package com.netflix.spinnaker.kork.tomcat.x509;

import com.netflix.spectator.api.Registry;
import java.util.Objects;
import java.util.Optional;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.jsse.JSSEUtil;

/* loaded from: input_file:com/netflix/spinnaker/kork/tomcat/x509/BlocklistingJSSESocketFactory.class */
public class BlocklistingJSSESocketFactory extends JSSEUtil {
    private static final String BLOCKLIST_PREFIX = "blocklist:";
    private final Blocklist blocklist;
    private final Registry registry;

    public BlocklistingJSSESocketFactory(SSLHostConfigCertificate sSLHostConfigCertificate, Registry registry) {
        super(sSLHostConfigCertificate);
        this.registry = (Registry) Objects.requireNonNull(registry);
        String str = (String) Optional.ofNullable(sSLHostConfigCertificate.getSSLHostConfig().getCertificateRevocationListFile()).filter(str2 -> {
            return str2.startsWith(BLOCKLIST_PREFIX);
        }).map(str3 -> {
            return str3.substring(BLOCKLIST_PREFIX.length());
        }).orElse(null);
        if (str == null) {
            this.blocklist = null;
        } else {
            sSLHostConfigCertificate.getSSLHostConfig().setCertificateRevocationListFile((String) null);
            this.blocklist = Blocklist.forFile(str);
        }
    }

    public TrustManager[] getTrustManagers() throws Exception {
        TrustManager[] trustManagers = super.getTrustManagers();
        if (this.blocklist != null && trustManagers != null) {
            int i = 0;
            for (int i2 = 0; i2 < trustManagers.length; i2++) {
                TrustManager trustManager = trustManagers[i2];
                if (trustManager instanceof X509TrustManager) {
                    trustManagers[i2] = new BlocklistingX509TrustManager((X509TrustManager) trustManager, this.blocklist, this.registry);
                    i++;
                }
            }
            if (i != 1) {
                throw new IllegalStateException("expected single X509TrustManager");
            }
        }
        return trustManagers;
    }
}
