package be.ehealth.technicalconnector.config.impl;

import be.ehealth.technicalconnector.config.Configuration;
import be.ehealth.technicalconnector.exception.ConfigurationException;
import be.ehealth.technicalconnector.utils.ConnectorIOUtils;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Collections;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/ehealth/technicalconnector/config/impl/TrustManagerFactory.class */
public class TrustManagerFactory {
    private static final String TRUSTSTORE_PASSWORD = "connector.configurationmodule.ssl.trustore.password";
    private static final String TRUSTSTORE_LOCATION = "connector.configurationmodule.ssl.trustore.location";
    private static final Logger LOG = LoggerFactory.getLogger(TrustManagerFactory.class);
    private static final String DEFAULT_ALGORITHM = "PKIX";

    /* loaded from: input_file:be/ehealth/technicalconnector/config/impl/TrustManagerFactory$PassThroughTrustManager.class */
    private static class PassThroughTrustManager implements X509TrustManager {
        private static final Logger LOG = LoggerFactory.getLogger(PassThroughTrustManager.class);

        private PassThroughTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            LOG.warn("SSL verifcation disabled! DO NOT USE THIS IN PRODUCTION.");
            LOG.debug("getAcceptedIssuers() : empty list");
            return new X509Certificate[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            LOG.debug("checkClientTrusted() : authType={}", str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            LOG.debug("checkServerTrusted() : authType={}", str);
            for (int i = 0; i < x509CertificateArr.length; i++) {
                LOG.debug("Server Certificate to be checked {} : {} with issuer: {}", new Object[]{Integer.valueOf(i), x509CertificateArr[i].getSubjectX500Principal().getName("RFC1779"), x509CertificateArr[i].getIssuerX500Principal().getName("RFC1779")});
            }
        }
    }

    public static TrustManager passThroughTrustManager() {
        return new PassThroughTrustManager();
    }

    public static TrustManager keystoreTrustManager(Configuration configuration) {
        try {
            String property = configuration.getProperty(TRUSTSTORE_LOCATION, "${KEYSTORE_DIR}${truststore_location}");
            String property2 = configuration.getProperty(TRUSTSTORE_PASSWORD, "${truststore_password}");
            char[] cArr = null;
            if (property2 != null) {
                cArr = property2.toCharArray();
            }
            KeyStore store = getStore(property, cArr);
            dumpContext(store, property);
            javax.net.ssl.TrustManagerFactory trustManagerFactory = javax.net.ssl.TrustManagerFactory.getInstance(DEFAULT_ALGORITHM);
            trustManagerFactory.init(store);
            return trustManagerFactory.getTrustManagers()[0];
        } catch (Exception e) {
            throw new ConfigurationException(e);
        }
    }

    private static KeyStore getStore(String str, char[] cArr) {
        InputStream inputStream = null;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                inputStream = ConnectorIOUtils.getResourceAsStream(str);
                keyStore.load(inputStream, cArr);
                ConnectorIOUtils.closeQuietly(inputStream);
                return keyStore;
            } catch (Exception e) {
                throw new ConfigurationException(e);
            }
        } catch (Throwable th) {
            ConnectorIOUtils.closeQuietly(inputStream);
            throw th;
        }
    }

    private static void dumpContext(KeyStore keyStore, String str) {
        try {
            LOG.debug("Content of KeyStore [{}]", str);
            for (String str2 : Collections.list(keyStore.aliases())) {
                LOG.debug("\t.{}: {}", str2, ((X509Certificate) keyStore.getCertificate(str2)).getSubjectX500Principal().getName("RFC2253"));
            }
        } catch (Exception e) {
            throw new ConfigurationException(e);
        }
    }
}
