package org.zowe.apiml.util.config;

import io.restassured.config.RestAssuredConfig;
import io.restassured.config.SSLConfig;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import lombok.Generated;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.TrustStrategy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.ResourceUtils;

/* loaded from: input_file:org/zowe/apiml/util/config/SslContext.class */
public class SslContext {
    public static RestAssuredConfig clientCertValid;
    public static RestAssuredConfig clientCertApiml;
    public static RestAssuredConfig clientCertUser;
    public static RestAssuredConfig clientCertUnknownUser;
    public static RestAssuredConfig apimlRootCert;
    public static RestAssuredConfig selfSignedUntrusted;
    public static RestAssuredConfig tlsWithoutCert;

    @Generated
    private static final Logger log = LoggerFactory.getLogger(SslContext.class);
    private static AtomicBoolean isInitialized = new AtomicBoolean(false);
    private static AtomicReference<SslContextConfigurer> configurer = new AtomicReference<>();

    public static synchronized void reset() {
        clientCertValid = null;
        clientCertApiml = null;
        clientCertUser = null;
        clientCertUnknownUser = null;
        apimlRootCert = null;
        selfSignedUntrusted = null;
        tlsWithoutCert = null;
        configurer.set(null);
        isInitialized.set(false);
    }

    public static synchronized void prepareSslAuthentication(SslContextConfigurer sslContextConfigurer) throws Exception {
        if (configurer.get() != null && !configurer.get().equals(sslContextConfigurer)) {
            throw new IllegalStateException("You cannot initialize this class twice with different configuration");
        }
        if (isInitialized.get()) {
            return;
        }
        configurer.set(sslContextConfigurer);
        X509HostnameVerifier hostnameVerifier = sslContextConfigurer.getHostnameVerifier();
        log.info("SSLContext is constructing. This should happen only once.");
        TrustStrategy trustStrategy = (x509CertificateArr, str) -> {
            return true;
        };
        clientCertValid = RestAssuredConfig.newConfig().sslConfig(new SSLConfig().sslSocketFactory(new SSLSocketFactory(SSLContextBuilder.create().loadKeyMaterial(ResourceUtils.getFile(sslContextConfigurer.getKeystoreLocalhostJks()), sslContextConfigurer.getKeystorePassword(), sslContextConfigurer.getKeystorePassword(), (map, socket) -> {
            return "apimtst";
        }).loadTrustMaterial((KeyStore) null, trustStrategy).build(), hostnameVerifier)));
        clientCertApiml = RestAssuredConfig.newConfig().sslConfig(new SSLConfig().sslSocketFactory(new SSLSocketFactory(SSLContextBuilder.create().loadKeyMaterial(ResourceUtils.getFile(sslContextConfigurer.getKeystore()), sslContextConfigurer.getKeystorePassword(), sslContextConfigurer.getKeystorePassword()).loadTrustMaterial((KeyStore) null, trustStrategy).build(), hostnameVerifier)));
        tlsWithoutCert = RestAssuredConfig.newConfig().sslConfig(new SSLConfig().sslSocketFactory(new SSLSocketFactory(SSLContextBuilder.create().loadTrustMaterial((KeyStore) null, trustStrategy).build(), hostnameVerifier)));
        clientCertUnknownUser = RestAssuredConfig.newConfig().sslConfig(new SSLConfig().sslSocketFactory(new SSLSocketFactory(SSLContextBuilder.create().loadKeyMaterial(ResourceUtils.getFile(sslContextConfigurer.getKeystoreLocalhostJks()), sslContextConfigurer.getKeystorePassword(), sslContextConfigurer.getKeystorePassword(), (map2, socket2) -> {
            return "unknownuser";
        }).loadTrustMaterial((KeyStore) null, trustStrategy).build(), hostnameVerifier)));
        clientCertUser = RestAssuredConfig.newConfig().sslConfig(new SSLConfig().sslSocketFactory(new SSLSocketFactory(SSLContextBuilder.create().loadKeyMaterial(ResourceUtils.getFile(sslContextConfigurer.getKeystoreLocalhostJks()), sslContextConfigurer.getKeystorePassword(), sslContextConfigurer.getKeystorePassword(), (map3, socket3) -> {
            return "user";
        }).loadTrustMaterial((KeyStore) null, trustStrategy).build(), hostnameVerifier)));
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        keyStore.setCertificateEntry("selfsigned", CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream("-----BEGIN CERTIFICATE-----\nMIIEFTCCAv2gAwIBAgIEKWdbVTANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMC\nQ1oxDTALBgNVBAgTBEJybm8xDTALBgNVBAcTBEJybm8xFDASBgNVBAoTC1pvd2Ug\nU2FtcGxlMRwwGgYDVQQLExNBUEkgTWVkaWF0aW9uIExheWVyMSswKQYDVQQDEyJa\nb3dlIFNlbGYtU2lnbmVkIFVudHJ1c3RlZCBTZXJ2aWNlMB4XDTE4MTIwNzIwMDc1\nMloXDTI4MTIwNDIwMDc1MlowgYwxCzAJBgNVBAYTAkNaMQ0wCwYDVQQIEwRCcm5v\nMQ0wCwYDVQQHEwRCcm5vMRQwEgYDVQQKEwtab3dlIFNhbXBsZTEcMBoGA1UECxMT\nQVBJIE1lZGlhdGlvbiBMYXllcjErMCkGA1UEAxMiWm93ZSBTZWxmLVNpZ25lZCBV\nbnRydXN0ZWQgU2VydmljZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nAJti8p4nr8ztRSbemrAv1ytVLQMbXozhLe3lNaiVADGTFPZYeJ2lDt7oAl238HOY\nScpOz+JjTeUkL0jsjNYgMhi4J07II/3sJL0SBfVqvvgjUL4BvcpdBl0crSuI/3D4\nOaPue+ZmPFijwdCcw5JbazMoOka/zUwpYYdbwxPUH2BbKfwtmmygX88nkJcRSoQO\nKBdNsUs+QRuUiokZ/FJi7uiOsNZ8eEfQv6qJ7mOJ7l1IrMcNm3jHgodoQi/4jXO1\nnp/hZaz/ZDni9kBwcyd64AViB2v7VrrBmjdESt1mtCIMvKMlwAZAqrDO75Q9pepO\nY7zbN4s9s7IUfyb9431xg2MCAwEAAaN9MHswHQYDVR0lBBYwFAYIKwYBBQUHAwIG\nCCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIE8DArBgNVHREEJDAighVsb2NhbGhvc3Qu\nbG9jYWxkb21haW6CCWxvY2FsaG9zdDAdBgNVHQ4EFgQUIeSN7aNtwH2MnBAGDLre\nTtcSaZ4wDQYJKoZIhvcNAQELBQADggEBAELPbHlG60nO164yrBjZcpQJ/2e5ThOR\n8efXUWExuy/NpwVx0vJg4tb8s9NI3X4pRh3WyD0uGPGkO9w+CAvgUaECePLYjkov\nKIS6Cvlcav9nWqdZau1fywltmOLu8Sq5i42Yvb7ZcPOEwDShpuq0ql7LR7j7P4XH\n+JkA0k9Zi6RfYJAyOOpbD2R4JoMbxBKrxUVs7cEajl2ltckjyRWoB6FBud1IthRR\nmZoPMtlCleKlsKp7yJiE13hpX+qIGnzEQE2gNgQ94dSl4m2xO6pnyDRMAEncmd33\noehy77omRxNsLzkWe6mjaC8ShMGzG9jYR02iN2h4083/PVXvTZIqwhg=\n-----END CERTIFICATE-----\n".getBytes())));
        selfSignedUntrusted = RestAssuredConfig.newConfig().sslConfig(new SSLConfig().sslSocketFactory(new SSLSocketFactory(SSLContextBuilder.create().loadKeyMaterial(keyStore, "password".toCharArray()).loadTrustMaterial((KeyStore) null, trustStrategy).build(), hostnameVerifier)));
        apimlRootCert = RestAssuredConfig.newConfig().sslConfig(new SSLConfig().sslSocketFactory(new SSLSocketFactory(SSLContextBuilder.create().loadKeyMaterial(ResourceUtils.getFile(sslContextConfigurer.getKeystoreLocalhostJks()), sslContextConfigurer.getKeystorePassword(), sslContextConfigurer.getKeystorePassword(), (map4, socket4) -> {
            return "apiml external certificate authority";
        }).loadTrustMaterial((KeyStore) null, trustStrategy).build(), hostnameVerifier)));
        isInitialized.set(true);
    }
}
