package com.netflix.spinnaker.config.okhttp3;

import com.netflix.spinnaker.config.ServiceEndpoint;
import com.netflix.spinnaker.kork.exceptions.SystemException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

@Order(Integer.MAX_VALUE)
@Component
/* loaded from: input_file:com/netflix/spinnaker/config/okhttp3/InsecureOkHttpClientBuilderProvider.class */
public class InsecureOkHttpClientBuilderProvider implements OkHttpClientBuilderProvider {
    private static final Logger log = LoggerFactory.getLogger(InsecureOkHttpClientBuilderProvider.class);
    private final OkHttpClient okHttpClient;

    @Autowired
    public InsecureOkHttpClientBuilderProvider(OkHttpClient okHttpClient) {
        this.okHttpClient = okHttpClient;
    }

    @Override // com.netflix.spinnaker.config.okhttp3.OkHttpClientBuilderProvider
    public Boolean supports(ServiceEndpoint serviceEndpoint) {
        return Boolean.valueOf((serviceEndpoint.getBaseUrl().startsWith("http://") || serviceEndpoint.getBaseUrl().startsWith("https://")) && !serviceEndpoint.isSecure());
    }

    @Override // com.netflix.spinnaker.config.okhttp3.OkHttpClientBuilderProvider
    public OkHttpClient.Builder get(ServiceEndpoint serviceEndpoint) {
        return setSSLSocketFactory(this.okHttpClient.newBuilder(), serviceEndpoint);
    }

    private OkHttpClient.Builder setSSLSocketFactory(OkHttpClient.Builder builder, ServiceEndpoint serviceEndpoint) {
        try {
            TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.netflix.spinnaker.config.okhttp3.InsecureOkHttpClientBuilderProvider.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            }};
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerArr, null);
            builder.sslSocketFactory(sSLContext.getSocketFactory(), (X509TrustManager) trustManagerArr[0]);
            builder.hostnameVerifier((str, sSLSession) -> {
                return true;
            });
            return builder;
        } catch (Exception e) {
            log.error("Unable to set ssl socket factory for {}", serviceEndpoint.getBaseUrl(), e);
            throw new SystemException(String.format("Unable to set ssl socket factory for (%s)", serviceEndpoint.getBaseUrl()), e);
        }
    }
}
