package com.nesscomputing.tinyhttp.ssl;

import com.google.common.io.Resources;
import com.nesscomputing.logging.Log;
import java.io.IOException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import javax.annotation.Nonnull;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/nesscomputing/tinyhttp/ssl/HttpsTrustManagerFactory.class */
public final class HttpsTrustManagerFactory {
    private static final Log LOG = Log.findLog();

    private HttpsTrustManagerFactory() {
    }

    public static X509TrustManager getTrustManager(SSLConfig sSLConfig) throws GeneralSecurityException, IOException {
        if (sSLConfig.isSSLDisableVerification()) {
            return new AlwaysTrustManager();
        }
        if (sSLConfig.getSSLTruststore() == null || sSLConfig.getSSLTruststorePassword() == null) {
            LOG.trace("Not using custom truststore.");
            return getDefaultTrustManager();
        }
        LOG.trace("Using custom truststore %s.", new Object[]{sSLConfig.getSSLTruststore()});
        MultiTrustManager multiTrustManager = new MultiTrustManager();
        if (sSLConfig.isSSLTruststoreFallback()) {
            LOG.trace("Adding fallback to default trust manager");
            multiTrustManager.addTrustManager(getDefaultTrustManager());
        }
        multiTrustManager.addTrustManager(trustManagerFromKeystore(loadKeystore(sSLConfig.getSSLTruststore(), sSLConfig.getSSLTruststoreType(), sSLConfig.getSSLTruststorePassword())));
        return multiTrustManager;
    }

    @Nonnull
    public static X509TrustManager getDefaultTrustManager() throws GeneralSecurityException {
        return trustManagerFromKeystore(null);
    }

    @Nonnull
    private static KeyStore loadKeystore(@Nonnull String str, @Nonnull String str2, @Nonnull String str3) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(str2);
        keyStore.load((StringUtils.startsWithIgnoreCase(str, "classpath:") ? Resources.getResource(HttpsTrustManagerFactory.class, str.substring(10)) : new URL(str)).openStream(), str3.toCharArray());
        return keyStore;
    }

    @Nonnull
    private static X509TrustManager trustManagerFromKeystore(KeyStore keyStore) throws GeneralSecurityException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX", "SunJSSE");
        trustManagerFactory.init(keyStore);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                X509TrustManager x509TrustManager = (X509TrustManager) X509TrustManager.class.cast(trustManager);
                X509Certificate[] acceptedIssuers = x509TrustManager.getAcceptedIssuers();
                LOG.debug("Found TrustManager with %d authorities.", new Object[]{Integer.valueOf(acceptedIssuers.length)});
                for (int i = 0; i < acceptedIssuers.length; i++) {
                    X509Certificate x509Certificate = acceptedIssuers[i];
                    LOG.trace("Issuer #%d, subject DN=<%s>, serial=<%s>", new Object[]{Integer.valueOf(i), x509Certificate.getSubjectDN(), x509Certificate.getSerialNumber()});
                }
                return x509TrustManager;
            }
        }
        throw new IllegalStateException("Could not locate X509TrustManager!");
    }
}
