package com.newrelic.agent.transport.apache;

import com.newrelic.agent.Agent;
import com.newrelic.agent.deps.org.apache.http.ssl.SSLContextBuilder;
import com.newrelic.agent.deps.org.apache.http.ssl.TrustStrategy;
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.LinkedList;
import java.util.logging.Level;
import javax.net.ssl.SSLContext;

/* loaded from: input_file:com/newrelic/agent/transport/apache/ApacheSSLManager.class */
public class ApacheSSLManager {
    public static SSLContext createSSLContext(boolean z, String str) {
        SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
        if (z && str != null) {
            try {
                sSLContextBuilder.loadTrustMaterial(getKeyStore(str), (TrustStrategy) null);
            } catch (Exception e) {
                Agent.LOG.log(Level.WARNING, e, "Unable to create SSL context");
                return null;
            }
        }
        return sSLContextBuilder.build();
    }

    private static KeyStore getKeyStore(String str) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        Agent.LOG.finer("SSL Keystore Provider: " + keyStore.getProvider().getName());
        LinkedList<X509Certificate> linkedList = new LinkedList();
        if (str != null) {
            Agent.LOG.log(Level.FINEST, "Checking ca_bundle_path at: {0}", str);
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str));
            Throwable th = null;
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                while (bufferedInputStream.available() > 0) {
                    try {
                        linkedList.add((X509Certificate) certificateFactory.generateCertificate(bufferedInputStream));
                    } catch (Throwable th2) {
                        Agent.LOG.log(Level.SEVERE, "Unable to generate ca_bundle_path certificate. Will not process further certs.", th2);
                    }
                }
                Agent.LOG.log(linkedList.size() > 0 ? Level.INFO : Level.SEVERE, "Read ca_bundle_path {0} and found {1} certificates.", str, Integer.valueOf(linkedList.size()));
                keyStore.load(null, null);
                int i = 1;
                for (X509Certificate x509Certificate : linkedList) {
                    if (x509Certificate != null) {
                        String str2 = "ca_bundle_path_" + i;
                        keyStore.setCertificateEntry(str2, x509Certificate);
                        Agent.LOG.log(Level.FINEST, "Installed certificate {0} at alias: {1}", Integer.valueOf(i), str2);
                        if (Agent.isDebugEnabled()) {
                            Agent.LOG.log(Level.FINEST, "Installed certificate {0} at alias: {1}", x509Certificate, str2);
                        }
                    }
                    i++;
                }
            } finally {
                if (bufferedInputStream != null) {
                    if (0 != 0) {
                        try {
                            bufferedInputStream.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        bufferedInputStream.close();
                    }
                }
            }
        }
        return keyStore;
    }
}
