package co.elastic.apm.agent.report.ssl;

import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Objects;
import javax.annotation.Nullable;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.logging.log4j.core.net.ssl.SslConfigurationDefaults;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:agent/co/elastic/apm/agent/report/ssl/SslUtils.esclazz */
public class SslUtils {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) SslUtils.class);
    private static final X509TrustManager X_509_TRUST_ALL = new X509TrustManager() { // from class: co.elastic.apm.agent.report.ssl.SslUtils.1
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    };
    private static final HostnameVerifier TRUST_ALL_HOSTNAME_VERIFIER = new HostnameVerifier() { // from class: co.elastic.apm.agent.report.ssl.SslUtils.2
        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }
    };
    private static boolean warningLogged = false;

    @Nullable
    private static final SSLSocketFactory validateSocketFactory;

    @Nullable
    private static final SSLSocketFactory trustAllSocketFactory;

    @Nullable
    public static SSLSocketFactory getSSLSocketFactory(boolean z) {
        if (z) {
            return validateSocketFactory;
        }
        if (trustAllSocketFactory == null && !warningLogged) {
            logger.warn("The \"verify_server_cert\" configuration option is set to \"false\", but this agent may not be able to communicate with APM Server without verifying the server certificates.");
            warningLogged = true;
        }
        return trustAllSocketFactory;
    }

    @Nullable
    private static SSLSocketFactory createSocketFactory(TrustManager[] trustManagerArr) throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sSLContext;
        try {
            sSLContext = SSLContext.getInstance(SslConfigurationDefaults.PROTOCOL);
        } catch (NoSuchAlgorithmException e) {
            logger.info("SSL is not supported, trying to use TLS instead.");
            sSLContext = SSLContext.getInstance("TLS");
        }
        sSLContext.init(null, trustManagerArr, new SecureRandom());
        return sSLContext.getSocketFactory();
    }

    public static SSLSocketFactory createTrustAllSocketFactory() throws NoSuchAlgorithmException, KeyManagementException {
        return (SSLSocketFactory) Objects.requireNonNull(createSocketFactory(new TrustManager[]{X_509_TRUST_ALL}));
    }

    public static HostnameVerifier getTrustAllHostnameVerifier() {
        return TRUST_ALL_HOSTNAME_VERIFIER;
    }

    public static X509TrustManager getTrustAllManager() {
        return X_509_TRUST_ALL;
    }

    static {
        TLSFallbackSSLSocketFactory tLSFallbackSSLSocketFactory = null;
        try {
            tLSFallbackSSLSocketFactory = TLSFallbackSSLSocketFactory.wrapFactory(createSocketFactory(null));
        } catch (Exception e) {
            logger.warn("Failed to construct a Socket factory with the following error: \"" + e.getMessage() + "\". Agent communication with APM Server may not be able to authenticate the server certificate. See documentation for the \"verify_server_cert\" configuration option for optional workaround", (Throwable) e);
        }
        validateSocketFactory = tLSFallbackSSLSocketFactory;
        TLSFallbackSSLSocketFactory tLSFallbackSSLSocketFactory2 = null;
        try {
            tLSFallbackSSLSocketFactory2 = TLSFallbackSSLSocketFactory.wrapFactory(createSocketFactory(new TrustManager[]{X_509_TRUST_ALL}));
        } catch (Exception e2) {
            logger.info("Failed to construct a trust-all Socket factory with the following error: \"{}\". Agent communication with the APM Server must verify the server certificate, meaning - the \"verify_server_cert\" configuration option must be set to \"true\"", e2.getMessage());
            logger.debug("Socket factory creation error stack trace: ", (Throwable) e2);
        }
        trustAllSocketFactory = tLSFallbackSSLSocketFactory2;
    }
}
