package com.marklogic.rest.util.configurer;

import com.marklogic.client.ext.helper.LoggingObject;
import com.marklogic.client.ext.ssl.SslUtil;
import com.marklogic.rest.util.HttpClientBuilderConfigurer;
import com.marklogic.rest.util.RestConfig;
import java.security.KeyStore;
import javax.net.ssl.SSLContext;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.impl.client.HttpClientBuilder;

/* loaded from: input_file:com/marklogic/rest/util/configurer/SslConfigurer.class */
public class SslConfigurer extends LoggingObject implements HttpClientBuilderConfigurer {
    @Override // com.marklogic.rest.util.HttpClientBuilderConfigurer
    public HttpClientBuilder configureHttpClientBuilder(RestConfig restConfig, HttpClientBuilder httpClientBuilder) {
        SSLContext sSLContext = null;
        if (restConfig.getSslContext() != null) {
            if (this.logger.isInfoEnabled()) {
                this.logger.info("Using custom SSLContext for connecting to: " + restConfig.getBaseUrl());
            }
            sSLContext = restConfig.getSslContext();
        } else if (restConfig.isUseDefaultKeystore()) {
            sSLContext = buildSslContextViaTrustManagerFactory(restConfig);
        } else if (restConfig.isConfigureSimpleSsl()) {
            sSLContext = buildSimpleSslContext(restConfig);
        }
        if (sSLContext != null) {
            httpClientBuilder.setSslcontext(sSLContext);
            if (restConfig.getHostnameVerifier() != null) {
                if (this.logger.isInfoEnabled()) {
                    this.logger.info("Using custom X509HostnameVerifier for connecting to: " + restConfig.getBaseUrl());
                }
                httpClientBuilder.setHostnameVerifier(restConfig.getHostnameVerifier());
            } else {
                if (this.logger.isInfoEnabled()) {
                    this.logger.info("Using 'allow all' X509HostnameVerifier for connecting to: " + restConfig.getBaseUrl());
                }
                httpClientBuilder.setHostnameVerifier(new AllowAllHostnameVerifier());
            }
        }
        return httpClientBuilder;
    }

    protected SSLContext buildSslContextViaTrustManagerFactory(RestConfig restConfig) {
        String determineProtocol = determineProtocol(restConfig);
        String trustManagementAlgorithm = restConfig.getTrustManagementAlgorithm();
        if (this.logger.isInfoEnabled()) {
            this.logger.info("Using default keystore with SSL protocol " + determineProtocol + " for connecting to: " + restConfig.getBaseUrl());
        }
        return SslUtil.configureUsingTrustManagerFactory(determineProtocol, trustManagementAlgorithm).getSslContext();
    }

    protected SSLContext buildSimpleSslContext(RestConfig restConfig) {
        String determineProtocol = determineProtocol(restConfig);
        SSLContextBuilder useProtocol = new SSLContextBuilder().useProtocol(determineProtocol);
        if (this.logger.isInfoEnabled()) {
            this.logger.info("Configuring simple SSL approach with protocol " + determineProtocol + " for connecting to: " + restConfig.getBaseUrl());
        }
        try {
            return useProtocol.loadTrustMaterial((KeyStore) null, (x509CertificateArr, str) -> {
                return true;
            }).build();
        } catch (Exception e) {
            throw new RuntimeException("Unable to configure simple SSLContext for connecting to: " + restConfig.getBaseUrl() + ", cause: " + e.getMessage(), e);
        }
    }

    protected String determineProtocol(RestConfig restConfig) {
        String sslProtocol = restConfig.getSslProtocol();
        if (StringUtils.isEmpty(sslProtocol)) {
            sslProtocol = "TLSv1.2";
        }
        return sslProtocol;
    }
}
