package io.github.springboot.httpclient.core.ssl;

import io.github.springboot.httpclient.core.config.HttpClientConfigurationHelper;
import io.github.springboot.httpclient.core.config.model.HostConfiguration;
import io.github.springboot.httpclient.core.constants.ConfigurationConstants;
import io.github.springboot.httpclient.core.constants.HttpClientConstants;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.ssl.TrustStrategy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/github/springboot/httpclient/core/ssl/ConfigurableTrustSslStrategy.class */
public class ConfigurableTrustSslStrategy implements TrustStrategy {
    private static final Logger log = LoggerFactory.getLogger(ConfigurableTrustSslStrategy.class);
    private X509TrustManager systemTrustManager;
    private HttpClientConfigurationHelper configHelper;

    public ConfigurableTrustSslStrategy(X509TrustManager x509TrustManager, HttpClientConfigurationHelper httpClientConfigurationHelper) {
        this.systemTrustManager = x509TrustManager;
        this.configHelper = httpClientConfigurationHelper;
    }

    public boolean isTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            LdapName ldapName = new LdapName(x509CertificateArr[0].getSubjectX500Principal().getName());
            String str2 = null;
            try {
                Object value = ldapName.getRdn(ldapName.size() - 1).getValue();
                if (!(value instanceof String)) {
                    ArrayList arrayList = new ArrayList(ldapName.getRdns());
                    Collections.reverse(arrayList);
                    Iterator it = arrayList.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        Object value2 = ((Rdn) it.next()).getValue();
                        if (value2 instanceof String) {
                            str2 = (String) value2;
                            break;
                        }
                    }
                } else {
                    str2 = (String) value;
                }
                String substringAfter = StringUtils.startsWith(str2, HttpClientConstants.WILDCARD_PREFIX_CERTIFICATE) ? StringUtils.substringAfter(str2, HttpClientConstants.WILDCARD_PREFIX_CERTIFICATE) : str2;
                Boolean bool = (Boolean) this.configHelper.getGlobalConfiguration(ConfigurationConstants.TRUST_SSL);
                Boolean bool2 = Boolean.FALSE;
                HostConfiguration uniqueConfigurationForHostname = this.configHelper.getUniqueConfigurationForHostname(substringAfter);
                if (uniqueConfigurationForHostname == null) {
                    log.debug("No config key : '{}' found...Checking other configurations", substringAfter);
                    uniqueConfigurationForHostname = (HostConfiguration) this.configHelper.getAllConfigurations().getHosts().entrySet().stream().filter(entry -> {
                        return ((HostConfiguration) entry.getValue()).getConnection().getTrustSslDomains().contains(substringAfter);
                    }).map((v0) -> {
                        return v0.getValue();
                    }).findFirst().orElse(null);
                }
                if (uniqueConfigurationForHostname != null) {
                    bool2 = uniqueConfigurationForHostname.getConnection().getTrustSsl();
                }
                if (bool.booleanValue() || bool2.booleanValue()) {
                    log.debug("Config key : {}/{} for host {} is Trust={} on {}", new Object[]{ConfigurationConstants.TRUST_SSL, ConfigurationConstants.TRUST_SSL_DOMAIN, str2, bool2, substringAfter});
                    return bool2.booleanValue();
                }
                try {
                    this.systemTrustManager.checkClientTrusted(x509CertificateArr, str);
                    return true;
                } catch (Exception e) {
                    log.warn("Unable to find config key : {}/{} for host {} ; check your HTTP configuration; using system trustStore witch failed", new Object[]{ConfigurationConstants.TRUST_SSL, ConfigurationConstants.TRUST_SSL_DOMAIN, str2, e});
                    return false;
                }
            } catch (Exception e2) {
                log.warn("Unable to auto trust SSL hostname : {}; check your configuration", str2, e2);
                return false;
            }
        } catch (InvalidNameException e3) {
            return false;
        }
    }
}
