package biz.papercut.pcng.util;

import com.google.common.annotations.VisibleForTesting;
import java.lang.StackWalker;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:biz/papercut/pcng/util/ContextAwareTrustAllManager.class */
class ContextAwareTrustAllManager implements X509TrustManager, HostnameVerifier {
    private static final Logger logger = LoggerFactory.getLogger(ContextAwareTrustAllManager.class);

    @Nullable
    private static ContextAwareTrustAllManager instance = null;

    @VisibleForTesting
    static final X509TrustManager DEFAULT_TRUST_MANAGER = getDefaultTrustManager();

    @VisibleForTesting
    static final HostnameVerifier DEFAULT_HOSTNAME_VERIFIER = HttpsURLConnection.getDefaultHostnameVerifier();
    private Set<String> packagesAndClasses = ConcurrentHashMap.newKeySet();

    @Deprecated
    public static synchronized ContextAwareTrustAllManager getInstance() {
        if (null == instance) {
            instance = new ContextAwareTrustAllManager();
        } else if (!instance.packagesAndClasses.isEmpty()) {
            instance.packagesAndClasses.clear();
            logger.debug("Extending customized SSL error handling to be applied globally to all connections");
        }
        return instance;
    }

    public static synchronized ContextAwareTrustAllManager getInstance(String str, String... strArr) {
        if (null == instance) {
            instance = new ContextAwareTrustAllManager(str, strArr);
        } else {
            instance.add(false, str, strArr);
        }
        return instance;
    }

    private ContextAwareTrustAllManager() {
        logger.debug("Customizing SSL error handling globally for all connections");
    }

    private ContextAwareTrustAllManager(String str, String... strArr) {
        add(true, str, strArr);
    }

    private void add(boolean z, String str, String... strArr) {
        if (z || !this.packagesAndClasses.isEmpty()) {
            Set set = (Set) Stream.concat(Stream.of(str), Arrays.stream(strArr)).filter(str2 -> {
                return !str2.isEmpty();
            }).collect(Collectors.toSet());
            this.packagesAndClasses.addAll(set);
            logger.debug("Customizing SSL error handling for {}", String.join(", ", set));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void inject(SSLContext sSLContext) throws KeyManagementException {
        sSLContext.init(null, new X509TrustManager[]{this}, null);
        HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier(this);
    }

    @VisibleForTesting
    static synchronized void resetForTesting() {
        if (null == instance) {
            instance = new ContextAwareTrustAllManager();
        }
        instance.packagesAndClasses.clear();
        instance.packagesAndClasses.add("dummy entry so that the instance is reset to scoped mode");
    }

    @VisibleForTesting
    boolean requiresValidation() {
        if (this.packagesAndClasses.isEmpty()) {
            return false;
        }
        return ((Boolean) StackWalker.getInstance(StackWalker.Option.RETAIN_CLASS_REFERENCE).walk(stream -> {
            return Boolean.valueOf(stream.allMatch(this::requiresValidation));
        })).booleanValue();
    }

    private boolean requiresValidation(StackWalker.StackFrame stackFrame) {
        return this.packagesAndClasses.stream().noneMatch(str -> {
            return stackFrame.getClassName().startsWith(str);
        });
    }

    private static X509TrustManager getDefaultTrustManager() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            throw new ApplicationException("Failed to load the default X509TrustManager");
        } catch (Exception e) {
            throw new ApplicationException(e.getMessage(), e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    @Nullable
    public X509Certificate[] getAcceptedIssuers() {
        return requiresValidation() ? DEFAULT_TRUST_MANAGER.getAcceptedIssuers() : new X509Certificate[0];
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (requiresValidation()) {
            DEFAULT_TRUST_MANAGER.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (requiresValidation()) {
            DEFAULT_TRUST_MANAGER.checkServerTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        return !requiresValidation() || DEFAULT_HOSTNAME_VERIFIER.verify(str, sSLSession);
    }
}
