package se.sundsvall.dept44.security;

import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.Resource;
import org.springframework.core.io.support.PathMatchingResourcePatternResolver;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:se/sundsvall/dept44/security/Truststore.class */
public class Truststore {
    private static final Logger LOG = LoggerFactory.getLogger(Truststore.class);
    private static final String MESSAGE_SSL_CONTEXT_INITIALIZATION_ERROR = "Error during initialization of SSLContext!";
    private static final String MESSAGE_ADD_CERTIFICATE_ERROR = "Error during adding of certificate '{}': '{}";
    private static final String MESSAGE_ADD_CERTIFICATE_CONFIRMATION = "Added trusted certificate: '{}'";
    private static final String MESSAGE_NO_VALID_CERTIFICATES = "Could not find any valid certificates.";
    private static final String MESSAGE_NO_RESOURCES_FOUND = "No resources found on path: '{}'";
    private static final String MESSAGE_USAGE_INFO = "Truststore enabled, with truststore path: '{}'. Use 'dept44.truststore.path' to change path to your trusted certificates";
    private static final String SSL_PROTOCOL = "TLSv1.2";
    private static final String CERTIFICATE_TYPE = "X.509";
    private static final String INTERNAL_TRUSTSTORE_PATH = "internal-truststore/*";
    private final String trustStorePath;
    private final String internalTrustStorePath;
    private final SSLContext sslContext;
    private TrustManagerFactory trustManagerFactory;

    public Truststore(String str) {
        this.trustStorePath = str;
        this.internalTrustStorePath = INTERNAL_TRUSTSTORE_PATH;
        this.sslContext = initializeSSLContext();
    }

    Truststore(String str, String str2) {
        this.trustStorePath = str;
        this.internalTrustStorePath = str2;
        this.sslContext = initializeSSLContext();
    }

    public TrustManagerFactory getTrustManagerFactory() {
        return this.trustManagerFactory;
    }

    public SSLContext getSSLContext() {
        return this.sslContext;
    }

    private SSLContext initializeSSLContext() {
        SSLContext sSLContext = null;
        try {
            try {
                LOG.info(MESSAGE_USAGE_INFO, this.trustStorePath);
                sSLContext = initializeTruststore();
                if (Objects.isNull(sSLContext)) {
                    try {
                        sSLContext = SSLContext.getDefault();
                    } catch (NoSuchAlgorithmException e) {
                        LOG.error(MESSAGE_SSL_CONTEXT_INITIALIZATION_ERROR, e);
                    }
                }
                SSLContext.setDefault(sSLContext);
            } catch (Exception e2) {
                LOG.error(MESSAGE_SSL_CONTEXT_INITIALIZATION_ERROR, e2);
                if (Objects.isNull(sSLContext)) {
                    try {
                        sSLContext = SSLContext.getDefault();
                    } catch (NoSuchAlgorithmException e3) {
                        LOG.error(MESSAGE_SSL_CONTEXT_INITIALIZATION_ERROR, e3);
                    }
                }
                SSLContext.setDefault(sSLContext);
            }
            return sSLContext;
        } catch (Throwable th) {
            if (Objects.isNull(sSLContext)) {
                try {
                    sSLContext = SSLContext.getDefault();
                } catch (NoSuchAlgorithmException e4) {
                    LOG.error(MESSAGE_SSL_CONTEXT_INITIALIZATION_ERROR, e4);
                }
            }
            SSLContext.setDefault(sSLContext);
            throw th;
        }
    }

    private SSLContext initializeTruststore() throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, KeyManagementException {
        this.trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        List<Resource> fetchCertificates = fetchCertificates();
        if (CollectionUtils.isEmpty(fetchCertificates)) {
            LOG.warn(MESSAGE_NO_VALID_CERTIFICATES);
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        fetchCertificates.forEach(resource -> {
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(CERTIFICATE_TYPE).generateCertificate(resource.getInputStream());
                x509Certificate.checkValidity();
                keyStore.setCertificateEntry(resource.getFilename(), x509Certificate);
                LOG.info(MESSAGE_ADD_CERTIFICATE_CONFIRMATION, resource.getFilename());
            } catch (Exception e) {
                LOG.warn(MESSAGE_ADD_CERTIFICATE_ERROR, resource.getFilename(), e);
            }
        });
        this.trustManagerFactory.init(keyStore);
        SSLContext sSLContext = SSLContext.getInstance(SSL_PROTOCOL);
        sSLContext.init(null, this.trustManagerFactory.getTrustManagers(), new SecureRandom());
        return sSLContext;
    }

    private List<Resource> fetchCertificates() {
        return Stream.of((Object[]) new List[]{fetchResources(this.internalTrustStorePath), fetchResources(this.trustStorePath)}).flatMap((v0) -> {
            return v0.stream();
        }).toList();
    }

    private List<Resource> fetchResources(String str) {
        try {
            return Arrays.asList(new PathMatchingResourcePatternResolver().getResources(str));
        } catch (Exception e) {
            LOG.debug(MESSAGE_NO_RESOURCES_FOUND, str);
            return Collections.emptyList();
        }
    }
}
