package eu.unicore.security.canl;

import eu.emi.security.authn.x509.X509CertChainValidator;
import eu.emi.security.authn.x509.X509Credential;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import eu.emi.security.authn.x509.impl.FormatMode;
import eu.emi.security.authn.x509.impl.SocketFactoryCreator2;
import eu.unicore.util.httpclient.HostnameMismatchCallbackImpl;
import eu.unicore.util.httpclient.NoAuthKeyManager;
import eu.unicore.util.httpclient.ServerHostnameCheckingMode;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:eu/unicore/security/canl/SSLContextCreator.class */
public class SSLContextCreator {
    public static SSLContext createSSLContext(X509Credential x509Credential, X509CertChainValidator x509CertChainValidator, String str, String str2, Logger logger, ServerHostnameCheckingMode serverHostnameCheckingMode) throws NoSuchAlgorithmException, KeyManagementException {
        X509KeyManager noAuthKeyManager;
        if (x509Credential != null) {
            noAuthKeyManager = x509Credential.getKeyManager();
            if (logger.isTraceEnabled()) {
                debugKS(x509Credential, str2, logger);
            }
        } else {
            noAuthKeyManager = new NoAuthKeyManager();
            logger.trace("Creating SSL context without client's certificate for " + str2);
        }
        LoggingX509TrustManager loggingX509TrustManager = new LoggingX509TrustManager((X509ExtendedTrustManager) new SocketFactoryCreator2(x509CertChainValidator, new HostnameMismatchCallbackImpl(serverHostnameCheckingMode)).getSSLTrustManager(), str2);
        if (logger.isTraceEnabled()) {
            debugTS(x509CertChainValidator, str2, logger);
        }
        SSLContext sSLContext = SSLContext.getInstance(str);
        sSLContext.init(new KeyManager[]{noAuthKeyManager}, new TrustManager[]{loggingX509TrustManager}, null);
        return sSLContext;
    }

    private static void debugTS(X509CertChainValidator x509CertChainValidator, String str, Logger logger) {
        for (X509Certificate x509Certificate : x509CertChainValidator.getTrustedIssuers()) {
            logger.trace("Initially trusted certificates for " + str + ":\n" + CertificateUtils.format(x509Certificate, FormatMode.FULL));
        }
    }

    private static void debugKS(X509Credential x509Credential, String str, Logger logger) {
        logger.trace("Client's certificate chain for " + str + ": " + CertificateUtils.format(CertificateUtils.convertToX509Chain(x509Credential.getCertificateChain()), FormatMode.FULL));
    }
}
