package nl.nn.adapterframework.http;

import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import nl.nn.adapterframework.util.LogUtil;
import nl.nn.adapterframework.util.PkiUtil;
import org.apache.commons.lang.StringUtils;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:adapterframework.war:WEB-INF/lib/ibis-adapterframework-core-7.6.5.jar:nl/nn/adapterframework/http/AuthSSLContextFactory.class */
public class AuthSSLContextFactory {
    protected static Logger log = LogUtil.getLogger(MethodHandles.lookup().lookupClass());
    protected String protocol;
    protected URL keystoreUrl;
    protected String keystorePassword;
    protected String keystoreType;
    protected String keyManagerAlgorithm;
    protected URL truststoreUrl;
    protected String truststorePassword;
    protected String truststoreType;
    protected String trustManagerAlgorithm;
    protected boolean allowSelfSignedCertificates;
    protected boolean ignoreCertificateExpiredException;
    protected SSLContext sslContext;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:adapterframework.war:WEB-INF/lib/ibis-adapterframework-core-7.6.5.jar:nl/nn/adapterframework/http/AuthSSLContextFactory$AuthSslTrustManager.class */
    public class AuthSslTrustManager implements X509TrustManager {
        private X509TrustManager trustManager;

        AuthSslTrustManager(KeyStore keyStore, TrustManager[] trustManagerArr) throws NoSuchAlgorithmException, KeyStoreException {
            this.trustManager = null;
            if (trustManagerArr == null || trustManagerArr.length == 0) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            }
            if (trustManagerArr.length != 1) {
                throw new NoSuchAlgorithmException("Only works with X509 trustmanagers");
            }
            this.trustManager = (X509TrustManager) trustManagerArr[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.trustManager.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (x509CertificateArr != null) {
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    try {
                        x509Certificate.checkValidity();
                    } catch (CertificateException e) {
                        if (!AuthSSLContextFactory.this.ignoreCertificateExpiredException) {
                            throw e;
                        }
                        AuthSSLContextFactory.log.warn("error occurred during checking trusted server: " + e.getMessage());
                        return;
                    }
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.trustManager.getAcceptedIssuers();
        }
    }

    public static SSLContext createSSLContext(URL url, String str, String str2, String str3, URL url2, String str4, String str5, String str6, boolean z, boolean z2, String str7) throws GeneralSecurityException, IOException {
        return new AuthSSLContextFactory(url, str, str2, str3, url2, str4, str5, str6, z, z2, str7).getSSLContext();
    }

    public AuthSSLContextFactory(URL url, String str, String str2, String str3, URL url2, String str4, String str5, String str6, boolean z, boolean z2) {
        this(url, str, str2, str3, url2, str4, str5, str6, z, z2, null);
    }

    public AuthSSLContextFactory(URL url, String str, String str2, String str3, URL url2, String str4, String str5, String str6, boolean z, boolean z2, String str7) {
        this.protocol = "SSL";
        this.keystoreUrl = null;
        this.keystorePassword = null;
        this.keystoreType = "null";
        this.keyManagerAlgorithm = null;
        this.truststoreUrl = null;
        this.truststorePassword = null;
        this.truststoreType = "null";
        this.trustManagerAlgorithm = null;
        this.allowSelfSignedCertificates = false;
        this.ignoreCertificateExpiredException = false;
        this.sslContext = null;
        this.keystoreUrl = url;
        this.keystorePassword = str;
        this.keystoreType = str2;
        this.keyManagerAlgorithm = str3;
        this.truststoreUrl = url2;
        this.truststorePassword = str4;
        this.truststoreType = str5;
        this.trustManagerAlgorithm = str6;
        this.allowSelfSignedCertificates = z;
        this.ignoreCertificateExpiredException = z2;
        if (StringUtils.isNotEmpty(str7)) {
            this.protocol = str7;
        }
    }

    private SSLContext createSSLContext() throws GeneralSecurityException, IOException {
        KeyManager[] keyManagerArr = null;
        TrustManager[] trustManagerArr = null;
        if (this.keystoreUrl != null) {
            keyManagerArr = PkiUtil.createKeyManagers(PkiUtil.createKeyStore(this.keystoreUrl, this.keystorePassword, this.keystoreType, "Certificate chain"), this.keystorePassword, this.keyManagerAlgorithm);
        }
        if (this.truststoreUrl != null) {
            KeyStore createKeyStore = PkiUtil.createKeyStore(this.truststoreUrl, this.truststorePassword, this.truststoreType, "Trusted Certificate");
            trustManagerArr = PkiUtil.createTrustManagers(createKeyStore, this.trustManagerAlgorithm);
            if (this.allowSelfSignedCertificates) {
                trustManagerArr = new TrustManager[]{new AuthSslTrustManager(createKeyStore, trustManagerArr)};
            }
        } else if (this.allowSelfSignedCertificates) {
            trustManagerArr = new TrustManager[]{new AuthSslTrustManager(null, null)};
        }
        SSLContext sSLContext = SSLContext.getInstance(this.protocol);
        sSLContext.init(keyManagerArr, trustManagerArr, null);
        return sSLContext;
    }

    public SSLContext getSSLContext() throws GeneralSecurityException, IOException {
        if (this.sslContext == null) {
            this.sslContext = createSSLContext();
        }
        return this.sslContext;
    }

    public void setProtocol(String str) {
        this.protocol = str;
    }

    public String getProtocol() {
        return this.protocol;
    }
}
