package com.vmware.vapi.internal.protocol.client.rpc.http;

import com.vmware.vapi.client.exception.SslException;
import com.vmware.vapi.internal.util.Validate;
import com.vmware.vapi.protocol.HttpConfiguration;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertSelector;
import java.security.cert.PKIXBuilderParameters;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import org.apache.http.conn.ssl.X509HostnameVerifier;

/* loaded from: input_file:com/vmware/vapi/internal/protocol/client/rpc/http/SslClientUtil.class */
public final class SslClientUtil {
    private SslClientUtil() {
    }

    public static SSLContext createSslContext(HttpConfiguration.SslConfiguration sslConfiguration) {
        TrustManager[] trustManagers;
        Validate.notNull(sslConfiguration);
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            KeyManager[] createKeyManagers = createKeyManagers(sslConfiguration);
            if (sslConfiguration.isCertificateValidationDisabled()) {
                trustManagers = new TrustManager[]{new TrustAllX509TrustManager()};
            } else {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                if (sslConfiguration.getCrlCertStore() == null) {
                    trustManagerFactory.init(sslConfiguration.getTrustStore());
                } else {
                    PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(sslConfiguration.getTrustStore(), (CertSelector) null);
                    pKIXBuilderParameters.setRevocationEnabled(true);
                    pKIXBuilderParameters.addCertStore(sslConfiguration.getCrlCertStore());
                    trustManagerFactory.init(new CertPathTrustManagerParameters(pKIXBuilderParameters));
                }
                trustManagers = trustManagerFactory.getTrustManagers();
            }
            sSLContext.init(createKeyManagers, trustManagers, null);
            return sSLContext;
        } catch (InvalidAlgorithmParameterException e) {
            throw new SslException(e);
        } catch (KeyManagementException e2) {
            throw new SslException(e2);
        } catch (KeyStoreException e3) {
            throw new SslException(e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new SslException(e4);
        }
    }

    protected static KeyManager[] createKeyManagers(HttpConfiguration.SslConfiguration sslConfiguration) {
        if (sslConfiguration.getKeyStore() == null || sslConfiguration.getKeyStoreConfig() == null) {
            return null;
        }
        String keyStorePassword = sslConfiguration.getKeyStoreConfig().getKeyStorePassword();
        String keyAlias = sslConfiguration.getKeyStoreConfig().getKeyAlias();
        if (keyStorePassword == null || keyAlias == null) {
            return null;
        }
        try {
            KeyStore keyStore = sslConfiguration.getKeyStore();
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            for (int i = 0; i < keyManagers.length; i++) {
                if (keyManagers[i] instanceof X509KeyManager) {
                    keyManagers[i] = new KeyManagerWrapper((X509KeyManager) keyManagers[i], keyAlias);
                }
            }
            return keyManagers;
        } catch (Exception e) {
            throw new SslException("Unable to create KeyManagers", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String stripHostnameBrackets(String str) {
        if (str != null && str.startsWith("[") && str.endsWith("]")) {
            try {
                return InetAddress.getByName(str).getHostAddress();
            } catch (UnknownHostException e) {
            }
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509HostnameVerifier createHostnameVerifier(boolean z, X509HostnameVerifier x509HostnameVerifier) {
        return z ? new AllowAllHostnameVerifier() : new VapiHostnameVerifier(x509HostnameVerifier);
    }
}
