package org.eclipse.smarthome.io.net.http.internal;

import java.net.Socket;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.Objects;
import java.util.Queue;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.stream.Stream;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedTrustManager;
import org.eclipse.smarthome.io.net.http.TlsCertificateProvider;
import org.eclipse.smarthome.io.net.http.TlsTrustManagerProvider;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {ExtensibleTrustManager.class}, immediate = true)
/* loaded from: input_file:org/eclipse/smarthome/io/net/http/internal/ExtensibleTrustManager.class */
public class ExtensibleTrustManager extends X509ExtendedTrustManager {
    private static final Queue<X509ExtendedTrustManager> EMPTY_QUEUE = new ConcurrentLinkedQueue();
    private final Logger logger = LoggerFactory.getLogger(ExtensibleTrustManager.class);
    private final X509ExtendedTrustManager defaultTrustManager = TrustManagerUtil.keyStoreToTrustManager(null);
    private final Map<String, Queue<X509ExtendedTrustManager>> linkedTrustManager = new ConcurrentHashMap();
    private final Map<TlsCertificateProvider, X509ExtendedTrustManager> mappingFromTlsCertificateProvider = new ConcurrentHashMap();

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkClientTrusted(x509CertificateArr, str, (Socket) null);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkServerTrusted(x509CertificateArr, str, (Socket) null);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.defaultTrustManager.getAcceptedIssuers();
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        X509ExtendedTrustManager linkedTrustMananger = getLinkedTrustMananger(x509CertificateArr);
        if (linkedTrustMananger != null) {
            linkedTrustMananger.checkClientTrusted(x509CertificateArr, str, socket);
        } else {
            this.logger.trace("No specific trust manager found, falling back to default");
            this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str, socket);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        X509ExtendedTrustManager linkedTrustMananger = getLinkedTrustMananger(x509CertificateArr);
        if (linkedTrustMananger != null) {
            linkedTrustMananger.checkClientTrusted(x509CertificateArr, str, sSLEngine);
        } else {
            this.logger.trace("No specific trust manager found, falling back to default");
            this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str, sSLEngine);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        X509ExtendedTrustManager linkedTrustMananger = getLinkedTrustMananger(x509CertificateArr);
        if (linkedTrustMananger != null) {
            linkedTrustMananger.checkServerTrusted(x509CertificateArr, str, socket);
        } else {
            this.logger.trace("No specific trust manager found, falling back to default");
            this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str, socket);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        X509ExtendedTrustManager linkedTrustMananger = getLinkedTrustMananger(x509CertificateArr);
        if (linkedTrustMananger != null) {
            linkedTrustMananger.checkServerTrusted(x509CertificateArr, str, sSLEngine);
        } else {
            this.logger.trace("No specific trust manager found, falling back to default");
            this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str, sSLEngine);
        }
    }

    private X509ExtendedTrustManager getLinkedTrustMananger(X509Certificate[] x509CertificateArr) {
        try {
            String commonName = getCommonName(x509CertificateArr[0]);
            X509ExtendedTrustManager peek = this.linkedTrustManager.getOrDefault(commonName, EMPTY_QUEUE).peek();
            if (peek != null) {
                this.logger.trace("Found trustManager by common name: {}", commonName);
                return peek;
            }
            this.logger.trace("Searching trustManager by Subject Alternative Names: {}", x509CertificateArr[0].getSubjectAlternativeNames());
            Stream map = x509CertificateArr[0].getSubjectAlternativeNames().stream().map(list -> {
                return list.get(1);
            }).map((v0) -> {
                return v0.toString();
            });
            Map<String, Queue<X509ExtendedTrustManager>> map2 = this.linkedTrustManager;
            map2.getClass();
            return (X509ExtendedTrustManager) map.map((v1) -> {
                return r1.get(v1);
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).map((v0) -> {
                return v0.peek();
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).findFirst().orElse(null);
        } catch (CertificateParsingException e) {
            throw new IllegalStateException("Problem while parsing certificate", e);
        }
    }

    private String getCommonName(X509Certificate x509Certificate) {
        for (String str : x509Certificate.getSubjectX500Principal().getName("RFC2253").split(",")) {
            if (str.contains("CN=")) {
                return str.trim().replace("CN=", "");
            }
        }
        throw new IllegalStateException("No Common Name found");
    }

    @Reference(cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC)
    protected void addTlsCertificateProvider(TlsCertificateProvider tlsCertificateProvider) {
        X509ExtendedTrustManager trustManager = new TlsCertificateTrustManagerAdapter(tlsCertificateProvider).getTrustManager();
        this.mappingFromTlsCertificateProvider.put(tlsCertificateProvider, trustManager);
        addLinkedTrustManager(tlsCertificateProvider.getHostName(), trustManager);
    }

    protected void removeTlsCertificateProvider(TlsCertificateProvider tlsCertificateProvider) {
        removeLinkedTrustManager(tlsCertificateProvider.getHostName(), this.mappingFromTlsCertificateProvider.remove(tlsCertificateProvider));
    }

    @Reference(cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC)
    protected void addTlsTrustManagerProvider(TlsTrustManagerProvider tlsTrustManagerProvider) {
        addLinkedTrustManager(tlsTrustManagerProvider.getHostName(), tlsTrustManagerProvider.getTrustManager());
    }

    protected void removeTlsTrustManagerProvider(TlsTrustManagerProvider tlsTrustManagerProvider) {
        removeLinkedTrustManager(tlsTrustManagerProvider.getHostName(), tlsTrustManagerProvider.getTrustManager());
    }

    private void addLinkedTrustManager(String str, X509ExtendedTrustManager x509ExtendedTrustManager) {
        this.linkedTrustManager.computeIfAbsent(str, str2 -> {
            return new ConcurrentLinkedQueue();
        }).add(x509ExtendedTrustManager);
    }

    private void removeLinkedTrustManager(String str, X509ExtendedTrustManager x509ExtendedTrustManager) {
        this.linkedTrustManager.computeIfAbsent(str, str2 -> {
            return new ConcurrentLinkedQueue();
        }).remove(x509ExtendedTrustManager);
    }
}
