package org.keycloak.truststore;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
import org.apache.http.conn.ssl.StrictHostnameVerifier;
import org.keycloak.models.KeycloakSession;

/* loaded from: input_file:org/keycloak/truststore/JSSETruststoreConfigurator.class */
public class JSSETruststoreConfigurator {
    private TruststoreProvider provider;
    private volatile javax.net.ssl.SSLSocketFactory sslFactory;
    private volatile TrustManager[] tm;

    /* renamed from: org.keycloak.truststore.JSSETruststoreConfigurator$2, reason: invalid class name */
    /* loaded from: input_file:org/keycloak/truststore/JSSETruststoreConfigurator$2.class */
    static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$keycloak$truststore$HostnameVerificationPolicy = new int[HostnameVerificationPolicy.values().length];

        static {
            try {
                $SwitchMap$org$keycloak$truststore$HostnameVerificationPolicy[HostnameVerificationPolicy.ANY.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$keycloak$truststore$HostnameVerificationPolicy[HostnameVerificationPolicy.WILDCARD.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$keycloak$truststore$HostnameVerificationPolicy[HostnameVerificationPolicy.STRICT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public JSSETruststoreConfigurator(KeycloakSession keycloakSession) {
        this.provider = keycloakSession.getKeycloakSessionFactory().getProviderFactory(TruststoreProvider.class, "file").create(keycloakSession);
        if (this.provider == null || this.provider.getTruststore() != null) {
            return;
        }
        this.provider = null;
    }

    public JSSETruststoreConfigurator(TruststoreProvider truststoreProvider) {
        this.provider = truststoreProvider;
    }

    public javax.net.ssl.SSLSocketFactory getSSLSocketFactory() {
        if (this.provider == null) {
            return null;
        }
        if (this.sslFactory == null) {
            synchronized (this) {
                if (this.sslFactory == null) {
                    try {
                        SSLContext sSLContext = SSLContext.getInstance("TLS");
                        sSLContext.init(null, getTrustManagers(), null);
                        this.sslFactory = sSLContext.getSocketFactory();
                    } catch (Exception e) {
                        throw new RuntimeException("Failed to initialize SSLContext: ", e);
                    }
                }
            }
        }
        return this.sslFactory;
    }

    public TrustManager[] getTrustManagers() {
        if (this.provider == null) {
            return null;
        }
        if (this.tm == null) {
            synchronized (this) {
                if (this.tm == null) {
                    try {
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory.init(this.provider.getTruststore());
                        this.tm = trustManagerFactory.getTrustManagers();
                    } catch (Exception e) {
                        throw new RuntimeException("Failed to initialize TrustManager: ", e);
                    }
                }
            }
        }
        return this.tm;
    }

    public HostnameVerifier getHostnameVerifier() {
        if (this.provider == null) {
            return null;
        }
        HostnameVerificationPolicy policy = this.provider.getPolicy();
        switch (AnonymousClass2.$SwitchMap$org$keycloak$truststore$HostnameVerificationPolicy[policy.ordinal()]) {
            case 1:
                return new HostnameVerifier() { // from class: org.keycloak.truststore.JSSETruststoreConfigurator.1
                    @Override // javax.net.ssl.HostnameVerifier
                    public boolean verify(String str, SSLSession sSLSession) {
                        return true;
                    }
                };
            case 2:
                return new BrowserCompatHostnameVerifier();
            case 3:
                return new StrictHostnameVerifier();
            default:
                throw new IllegalStateException("Unknown policy: " + policy.name());
        }
    }

    public TruststoreProvider getProvider() {
        return this.provider;
    }
}
