package com.liferay.portal.search.solr.internal.http;

import com.liferay.bnd.util.ConfigurableUtil;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.search.solr.configuration.SolrSSLSocketFactoryConfiguration;
import com.liferay.portal.search.solr.http.KeyStoreLoader;
import com.liferay.portal.search.solr.http.SSLSocketFactoryBuilder;
import java.security.KeyStore;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;

@Component(configurationPid = {"com.liferay.portal.search.solr.configuration.SolrSSLSocketFactoryConfiguration"}, immediate = true, service = {SSLSocketFactoryBuilder.class})
/* loaded from: input_file:com/liferay/portal/search/solr/internal/http/SSLSocketFactoryBuilderImpl.class */
public class SSLSocketFactoryBuilderImpl implements SSLSocketFactoryBuilder {
    private static final Log _log = LogFactoryUtil.getLog(SSLSocketFactoryBuilderImpl.class);
    private KeyStoreLoader _keyStoreLoader;
    private char[] _keyStorePassword;
    private String _keyStorePath;
    private volatile SolrSSLSocketFactoryConfiguration _solrSSLSocketFactoryConfiguration;
    private char[] _trustStorePassword;
    private String _trustStorePath;
    private String _keyStoreType = KeyStore.getDefaultType();
    private String _trustStoreType = KeyStore.getDefaultType();
    private boolean _verifyServerCertificate = true;
    private boolean _verifyServerHostname = true;

    @Override // com.liferay.portal.search.solr.http.SSLSocketFactoryBuilder
    public SSLConnectionSocketFactory build() throws Exception {
        KeyStore load = this._keyStoreLoader.load(this._keyStoreType, this._keyStorePath, this._keyStorePassword);
        if (load == null) {
            if (_log.isDebugEnabled()) {
                _log.debug("Use system defaults because there is no custom key store");
            }
            return SSLConnectionSocketFactory.getSystemSocketFactory();
        }
        TrustSelfSignedStrategy trustSelfSignedStrategy = null;
        if (!this._verifyServerCertificate) {
            trustSelfSignedStrategy = new TrustSelfSignedStrategy();
        } else if (this._keyStoreLoader.load(this._trustStoreType, this._trustStorePath, this._trustStorePassword) == null) {
            if (_log.isDebugEnabled()) {
                _log.debug("Use system defaults because there is no custom trust store");
            }
            return SSLConnectionSocketFactory.getSystemSocketFactory();
        }
        HostnameVerifier hostnameVerifier = null;
        if (this._verifyServerHostname) {
            hostnameVerifier = SSLConnectionSocketFactory.getDefaultHostnameVerifier();
        }
        SSLContextBuilder custom = SSLContexts.custom();
        custom.loadKeyMaterial(load, this._keyStorePassword);
        custom.loadTrustMaterial(trustSelfSignedStrategy);
        try {
            return new SSLConnectionSocketFactory(custom.build(), hostnameVerifier);
        } catch (Exception e) {
            if (_log.isWarnEnabled()) {
                _log.warn("Use system defaults because the custom SSL socket factory was not able to initialize", e);
            }
            return SSLConnectionSocketFactory.getSystemSocketFactory();
        }
    }

    @Activate
    @Modified
    protected void activate(Map<String, Object> map) {
        this._solrSSLSocketFactoryConfiguration = (SolrSSLSocketFactoryConfiguration) ConfigurableUtil.createConfigurable(SolrSSLSocketFactoryConfiguration.class, map);
        this._keyStorePassword = this._solrSSLSocketFactoryConfiguration.keyStorePassword().toCharArray();
        this._keyStorePath = this._solrSSLSocketFactoryConfiguration.keyStorePath();
        this._keyStoreType = this._solrSSLSocketFactoryConfiguration.keyStoreType();
        this._trustStorePassword = this._solrSSLSocketFactoryConfiguration.trustStorePassword().toCharArray();
        this._trustStorePath = this._solrSSLSocketFactoryConfiguration.trustStorePath();
        this._trustStoreType = this._solrSSLSocketFactoryConfiguration.trustStoreType();
        this._verifyServerCertificate = this._solrSSLSocketFactoryConfiguration.verifyServerCertificate();
        this._verifyServerHostname = this._solrSSLSocketFactoryConfiguration.verifyServerName();
    }

    @Reference(unbind = "-")
    protected void setKeyStoreLoader(KeyStoreLoader keyStoreLoader) {
        this._keyStoreLoader = keyStoreLoader;
    }
}
