package com.wso2.openbanking.accelerator.identity.util;

import com.wso2.openbanking.accelerator.common.exception.OpenBankingException;
import com.wso2.openbanking.accelerator.common.util.Generated;
import com.wso2.openbanking.accelerator.identity.internal.IdentityExtensionsDataHolder;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.user.api.RealmConfiguration;
import org.wso2.carbon.user.core.UserStoreException;

/* loaded from: input_file:com/wso2/openbanking/accelerator/identity/util/HTTPClientUtils.class */
public class HTTPClientUtils {
    public static final String ALLOW_ALL = "AllowAll";
    public static final String STRICT = "Strict";
    public static final String HOST_NAME_VERIFIER = "httpclient.hostnameVerifier";
    public static final String HTTP_PROTOCOL = "http";
    public static final String HTTPS_PROTOCOL = "https";
    private static final String[] SUPPORTED_HTTP_PROTOCOLS = {"TLSv1.2"};
    private static final Log log = LogFactory.getLog(HTTPClientUtils.class);

    @Generated(message = "Unit testable components are covered")
    public static CloseableHttpClient getHttpsClient() throws OpenBankingException {
        Registry build = RegistryBuilder.create().register(HTTP_PROTOCOL, new PlainConnectionSocketFactory()).register(HTTPS_PROTOCOL, createSSLConnectionSocketFactory()).build();
        return HttpClients.custom().setConnectionManager(build != null ? new PoolingHttpClientConnectionManager(build) : new PoolingHttpClientConnectionManager()).build();
    }

    @Generated(message = "Ignoring because ServerConfiguration cannot be mocked")
    private static SSLConnectionSocketFactory createSSLConnectionSocketFactory() throws OpenBankingException {
        try {
            return new SSLConnectionSocketFactory(SSLContexts.custom().loadTrustMaterial(loadKeyStore(ServerConfiguration.getInstance().getFirstProperty("Security.TrustStore.Location"), ServerConfiguration.getInstance().getFirstProperty("Security.TrustStore.Password")), new TrustSelfSignedStrategy()).build(), SUPPORTED_HTTP_PROTOCOLS, (String[]) null, getX509HostnameVerifier());
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
            throw new OpenBankingException("Unable to create the ssl context", e);
        }
    }

    @SuppressFBWarnings({"PATH_TRAVERSAL_IN"})
    public static KeyStore loadKeyStore(String str, String str2) throws OpenBankingException {
        try {
            try {
                FileInputStream fileInputStream = new FileInputStream(str);
                Throwable th = null;
                try {
                    try {
                        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                        keyStore.load(fileInputStream, str2.toCharArray());
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                        return keyStore;
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (fileInputStream != null) {
                        if (th != null) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    throw th3;
                }
            } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
                throw new OpenBankingException("Error while loading keystore", e);
            }
        } catch (KeyStoreException e2) {
            throw new OpenBankingException("Error while retrieving aliases from keystore", e2);
        }
    }

    public static X509HostnameVerifier getX509HostnameVerifier() {
        String property = System.getProperty(HOST_NAME_VERIFIER);
        X509HostnameVerifier x509HostnameVerifier = ALLOW_ALL.equalsIgnoreCase(property) ? SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER : STRICT.equalsIgnoreCase(property) ? SSLSocketFactory.STRICT_HOSTNAME_VERIFIER : SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER;
        if (log.isDebugEnabled()) {
            log.debug(String.format("Proceeding with %s : %s", HOST_NAME_VERIFIER, property));
        }
        return x509HostnameVerifier;
    }

    @Generated(message = "Excluding from code coverage since it requires a service call")
    public static String getBasicAuthCredentials() throws OpenBankingException {
        try {
            RealmConfiguration realmConfiguration = IdentityExtensionsDataHolder.getInstance().getRealmService().getBootstrapRealm().getUserStoreManager().getRealmConfiguration();
            return Base64.getEncoder().encodeToString((realmConfiguration.getAdminUserName() + ":" + String.valueOf(realmConfiguration.getAdminPassword().toCharArray())).getBytes(StandardCharsets.UTF_8));
        } catch (UserStoreException e) {
            throw new OpenBankingException("Error while retrieving session data", e);
        }
    }
}
