package org.apache.nifi.web.util;

import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.config.ClientConfig;
import com.sun.jersey.api.client.config.DefaultClientConfig;
import com.sun.jersey.client.urlconnection.HTTPSProperties;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.security.util.CertificateUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/web/util/WebUtils.class */
public final class WebUtils {
    private static Logger logger = LoggerFactory.getLogger(WebUtils.class);
    static final ReadWriteLock lock = new ReentrantReadWriteLock();

    private WebUtils() {
    }

    public static Client createClient(ClientConfig clientConfig) {
        return createClientHelper(clientConfig, null);
    }

    public static Client createClient(ClientConfig clientConfig, SSLContext sSLContext) {
        return createClientHelper(clientConfig, sSLContext);
    }

    private static Client createClientHelper(ClientConfig clientConfig, SSLContext sSLContext) {
        ClientConfig defaultClientConfig = clientConfig == null ? new DefaultClientConfig() : clientConfig;
        if (sSLContext != null && StringUtils.isBlank((String) defaultClientConfig.getProperty("com.sun.jersey.client.impl.urlconnection.httpsProperties"))) {
            defaultClientConfig.getProperties().put("com.sun.jersey.client.impl.urlconnection.httpsProperties", new HTTPSProperties(new HostnameVerifier() { // from class: org.apache.nifi.web.util.WebUtils.1
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    try {
                        for (Certificate certificate : sSLSession.getPeerCertificates()) {
                            if ((certificate instanceof X509Certificate) && CertificateUtils.getSubjectAlternativeNames((X509Certificate) certificate).contains(str.toLowerCase())) {
                                return true;
                            }
                        }
                        return false;
                    } catch (CertificateParsingException | SSLPeerUnverifiedException e) {
                        WebUtils.logger.warn("Hostname Verification encountered exception verifying hostname due to: " + e, e);
                        return false;
                    }
                }
            }, sSLContext));
        }
        defaultClientConfig.getFeatures().put("com.sun.jersey.api.json.POJOMappingFeature", Boolean.TRUE);
        defaultClientConfig.getClasses().add(ObjectMapperResolver.class);
        return Client.create(defaultClientConfig);
    }
}
