package org.sourcelab.kafka.connect.apiclient.rest;

import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.util.Objects;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.ssl.SSLContexts;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sourcelab.kafka.connect.apiclient.Configuration;

/* loaded from: input_file:org/sourcelab/kafka/connect/apiclient/rest/HttpsContextBuilder.class */
class HttpsContextBuilder {
    private static final Logger logger = LoggerFactory.getLogger(HttpsContextBuilder.class);
    private static final String[] sslProtocols = {"TLSv1.2", "TLSv1.1", "TLSv1"};
    private final Configuration configuration;

    /* JADX INFO: Access modifiers changed from: package-private */
    public HttpsContextBuilder(Configuration configuration) {
        this.configuration = (Configuration) Objects.requireNonNull(configuration);
    }

    HostnameVerifier getHostnameVerifier() {
        return this.configuration.getIgnoreInvalidSslCertificates() ? NoopHostnameVerifier.INSTANCE : SSLConnectionSocketFactory.getDefaultHostnameVerifier();
    }

    SSLContext getSslContext() {
        SSLContext createDefault = SSLContexts.createDefault();
        try {
            if (this.configuration.getIgnoreInvalidSslCertificates()) {
                createDefault.init(new KeyManager[0], new TrustManager[]{new NoopTrustManager()}, new SecureRandom());
            } else if (this.configuration.getTrustStoreFile() != null) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                KeyStore keyStore = KeyStore.getInstance("JKS");
                FileInputStream fileInputStream = new FileInputStream(this.configuration.getTrustStoreFile());
                Throwable th = null;
                try {
                    if (this.configuration.getTrustStorePassword() == null) {
                        keyStore.load(fileInputStream, null);
                    } else {
                        keyStore.load(fileInputStream, this.configuration.getTrustStorePassword().toCharArray());
                    }
                    trustManagerFactory.init(keyStore);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    createDefault.init(new KeyManager[0], trustManagerFactory.getTrustManagers(), new SecureRandom());
                } finally {
                }
            }
            return createDefault;
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    private String[] getSslProtocols() {
        return sslProtocols;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public LayeredConnectionSocketFactory createSslSocketFactory() {
        if (this.configuration.getIgnoreInvalidSslCertificates()) {
            logger.warn("Using insecure configuration, skipping server-side certificate validation checks.");
        }
        return new SSLConnectionSocketFactory(getSslContext(), getSslProtocols(), (String[]) null, getHostnameVerifier());
    }
}
