package com.networknt.aws.lambda;

import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.time.Duration;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.owasp.encoder.Encode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/aws/lambda/LambdaJdkClient.class */
public class LambdaJdkClient {
    private static final String TRUST_STORE_PROPERTY = "javax.net.ssl.trustStore";
    private static final String TRUST_STORE_PASSWORD_PROPERTY = "javax.net.ssl.trustStorePassword";
    private static final String TRUST_STORE_PASS = "truststorePass";
    private static final String TRUST_STORE_NAME = "truststoreName";
    private static final String JWK_URL = "jwkUrl";
    private static final Logger logger = LoggerFactory.getLogger(LambdaJdkClient.class);
    private static Map<String, Object> configMap = null;
    private static final LambdaJdkClient INSTANCE = new LambdaJdkClient();

    private LambdaJdkClient() {
    }

    public static LambdaJdkClient getInstance(String str) {
        configMap = Configuration.getInstance().getStageConfig(str);
        return INSTANCE;
    }

    public static SSLContext createSSLContext() throws IOException {
        TrustManager[] trustManagerArr = null;
        try {
            String property = System.getProperty(TRUST_STORE_PROPERTY);
            String property2 = System.getProperty(TRUST_STORE_PASSWORD_PROPERTY);
            if (property == null || property2 == null) {
                property = (String) configMap.get(TRUST_STORE_NAME);
                if (property == null) {
                    logger.error("ERR10057 Config property truststoreName is missing in app.xml");
                }
                property2 = (String) configMap.get(TRUST_STORE_PASS);
                if (property2 == null) {
                    logger.error("ERR10057 Config property truststorePass is missing in app.xml");
                }
                if (logger.isInfoEnabled()) {
                    logger.info("Loading trust store from config at " + Encode.forJava(property));
                }
            } else if (logger.isInfoEnabled()) {
                logger.info("Loading trust store from system property at " + Encode.forJava(property));
            }
            if (property != null && property2 != null) {
                KeyStore loadTrustStore = loadTrustStore(property, property2.toCharArray());
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(loadTrustStore);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            }
            try {
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(null, trustManagerArr, null);
                return sSLContext;
            } catch (KeyManagementException | NoSuchAlgorithmException e) {
                throw new IOException("Unable to create and initialise the SSLContext", e);
            }
        } catch (KeyStoreException | NoSuchAlgorithmException e2) {
            throw new IOException("Unable to initialise TrustManager[]", e2);
        }
    }

    public static KeyStore loadTrustStore(String str, char[] cArr) {
        try {
            InputStream resourceAsStream = Configuration.class.getClassLoader().getResourceAsStream(str);
            try {
                if (resourceAsStream == null) {
                    String str2 = "Unable to load truststore '" + str + "', please provide the truststore matching the configuration in app.yml to enable TLS connection.";
                    if (logger.isErrorEnabled()) {
                        logger.error(str2);
                    }
                    throw new RuntimeException(str2);
                }
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(resourceAsStream, cArr);
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
                return keyStore;
            } finally {
            }
        } catch (Exception e) {
            logger.error("Unable to load truststore " + str, e);
            throw new RuntimeException("Unable to load truststore " + str, e);
        }
    }

    public static String getKey() {
        String str = (String) configMap.get(JWK_URL);
        if (str == null) {
            logger.error("ERR10057 Config property jwkUrl is missing in app.xml");
        }
        try {
            HttpClient.Builder sslContext = HttpClient.newBuilder().followRedirects(HttpClient.Redirect.NORMAL).connectTimeout(Duration.ofMillis(3000L)).sslContext(createSSLContext());
            sslContext.version(HttpClient.Version.HTTP_2);
            return (String) sslContext.build().sendAsync(HttpRequest.newBuilder().GET().uri(URI.create(str)).build(), HttpResponse.BodyHandlers.ofString()).thenApply((v0) -> {
                return v0.body();
            }).get(5000L, TimeUnit.MILLISECONDS);
        } catch (Exception e) {
            logger.error("Exception:", e);
            return null;
        }
    }
}
