package org.sourcelab.kafka.connect.apiclient.rest;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Objects;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.ssl.SSLContexts;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sourcelab.kafka.connect.apiclient.Configuration;

/* loaded from: input_file:org/sourcelab/kafka/connect/apiclient/rest/HttpsContextBuilder.class */
class HttpsContextBuilder {
    private static final Logger logger = LoggerFactory.getLogger(HttpsContextBuilder.class);
    private static final String[] sslProtocols = {"TLSv1.2", "TLSv1.1", "TLSv1"};
    private final Configuration configuration;

    public HttpsContextBuilder(Configuration configuration) {
        this.configuration = (Configuration) Objects.requireNonNull(configuration);
    }

    public LayeredConnectionSocketFactory createSslSocketFactory() {
        if (this.configuration.getIgnoreInvalidSslCertificates()) {
            logger.warn("Using insecure configuration, skipping server-side certificate validation checks.");
        }
        return new SSLConnectionSocketFactory(getSslContext(), getSslProtocols(), (String[]) null, getHostnameVerifier());
    }

    HostnameVerifier getHostnameVerifier() {
        return this.configuration.getIgnoreInvalidSslCertificates() ? NoopHostnameVerifier.INSTANCE : SSLConnectionSocketFactory.getDefaultHostnameVerifier();
    }

    SSLContext getSslContext() {
        try {
            SSLContext createDefault = SSLContexts.createDefault();
            createDefault.init(getKeyManagers(), getTrustManagers(), new SecureRandom());
            return createDefault;
        } catch (KeyManagementException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    KeyManager[] getKeyManagers() {
        if (this.configuration.getKeyStoreFile() == null) {
            return new KeyManager[0];
        }
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance("JKS");
            char[] charArray = this.configuration.getKeyStorePassword() == null ? new char[0] : this.configuration.getKeyStorePassword().toCharArray();
            FileInputStream fileInputStream = new FileInputStream(this.configuration.getKeyStoreFile());
            try {
                keyStore.load(fileInputStream, charArray);
                fileInputStream.close();
                keyManagerFactory.init(keyStore, charArray);
                return keyManagerFactory.getKeyManagers();
            } catch (Throwable th) {
                try {
                    fileInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (FileNotFoundException e) {
            throw new RuntimeException("Unable to find configured KeyStore file \"" + this.configuration.getKeyStoreFile() + "\"", e);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e2) {
            throw new RuntimeException(e2.getMessage(), e2);
        }
    }

    TrustManager[] getTrustManagers() {
        try {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                if (this.configuration.getIgnoreInvalidSslCertificates()) {
                    return new TrustManager[]{new NoopTrustManager()};
                }
                if (this.configuration.getTrustStoreFile() == null) {
                    trustManagerFactory.init((KeyStore) null);
                    return trustManagerFactory.getTrustManagers();
                }
                FileInputStream fileInputStream = new FileInputStream(this.configuration.getTrustStoreFile());
                try {
                    KeyStore keyStore = KeyStore.getInstance("JKS");
                    if (this.configuration.getTrustStorePassword() == null) {
                        keyStore.load(fileInputStream, null);
                    } else {
                        keyStore.load(fileInputStream, this.configuration.getTrustStorePassword().toCharArray());
                    }
                    trustManagerFactory.init(keyStore);
                    fileInputStream.close();
                    return trustManagerFactory.getTrustManagers();
                } catch (Throwable th) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (FileNotFoundException e) {
                throw new RuntimeException("Unable to find configured TrustStore file \"" + this.configuration.getTrustStoreFile() + "\"", e);
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            throw new RuntimeException(e2.getMessage(), e2);
        }
    }

    private String[] getSslProtocols() {
        return sslProtocols;
    }
}
