package jenkins.plugins.http_request.auth;

import com.cloudbees.plugins.credentials.common.StandardCertificateCredentials;
import hudson.Util;
import java.io.IOException;
import java.io.PrintStream;
import java.security.KeyStore;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.conn.ssl.TrustAllStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.protocol.HttpContext;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;

/* loaded from: input_file:jenkins/plugins/http_request/auth/CertificateAuthentication.class */
public class CertificateAuthentication implements Authenticator {
    private final StandardCertificateCredentials credentials;
    private final boolean ignoreSslErrors;

    public CertificateAuthentication(StandardCertificateCredentials standardCertificateCredentials) {
        this.credentials = standardCertificateCredentials;
        this.ignoreSslErrors = false;
    }

    public CertificateAuthentication(StandardCertificateCredentials standardCertificateCredentials, boolean z) {
        this.credentials = standardCertificateCredentials;
        this.ignoreSslErrors = z;
    }

    @Override // jenkins.plugins.http_request.auth.Authenticator
    public String getKeyName() {
        return this.credentials.getId();
    }

    @Override // jenkins.plugins.http_request.auth.Authenticator
    public CloseableHttpClient authenticate(HttpClientBuilder httpClientBuilder, HttpContext httpContext, HttpRequestBase httpRequestBase, PrintStream printStream) throws IOException {
        try {
            KeyStore keyStore = this.credentials.getKeyStore();
            String fixEmpty = Util.fixEmpty(this.credentials.getPassword().getPlainText());
            char[] charArray = fixEmpty == null ? null : fixEmpty.toCharArray();
            SSLContextBuilder custom = SSLContexts.custom();
            if (charArray == null) {
                printStream.println("WARNING: Jenkins Certificate Credential '" + this.credentials.getId() + "' was saved without a password, so any certificates (and chain of trust) in it would be ignored by Java PKCS12 support!");
            }
            try {
                TrustAllStrategy trustAllStrategy = null;
                if (this.ignoreSslErrors) {
                    trustAllStrategy = new TrustAllStrategy();
                }
                custom = custom.loadTrustMaterial(keyStore, trustAllStrategy);
                printStream.println("Added Trust Material from provided KeyStore");
            } catch (Exception e) {
                printStream.println("Failed to add Trust Material from provided KeyStore (so Key Material might end up untrusted): " + e.getMessage());
            }
            SSLContextBuilder loadKeyMaterial = custom.loadKeyMaterial(keyStore, charArray);
            printStream.println("Added Key Material from provided KeyStore");
            HttpClientBuilder sSLContext = httpClientBuilder.setSSLContext(loadKeyMaterial.build());
            printStream.println("Set SSL context for the HTTP client builder");
            return sSLContext.build();
        } catch (Exception e2) {
            printStream.println("Failed to set SSL context: " + e2.getMessage());
            throw new IOException(e2);
        }
    }
}
