package org.apache.nifi.security.util;

import java.security.UnrecoverableKeyException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
import org.apache.nifi.processor.exception.ProcessException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/security/util/OkHttpClientUtils.class */
public class OkHttpClientUtils {
    private static final Logger logger = LoggerFactory.getLogger(OkHttpClientUtils.class);

    public static boolean applyTlsToOkHttpClientBuilder(TlsConfiguration tlsConfiguration, OkHttpClient.Builder builder) {
        SSLContext createSslContext;
        try {
            X509TrustManager x509TrustManager = SslContextFactory.getX509TrustManager(tlsConfiguration);
            if (x509TrustManager == null || (createSslContext = SslContextFactory.createSslContext(tlsConfiguration, new TrustManager[]{x509TrustManager})) == null) {
                return false;
            }
            builder.sslSocketFactory(createSslContext.getSocketFactory(), x509TrustManager);
            return true;
        } catch (TlsException e) {
            if (e.getCause() instanceof UnrecoverableKeyException) {
                logger.error("Key password may be incorrect or not set. Check your keystore passwords." + e.getMessage());
                return false;
            }
            logger.error("Encountered an error configuring TLS: {}", e.getLocalizedMessage());
            throw new ProcessException("Error configuring TLS", e);
        }
    }
}
