package org.apereo.cas.authentication;

import java.io.InputStream;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import lombok.Generated;
import org.apache.http.ssl.SSLContexts;
import org.apereo.cas.configuration.model.core.authentication.HttpClientProperties;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.ssl.CompositeX509KeyManager;
import org.apereo.cas.util.ssl.CompositeX509TrustManager;
import org.springframework.core.io.Resource;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-api-6.4.3.jar:org/apereo/cas/authentication/DefaultCasSSLContext.class */
public class DefaultCasSSLContext implements CasSSLContext {
    private static final String ALG_NAME_PKIX = "PKIX";
    private final SSLContext sslContext;
    private final TrustManager[] trustManagers;
    private final KeyManager[] keyManagers;

    public DefaultCasSSLContext(Resource resource, String str, String str2, HttpClientProperties httpClientProperties) throws Exception {
        if (httpClientProperties.getHostNameVerifier().equalsIgnoreCase("none")) {
            this.trustManagers = CasSSLContext.disabled().getTrustManagers();
            this.keyManagers = CasSSLContext.disabled().getKeyManagers();
        } else {
            KeyStore keyStore = KeyStore.getInstance(str2);
            char[] charArray = str.toCharArray();
            InputStream inputStream = resource.getInputStream();
            try {
                keyStore.load(inputStream, charArray);
                if (inputStream != null) {
                    inputStream.close();
                }
                String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
                X509KeyManager keyManager = getKeyManager(ALG_NAME_PKIX, keyStore, charArray);
                X509KeyManager keyManager2 = getKeyManager(defaultAlgorithm, null, null);
                String defaultAlgorithm2 = TrustManagerFactory.getDefaultAlgorithm();
                Collection<X509TrustManager> trustManager = getTrustManager(ALG_NAME_PKIX, keyStore);
                Collection<X509TrustManager> trustManager2 = getTrustManager(defaultAlgorithm2, null);
                ArrayList arrayList = new ArrayList(trustManager);
                arrayList.addAll(trustManager2);
                this.trustManagers = new TrustManager[]{new CompositeX509TrustManager(arrayList)};
                this.keyManagers = new KeyManager[]{new CompositeX509KeyManager(CollectionUtils.wrapList(keyManager2, keyManager))};
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        this.sslContext = SSLContexts.custom().setProtocol("SSL").build();
        this.sslContext.init(this.keyManagers, this.trustManagers, null);
    }

    private static X509KeyManager getKeyManager(String str, KeyStore keyStore, char[] cArr) {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
        keyManagerFactory.init(keyStore, cArr);
        return (X509KeyManager) keyManagerFactory.getKeyManagers()[0];
    }

    private static Collection<X509TrustManager> getTrustManager(String str, KeyStore keyStore) {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
        trustManagerFactory.init(keyStore);
        Stream filter = Arrays.stream(trustManagerFactory.getTrustManagers()).filter(trustManager -> {
            return trustManager instanceof X509TrustManager;
        });
        Class<X509TrustManager> cls = X509TrustManager.class;
        Objects.requireNonNull(X509TrustManager.class);
        return (Collection) filter.map((v1) -> {
            return r1.cast(v1);
        }).collect(Collectors.toList());
    }

    @Override // org.apereo.cas.authentication.CasSSLContext
    @Generated
    public SSLContext getSslContext() {
        return this.sslContext;
    }

    @Override // org.apereo.cas.authentication.CasSSLContext
    @Generated
    public TrustManager[] getTrustManagers() {
        return this.trustManagers;
    }

    @Override // org.apereo.cas.authentication.CasSSLContext
    @Generated
    public KeyManager[] getKeyManagers() {
        return this.keyManagers;
    }
}
