package com.enonic.lib.http.client;

import com.google.common.io.ByteSource;
import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Objects;
import java.util.stream.Collectors;
import okhttp3.OkHttpClient;
import okhttp3.tls.HandshakeCertificates;
import okhttp3.tls.HeldCertificate;

/* loaded from: input_file:com/enonic/lib/http/client/CertificateTools.class */
final class CertificateTools {
    private final Collection<X509Certificate> certificates;
    private final HeldCertificate clientCertificate;
    private final String clientCertificateAlias;

    public CertificateTools(ByteSource byteSource, ByteSource byteSource2, String str) {
        HeldCertificate decode;
        if (byteSource != null) {
            try {
                InputStream openStream = byteSource.openStream();
                try {
                    this.certificates = (Collection) CertificateFactory.getInstance("X.509").generateCertificates(openStream).stream().map(certificate -> {
                        return (X509Certificate) certificate;
                    }).collect(Collectors.toList());
                    if (openStream != null) {
                        openStream.close();
                    }
                } finally {
                }
            } catch (IOException e) {
                throw new UncheckedIOException(e);
            } catch (GeneralSecurityException e2) {
                throw new RuntimeException(e2);
            }
        } else {
            this.certificates = null;
        }
        if (byteSource2 == null) {
            decode = null;
        } else {
            try {
                decode = HeldCertificate.decode(new String(byteSource2.read(), StandardCharsets.ISO_8859_1));
            } catch (IOException e3) {
                throw new UncheckedIOException(e3);
            }
        }
        this.clientCertificate = decode;
        this.clientCertificateAlias = str;
    }

    public void setupHandshakeCertificates(OkHttpClient.Builder builder) {
        HeldCertificate heldCertificate;
        HandshakeCertificates.Builder builder2 = new HandshakeCertificates.Builder();
        if (this.certificates != null) {
            Collection<X509Certificate> collection = this.certificates;
            Objects.requireNonNull(builder2);
            collection.forEach(builder2::addTrustedCertificate);
        } else {
            builder2.addPlatformTrustedCertificates();
        }
        if (this.clientCertificate != null) {
            builder2.heldCertificate(this.clientCertificate, new X509Certificate[0]);
        } else if (this.clientCertificateAlias != null && (heldCertificate = KeyStoreLoader.get(this.clientCertificateAlias)) != null) {
            builder2.heldCertificate(heldCertificate, new X509Certificate[0]);
        }
        HandshakeCertificates build = builder2.build();
        builder.sslSocketFactory(build.sslSocketFactory(), build.trustManager());
    }
}
