package com.azure.spring.security.keyvault.certificates.starter;

import com.azure.security.keyvault.jca.KeyVaultJcaProvider;
import com.azure.security.keyvault.jca.KeyVaultTrustManagerFactoryProvider;
import java.security.Security;
import java.util.Objects;
import java.util.Optional;
import java.util.Properties;
import javax.net.ssl.HttpsURLConnection;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.env.EnvironmentPostProcessor;
import org.springframework.core.annotation.Order;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.core.env.MutablePropertySources;
import org.springframework.core.env.PropertiesPropertySource;
import org.springframework.util.StringUtils;

@Order
/* loaded from: input_file:com/azure/spring/security/keyvault/certificates/starter/KeyVaultCertificatesEnvironmentPostProcessor.class */
public class KeyVaultCertificatesEnvironmentPostProcessor implements EnvironmentPostProcessor {
    public void postProcessEnvironment(ConfigurableEnvironment configurableEnvironment, SpringApplication springApplication) {
        putEnvironmentPropertyToSystemProperty(configurableEnvironment, "azure.keyvault.uri");
        putEnvironmentPropertyToSystemProperty(configurableEnvironment, "azure.keyvault.tenant-id");
        putEnvironmentPropertyToSystemProperty(configurableEnvironment, "azure.keyvault.client-id");
        putEnvironmentPropertyToSystemProperty(configurableEnvironment, "azure.keyvault.client-secret");
        putEnvironmentPropertyToSystemProperty(configurableEnvironment, "azure.keyvault.managed-identity");
        putEnvironmentPropertyToSystemProperty(configurableEnvironment, "azure.keyvault.jca.certificates-refresh-interval");
        putEnvironmentPropertyToSystemProperty(configurableEnvironment, "azure.keyvault.jca.certificates-refresh-interval-in-ms");
        putEnvironmentPropertyToSystemProperty(configurableEnvironment, "azure.keyvault.jca.refresh-certificates-when-have-un-trust-certificate");
        putEnvironmentPropertyToSystemProperty(configurableEnvironment, "azure.cert-path.well-known");
        putEnvironmentPropertyToSystemProperty(configurableEnvironment, "azure.cert-path.custom");
        MutablePropertySources propertySources = configurableEnvironment.getPropertySources();
        if ("AzureKeyVault".equals(configurableEnvironment.getProperty("server.ssl.key-store-type"))) {
            Properties properties = new Properties();
            properties.put("server.ssl.key-store", "classpath:keyvault.dummy");
            if (hasEmbedTomcat()) {
                properties.put("server.ssl.key-store-type", "DKS");
            }
            propertySources.addFirst(new PropertiesPropertySource("KeyStorePropertySource", properties));
        }
        if ("AzureKeyVault".equals(configurableEnvironment.getProperty("server.ssl.trust-store-type"))) {
            Properties properties2 = new Properties();
            properties2.put("server.ssl.trust-store", "classpath:keyvault.dummy");
            if (hasEmbedTomcat()) {
                properties2.put("server.ssl.trust-store-type", "DKS");
            }
            propertySources.addFirst(new PropertiesPropertySource("TrustStorePropertySource", properties2));
        }
        Security.removeProvider("AzureKeyVault");
        Security.insertProviderAt(new KeyVaultJcaProvider(), 1);
        if (overrideTrustManagerFactory(configurableEnvironment)) {
            Security.insertProviderAt(new KeyVaultTrustManagerFactoryProvider(), 1);
        }
        if (disableHostnameVerification(configurableEnvironment)) {
            HttpsURLConnection.setDefaultHostnameVerifier((str, sSLSession) -> {
                return true;
            });
        }
    }

    private void putEnvironmentPropertyToSystemProperty(ConfigurableEnvironment configurableEnvironment, String str) {
        Optional of = Optional.of(str);
        Objects.requireNonNull(configurableEnvironment);
        of.map(configurableEnvironment::getProperty).filter(StringUtils::hasText).ifPresent(str2 -> {
            System.getProperties().put(str, str2);
        });
    }

    private boolean hasEmbedTomcat() {
        try {
            Class.forName("org.apache.tomcat.InstanceManager");
            return true;
        } catch (ClassNotFoundException e) {
            return false;
        }
    }

    static boolean overrideTrustManagerFactory(ConfigurableEnvironment configurableEnvironment) {
        return environmentPropertyIsTrue(configurableEnvironment, "azure.keyvault.jca.overrideTrustManagerFactory") || environmentPropertyIsTrue(configurableEnvironment, "azure.keyvault.jca.override-trust-manager-factory");
    }

    private static boolean disableHostnameVerification(ConfigurableEnvironment configurableEnvironment) {
        return environmentPropertyIsTrue(configurableEnvironment, "azure.keyvault.jca.disableHostnameVerification") || environmentPropertyIsTrue(configurableEnvironment, "azure.keyvault.jca.disable-hostname-verification");
    }

    private static boolean environmentPropertyIsTrue(ConfigurableEnvironment configurableEnvironment, String str) {
        Optional of = Optional.of(str);
        Objects.requireNonNull(configurableEnvironment);
        return ((Boolean) of.map(configurableEnvironment::getProperty).map(Boolean::parseBoolean).orElse(false)).booleanValue();
    }
}
