SslBundle.DEFAULT_PROTOCOL);
        initSSLContext(sSLContext, this.keyManagers, this.trustManagers);
        return sSLContext;
    }

    public String toString() {
        return "[keyManagers=" + this.keyManagers + ", trustManagers=" + this.trustManagers + "]";
    }
}
