package net.di2e.ecdr.source.rest;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.KeyManagerFactory;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.transport.http.HTTPConduit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/di2e/ecdr/source/rest/TLSUtil.class */
public final class TLSUtil {
    private static final Logger LOGGER = LoggerFactory.getLogger(TLSUtil.class);
    private static final String SSL_KEYSTORE_JAVA_PROPERTY = "javax.net.ssl.keyStore";
    private static final String SSL_KEYSTORE_PASSWORD_JAVA_PROPERTY = "javax.net.ssl.keyStorePassword";

    private TLSUtil() {
    }

    public static void setTLSOptions(WebClient webClient, boolean z) {
        HTTPConduit httpConduit = WebClient.getConfig(webClient).getHttpConduit();
        String property = System.getProperty(SSL_KEYSTORE_JAVA_PROPERTY);
        String property2 = System.getProperty(SSL_KEYSTORE_PASSWORD_JAVA_PROPERTY);
        if (StringUtils.isNotBlank(property) && StringUtils.isNotBlank(property2)) {
            try {
                TLSClientParameters tLSClientParameters = new TLSClientParameters();
                LOGGER.debug("Setting disable of CN check on client URL {} to [{}]", webClient.getCurrentURI(), Boolean.valueOf(z));
                tLSClientParameters.setDisableCNCheck(z);
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                File file = new File(property);
                if (file.exists() && property2 != null) {
                    FileInputStream fileInputStream = new FileInputStream(file);
                    try {
                        try {
                            LOGGER.debug("Loading keyStore {}", file);
                            keyStore.load(fileInputStream, property2.toCharArray());
                            IOUtils.closeQuietly(fileInputStream);
                        } catch (Throwable th) {
                            IOUtils.closeQuietly(fileInputStream);
                            throw th;
                        }
                    } catch (IOException e) {
                        LOGGER.error("Unable to load keystore. {}", file, e);
                        IOUtils.closeQuietly(fileInputStream);
                    } catch (CertificateException e2) {
                        LOGGER.error("Unable to load certificates from keystore. {}", file, e2);
                        IOUtils.closeQuietly(fileInputStream);
                    }
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore, property2.toCharArray());
                    tLSClientParameters.setKeyManagers(keyManagerFactory.getKeyManagers());
                }
                httpConduit.setTlsClientParameters(tLSClientParameters);
            } catch (FileNotFoundException e3) {
                LOGGER.error("Unable to locate one of the SSL stores: {} | {}", property, e3);
            } catch (KeyStoreException e4) {
                LOGGER.error("Unable to read keystore: ", e4);
            } catch (NoSuchAlgorithmException e5) {
                LOGGER.error("Problems creating SSL socket. Usually this is referring to the certificate sent by the server not being trusted by the client.", e5);
            } catch (UnrecoverableKeyException e6) {
                LOGGER.error("Unable to read keystore: ", e6);
            }
        }
    }
}
