package net.shibboleth.utilities.java.support.httpclient;

import com.google.common.base.Predicates;
import com.google.common.collect.Collections2;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.apache.http.conn.ssl.X509HostnameVerifier;

/* loaded from: input_file:BOOT-INF/lib/java-support-7.5.2.jar:net/shibboleth/utilities/java/support/httpclient/TLSSocketFactoryBuilder.class */
public class TLSSocketFactoryBuilder {
    private static final String DEFAULT_CONTEXT_PROTOCOL = "TLS";
    private static final X509HostnameVerifier DEFAULT_HOSTNAME_VERIFIER = TLSSocketFactory.STRICT_HOSTNAME_VERIFIER;
    private String sslContextProtocol;
    private String sslContextProvider;
    private List<KeyManager> keyManagers;
    private List<TrustManager> trustManagers;
    private SecureRandom secureRandom;
    private X509HostnameVerifier hostnameVerifier;
    private List<String> enabledProtocols;
    private List<String> enabledCipherSuites;

    @Nullable
    public String getSSLContextProtocol() {
        return this.sslContextProtocol;
    }

    public TLSSocketFactoryBuilder setSSLContextProtocol(@Nullable String str) {
        this.sslContextProtocol = StringSupport.trimOrNull(str);
        return this;
    }

    @Nullable
    public String getSSLContextProvider() {
        return this.sslContextProvider;
    }

    public TLSSocketFactoryBuilder setSSLContextProvider(@Nullable String str) {
        this.sslContextProvider = StringSupport.trimOrNull(str);
        return this;
    }

    @Nullable
    public List<KeyManager> getKeyManagers() {
        return this.keyManagers;
    }

    public TLSSocketFactoryBuilder setKeyManagers(@Nullable List<KeyManager> list) {
        if (list == null) {
            this.keyManagers = null;
        } else {
            this.keyManagers = new ArrayList(Collections2.filter(list, Predicates.notNull()));
            if (this.keyManagers.isEmpty()) {
                this.keyManagers = null;
            }
        }
        return this;
    }

    @Nullable
    public List<TrustManager> getTrustManagers() {
        return this.trustManagers;
    }

    public TLSSocketFactoryBuilder setTrustManagers(@Nullable List<TrustManager> list) {
        if (list == null) {
            this.trustManagers = null;
        } else {
            this.trustManagers = new ArrayList(Collections2.filter(list, Predicates.notNull()));
            if (this.trustManagers.isEmpty()) {
                this.trustManagers = null;
            }
        }
        return this;
    }

    @Nullable
    public SecureRandom getSecureRandom() {
        return this.secureRandom;
    }

    public TLSSocketFactoryBuilder setSecureRandom(@Nullable SecureRandom secureRandom) {
        this.secureRandom = secureRandom;
        return this;
    }

    @Nullable
    public X509HostnameVerifier getHostnameVerifier() {
        return this.hostnameVerifier;
    }

    public TLSSocketFactoryBuilder setHostnameVerifier(@Nullable X509HostnameVerifier x509HostnameVerifier) {
        this.hostnameVerifier = x509HostnameVerifier;
        return this;
    }

    @Nullable
    public List<String> getEnabledProtocols() {
        return this.enabledProtocols;
    }

    public TLSSocketFactoryBuilder setEnabledProtocols(@Nullable List<String> list) {
        this.enabledProtocols = new ArrayList(StringSupport.normalizeStringCollection(list));
        if (this.enabledProtocols.isEmpty()) {
            this.enabledProtocols = null;
        }
        return this;
    }

    @Nullable
    public List<String> getEnabledCipherSuites() {
        return this.enabledCipherSuites;
    }

    public TLSSocketFactoryBuilder setEnabledCipherSuites(@Nullable List<String> list) {
        this.enabledCipherSuites = new ArrayList(StringSupport.normalizeStringCollection(list));
        if (this.enabledCipherSuites.isEmpty()) {
            this.enabledCipherSuites = null;
        }
        return this;
    }

    @Nonnull
    public TLSSocketFactory build() {
        X509HostnameVerifier x509HostnameVerifier = this.hostnameVerifier;
        if (x509HostnameVerifier == null) {
            x509HostnameVerifier = DEFAULT_HOSTNAME_VERIFIER;
        }
        return new TLSSocketFactory(buildSSLContext(), this.enabledProtocols != null ? (String[]) this.enabledProtocols.toArray(new String[0]) : null, this.enabledCipherSuites != null ? (String[]) this.enabledCipherSuites.toArray(new String[0]) : null, x509HostnameVerifier);
    }

    @Nonnull
    protected SSLContext buildSSLContext() {
        String str = this.sslContextProtocol;
        if (str == null) {
            str = "TLS";
        }
        try {
            SSLContext sSLContext = this.sslContextProvider != null ? SSLContext.getInstance(str, this.sslContextProvider) : SSLContext.getInstance(str);
            sSLContext.init(this.keyManagers != null ? (KeyManager[]) this.keyManagers.toArray(new KeyManager[0]) : null, this.trustManagers != null ? (TrustManager[]) this.trustManagers.toArray(new TrustManager[0]) : null, this.secureRandom);
            return sSLContext;
        } catch (KeyManagementException e) {
            throw new RuntimeException("Key Problem initializing SSLContext", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("Problem obtaining SSLContext, unsupported protocol: " + this.sslContextProtocol, e2);
        } catch (NoSuchProviderException e3) {
            throw new RuntimeException("Problem obtaining SSLContext, invalid provider: " + this.sslContextProvider, e3);
        }
    }
}
