package org.zowe.apiml.security.common.verify;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.List;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.util.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.stereotype.Service;
import org.zowe.apiml.message.log.ApimlLogger;
import org.zowe.apiml.product.logging.annotations.InjectApimlLogger;

@Service
/* loaded from: input_file:BOOT-INF/lib/apiml-security-common-2.12.0.jar:org/zowe/apiml/security/common/verify/TrustedCertificatesProvider.class */
public class TrustedCertificatesProvider {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) TrustedCertificatesProvider.class);
    private final CloseableHttpClient httpClient;

    @InjectApimlLogger
    private final ApimlLogger apimlLog = ApimlLogger.empty();

    @Autowired
    public TrustedCertificatesProvider(@Qualifier("secureHttpClientWithoutKeystore") CloseableHttpClient closeableHttpClient) {
        this.httpClient = closeableHttpClient;
    }

    @Cacheable(value = {"trustedCertificates"}, key = "#certificatesEndpoint", unless = "#result.isEmpty()")
    public List<Certificate> getTrustedCerts(String str) {
        ArrayList arrayList = new ArrayList();
        String callCertificatesEndpoint = callCertificatesEndpoint(str);
        if (StringUtils.isNotEmpty(callCertificatesEndpoint)) {
            try {
                arrayList.addAll(CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(callCertificatesEndpoint.getBytes())));
            } catch (Exception e) {
                this.apimlLog.log("org.zowe.apiml.security.common.verify.errorParsingCertificates", e.getMessage());
            }
        }
        return arrayList;
    }

    private String callCertificatesEndpoint(String str) {
        try {
            CloseableHttpResponse execute = this.httpClient.execute((HttpUriRequest) new HttpGet(new URI(str)));
            int statusCode = execute.getStatusLine() != null ? execute.getStatusLine().getStatusCode() : 0;
            String entityUtils = execute.getEntity() != null ? EntityUtils.toString(execute.getEntity(), StandardCharsets.UTF_8) : "";
            if (statusCode != 200) {
                this.apimlLog.log("org.zowe.apiml.security.common.verify.invalidResponse", str, Integer.valueOf(statusCode), entityUtils);
                return null;
            }
            log.debug("Trusted certificates from {}: {}", str, entityUtils);
            return entityUtils;
        } catch (IOException e) {
            this.apimlLog.log("org.zowe.apiml.security.common.verify.httpError", e.getMessage());
            return null;
        } catch (URISyntaxException e2) {
            this.apimlLog.log("org.zowe.apiml.security.common.verify.invalidURL", e2.getMessage());
            return null;
        }
    }
}
