package ca.uhn.fhir.rest.client.tls;

import ca.uhn.fhir.i18n.Msg;
import ca.uhn.fhir.tls.KeyStoreInfo;
import ca.uhn.fhir.tls.PathType;
import ca.uhn.fhir.tls.StoreInfo;
import ca.uhn.fhir.tls.TlsAuthentication;
import ca.uhn.fhir.tls.TrustStoreInfo;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.util.Optional;
import javax.annotation.Nonnull;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.Validate;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.ssl.PrivateKeyStrategy;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;

/* loaded from: input_file:ca/uhn/fhir/rest/client/tls/TlsAuthenticationSvc.class */
public class TlsAuthenticationSvc {

    /* loaded from: input_file:ca/uhn/fhir/rest/client/tls/TlsAuthenticationSvc$TlsAuthenticationException.class */
    public static class TlsAuthenticationException extends RuntimeException {
        private static final long serialVersionUID = 1;

        public TlsAuthenticationException(String str, Throwable th) {
            super(str, th);
        }

        public TlsAuthenticationException(String str) {
            super(str);
        }
    }

    private TlsAuthenticationSvc() {
    }

    public static SSLContext createSslContext(@Nonnull TlsAuthentication tlsAuthentication) {
        Validate.notNull(tlsAuthentication, "theTlsAuthentication cannot be null", new Object[0]);
        try {
            SSLContextBuilder custom = SSLContexts.custom();
            if (tlsAuthentication.getKeyStoreInfo().isPresent()) {
                KeyStoreInfo keyStoreInfo = (KeyStoreInfo) tlsAuthentication.getKeyStoreInfo().get();
                PrivateKeyStrategy privateKeyStrategy = null;
                if (StringUtils.isNotBlank(keyStoreInfo.getAlias())) {
                    privateKeyStrategy = (map, socket) -> {
                        return keyStoreInfo.getAlias();
                    };
                }
                custom.loadKeyMaterial(createKeyStore(keyStoreInfo), keyStoreInfo.getKeyPass(), privateKeyStrategy);
            }
            if (tlsAuthentication.getTrustStoreInfo().isPresent()) {
                custom.loadTrustMaterial(createKeyStore((TrustStoreInfo) tlsAuthentication.getTrustStoreInfo().get()), TrustSelfSignedStrategy.INSTANCE);
            }
            return custom.build();
        } catch (Exception e) {
            throw new TlsAuthenticationException(Msg.code(2102) + "Failed to create SSLContext", e);
        }
    }

    public static KeyStore createKeyStore(StoreInfo storeInfo) {
        try {
            KeyStore keyStore = KeyStore.getInstance(storeInfo.getType().toString());
            if (PathType.RESOURCE.equals(storeInfo.getPathType())) {
                InputStream resourceAsStream = TlsAuthenticationSvc.class.getResourceAsStream(storeInfo.getFilePath());
                try {
                    validateKeyStoreExists(resourceAsStream);
                    keyStore.load(resourceAsStream, storeInfo.getStorePass());
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                } finally {
                }
            } else if (PathType.FILE.equals(storeInfo.getPathType())) {
                FileInputStream fileInputStream = new FileInputStream(storeInfo.getFilePath());
                try {
                    validateKeyStoreExists(fileInputStream);
                    keyStore.load(fileInputStream, storeInfo.getStorePass());
                    fileInputStream.close();
                } finally {
                }
            }
            return keyStore;
        } catch (Exception e) {
            throw new TlsAuthenticationException(Msg.code(2103) + "Failed to create KeyStore", e);
        }
    }

    public static void validateKeyStoreExists(InputStream inputStream) {
        if (inputStream == null) {
            throw new TlsAuthenticationException(Msg.code(2116) + "Keystore does not exists");
        }
    }

    public static X509TrustManager createTrustManager(Optional<TrustStoreInfo> optional) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            if (optional.isEmpty()) {
                trustManagerFactory.init((KeyStore) null);
            } else {
                trustManagerFactory.init(createKeyStore(optional.get()));
            }
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            throw new TlsAuthenticationException(Msg.code(2104) + "Could not find X509TrustManager");
        } catch (Exception e) {
            throw new TlsAuthenticationException(Msg.code(2105) + "Failed to create X509TrustManager");
        }
    }

    public static HostnameVerifier createHostnameVerifier(Optional<TrustStoreInfo> optional) {
        return optional.isPresent() ? new DefaultHostnameVerifier() : new NoopHostnameVerifier();
    }
}
