package io.strimzi.kafka.oauth.common;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Locale;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:kafka-oauth-common-1.0.0-SNAPSHOT.jar:io/strimzi/kafka/oauth/common/SSLUtil.class */
public class SSLUtil {
    @SuppressFBWarnings(value = {"REC_CATCH_EXCEPTION"}, justification = "Avoid enumerating all checked exceptions in try-with-resources")
    public static SSLSocketFactory createSSLFactory(String str, String str2, String str3, String str4, String str5) {
        String defaultType;
        KeyStore keyStore;
        if (str4 == null || !"pem".equals(str4.toLowerCase(Locale.ENGLISH))) {
            if (str == null) {
                return null;
            }
            try {
                FileInputStream fileInputStream = new FileInputStream(str);
                Throwable th = null;
                if (str4 != null) {
                    defaultType = str4;
                } else {
                    try {
                        try {
                            defaultType = KeyStore.getDefaultType();
                        } finally {
                        }
                    } finally {
                    }
                }
                keyStore = KeyStore.getInstance(defaultType);
                keyStore.load(fileInputStream, str3 != null ? str3.toCharArray() : new char[0]);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
            } catch (Exception e) {
                throw new ConfigException("Failed to load truststore: " + str, e);
            }
        } else if (str2 != null) {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str2.getBytes(StandardCharsets.UTF_8));
                Throwable th3 = null;
                try {
                    keyStore = loadPEMCertificates(byteArrayInputStream);
                    if (byteArrayInputStream != null) {
                        if (0 != 0) {
                            try {
                                byteArrayInputStream.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        } else {
                            byteArrayInputStream.close();
                        }
                    }
                } finally {
                }
            } catch (Exception e2) {
                throw new ConfigException("Failed to load PEM truststore: " + str, e2);
            }
        } else {
            if (str == null) {
                return null;
            }
            try {
                BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str));
                Throwable th5 = null;
                try {
                    try {
                        keyStore = loadPEMCertificates(bufferedInputStream);
                        if (bufferedInputStream != null) {
                            if (0 != 0) {
                                try {
                                    bufferedInputStream.close();
                                } catch (Throwable th6) {
                                    th5.addSuppressed(th6);
                                }
                            } else {
                                bufferedInputStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (Exception e3) {
                throw new ConfigException("Failed to load PEM truststore: " + str, e3);
            }
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            X509TrustManager trustManager = getTrustManager(trustManagerFactory);
            SecureRandom secureRandom = null;
            if (str5 != null) {
                try {
                    secureRandom = SecureRandom.getInstance(str5);
                } catch (Exception e4) {
                    throw new ConfigException("Failed to initialise secure random: " + str5, e4);
                }
            }
            try {
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(null, new TrustManager[]{trustManager}, secureRandom);
                return sSLContext.getSocketFactory();
            } catch (Exception e5) {
                throw new ConfigException("Failed to initialise ssl context", e5);
            }
        } catch (Exception e6) {
            throw new ConfigException("Failed to initialise truststore: " + str, e6);
        }
    }

    private static X509TrustManager getTrustManager(TrustManagerFactory trustManagerFactory) {
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("No X509TrustManager on default factory");
    }

    public static HostnameVerifier createAnyHostHostnameVerifier() {
        return (str, sSLSession) -> {
            return true;
        };
    }

    private static KeyStore loadPEMCertificates(InputStream inputStream) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null, null);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        while (inputStream.available() > 0) {
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(inputStream);
            keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName() + "_" + x509Certificate.getSerialNumber().toString(16), x509Certificate);
        }
        return keyStore;
    }
}
