package org.jenkinsci.plugins.kubernetes.credentials;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import org.apache.commons.codec.binary.Base64InputStream;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.ProtocolException;
import org.apache.http.client.RedirectStrategy;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.protocol.HttpContext;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.TrustStrategy;

/* loaded from: input_file:org/jenkinsci/plugins/kubernetes/credentials/HttpClientWithTLSOptionsFactory.class */
public class HttpClientWithTLSOptionsFactory {
    private static TrustStrategy ALWAYS_TRUST_CERTIFICATE = (x509CertificateArr, str) -> {
        return true;
    };
    private static RedirectStrategy NO_HTTP_REDIRECT = new RedirectStrategy() { // from class: org.jenkinsci.plugins.kubernetes.credentials.HttpClientWithTLSOptionsFactory.1
        public boolean isRedirected(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) throws ProtocolException {
            return false;
        }

        public HttpUriRequest getRedirect(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) throws ProtocolException {
            return null;
        }
    };

    /* loaded from: input_file:org/jenkinsci/plugins/kubernetes/credentials/HttpClientWithTLSOptionsFactory$TLSConfigurationError.class */
    public static class TLSConfigurationError extends Exception {
        public TLSConfigurationError(Exception exc) {
            super(exc);
        }
    }

    private static X509Certificate loadFromString(String str) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new Base64InputStream(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8))));
    }

    private static SSLConnectionSocketFactory getAlwaysTrustSSLFactory() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
        SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
        sSLContextBuilder.loadTrustMaterial((KeyStore) null, ALWAYS_TRUST_CERTIFICATE);
        return new SSLConnectionSocketFactory(sSLContextBuilder.build(), NoopHostnameVerifier.INSTANCE);
    }

    private static SSLConnectionSocketFactory getVerifyCertSSLFactory(String str, String str2) throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException, IOException, CertificateException {
        SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
        HostnameVerifier defaultHostnameVerifier = SSLConnectionSocketFactory.getDefaultHostnameVerifier();
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        keyStore.setCertificateEntry(str, loadFromString(str2));
        sSLContextBuilder.loadTrustMaterial(keyStore, (TrustStrategy) null);
        return new SSLConnectionSocketFactory(sSLContextBuilder.build(), defaultHostnameVerifier);
    }

    public static HttpClientBuilder getBuilder(URI uri, String str, boolean z) throws TLSConfigurationError {
        Utils.ensureFIPSCompliantURIRequest(uri, z);
        HttpClientBuilder redirectStrategy = HttpClients.custom().setRedirectStrategy(NO_HTTP_REDIRECT);
        try {
            if (!z) {
                if (str != null) {
                    redirectStrategy.setSSLSocketFactory(getVerifyCertSSLFactory(uri.getHost(), str));
                }
                return redirectStrategy;
            }
            redirectStrategy.setSSLSocketFactory(getAlwaysTrustSSLFactory());
            return redirectStrategy;
        } catch (IOException | IllegalArgumentException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new TLSConfigurationError(e);
        }
    }
}
