package org.apereo.cas.authentication;

import java.io.InputStream;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import lombok.Generated;
import org.apache.hc.core5.ssl.SSLContexts;
import org.apereo.cas.configuration.model.core.authentication.HttpClientProperties;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.ssl.CompositeX509KeyManager;
import org.apereo.cas.util.ssl.CompositeX509TrustManager;
import org.jooq.lambda.Unchecked;
import org.springframework.core.io.Resource;

/* loaded from: input_file:org/apereo/cas/authentication/DefaultCasSSLContext.class */
public class DefaultCasSSLContext implements CasSSLContext {
    private static final String ALG_NAME_PKIX = "PKIX";
    private final SSLContext sslContext;
    private final TrustManager[] trustManagers;
    private final KeyManager[] keyManagers;
    private final HostnameVerifier hostnameVerifier;
    private final KeyStore casTrustStore;
    private final KeyManagerFactory keyManagerFactory;

    public DefaultCasSSLContext(Resource resource, String str, String str2, HttpClientProperties httpClientProperties, HostnameVerifier hostnameVerifier) throws Exception {
        if ("none".equalsIgnoreCase(httpClientProperties.getHostNameVerifier())) {
            this.trustManagers = CasSSLContext.disabled().getTrustManagers();
            this.keyManagerFactory = CasSSLContext.disabled().getKeyManagerFactory();
            this.casTrustStore = null;
            this.keyManagers = CasSSLContext.disabled().getKeyManagers();
        } else {
            this.casTrustStore = KeyStore.getInstance(str2);
            char[] charArray = str.toCharArray();
            InputStream inputStream = resource.getInputStream();
            try {
                this.casTrustStore.load(inputStream, charArray);
                if (inputStream != null) {
                    inputStream.close();
                }
                this.keyManagerFactory = getKeyManagerFactory(ALG_NAME_PKIX, this.casTrustStore, charArray);
                X509KeyManager x509KeyManager = (X509KeyManager) this.keyManagerFactory.getKeyManagers()[0];
                X509KeyManager x509KeyManager2 = (X509KeyManager) getKeyManagerFactory(KeyManagerFactory.getDefaultAlgorithm(), null, null).getKeyManagers()[0];
                String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
                Collection<X509TrustManager> trustManager = getTrustManager(ALG_NAME_PKIX, this.casTrustStore);
                Collection<X509TrustManager> trustManager2 = getTrustManager(defaultAlgorithm, null);
                ArrayList arrayList = new ArrayList(trustManager);
                arrayList.addAll(trustManager2);
                this.trustManagers = new TrustManager[]{new CompositeX509TrustManager(arrayList)};
                this.keyManagers = new KeyManager[]{new CompositeX509KeyManager(CollectionUtils.wrapList(new X509KeyManager[]{x509KeyManager2, x509KeyManager}))};
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        this.sslContext = SSLContexts.custom().setProtocol("SSL").build();
        this.sslContext.init(this.keyManagers, this.trustManagers, null);
        this.hostnameVerifier = hostnameVerifier;
    }

    private static KeyManagerFactory getKeyManagerFactory(String str, KeyStore keyStore, char[] cArr) throws Exception {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
        keyManagerFactory.init(keyStore, cArr);
        return keyManagerFactory;
    }

    private static Collection<X509TrustManager> getTrustManager(String str, KeyStore keyStore) throws Exception {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
        trustManagerFactory.init(keyStore);
        Stream stream = Arrays.stream(trustManagerFactory.getTrustManagers());
        Class<X509TrustManager> cls = X509TrustManager.class;
        Objects.requireNonNull(X509TrustManager.class);
        Stream filter = stream.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<X509TrustManager> cls2 = X509TrustManager.class;
        Objects.requireNonNull(X509TrustManager.class);
        return (Collection) filter.map((v1) -> {
            return r1.cast(v1);
        }).collect(Collectors.toList());
    }

    @Override // org.apereo.cas.authentication.CasSSLContext
    public TrustManagerFactory getTrustManagerFactory() {
        return (TrustManagerFactory) Unchecked.supplier(() -> {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(ALG_NAME_PKIX);
            trustManagerFactory.init(this.casTrustStore);
            return trustManagerFactory;
        }).get();
    }

    @Override // org.apereo.cas.authentication.CasSSLContext
    @Generated
    public SSLContext getSslContext() {
        return this.sslContext;
    }

    @Override // org.apereo.cas.authentication.CasSSLContext
    @Generated
    public TrustManager[] getTrustManagers() {
        return this.trustManagers;
    }

    @Override // org.apereo.cas.authentication.CasSSLContext
    @Generated
    public KeyManager[] getKeyManagers() {
        return this.keyManagers;
    }

    @Override // org.apereo.cas.authentication.CasSSLContext
    @Generated
    public HostnameVerifier getHostnameVerifier() {
        return this.hostnameVerifier;
    }

    @Generated
    public KeyStore getCasTrustStore() {
        return this.casTrustStore;
    }

    @Override // org.apereo.cas.authentication.CasSSLContext
    @Generated
    public KeyManagerFactory getKeyManagerFactory() {
        return this.keyManagerFactory;
    }
}
