package de.cuioss.tools.net.http;

import de.cuioss.tools.collect.CollectionLiterals;
import de.cuioss.tools.logging.CuiLogger;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import lombok.Generated;

/* loaded from: input_file:de/cuioss/tools/net/http/SecureSSLContextProvider.class */
public class SecureSSLContextProvider {
    public static final String TLS_V1_2 = "TLSv1.2";
    public static final String DEFAULT_TLS_VERSION = "TLSv1.2";
    private final String minimumTlsVersion;
    private static final String DEBUG_SSL_CONTEXT_PROTOCOL = "Provided SSL context uses protocol: %s";
    private static final String DEBUG_USING_SSL_CONTEXT = "Using provided SSL context with protocol: %s";
    private static final String WARN_INSECURE_SSL_PROTOCOL = "Provided SSL context uses insecure protocol: %s. Creating a secure context instead.";
    private static final String DEBUG_CREATED_SECURE_CONTEXT = "Created secure SSL context with %s";
    private static final String DEBUG_NO_SSL_CONTEXT = "No SSL context provided, created secure SSL context with %s";
    private static final CuiLogger LOGGER = new CuiLogger((Class<?>) SecureSSLContextProvider.class);
    public static final String TLS_V1_3 = "TLSv1.3";
    public static final String TLS = "TLS";
    public static final Set<String> ALLOWED_TLS_VERSIONS = CollectionLiterals.immutableSet((Object[]) new String[]{"TLSv1.2", TLS_V1_3, TLS});
    public static final String TLS_V1_0 = "TLSv1.0";
    public static final String TLS_V1_1 = "TLSv1.1";
    public static final String SSL_V3 = "SSLv3";
    public static final Set<String> FORBIDDEN_TLS_VERSIONS = CollectionLiterals.immutableSet((Object[]) new String[]{TLS_V1_0, TLS_V1_1, SSL_V3});

    public SecureSSLContextProvider() {
        this("TLSv1.2");
    }

    public SecureSSLContextProvider(String str) {
        if (!ALLOWED_TLS_VERSIONS.contains(str)) {
            throw new IllegalArgumentException("Minimum TLS version must be one of the allowed versions: " + String.valueOf(ALLOWED_TLS_VERSIONS));
        }
        this.minimumTlsVersion = str;
    }

    public boolean isSecureTlsVersion(String str) {
        if (str != null && ALLOWED_TLS_VERSIONS.contains(str)) {
            return !TLS_V1_3.equals(this.minimumTlsVersion) || TLS_V1_3.equals(str) || TLS.equals(str);
        }
        return false;
    }

    public SSLContext createSecureSSLContext() throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        SSLContext sSLContext = SSLContext.getInstance(this.minimumTlsVersion);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
        return sSLContext;
    }

    public SSLContext getOrCreateSecureSSLContext(SSLContext sSLContext) {
        try {
            if (sSLContext == null) {
                SSLContext createSecureSSLContext = createSecureSSLContext();
                LOGGER.debug(DEBUG_NO_SSL_CONTEXT, this.minimumTlsVersion);
                return createSecureSSLContext;
            }
            String protocol = sSLContext.getProtocol();
            LOGGER.debug(DEBUG_SSL_CONTEXT_PROTOCOL, protocol);
            if (isSecureTlsVersion(protocol)) {
                LOGGER.debug(DEBUG_USING_SSL_CONTEXT, protocol);
                return sSLContext;
            }
            LOGGER.warn(WARN_INSECURE_SSL_PROTOCOL, protocol);
            SSLContext createSecureSSLContext2 = createSecureSSLContext();
            LOGGER.debug(DEBUG_CREATED_SECURE_CONTEXT, this.minimumTlsVersion);
            return createSecureSSLContext2;
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
            if (sSLContext != null) {
                return sSLContext;
            }
            try {
                return SSLContext.getDefault();
            } catch (Exception e2) {
                throw new IllegalStateException("Failed to create SSL context", e2);
            }
        }
    }

    @Generated
    public String getMinimumTlsVersion() {
        return this.minimumTlsVersion;
    }
}
