package org.opensaml.security.httpclient.impl;

import java.util.Collections;
import javax.annotation.Nonnull;
import net.shibboleth.utilities.java.support.httpclient.HttpClientSupport;
import net.shibboleth.utilities.java.support.httpclient.TLSSocketFactoryBuilder;
import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
import org.opensaml.security.x509.tls.impl.ThreadLocalX509CredentialKeyManager;
import org.opensaml.security.x509.tls.impl.ThreadLocalX509TrustManager;

/* loaded from: input_file:WEB-INF/lib/opensaml-security-impl-4.3.1.jar:org/opensaml/security/httpclient/impl/SecurityEnhancedHttpClientSupport.class */
public final class SecurityEnhancedHttpClientSupport {
    private SecurityEnhancedHttpClientSupport() {
    }

    @Nonnull
    public static LayeredConnectionSocketFactory buildTLSSocketFactory() {
        return buildTLSSocketFactory(true, false);
    }

    @Nonnull
    public static LayeredConnectionSocketFactory buildTLSSocketFactoryWithClientTLS() {
        return buildTLSSocketFactory(true, true);
    }

    @Nonnull
    public static LayeredConnectionSocketFactory buildTLSSocketFactoryWithClientTLSOnly() {
        return buildTLSSocketFactory(false, true);
    }

    @Nonnull
    public static LayeredConnectionSocketFactory buildTLSSocketFactory(boolean z, boolean z2) {
        TLSSocketFactoryBuilder tLSSocketFactoryBuilder = new TLSSocketFactoryBuilder();
        if (!z && !z2) {
            return HttpClientSupport.buildStrictTLSSocketFactory();
        }
        if (z) {
            tLSSocketFactoryBuilder.setTrustManagers(Collections.singletonList(new ThreadLocalX509TrustManager()));
        }
        if (z2) {
            tLSSocketFactoryBuilder.setKeyManagers(Collections.singletonList(new ThreadLocalX509CredentialKeyManager()));
        }
        return new SecurityEnhancedTLSSocketFactory(tLSSocketFactoryBuilder.build());
    }
}
