package org.conjur.jenkins.api;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.CertificateCredentials;
import hudson.security.ACL;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import jenkins.model.Jenkins;
import okhttp3.OkHttpClient;
import org.conjur.jenkins.configuration.ConjurConfiguration;

/* loaded from: input_file:org/conjur/jenkins/api/ConjurAPIUtils.class */
public class ConjurAPIUtils {
    private static final Logger LOGGER = Logger.getLogger(ConjurAPIUtils.class.getName());

    static CertificateCredentials certificateFromConfiguration(ConjurConfiguration conjurConfiguration) {
        LOGGER.log(Level.FINE, "Start of certificateFromConfiguration()");
        if (conjurConfiguration.getCertificateCredentialID() == null) {
            LOGGER.log(Level.FINE, "Return null, as CertificationID is null");
            return null;
        }
        CertificateCredentials firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(CertificateCredentials.class, Jenkins.get(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(conjurConfiguration.getCertificateCredentialID()));
        LOGGER.log(Level.FINE, "Return CertificateCredential for CertificationCredentialID");
        return firstOrNull;
    }

    static OkHttpClient httpClientWithCertificate(CertificateCredentials certificateCredentials) {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(certificateCredentials.getKeyStore(), certificateCredentials.getPassword().getPlainText().toCharArray());
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null, null);
            Enumeration<String> aliases = certificateCredentials.getKeyStore().aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                keyStore.setCertificateEntry(nextElement, certificateCredentials.getKeyStore().getCertificate(nextElement));
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            sSLContext.init(keyManagers, trustManagers, new SecureRandom());
            return new OkHttpClient.Builder().sslSocketFactory(sSLContext.getSocketFactory(), (X509TrustManager) trustManagers[0]).build();
        } catch (Exception e) {
            throw new IllegalArgumentException("Error configuring server certificates.", e);
        }
    }

    public static OkHttpClient getHttpClient(ConjurConfiguration conjurConfiguration) {
        CertificateCredentials certificateFromConfiguration = certificateFromConfiguration(conjurConfiguration);
        return certificateFromConfiguration != null ? httpClientWithCertificate(certificateFromConfiguration) : new OkHttpClient.Builder().build();
    }
}
