package io.spiffe.provider;

import io.spiffe.bundle.BundleSource;
import io.spiffe.bundle.x509bundle.X509Bundle;
import io.spiffe.exception.SocketEndpointAddressException;
import io.spiffe.exception.X509SourceException;
import io.spiffe.provider.exception.SpiffeProviderException;
import io.spiffe.spiffeid.SpiffeId;
import io.spiffe.spiffeid.SpiffeIdUtils;
import io.spiffe.workloadapi.X509Source;
import java.security.KeyStore;
import java.util.Set;
import java.util.function.Supplier;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactorySpi;
import lombok.NonNull;

/* loaded from: input_file:io/spiffe/provider/SpiffeTrustManagerFactory.class */
public class SpiffeTrustManagerFactory extends TrustManagerFactorySpi {
    private static final boolean ACCEPT_ANY_SPIFFE_ID = Boolean.parseBoolean(EnvironmentUtils.getProperty(SpiffeProviderConstants.SSL_SPIFFE_ACCEPT_ALL_PROPERTY, "false"));
    private static final Supplier<Set<SpiffeId>> DEFAULT_SPIFFE_ID_SET_SUPPLIER = () -> {
        return SpiffeIdUtils.toSetOfSpiffeIds(EnvironmentUtils.getProperty(SpiffeProviderConstants.SSL_SPIFFE_ACCEPT_PROPERTY));
    };

    @Override // javax.net.ssl.TrustManagerFactorySpi
    public TrustManager[] engineGetTrustManagers() {
        try {
            X509Source x509Source = X509SourceManager.getX509Source();
            return new TrustManager[]{ACCEPT_ANY_SPIFFE_ID ? new SpiffeTrustManager(x509Source) : new SpiffeTrustManager(x509Source, DEFAULT_SPIFFE_ID_SET_SUPPLIER)};
        } catch (X509SourceException e) {
            throw new SpiffeProviderException("The X.509 source could not be created", e);
        } catch (SocketEndpointAddressException e2) {
            throw new SpiffeProviderException("The Workload API Socket endpoint address configured is not valid", e2);
        }
    }

    public TrustManager[] engineGetTrustManagers(@NonNull BundleSource<X509Bundle> bundleSource) {
        if (bundleSource == null) {
            throw new NullPointerException("x509BundleSource is marked non-null but is null");
        }
        return new TrustManager[]{ACCEPT_ANY_SPIFFE_ID ? new SpiffeTrustManager(bundleSource) : new SpiffeTrustManager(bundleSource, DEFAULT_SPIFFE_ID_SET_SUPPLIER)};
    }

    public TrustManager[] engineGetTrustManagersAcceptAnySpiffeId(@NonNull BundleSource<X509Bundle> bundleSource) {
        if (bundleSource == null) {
            throw new NullPointerException("x509BundleSource is marked non-null but is null");
        }
        return new TrustManager[]{new SpiffeTrustManager(bundleSource)};
    }

    public TrustManager[] engineGetTrustManagers(@NonNull BundleSource<X509Bundle> bundleSource, @NonNull Supplier<Set<SpiffeId>> supplier) {
        if (bundleSource == null) {
            throw new NullPointerException("x509BundleSource is marked non-null but is null");
        }
        if (supplier == null) {
            throw new NullPointerException("acceptedSpiffeIdsSupplier is marked non-null but is null");
        }
        return new TrustManager[]{new SpiffeTrustManager(bundleSource, supplier)};
    }

    @Override // javax.net.ssl.TrustManagerFactorySpi
    protected void engineInit(KeyStore keyStore) {
    }

    @Override // javax.net.ssl.TrustManagerFactorySpi
    protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
    }
}
