package org.keycloak.testsuite.util;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Response;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.keycloak.adapters.HttpClientBuilder;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.KeystoreUtil;

/* loaded from: input_file:org/keycloak/testsuite/util/MutualTLSUtils.class */
public class MutualTLSUtils {
    public static final String DEFAULT_KEYSTOREPATH = System.getProperty("client.certificate.keystore");
    public static final String DEFAULT_KEYSTOREPASSWORD = System.getProperty("client.certificate.keystore.passphrase");
    public static final String DEFAULT_TRUSTSTOREPATH = System.getProperty("client.truststore");
    public static final String DEFAULT_TRUSTSTOREPASSWORD = System.getProperty("client.truststore.passphrase");
    public static final String OTHER_KEYSTOREPATH = System.getProperty("hok.client.certificate.keystore");
    public static final String OTHER_KEYSTOREPASSWORD = System.getProperty("hok.client.certificate.keystore.passphrase");

    public static CloseableHttpClient newCloseableHttpClientWithDefaultKeyStoreAndTrustStore() {
        return newCloseableHttpClient(DEFAULT_KEYSTOREPATH, DEFAULT_KEYSTOREPASSWORD, DEFAULT_TRUSTSTOREPATH, DEFAULT_TRUSTSTOREPASSWORD);
    }

    public static CloseableHttpClient newCloseableHttpClientWithOtherKeyStoreAndTrustStore() {
        return newCloseableHttpClient(OTHER_KEYSTOREPATH, OTHER_KEYSTOREPASSWORD, DEFAULT_TRUSTSTOREPATH, DEFAULT_TRUSTSTOREPASSWORD);
    }

    public static CloseableHttpClient newCloseableHttpClientWithoutKeyStoreAndTrustStore() {
        return newCloseableHttpClient(null, null, null, null);
    }

    public static CloseableHttpClient newCloseableHttpClient(String str, String str2, String str3, String str4) {
        KeyStore keyStore = null;
        if (str != null) {
            try {
                keyStore = KeystoreUtil.loadKeyStore(str, str2);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        KeyStore keyStore2 = null;
        if (str3 != null) {
            try {
                keyStore2 = KeystoreUtil.loadKeyStore(str3, str4);
            } catch (Exception e2) {
                e2.printStackTrace();
            }
        }
        return (keyStore == null && keyStore2 == null) ? HttpClientBuilder.create().build() : new org.keycloak.adapters.HttpClientBuilder().keyStore(keyStore, str2).trustStore(keyStore2).hostnameVerification(HttpClientBuilder.HostnameVerificationPolicy.ANY).build();
    }

    public static String getThumbprintFromDefaultClientCert() throws KeyStoreException, CertificateEncodingException {
        return getThumbprintFromClientCert(DEFAULT_KEYSTOREPATH, DEFAULT_KEYSTOREPASSWORD);
    }

    public static String getThumbprintFromOtherClientCert() throws KeyStoreException, CertificateEncodingException {
        return getThumbprintFromClientCert(OTHER_KEYSTOREPATH, OTHER_KEYSTOREPASSWORD);
    }

    public static String getThumbprintFromClientCert(String str, String str2) throws KeyStoreException, CertificateEncodingException {
        KeyStore keyStore = null;
        try {
            keyStore = KeystoreUtil.loadKeyStore(str, str2);
        } catch (Exception e) {
            e.printStackTrace();
        }
        Enumeration<String> aliases = keyStore.aliases();
        String str3 = null;
        while (true) {
            String str4 = str3;
            if (!aliases.hasMoreElements()) {
                byte[] encoded = ((X509Certificate) keyStore.getCertificate(str4)).getEncoded();
                try {
                    MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                    messageDigest.update(encoded);
                    return Base64Url.encode(messageDigest.digest());
                } catch (Exception e2) {
                    throw new RuntimeException(e2);
                }
            }
            str3 = aliases.nextElement();
        }
    }

    public static Response executeUserInfoRequestInGetMethod(String str, boolean z, String str2, String str3) {
        ClientBuilder newBuilder = ClientBuilder.newBuilder();
        if (z) {
            try {
                if (str2 != null) {
                    newBuilder.keyStore(KeystoreUtil.loadKeyStore(str2, str3), str3);
                } else {
                    newBuilder.keyStore(KeystoreUtil.loadKeyStore(DEFAULT_KEYSTOREPATH, DEFAULT_KEYSTOREPASSWORD), DEFAULT_KEYSTOREPASSWORD);
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        Client build = newBuilder.build();
        try {
            WebTarget userInfoWebTarget = UserInfoClientUtil.getUserInfoWebTarget(build);
            build.close();
            return userInfoWebTarget.request().header("Authorization", "bearer " + str).get();
        } catch (Throwable th) {
            build.close();
            throw th;
        }
    }
}
