package com.cloudera.nav.sdk.client;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.base.Throwables;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.lang.StringUtils;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/nav/sdk/client/SSLUtils.class */
public class SSLUtils {
    private static final Logger LOG = LoggerFactory.getLogger(SSLUtils.class);
    private static final String SSLCERTIFICATE;
    private static final String DEFAULT_TRUST_STORE_TYPE = "jks";

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/cloudera/nav/sdk/client/SSLUtils$AcceptAllTrustManager.class */
    public static class AcceptAllTrustManager implements X509TrustManager {
        AcceptAllTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    public static boolean isSSL(String str) {
        Preconditions.checkArgument(StringUtils.isNotEmpty(str));
        return str.startsWith("https://");
    }

    public static SSLContext getSSLContext(ClientConfig clientConfig) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{getTrustManager(clientConfig)}, null);
            return sSLContext;
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw Throwables.propagate(e);
        }
    }

    @VisibleForTesting
    static TrustManager getTrustManager(ClientConfig clientConfig) {
        return clientConfig.isDisableSSLValidation() ? new AcceptAllTrustManager() : clientConfig.getOverrideTrustManager() != null ? clientConfig.getOverrideTrustManager() : createTrustManager(clientConfig);
    }

    private static TrustManager createTrustManager(ClientConfig clientConfig) {
        Preconditions.checkNotNull(clientConfig.getSSLTrustStoreLocation(), "Could not create TrustManager, No SSL trust store provided");
        String sslTrustStoreType = clientConfig.getSslTrustStoreType();
        if (StringUtils.isEmpty(sslTrustStoreType)) {
            sslTrustStoreType = DEFAULT_TRUST_STORE_TYPE;
        }
        String sSLTrustStoreLocation = clientConfig.getSSLTrustStoreLocation();
        Preconditions.checkArgument(StringUtils.isNotEmpty(sSLTrustStoreLocation), "Trust store location not provided");
        String sSLTrustStorePassword = clientConfig.getSSLTrustStorePassword();
        Preconditions.checkArgument(StringUtils.isNotEmpty(sSLTrustStorePassword), "Trust store password not provided");
        try {
            return loadTrustManager(sslTrustStoreType, sSLTrustStoreLocation, sSLTrustStorePassword);
        } catch (IOException | GeneralSecurityException e) {
            throw Throwables.propagate(e);
        }
    }

    private static X509TrustManager loadTrustManager(String str, String str2, String str3) throws IOException, GeneralSecurityException {
        X509TrustManager x509TrustManager = null;
        KeyStore keyStore = KeyStore.getInstance(str);
        FileInputStream fileInputStream = new FileInputStream(str2);
        Throwable th = null;
        try {
            try {
                keyStore.load(fileInputStream, str3.toCharArray());
                LOG.debug("Loaded truststore '" + str2 + "'");
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(SSLCERTIFICATE);
                trustManagerFactory.init(keyStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                int length = trustManagers.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    TrustManager trustManager = trustManagers[i];
                    if (trustManager instanceof X509TrustManager) {
                        x509TrustManager = (X509TrustManager) trustManager;
                        break;
                    }
                    i++;
                }
                return x509TrustManager;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    public static HostnameVerifier getHostnameVerifier(ClientConfig clientConfig) {
        return clientConfig.isDisableSSLValidation() ? new NoopHostnameVerifier() : clientConfig.getOverrideHostnameVerifier() == null ? new DefaultHostnameVerifier() : clientConfig.getOverrideHostnameVerifier();
    }

    static {
        SSLCERTIFICATE = System.getProperty("java.vendor").contains("IBM") ? "ibmX509" : "SunX509";
    }
}
