package io.quarkus.tls.runtime;

import io.quarkus.tls.runtime.config.TrustStoreConfig;
import io.quarkus.tls.runtime.keystores.ExpiryTrustOptions;
import io.vertx.core.Vertx;
import io.vertx.core.net.TrustOptions;
import io.vertx.core.net.impl.KeyStoreHelper;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.function.Function;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:io/quarkus/tls/runtime/JavaxNetSslTrustStoreProvider.class */
public class JavaxNetSslTrustStoreProvider {

    /* loaded from: input_file:io/quarkus/tls/runtime/JavaxNetSslTrustStoreProvider$JavaNetSslTrustOptions.class */
    static class JavaNetSslTrustOptions implements TrustOptions {
        private final TrustManagerFactory trustManagerFactory;
        private final KeyStore keystore;
        private KeyStoreHelper helper;

        JavaNetSslTrustOptions() {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                KeyStore keyStore = KeyStore.getInstance(System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType()));
                keyStore.load(null, null);
                for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                    for (X509Certificate x509Certificate : ((X509TrustManager) trustManager).getAcceptedIssuers()) {
                        String name = x509Certificate.getSubjectX500Principal().getName();
                        List rdns = new LdapName(name).getRdns();
                        keyStore.setCertificateEntry(((String) rdns.stream().filter(rdn -> {
                            return rdn.getType().equalsIgnoreCase("cn");
                        }).map(rdn2 -> {
                            return rdn2.getValue().toString();
                        }).findFirst().orElseGet(() -> {
                            return (String) rdns.stream().filter(rdn3 -> {
                                return rdn3.getType().equalsIgnoreCase("ou");
                            }).map(rdn4 -> {
                                return rdn4.getValue().toString();
                            }).findFirst().orElseThrow(() -> {
                                return new IllegalStateException("No CN or OU in " + name);
                            });
                        })).replace(" ", "").toLowerCase(Locale.ROOT), x509Certificate);
                    }
                }
                this.trustManagerFactory = trustManagerFactory;
                this.keystore = keyStore;
            } catch (KeyStoreException | NoSuchAlgorithmException | InvalidNameException | IOException | CertificateException e) {
                throw new RuntimeException(e);
            }
        }

        public Function<String, TrustManager[]> trustManagerMapper(Vertx vertx) throws Exception {
            if (this.helper == null) {
                this.helper = new KeyStoreHelper(this.keystore, System.getProperty("javax.net.ssl.trustStorePassword", "changeit"), (String) null);
            }
            KeyStoreHelper keyStoreHelper = this.helper;
            Objects.requireNonNull(keyStoreHelper);
            return keyStoreHelper::getTrustMgr;
        }

        public TrustManagerFactory getTrustManagerFactory(Vertx vertx) {
            return this.trustManagerFactory;
        }

        public TrustOptions copy() {
            return this;
        }

        public int hashCode() {
            return (31 * 1) + (this.keystore == null ? 0 : this.keystore.hashCode());
        }
    }

    public static TrustStoreAndTrustOptions getTrustStore(Vertx vertx) {
        JavaNetSslTrustOptions javaNetSslTrustOptions = new JavaNetSslTrustOptions();
        return new TrustStoreAndTrustOptions(javaNetSslTrustOptions.keystore, new ExpiryTrustOptions(javaNetSslTrustOptions, TrustStoreConfig.CertificateExpiryPolicy.WARN));
    }
}
