package org.rundeck.client.util;

import java.security.GeneralSecurityException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
import okhttp3.internal.tls.OkHostnameVerifier;

/* loaded from: input_file:WEB-INF/lib/rd-api-client-1.3.3.jar:org/rundeck/client/util/SSLUtil.class */
public class SSLUtil {
    public static void addInsecureSsl(OkHttpClient.Builder builder, int i) {
        addInsecureSSLTrustManager(builder, i);
        addInsecureSSLHostnameVerifier(builder, i);
    }

    public static void addInsecureSSLTrustManager(OkHttpClient.Builder builder, int i) {
        try {
            X509TrustManager createInsecureSslTrustManager = createInsecureSslTrustManager(i);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{createInsecureSslTrustManager}, null);
            builder.sslSocketFactory(sSLContext.getSocketFactory(), createInsecureSslTrustManager);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public static void addInsecureSSLHostnameVerifier(OkHttpClient.Builder builder, int i) {
        OkHostnameVerifier okHostnameVerifier = OkHostnameVerifier.INSTANCE;
        builder.hostnameVerifier((str, sSLSession) -> {
            if (okHostnameVerifier.verify(str, sSLSession) || i < 2) {
                return true;
            }
            System.err.printf("INSECURE_SSL:hostnameVerifier: trust host: %s%n", str);
            return true;
        });
    }

    public static void addAlternateSSLHostnameVerifier(OkHttpClient.Builder builder, int i, List<String> list) {
        OkHostnameVerifier okHostnameVerifier = OkHostnameVerifier.INSTANCE;
        builder.hostnameVerifier((str, sSLSession) -> {
            if (okHostnameVerifier.verify(str, sSLSession)) {
                return true;
            }
            Optional findAny = list.stream().filter(str -> {
                return okHostnameVerifier.verify(str, sSLSession);
            }).findAny();
            if (findAny.isPresent() && i >= 2) {
                System.err.printf("INSECURE_SSL:hostnameVerifier: trust host: %s: as %s%n", str, findAny.get());
            }
            return findAny.isPresent();
        });
    }

    private static X509TrustManager createInsecureSslTrustManager(final int i) {
        return new X509TrustManager() { // from class: org.rundeck.client.util.SSLUtil.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                if (i >= 2) {
                    System.err.printf("INSECURE_SSL:TrustManager:checkServerTrusted: %s: chain: %s%n", str, Arrays.toString(x509CertificateArr));
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }
        };
    }
}
