package com.newrelic.agent.security.intcodeagent.apache.httpclient;

import com.newrelic.agent.security.deps.org.apache.http.ssl.SSLContextBuilder;
import com.newrelic.agent.security.deps.org.apache.http.ssl.TrustStrategy;
import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool;
import com.newrelic.agent.security.intcodeagent.utils.ResourceUtils;
import com.newrelic.api.agent.security.schema.StringUtils;
import com.newrelic.api.agent.security.utils.logging.LogLevel;
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.LinkedList;
import javax.net.ssl.SSLContext;

/* loaded from: input_file:newrelic-security-agent.jar:com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheSSLManager.class */
public class ApacheSSLManager {
    private static final FileLoggerThreadPool logger = FileLoggerThreadPool.getInstance();

    public static SSLContext createSSLContext(String str) {
        SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
        try {
            if (StringUtils.isNotBlank(str)) {
                logger.log(LogLevel.INFO, String.format("Using ca_bundle_path: %s", str), ApacheSSLManager.class.getName());
                sSLContextBuilder.loadTrustMaterial(getKeyStore(str), (TrustStrategy) null);
            } else {
                logger.log(LogLevel.INFO, "Using nr custom ca from agent resources", ApacheSSLManager.class.getName());
                sSLContextBuilder.loadTrustMaterial(getKeyStore(ResourceUtils.getResourceStreamFromAgentJar("nr-custom-ca.pem")), (TrustStrategy) null);
            }
            return sSLContextBuilder.build();
        } catch (Exception e) {
            logger.log(LogLevel.WARNING, "Unable to create SSL context", e, ApacheSSLManager.class.getName());
            return null;
        }
    }

    private static KeyStore getKeyStore(InputStream inputStream) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        logger.log(LogLevel.FINER, "SSL Keystore Provider: " + keyStore.getProvider().getName(), ApacheSSLManager.class.getName());
        LinkedList<X509Certificate> linkedList = new LinkedList();
        BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
        Throwable th = null;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (bufferedInputStream.available() > 0) {
                try {
                    linkedList.add((X509Certificate) certificateFactory.generateCertificate(bufferedInputStream));
                } catch (Throwable th2) {
                    logger.log(LogLevel.SEVERE, "Unable to generate ca_bundle_path certificate. Verify the certificate format. Will not process further certs.", th2, ApacheSSLManager.class.getName());
                }
            }
            logger.log(!linkedList.isEmpty() ? LogLevel.INFO : LogLevel.SEVERE, String.format("Read ca_bundle_path and found %s certificates.", Integer.valueOf(linkedList.size())), ApacheSSLManager.class.getName());
            keyStore.load(null, null);
            int i = 1;
            for (X509Certificate x509Certificate : linkedList) {
                if (x509Certificate != null) {
                    String str = "ca_bundle_path_" + i;
                    keyStore.setCertificateEntry(str, x509Certificate);
                    logger.log(LogLevel.FINEST, String.format("Installed certificate {0} at alias: {1}", Integer.valueOf(i), str), ApacheSSLManager.class.getName());
                }
                i++;
            }
            return keyStore;
        } finally {
            if (bufferedInputStream != null) {
                if (0 != 0) {
                    try {
                        bufferedInputStream.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                } else {
                    bufferedInputStream.close();
                }
            }
        }
    }

    private static KeyStore getKeyStore(String str) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        logger.log(LogLevel.FINEST, String.format("Checking ca_bundle_path at: %s", str), ApacheSSLManager.class.getName());
        return getKeyStore(new FileInputStream(str));
    }
}
