package eu.europa.esig.dss.service.http.commons;

import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.client.http.Protocol;
import eu.europa.esig.dss.spi.exception.DSSExternalResourceException;
import eu.europa.esig.dss.utils.Utils;
import java.io.IOException;
import java.io.Serializable;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.SSLSession;
import org.apache.hc.client5.http.classic.methods.HttpUriRequest;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
import org.apache.hc.core5.http.ClassicHttpResponse;
import org.apache.hc.core5.http.EntityDetails;
import org.apache.hc.core5.http.HttpException;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.HttpResponse;
import org.apache.hc.core5.http.HttpResponseInterceptor;
import org.apache.hc.core5.http.io.HttpClientResponseHandler;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.hc.core5.http.protocol.HttpContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/service/http/commons/SSLCertificateLoader.class */
public class SSLCertificateLoader implements Serializable {
    private static final long serialVersionUID = -2560386894555266018L;
    private static final Logger LOG = LoggerFactory.getLogger(SSLCertificateLoader.class);
    private static final String PEER_CERTIFICATES = "PEER_CERTIFICATES";
    private CommonsDataLoader commonsDataLoader;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:eu/europa/esig/dss/service/http/commons/SSLCertificateLoader$NoSenseHttpClientResponseHandler.class */
    public static class NoSenseHttpClientResponseHandler implements HttpClientResponseHandler<byte[]> {
        private NoSenseHttpClientResponseHandler() {
        }

        /* renamed from: handleResponse, reason: merged with bridge method [inline-methods] */
        public byte[] m13handleResponse(ClassicHttpResponse classicHttpResponse) throws HttpException, IOException {
            if (classicHttpResponse != null) {
                EntityUtils.consumeQuietly(classicHttpResponse.getEntity());
                Utils.closeQuietly(classicHttpResponse);
            }
            return DSSUtils.EMPTY_BYTE_ARRAY;
        }
    }

    public void setCommonsDataLoader(CommonsDataLoader commonsDataLoader) {
        this.commonsDataLoader = commonsDataLoader;
    }

    private CommonsDataLoader getCommonsDataLoader() {
        if (this.commonsDataLoader == null) {
            this.commonsDataLoader = new CommonsDataLoader();
        }
        return this.commonsDataLoader;
    }

    public List<CertificateToken> getCertificates(String str) {
        String trim = Utils.trim(str);
        if (Protocol.isHttpUrl(trim)) {
            return toCertificateTokens(httpGetCertificates(trim));
        }
        throw new UnsupportedOperationException(String.format("DSS framework supports only HTTP(S) certificate extraction. Obtained URL : '%s'", str));
    }

    private Certificate[] httpGetCertificates(String str) throws DSSException {
        HttpUriRequest httpUriRequest = null;
        CloseableHttpClient closeableHttpClient = null;
        CommonsDataLoader commonsDataLoader = getCommonsDataLoader();
        try {
            try {
                httpUriRequest = commonsDataLoader.getHttpRequest(str);
                closeableHttpClient = getHttpClient(str);
                HttpHost httpHost = commonsDataLoader.getHttpHost(httpUriRequest);
                HttpContext httpContext = commonsDataLoader.getHttpContext(httpHost);
                closeableHttpClient.execute(httpHost, httpUriRequest, httpContext, new NoSenseHttpClientResponseHandler());
                Certificate[] readCertificates = readCertificates(httpContext);
                commonsDataLoader.closeQuietly(httpUriRequest, closeableHttpClient);
                return readCertificates;
            } catch (Exception e) {
                throw new DSSExternalResourceException(String.format("Unable to process GET call for url [%s]. Reason : [%s]", str, DSSUtils.getExceptionMessage(e)), e);
            }
        } catch (Throwable th) {
            commonsDataLoader.closeQuietly(httpUriRequest, closeableHttpClient);
            throw th;
        }
    }

    private List<CertificateToken> toCertificateTokens(Certificate[] certificateArr) {
        ArrayList arrayList = new ArrayList();
        for (Certificate certificate : certificateArr) {
            try {
                arrayList.add(DSSUtils.loadCertificate(certificate.getEncoded()));
            } catch (CertificateEncodingException e) {
                LOG.warn("Cannot read and/or create an instance of a CertificateToken for a certificate : '{}'. The entry is skipped. Reason : {}", certificate, e.getMessage());
            }
        }
        return arrayList;
    }

    private Certificate[] readCertificates(HttpContext httpContext) {
        Object attribute = httpContext.getAttribute(PEER_CERTIFICATES);
        return attribute instanceof Certificate[] ? (Certificate[]) attribute : new Certificate[0];
    }

    private synchronized CloseableHttpClient getHttpClient(String str) {
        HttpClientBuilder httpClientBuilder = getCommonsDataLoader().getHttpClientBuilder(str);
        httpClientBuilder.addResponseInterceptorLast(getHttpResponseInterceptor());
        return httpClientBuilder.build();
    }

    private HttpResponseInterceptor getHttpResponseInterceptor() {
        return new HttpResponseInterceptor() { // from class: eu.europa.esig.dss.service.http.commons.SSLCertificateLoader.1
            public void process(HttpResponse httpResponse, EntityDetails entityDetails, HttpContext httpContext) throws IOException {
                SSLSession sSLSession = (SSLSession) httpContext.getAttribute("http.ssl-session");
                if (sSLSession != null) {
                    httpContext.setAttribute(SSLCertificateLoader.PEER_CERTIFICATES, sSLSession.getPeerCertificates());
                }
            }
        };
    }
}
