package com.github.tomakehurst.wiremock.http.ssl;

import com.github.tomakehurst.wiremock.common.Notifier;
import java.net.Socket;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509ExtendedKeyManager;

/* loaded from: input_file:BOOT-INF/lib/wiremock-jre8-2.31.0.jar:com/github/tomakehurst/wiremock/http/ssl/CertificateGeneratingX509ExtendedKeyManager.class */
public class CertificateGeneratingX509ExtendedKeyManager extends DelegatingX509ExtendedKeyManager {
    private final DynamicKeyStore dynamicKeyStore;
    private final HostNameMatcher hostNameMatcher;
    private final OnceOnlyNotifier notifier;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/wiremock-jre8-2.31.0.jar:com/github/tomakehurst/wiremock/http/ssl/CertificateGeneratingX509ExtendedKeyManager$OnceOnly.class */
    public static class OnceOnly {
        private final AtomicBoolean used;

        private OnceOnly() {
            this.used = new AtomicBoolean(false);
        }

        boolean unused() {
            return this.used.compareAndSet(false, true);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/wiremock-jre8-2.31.0.jar:com/github/tomakehurst/wiremock/http/ssl/CertificateGeneratingX509ExtendedKeyManager$OnceOnlyNotifier.class */
    public static class OnceOnlyNotifier implements Notifier {
        private final Notifier notifier;
        private final OnceOnly onceOnly;

        private OnceOnlyNotifier(Notifier notifier) {
            this.onceOnly = new OnceOnly();
            this.notifier = notifier;
        }

        @Override // com.github.tomakehurst.wiremock.common.Notifier
        public void info(String str) {
            if (this.onceOnly.unused()) {
                this.notifier.info(str);
            }
        }

        @Override // com.github.tomakehurst.wiremock.common.Notifier
        public void error(String str) {
            if (this.onceOnly.unused()) {
                this.notifier.error(str);
            }
        }

        @Override // com.github.tomakehurst.wiremock.common.Notifier
        public void error(String str, Throwable th) {
            if (this.onceOnly.unused()) {
                this.notifier.error(str, th);
            }
        }
    }

    public CertificateGeneratingX509ExtendedKeyManager(X509ExtendedKeyManager x509ExtendedKeyManager, DynamicKeyStore dynamicKeyStore, HostNameMatcher hostNameMatcher, Notifier notifier) {
        super(x509ExtendedKeyManager);
        this.dynamicKeyStore = (DynamicKeyStore) Objects.requireNonNull(dynamicKeyStore);
        this.hostNameMatcher = (HostNameMatcher) Objects.requireNonNull(hostNameMatcher);
        this.notifier = new OnceOnlyNotifier(notifier);
    }

    @Override // com.github.tomakehurst.wiremock.http.ssl.DelegatingX509ExtendedKeyManager, javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        PrivateKey privateKey = super.getPrivateKey(str);
        return privateKey != null ? privateKey : this.dynamicKeyStore.getPrivateKey(str);
    }

    @Override // com.github.tomakehurst.wiremock.http.ssl.DelegatingX509ExtendedKeyManager, javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        X509Certificate[] certificateChain = super.getCertificateChain(str);
        return certificateChain != null ? certificateChain : this.dynamicKeyStore.getCertificateChain(str);
    }

    @Override // com.github.tomakehurst.wiremock.http.ssl.DelegatingX509ExtendedKeyManager, javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return tryToChooseServerAlias(str, super.chooseServerAlias(str, principalArr, socket), getHandshakeSession(socket));
    }

    private ExtendedSSLSession getHandshakeSession(Socket socket) {
        if (socket instanceof SSLSocket) {
            return getHandshakeSession(getHandshakeSessionIfSupported((SSLSocket) socket));
        }
        return null;
    }

    private SSLSession getHandshakeSessionIfSupported(SSLSocket sSLSocket) {
        try {
            return sSLSocket.getHandshakeSession();
        } catch (UnsupportedOperationException e) {
            notify("your SSL Provider does not support SSLSocket.getHandshakeSession()", e);
            return null;
        }
    }

    @Override // com.github.tomakehurst.wiremock.http.ssl.DelegatingX509ExtendedKeyManager, javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return tryToChooseServerAlias(str, super.chooseEngineServerAlias(str, principalArr, sSLEngine), getHandshakeSession(sSLEngine));
    }

    private ExtendedSSLSession getHandshakeSession(SSLEngine sSLEngine) {
        return getHandshakeSession(getHandshakeSessionIfSupported(sSLEngine));
    }

    private SSLSession getHandshakeSessionIfSupported(SSLEngine sSLEngine) {
        try {
            return sSLEngine.getHandshakeSession();
        } catch (NullPointerException | UnsupportedOperationException e) {
            notify("your SSL Provider does not support SSLEngine.getHandshakeSession()", e);
            return null;
        }
    }

    private static ExtendedSSLSession getHandshakeSession(SSLSession sSLSession) {
        if (sSLSession instanceof ExtendedSSLSession) {
            return (ExtendedSSLSession) sSLSession;
        }
        return null;
    }

    private String tryToChooseServerAlias(String str, String str2, ExtendedSSLSession extendedSSLSession) {
        return (str2 == null || extendedSSLSession == null) ? str2 : chooseServerAlias(str, str2, extendedSSLSession);
    }

    private String chooseServerAlias(String str, String str2, ExtendedSSLSession extendedSSLSession) {
        List<SNIHostName> sNIHostNames = getSNIHostNames(extendedSSLSession);
        return sNIHostNames.isEmpty() ? str2 : chooseServerAlias(str, str2, sNIHostNames);
    }

    private List<SNIHostName> getSNIHostNames(ExtendedSSLSession extendedSSLSession) {
        Stream<SNIServerName> stream = getRequestedServerNames(extendedSSLSession).stream();
        Class<SNIHostName> cls = SNIHostName.class;
        SNIHostName.class.getClass();
        Stream<SNIServerName> filter = stream.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<SNIHostName> cls2 = SNIHostName.class;
        SNIHostName.class.getClass();
        return (List) filter.map((v1) -> {
            return r1.cast(v1);
        }).collect(Collectors.toList());
    }

    private List<SNIServerName> getRequestedServerNames(ExtendedSSLSession extendedSSLSession) {
        try {
            return extendedSSLSession.getRequestedServerNames();
        } catch (UnsupportedOperationException e) {
            notify("your SSL Provider does not support ExtendedSSLSession.getRequestedServerNames()", e);
            return Collections.emptyList();
        }
    }

    private String chooseServerAlias(String str, String str2, List<SNIHostName> list) {
        X509Certificate[] certificateChain = super.getCertificateChain(str2);
        if (certificateChain != null && matches(certificateChain[0], list)) {
            return str2;
        }
        try {
            SNIHostName sNIHostName = list.get(0);
            this.dynamicKeyStore.generateCertificateIfNecessary(str, sNIHostName);
            return sNIHostName.getAsciiName();
        } catch (CertificateGenerationUnsupportedException | KeyStoreException e) {
            notify("certificates cannot be generated; perhaps the sun internal classes are not available?", e);
            return str2;
        }
    }

    private boolean matches(X509Certificate x509Certificate, List<SNIHostName> list) {
        return list.stream().anyMatch(sNIHostName -> {
            return this.hostNameMatcher.matches(x509Certificate, sNIHostName).booleanValue();
        });
    }

    private void notify(String str, Exception exc) {
        this.notifier.error("Dynamic certificate generation is not supported because " + str + System.lineSeparator() + "All sites will be served using the normal WireMock HTTPS certificate.", exc);
    }
}
