package io.sealights.onpremise.agents.infra.http.client;

import io.sealights.onpremise.agents.infra.configuration.SystemPropertiesHelper;
import io.sealights.onpremise.agents.infra.constants.SLProperties;
import io.sealights.onpremise.agents.infra.http.api.ProxyInfo;
import io.sealights.onpremise.agents.infra.logging.LogFactory;
import io.sealights.onpremise.agents.infra.utils.StringUtils;
import java.io.File;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.SSLContext;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager;
import org.apache.hc.client5.http.socket.PlainConnectionSocketFactory;
import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
import org.apache.hc.core5.http.config.RegistryBuilder;
import org.apache.hc.core5.ssl.SSLContextBuilder;
import org.slf4j.Logger;

/* loaded from: input_file:io/sealights/onpremise/agents/infra/http/client/MtlsHttpClientConnectionManagerFactory.class */
public class MtlsHttpClientConnectionManagerFactory {
    private static final Logger LOG = LogFactory.getLogger((Class<?>) MtlsHttpClientConnectionManagerFactory.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PoolingHttpClientConnectionManager createClientConnectionManager() {
        SSLContext createSslContext;
        if (!SystemPropertiesHelper.getBoolProperty(SLProperties.Http.HTTP_MTLS_ENABLED, false)) {
            LOG.debug("mTLS is disabled. To enable set the '-Dsl.mTlsEnabled=true' system property");
            return null;
        }
        LOG.debug("SSL: Trying to configure mTLS");
        String strProperty = SystemPropertiesHelper.getStrProperty(SLProperties.Http.HTTP_MTLS_KEYSTORE);
        String strProperty2 = SystemPropertiesHelper.getStrProperty(SLProperties.Http.HTTP_MTLS_KEYSTORE_PASSWORD);
        String strProperty3 = SystemPropertiesHelper.getStrProperty(SLProperties.Http.HTTP_MTLS_KEYSTORE_KEY_PASSWORD);
        String strProperty4 = SystemPropertiesHelper.getStrProperty(SLProperties.Http.HTTP_MTLS_KEYSTORE_KEY_ALIAS);
        if (invalidParametersPassed(strProperty, strProperty2, strProperty4) || (createSslContext = createSslContext(strProperty, strProperty2, strProperty3, strProperty4)) == null) {
            return null;
        }
        return createClientConnectionManager(createSslContext);
    }

    private static boolean invalidParametersPassed(String str, String str2, String str3) {
        if (StringUtils.isNullOrEmpty(str) || StringUtils.isNullOrEmpty(str2) || StringUtils.isNullOrEmpty(str3)) {
            LOG.warn("mTLS disabled. One of the mTLS parameters: {}, {} or {} is not set.", SLProperties.Http.HTTP_MTLS_KEYSTORE, SLProperties.Http.HTTP_MTLS_KEYSTORE_PASSWORD, SLProperties.Http.HTTP_MTLS_KEYSTORE_KEY_ALIAS);
            return true;
        }
        if (new File(str).exists()) {
            return false;
        }
        LOG.warn("mTLS disabled. Keystore file: {} does not exist", str);
        return true;
    }

    private static PoolingHttpClientConnectionManager createClientConnectionManager(SSLContext sSLContext) {
        return new PoolingHttpClientConnectionManager(RegistryBuilder.create().register(ProxyInfo.HTTPS, new SSLConnectionSocketFactory(sSLContext, new DefaultHostnameVerifier())).register(ProxyInfo.HTTP, new PlainConnectionSocketFactory()).build());
    }

    private static SSLContext createSslContext(String str, String str2, String str3, String str4) {
        SSLContext sSLContext = null;
        try {
            LOG.debug("Reading HTTP client certificate from {} and alias {}", str, str4);
            sSLContext = SSLContextBuilder.create().loadKeyMaterial(new File(str), str2.toCharArray(), str3.toCharArray(), (map, sSLParameters) -> {
                return str4;
            }).setProtocol("TLS").build();
        } catch (IOException e) {
            LOG.error("Can not create mTLS ssl Context due to IOException or INCORRECT KEYSTORE PASSWORD.", (Throwable) e);
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            LOG.error("Can not create mTLS ssl Context", e2);
        } catch (UnrecoverableKeyException e3) {
            LOG.error("Possible INCORRECT PRIVATE KEY password. Can NOT read the key from keystore.", (Throwable) e3);
        }
        return sSLContext;
    }
}
