package org.apereo.cas.authentication;

import java.io.InputStream;
import java.net.Socket;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import lombok.Generated;
import org.apache.http.ssl.SSLContexts;
import org.apereo.cas.util.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.Resource;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-api-5.3.9.jar:org/apereo/cas/authentication/DefaultCasSslContext.class */
public class DefaultCasSslContext {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultCasSslContext.class);
    private static final String ALG_NAME_PKIX = "PKIX";
    private final SSLContext sslContext;

    /* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-api-5.3.9.jar:org/apereo/cas/authentication/DefaultCasSslContext$CompositeX509KeyManager.class */
    private static class CompositeX509KeyManager implements X509KeyManager {
        private final List<X509KeyManager> keyManagers;

        CompositeX509KeyManager(List<X509KeyManager> list) {
            this.keyManagers = list;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return (String) this.keyManagers.stream().map(x509KeyManager -> {
                return x509KeyManager.chooseClientAlias(strArr, principalArr, socket);
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).findFirst().orElse(null);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return (String) this.keyManagers.stream().map(x509KeyManager -> {
                return x509KeyManager.chooseServerAlias(str, principalArr, socket);
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).findFirst().orElse(null);
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return (PrivateKey) this.keyManagers.stream().map(x509KeyManager -> {
                return x509KeyManager.getPrivateKey(str);
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).findFirst().orElse(null);
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return (X509Certificate[]) this.keyManagers.stream().map(x509KeyManager -> {
                return x509KeyManager.getCertificateChain(str);
            }).filter(x509CertificateArr -> {
                return x509CertificateArr != null && x509CertificateArr.length > 0;
            }).findFirst().orElse(null);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            ArrayList arrayList = new ArrayList();
            this.keyManagers.forEach(x509KeyManager -> {
                arrayList.addAll(CollectionUtils.wrapList(x509KeyManager.getClientAliases(str, principalArr)));
            });
            return (String[]) arrayList.toArray(new String[0]);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            ArrayList arrayList = new ArrayList();
            this.keyManagers.forEach(x509KeyManager -> {
                arrayList.addAll(CollectionUtils.wrapList(x509KeyManager.getServerAliases(str, principalArr)));
            });
            return (String[]) arrayList.toArray(new String[0]);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/cas-server-core-authentication-api-5.3.9.jar:org/apereo/cas/authentication/DefaultCasSslContext$CompositeX509TrustManager.class */
    private static class CompositeX509TrustManager implements X509TrustManager {
        private final List<X509TrustManager> trustManagers;

        CompositeX509TrustManager(List<X509TrustManager> list) {
            this.trustManagers = list;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (!this.trustManagers.stream().anyMatch(x509TrustManager -> {
                try {
                    x509TrustManager.checkClientTrusted(x509CertificateArr, str);
                    return true;
                } catch (CertificateException e) {
                    DefaultCasSslContext.LOGGER.debug(String.format("Unable to trust the client certificates [%s] for auth type [%s]: [%s]", Arrays.stream(x509CertificateArr).map((v0) -> {
                        return v0.toString();
                    }).collect(Collectors.toSet()), str, e.getMessage()), (Throwable) e);
                    return false;
                }
            })) {
                throw new CertificateException("None of the TrustManagers can trust this client certificate chain");
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (!this.trustManagers.stream().anyMatch(x509TrustManager -> {
                try {
                    x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                    return true;
                } catch (CertificateException e) {
                    DefaultCasSslContext.LOGGER.debug(String.format("Unable to trust the server certificates [%s] for auth type [%s]: [%s]", Arrays.stream(x509CertificateArr).map((v0) -> {
                        return v0.toString();
                    }).collect(Collectors.toSet()), str, e.getMessage()), (Throwable) e);
                    return false;
                }
            })) {
                throw new CertificateException("None of the TrustManagers trust this server certificate chain");
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            ArrayList arrayList = new ArrayList();
            this.trustManagers.forEach(x509TrustManager -> {
                arrayList.addAll(CollectionUtils.wrapList(x509TrustManager.getAcceptedIssuers()));
            });
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
        }
    }

    public DefaultCasSslContext(Resource resource, String str, String str2) {
        KeyStore keyStore = KeyStore.getInstance(str2);
        char[] charArray = str.toCharArray();
        InputStream inputStream = resource.getInputStream();
        Throwable th = null;
        try {
            try {
                keyStore.load(inputStream, charArray);
                if (inputStream != null) {
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        inputStream.close();
                    }
                }
                String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
                X509KeyManager keyManager = getKeyManager(ALG_NAME_PKIX, keyStore, charArray);
                X509KeyManager keyManager2 = getKeyManager(defaultAlgorithm, null, null);
                String defaultAlgorithm2 = TrustManagerFactory.getDefaultAlgorithm();
                Collection<X509TrustManager> trustManager = getTrustManager(ALG_NAME_PKIX, keyStore);
                Collection<X509TrustManager> trustManager2 = getTrustManager(defaultAlgorithm2, null);
                KeyManager[] keyManagerArr = {new CompositeX509KeyManager(CollectionUtils.wrapList(keyManager2, keyManager))};
                ArrayList arrayList = new ArrayList(trustManager);
                arrayList.addAll(trustManager2);
                TrustManager[] trustManagerArr = {new CompositeX509TrustManager(arrayList)};
                this.sslContext = SSLContexts.custom().useProtocol("SSL").build();
                this.sslContext.init(keyManagerArr, trustManagerArr, null);
            } finally {
            }
        } finally {
        }
    }

    private static X509KeyManager getKeyManager(String str, KeyStore keyStore, char[] cArr) throws Exception {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
        keyManagerFactory.init(keyStore, cArr);
        return (X509KeyManager) keyManagerFactory.getKeyManagers()[0];
    }

    private static Collection<X509TrustManager> getTrustManager(String str, KeyStore keyStore) throws Exception {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
        trustManagerFactory.init(keyStore);
        Stream filter = Arrays.stream(trustManagerFactory.getTrustManagers()).filter(trustManager -> {
            return trustManager instanceof X509TrustManager;
        });
        Class<X509TrustManager> cls = X509TrustManager.class;
        Objects.requireNonNull(X509TrustManager.class);
        return (Collection) filter.map((v1) -> {
            return r1.cast(v1);
        }).collect(Collectors.toList());
    }

    @Generated
    public SSLContext getSslContext() {
        return this.sslContext;
    }
}
