package org.alfresco.transform.base.config;

import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManagerFactory;
import org.alfresco.transform.base.WebClientBuilderAdjuster;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.http.client.reactive.ReactorClientHttpConnector;
import org.springframework.web.client.RestTemplate;
import reactor.netty.http.client.HttpClient;

@Configuration
/* loaded from: input_file:BOOT-INF/lib/alfresco-base-t-engine-3.1.0-A5.jar:org/alfresco/transform/base/config/MTLSConfig.class */
public class MTLSConfig {

    @Value("${client.ssl.key-store:#{null}}")
    private Resource keyStoreResource;

    @Value("${client.ssl.key-store-password:}")
    private char[] keyStorePassword;

    @Value("${client.ssl.key-store-type:}")
    private String keyStoreType;

    @Value("${client.ssl.trust-store:#{null}}")
    private Resource trustStoreResource;

    @Value("${client.ssl.trust-store-password:}")
    private char[] trustStorePassword;

    @Value("${client.ssl.trust-store-type:}")
    private String trustStoreType;

    @Value("${client.ssl.hostname-verification-disabled:false}")
    private boolean hostNameVerificationDisabled;

    @Bean
    public WebClientBuilderAdjuster webClientBuilderAdjuster(SslContextBuilder sslContextBuilder) {
        return builder -> {
            if (isTlsOrMtlsConfigured()) {
                try {
                    builder.clientConnector(new ReactorClientHttpConnector(createHttpClientWithSslContext(sslContextBuilder)));
                } catch (SSLException e) {
                    throw new RuntimeException(e);
                }
            }
        };
    }

    @Bean
    public RestTemplate restTemplate(SSLContextBuilder sSLContextBuilder) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException {
        return isTlsOrMtlsConfigured() ? createRestTemplateWithSslContext(sSLContextBuilder) : new RestTemplate();
    }

    @Bean
    public SSLContextBuilder apacheSSLContextBuilder() throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, UnrecoverableKeyException {
        SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
        if (isKeystoreConfigured()) {
            sSLContextBuilder.loadKeyMaterial(getKeyStore(this.keyStoreType, this.keyStoreResource, this.keyStorePassword), this.keyStorePassword);
        }
        if (isTruststoreConfigured()) {
            sSLContextBuilder.setKeyStoreType(this.trustStoreType).loadTrustMaterial(this.trustStoreResource.getURL(), this.trustStorePassword);
        }
        return sSLContextBuilder;
    }

    @Bean
    public SslContextBuilder nettySslContextBuilder() throws UnrecoverableKeyException, CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException {
        SslContextBuilder forClient = SslContextBuilder.forClient();
        if (isKeystoreConfigured()) {
            forClient.keyManager(initKeyManagerFactory());
        }
        if (isTruststoreConfigured()) {
            forClient.trustManager(initTrustManagerFactory());
        }
        return forClient;
    }

    private boolean isTlsOrMtlsConfigured() {
        return isTruststoreConfigured() || isKeystoreConfigured();
    }

    private boolean isTruststoreConfigured() {
        return this.trustStoreResource != null;
    }

    private boolean isKeystoreConfigured() {
        return this.keyStoreResource != null;
    }

    private HttpClient createHttpClientWithSslContext(SslContextBuilder sslContextBuilder) throws SSLException {
        SslContext build = sslContextBuilder.build();
        return HttpClient.create().secure(sslContextSpec -> {
            sslContextSpec.sslContext(build).handlerConfigurator(sslHandler -> {
                SSLEngine engine = sslHandler.engine();
                SSLParameters sSLParameters = engine.getSSLParameters();
                if (this.hostNameVerificationDisabled) {
                    sSLParameters.setEndpointIdentificationAlgorithm(null);
                } else {
                    sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
                }
                engine.setSSLParameters(sSLParameters);
            });
        });
    }

    private RestTemplate createRestTemplateWithSslContext(SSLContextBuilder sSLContextBuilder) throws NoSuchAlgorithmException, KeyManagementException {
        HttpClientBuilder sSLSocketFactory = HttpClients.custom().setSSLSocketFactory(new SSLConnectionSocketFactory(sSLContextBuilder.build()));
        if (this.hostNameVerificationDisabled) {
            sSLSocketFactory.setSSLHostnameVerifier(new NoopHostnameVerifier());
        }
        return new RestTemplate(new HttpComponentsClientHttpRequestFactory(sSLSocketFactory.build()));
    }

    private KeyStore getKeyStore(String str, Resource resource, char[] cArr) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(str);
        InputStream inputStream = resource.getInputStream();
        try {
            keyStore.load(inputStream, cArr);
            if (inputStream != null) {
                inputStream.close();
            }
            return keyStore;
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private TrustManagerFactory initTrustManagerFactory() throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException {
        KeyStore keyStore = getKeyStore(this.trustStoreType, this.trustStoreResource, this.trustStorePassword);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    private KeyManagerFactory initKeyManagerFactory() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        KeyStore keyStore = getKeyStore(this.keyStoreType, this.keyStoreResource, this.keyStorePassword);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, this.keyStorePassword);
        return keyManagerFactory;
    }
}
