package org.jasig.cas.authentication;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.net.Socket;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.conn.ssl.TrustStrategy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component("trustStoreSslSocketFactory")
/* loaded from: input_file:org/jasig/cas/authentication/FileTrustStoreSslSocketFactory.class */
public final class FileTrustStoreSslSocketFactory extends SSLConnectionSocketFactory {
    private static final Logger LOGGER = LoggerFactory.getLogger(FileTrustStoreSslSocketFactory.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jasig/cas/authentication/FileTrustStoreSslSocketFactory$CompositeX509KeyManager.class */
    public static class CompositeX509KeyManager implements X509KeyManager {
        private final List<X509KeyManager> keyManagers;

        CompositeX509KeyManager(List<X509KeyManager> list) {
            this.keyManagers = list;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            Iterator<X509KeyManager> it = this.keyManagers.iterator();
            while (it.hasNext()) {
                String chooseClientAlias = it.next().chooseClientAlias(strArr, principalArr, socket);
                if (chooseClientAlias != null) {
                    return chooseClientAlias;
                }
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            Iterator<X509KeyManager> it = this.keyManagers.iterator();
            while (it.hasNext()) {
                String chooseServerAlias = it.next().chooseServerAlias(str, principalArr, socket);
                if (chooseServerAlias != null) {
                    return chooseServerAlias;
                }
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            Iterator<X509KeyManager> it = this.keyManagers.iterator();
            while (it.hasNext()) {
                PrivateKey privateKey = it.next().getPrivateKey(str);
                if (privateKey != null) {
                    return privateKey;
                }
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            Iterator<X509KeyManager> it = this.keyManagers.iterator();
            while (it.hasNext()) {
                X509Certificate[] certificateChain = it.next().getCertificateChain(str);
                if (certificateChain != null && certificateChain.length > 0) {
                    return certificateChain;
                }
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            ArrayList arrayList = new ArrayList();
            Iterator<X509KeyManager> it = this.keyManagers.iterator();
            while (it.hasNext()) {
                arrayList.addAll(Arrays.asList(it.next().getClientAliases(str, principalArr)));
            }
            return (String[]) arrayList.toArray(new String[0]);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            ArrayList arrayList = new ArrayList();
            Iterator<X509KeyManager> it = this.keyManagers.iterator();
            while (it.hasNext()) {
                arrayList.addAll(Arrays.asList(it.next().getServerAliases(str, principalArr)));
            }
            return (String[]) arrayList.toArray(new String[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jasig/cas/authentication/FileTrustStoreSslSocketFactory$CompositeX509TrustManager.class */
    public static class CompositeX509TrustManager implements X509TrustManager {
        private static final Logger LOGGER = LoggerFactory.getLogger(CompositeX509TrustManager.class);
        private final List<X509TrustManager> trustManagers;

        CompositeX509TrustManager(List<X509TrustManager> list) {
            this.trustManagers = list;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            Iterator<X509TrustManager> it = this.trustManagers.iterator();
            while (it.hasNext()) {
                try {
                    it.next().checkClientTrusted(x509CertificateArr, str);
                    return;
                } catch (CertificateException e) {
                    LOGGER.debug(e.getMessage(), e);
                }
            }
            throw new CertificateException("None of the TrustManagers trust this certificate chain");
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            Iterator<X509TrustManager> it = this.trustManagers.iterator();
            while (it.hasNext()) {
                try {
                    it.next().checkServerTrusted(x509CertificateArr, str);
                    return;
                } catch (CertificateException e) {
                    LOGGER.debug(e.getMessage(), e);
                }
            }
            throw new CertificateException("None of the TrustManagers trust this certificate chain");
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            ArrayList arrayList = new ArrayList();
            Iterator<X509TrustManager> it = this.trustManagers.iterator();
            while (it.hasNext()) {
                arrayList.addAll(Arrays.asList(it.next().getAcceptedIssuers()));
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
        }
    }

    /* loaded from: input_file:org/jasig/cas/authentication/FileTrustStoreSslSocketFactory$DoesNotTrustStrategy.class */
    private static class DoesNotTrustStrategy implements TrustStrategy {
        private DoesNotTrustStrategy() {
        }

        public boolean isTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            return false;
        }
    }

    @Autowired
    public FileTrustStoreSslSocketFactory(@Value("${http.client.truststore.file:classpath:truststore.jks}") File file, @Value("${http.client.truststore.psw:changeit}") String str) {
        this(file, str, KeyStore.getDefaultType());
    }

    public FileTrustStoreSslSocketFactory(File file, String str, String str2) {
        super(getTrustedSslContext(file, str, str2));
    }

    private static SSLContext getTrustedSslContext(File file, String str, String str2) {
        try {
            if (!file.exists() || !file.canRead()) {
                throw new FileNotFoundException("Truststore file cannot be located at " + file.getCanonicalPath());
            }
            KeyStore keyStore = KeyStore.getInstance(str2);
            char[] charArray = str.toCharArray();
            Throwable th = null;
            try {
                FileInputStream fileInputStream = new FileInputStream(file);
                try {
                    keyStore.load(fileInputStream, charArray);
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                    String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
                    X509KeyManager keyManager = getKeyManager("PKIX", keyStore, charArray);
                    X509KeyManager keyManager2 = getKeyManager(defaultAlgorithm, null, null);
                    X509TrustManager trustManager = getTrustManager("PKIX", keyStore);
                    X509TrustManager trustManager2 = getTrustManager(defaultAlgorithm, null);
                    KeyManager[] keyManagerArr = {new CompositeX509KeyManager(Arrays.asList(keyManager2, keyManager))};
                    TrustManager[] trustManagerArr = {new CompositeX509TrustManager(Arrays.asList(trustManager2, trustManager))};
                    SSLContext build = SSLContexts.custom().useSSL().build();
                    build.init(keyManagerArr, trustManagerArr, null);
                    return build;
                } catch (Throwable th2) {
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
            throw new RuntimeException(e);
        }
    }

    private static X509KeyManager getKeyManager(String str, KeyStore keyStore, char[] cArr) throws Exception {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
        keyManagerFactory.init(keyStore, cArr);
        return (X509KeyManager) keyManagerFactory.getKeyManagers()[0];
    }

    private static X509TrustManager getTrustManager(String str, KeyStore keyStore) throws Exception {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
        trustManagerFactory.init(keyStore);
        return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
    }
}
