package software.netcore.unimus.ssl;

import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.stream.Collectors;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import lombok.NonNull;
import nl.altindag.ssl.SSLFactory;
import nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager;
import nl.altindag.ssl.util.SSLSessionUtils;
import nl.altindag.ssl.util.TrustManagerUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.DisposableBean;
import software.netcore.unimus.ssl.context.ExternalCertificatesWrapper;
import software.netcore.unimus.ssl.context.SslCertificateException;
import software.netcore.unimus.ssl.context.SslProperties;

/* loaded from: input_file:BOOT-INF/lib/unimus-ssl-3.10.1-STAGE.jar:software/netcore/unimus/ssl/SslFactoryProvider.class */
public class SslFactoryProvider implements DisposableBean {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SslFactoryProvider.class);
    private final SslProperties sslProperties;
    private final boolean isProfileActive;
    private CertificateLoader certificateLoader;
    private ExternalCertificatesWrapper externalCertificatesWrapper;
    private final Collection<TrustManagerSwapListener> swapListeners = new HashSet();
    private final X509ExtendedTrustManager defaultCertificates = TrustManagerUtils.createTrustManagerWithJdkTrustedCertificates();
    private final SSLFactory sslFactory = createSslFactory();

    public SslFactoryProvider(SslProperties sslProperties, ExternalCertificatesOption externalCertificatesOption) {
        this.sslProperties = sslProperties;
        this.isProfileActive = externalCertificatesOption.customCertificatesEnabled();
    }

    public void init() throws SslCertificateException {
        if (!this.isProfileActive) {
            this.certificateLoader = null;
        } else if (!StringUtils.isNotEmpty(this.sslProperties.getCertFolder())) {
            this.certificateLoader = null;
        } else {
            this.certificateLoader = new CertificateLoader(this.sslProperties, this);
            this.certificateLoader.init();
        }
    }

    public SSLSocketFactory getSslSocketFactory() {
        return this.sslFactory.getSslSocketFactory();
    }

    public X509TrustManager getTrustManager() {
        return this.sslFactory.getTrustManager().orElseThrow(() -> {
            return new RuntimeException("Application is not able to get trustManager");
        });
    }

    public void addTrustManagerSwapListener(@NonNull TrustManagerSwapListener trustManagerSwapListener) {
        if (trustManagerSwapListener == null) {
            throw new NullPointerException("listener is marked non-null but is null");
        }
        this.swapListeners.add(trustManagerSwapListener);
    }

    @Override // org.springframework.beans.factory.DisposableBean
    public void destroy() {
        if (this.certificateLoader != null) {
            this.certificateLoader.destroy();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCertificates(@NonNull ExternalCertificatesWrapper externalCertificatesWrapper) {
        if (externalCertificatesWrapper == null) {
            throw new NullPointerException("newExternalCertificatesWrapper is marked non-null but is null");
        }
        if (this.externalCertificatesWrapper != null && !this.externalCertificatesWrapper.isEmpty() && externalCertificatesWrapper.isEmpty()) {
            log.info("All previously loaded certificates are deleted, '{}'", this.externalCertificatesWrapper.toString());
        }
        this.externalCertificatesWrapper = externalCertificatesWrapper;
        log.debug("'{}' certificates unable to load, '{}'", Long.valueOf(this.externalCertificatesWrapper.notLoadedCertsCount()), this.externalCertificatesWrapper.notLoadedCerts(this.sslProperties.getPasswordDelimiter()));
        log.debug("'{}' certificates loaded, '{}'", Long.valueOf(this.externalCertificatesWrapper.loadedCertsCount()), this.externalCertificatesWrapper.loadedCerts(this.sslProperties.getPasswordDelimiter()));
        swapTrustManagers();
    }

    private void swapTrustManagers() {
        List list = (List) this.externalCertificatesWrapper.getCustomCerts().stream().filter(externalCertificate -> {
            return externalCertificate.getCustomCertificateException() == null && externalCertificate.getTrustManager() != null && externalCertificate.getTrustManager().getAcceptedIssuers().length > 0;
        }).map((v0) -> {
            return v0.getTrustManager();
        }).collect(Collectors.toList());
        list.add(this.defaultCertificates);
        TrustManagerUtils.swapTrustManager(getTrustManager(), new CompositeX509ExtendedTrustManager(list));
        SSLSessionUtils.invalidateCaches(this.sslFactory);
        this.swapListeners.forEach((v0) -> {
            v0.onSwap();
        });
    }

    private SSLFactory createSslFactory() {
        return SSLFactory.builder().withTrustMaterial((SSLFactory.Builder) this.defaultCertificates).withSwappableTrustMaterial().build();
    }

    public SslProperties getSslProperties() {
        return this.sslProperties;
    }

    public boolean isProfileActive() {
        return this.isProfileActive;
    }
}
