package fish.payara.microprofile.jaxrs.client.ssl;

import com.sun.enterprise.security.ssl.SSLUtils;
import fish.payara.security.client.PayaraConstants;
import java.io.IOException;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.NoSuchElementException;
import java.util.Optional;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509KeyManager;
import org.eclipse.microprofile.config.Config;
import org.eclipse.microprofile.config.ConfigProvider;
import org.eclipse.microprofile.rest.client.RestClientBuilder;
import org.eclipse.microprofile.rest.client.spi.RestClientListener;
import org.glassfish.internal.api.Globals;

/* loaded from: input_file:MICRO-INF/runtime/rest-client-ssl.jar:fish/payara/microprofile/jaxrs/client/ssl/RestClientSslContextAliasListener.class */
public class RestClientSslContextAliasListener implements RestClientListener {
    private static final Logger logger = Logger.getLogger(RestClientSslContextAliasListener.class.getName());

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:MICRO-INF/runtime/rest-client-ssl.jar:fish/payara/microprofile/jaxrs/client/ssl/RestClientSslContextAliasListener$SingleCertificateKeyManager.class */
    public static class SingleCertificateKeyManager implements X509KeyManager {
        private String alias;
        private X509KeyManager keyManager;

        SingleCertificateKeyManager(String str, X509KeyManager x509KeyManager) {
            this.alias = str;
            this.keyManager = x509KeyManager;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return this.keyManager.getClientAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return this.alias;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.keyManager.getCertificateChain(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.keyManager.getPrivateKey(str);
        }
    }

    @Override // org.eclipse.microprofile.rest.client.spi.RestClientListener
    public void onNewClient(Class<?> cls, RestClientBuilder restClientBuilder) {
        logger.log(Level.FINE, "Evaluating state of the RestClientBuilder after calling build method");
        Object property = restClientBuilder.getConfiguration().getProperty(PayaraConstants.REST_CLIENT_CERTIFICATE_ALIAS);
        if (property instanceof String) {
            String str = (String) property;
            logger.log(Level.INFO, String.format("The alias: %s is available from the RestClientBuilder configuration", str));
            SSLContext buildSSlContext = buildSSlContext(str);
            if (buildSSlContext != null) {
                restClientBuilder.sslContext(buildSSlContext);
                return;
            } else {
                logger.log(Level.INFO, String.format("Although the alias: %s is configured, it could not be found in an available keystore", str));
                return;
            }
        }
        try {
            String str2 = (String) getConfig().getValue(PayaraConstants.MP_CONFIG_CLIENT_CERTIFICATE_ALIAS, String.class);
            if (str2 != null) {
                logger.log(Level.INFO, String.format("The alias: %s is available from the MP Config", str2));
                SSLContext buildSSlContext2 = buildSSlContext(str2);
                if (buildSSlContext2 != null) {
                    restClientBuilder.sslContext(buildSSlContext2);
                } else {
                    logger.log(Level.INFO, String.format("Although the alias: %s is configured, it could not be found in an available keystore", str2));
                }
            }
        } catch (NoSuchElementException e) {
            logger.log(Level.FINE, String.format("The MP config property %s was not set", PayaraConstants.MP_CONFIG_CLIENT_CERTIFICATE_ALIAS));
        }
    }

    protected SSLContext buildSSlContext(String str) {
        logger.log(Level.FINE, "Building the SSLContext for the alias");
        try {
            Optional findFirst = Arrays.stream(getKeyManagers()).filter(keyManager -> {
                return keyManager instanceof X509KeyManager;
            }).map(keyManager2 -> {
                return (X509KeyManager) keyManager2;
            }).findFirst();
            for (KeyStore keyStore : getKeyStores()) {
                if (keyStore.containsAlias(str) && findFirst.isPresent()) {
                    SingleCertificateKeyManager singleCertificateKeyManager = new SingleCertificateKeyManager(str, (X509KeyManager) findFirst.get());
                    SSLContext sSLContext = SSLContext.getInstance("TLS");
                    sSLContext.init(new KeyManager[]{singleCertificateKeyManager}, null, null);
                    return sSLContext;
                }
            }
            return null;
        } catch (IOException e) {
            logger.severe("An IOException was thrown with the following message" + e.getMessage());
            return null;
        } catch (KeyStoreException e2) {
            logger.severe("A KeyStoreException was thrown with the following message" + e2.getMessage());
            return null;
        } catch (Exception e3) {
            logger.severe("An Exception was thrown with the following message" + e3.getMessage());
            return null;
        }
    }

    protected Config getConfig() {
        return ConfigProvider.getConfig();
    }

    protected KeyManager[] getKeyManagers() throws Exception {
        return ((SSLUtils) Globals.get(SSLUtils.class)).getKeyManagers();
    }

    protected KeyStore[] getKeyStores() throws IOException {
        return ((SSLUtils) Globals.get(SSLUtils.class)).getKeyStores();
    }
}
