package org.jgroups.protocols.kubernetes.stream;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URLConnection;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.jgroups.protocols.kubernetes.Utils;
import org.kie.server.client.CredentialsProvider;

/* loaded from: input_file:m2repo/org/jgroups/kubernetes/jgroups-kubernetes/1.0.12.Final/jgroups-kubernetes-1.0.12.Final.jar:org/jgroups/protocols/kubernetes/stream/TokenStreamProvider.class */
public class TokenStreamProvider extends BaseStreamProvider {
    private static final Logger log = Logger.getLogger(TokenStreamProvider.class.getName());
    private String token;
    private String caCertFile;
    private SSLSocketFactory factory;

    public TokenStreamProvider(String str, String str2) {
        this.token = str;
        this.caCertFile = str2;
    }

    @Override // org.jgroups.protocols.kubernetes.stream.StreamProvider
    public InputStream openStream(String str, Map<String, String> map, int i, int i2) throws IOException {
        URLConnection openConnection = openConnection(str, map, i, i2);
        if (openConnection instanceof HttpsURLConnection) {
            ((HttpsURLConnection) HttpsURLConnection.class.cast(openConnection)).setSSLSocketFactory(getSSLSocketFactory());
            if (log.isLoggable(Level.FINE)) {
                log.fine(String.format("Using HttpsURLConnection with SSLSocketFactory [%s] for url [%s].", this.factory, str));
            }
        } else if (log.isLoggable(Level.FINE)) {
            log.fine(String.format("Using URLConnection for url [%s].", str));
        }
        if (this.token != null) {
            map.put("Authorization", CredentialsProvider.TOKEN_AUTH_PREFIX + this.token);
        }
        return openConnection.getInputStream();
    }

    static TrustManager[] configureCaCert(String str) throws Exception {
        if (str == null || str.isEmpty()) {
            log.log(Level.WARNING, "ca cert file undefined - defaulting to insecure trust manager");
            return TrustManagers.INSECURE_TRUST_MANAGERS;
        }
        try {
            InputStream openFile = Utils.openFile(str);
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null);
            Iterator<? extends Certificate> it = certificateFactory.generateCertificates(openFile).iterator();
            while (it.hasNext()) {
                X509Certificate x509Certificate = (X509Certificate) it.next();
                keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName(), x509Certificate);
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory.getTrustManagers();
        } catch (FileNotFoundException e) {
            log.log(Level.WARNING, "ca cert file not found " + str + " - defaulting to insecure trust manager");
            return TrustManagers.INSECURE_TRUST_MANAGERS;
        } catch (Exception e2) {
            log.log(Level.SEVERE, "Could not create trust manager for " + str, (Throwable) e2);
            throw e2;
        }
    }

    private SSLSocketFactory getSSLSocketFactory() throws IOException {
        if (this.factory == null) {
            synchronized (this) {
                if (this.factory == null) {
                    try {
                        TrustManager[] configureCaCert = configureCaCert(this.caCertFile);
                        SSLContext sSLContext = SSLContext.getInstance("TLS");
                        sSLContext.init(null, configureCaCert, null);
                        this.factory = sSLContext.getSocketFactory();
                    } catch (Exception e) {
                        throw new IOException(e);
                    }
                }
            }
        }
        return this.factory;
    }
}
