package nl.altindag.ssl;

import java.io.InputStream;
import java.net.URI;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.Key;
import java.security.KeyStore;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.BiPredicate;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import nl.altindag.ssl.exception.GenericKeyStoreException;
import nl.altindag.ssl.exception.GenericSecurityException;
import nl.altindag.ssl.model.HostnameVerifierParameters;
import nl.altindag.ssl.model.KeyStoreHolder;
import nl.altindag.ssl.model.TrustManagerParameters;
import nl.altindag.ssl.model.internal.SSLMaterial;
import nl.altindag.ssl.sslcontext.FenixSSLContext;
import nl.altindag.ssl.trustmanager.trustoptions.TrustAnchorTrustOptions;
import nl.altindag.ssl.trustmanager.trustoptions.TrustStoreTrustOptions;
import nl.altindag.ssl.trustmanager.validator.ChainAndAuthTypeValidator;
import nl.altindag.ssl.trustmanager.validator.ChainAndAuthTypeWithSSLEngineValidator;
import nl.altindag.ssl.trustmanager.validator.ChainAndAuthTypeWithSocketValidator;
import nl.altindag.ssl.util.HostnameVerifierUtils;
import nl.altindag.ssl.util.KeyManagerUtils;
import nl.altindag.ssl.util.KeyStoreUtils;
import nl.altindag.ssl.util.SSLContextUtils;
import nl.altindag.ssl.util.SSLParametersUtils;
import nl.altindag.ssl.util.SSLSessionUtils;
import nl.altindag.ssl.util.TrustManagerUtils;
import nl.altindag.ssl.util.internal.CollectorsUtils;
import nl.altindag.ssl.util.internal.StringUtils;
import nl.altindag.ssl.util.internal.UriUtils;
import nl.altindag.ssl.util.internal.ValidationUtils;
import org.apache.pinot.spi.config.table.FieldConfig;
import org.glassfish.jersey.SslConfigurator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:nl/altindag/ssl/SSLFactory.class */
public final class SSLFactory {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SSLFactory.class);
    private final SSLMaterial sslMaterial;

    /* loaded from: input_file:nl/altindag/ssl/SSLFactory$Builder.class */
    public static class Builder {
        private static final String TRUST_STORE_VALIDATION_EXCEPTION_MESSAGE = "TrustStore details are empty, which are required to be present when SSL/TLS is enabled";
        private static final String IDENTITY_VALIDATION_EXCEPTION_MESSAGE = "Identity details are empty, which are required to be present when SSL/TLS is enabled";
        private static final String IDENTITY_AND_TRUST_MATERIAL_VALIDATION_EXCEPTION_MESSAGE = "Could not create instance of SSLFactory because Identity and Trust material are not present. Please provide at least a Trust material.";
        private static final String CERTIFICATE_VALIDATION_EXCEPTION_MESSAGE = "Failed to load the certificate(s). No certificate has been provided.";
        private static final String SYSTEM_PROPERTY_VALIDATION_EXCEPTION_MESSAGE = "Failed to load the System property for [%s] because it does not contain any value";
        private String sslContextAlgorithm;
        private Provider securityProvider;
        private String securityProviderName;
        private SecureRandom secureRandom;
        private HostnameVerifier hostnameVerifier;
        private Predicate<HostnameVerifierParameters> hostnameVerifierEnhancer;
        private final List<KeyStoreHolder> identities;
        private final List<KeyStore> trustStores;
        private final List<X509ExtendedKeyManager> identityManagers;
        private final List<X509ExtendedTrustManager> trustManagers;
        private final SSLParameters sslParameters;
        private final Map<String, List<URI>> preferredAliasToHost;
        private final List<String> protocols;
        private final List<String> ciphers;
        private boolean swappableKeyManagerEnabled;
        private boolean swappableTrustManagerEnabled;
        private boolean loggingKeyManagerEnabled;
        private boolean loggingTrustManagerEnabled;
        private int sessionTimeoutInSeconds;
        private int sessionCacheSizeInBytes;
        private ChainAndAuthTypeValidator chainAndAuthTypeValidator;
        private ChainAndAuthTypeWithSocketValidator chainAndAuthTypeWithSocketValidator;
        private ChainAndAuthTypeWithSSLEngineValidator chainAndAuthTypeWithSSLEngineValidator;
        private Predicate<TrustManagerParameters> trustManagerParametersValidator;
        private boolean shouldTrustedCertificatesBeConcealed;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:nl/altindag/ssl/SSLFactory$Builder$QuadConsumer.class */
        public interface QuadConsumer<T, U, V, W> {
            void accept(T t, U u, V v, W w);
        }

        private Builder() {
            this.sslContextAlgorithm = "TLS";
            this.securityProvider = null;
            this.securityProviderName = null;
            this.secureRandom = null;
            this.hostnameVerifier = HostnameVerifierUtils.createDefault();
            this.hostnameVerifierEnhancer = null;
            this.identities = new ArrayList();
            this.trustStores = new ArrayList();
            this.identityManagers = new ArrayList();
            this.trustManagers = new ArrayList();
            this.sslParameters = new SSLParameters();
            this.preferredAliasToHost = new HashMap();
            this.protocols = new ArrayList();
            this.ciphers = new ArrayList();
            this.swappableKeyManagerEnabled = false;
            this.swappableTrustManagerEnabled = false;
            this.loggingKeyManagerEnabled = false;
            this.loggingTrustManagerEnabled = false;
            this.sessionTimeoutInSeconds = -1;
            this.sessionCacheSizeInBytes = -1;
            this.chainAndAuthTypeValidator = null;
            this.chainAndAuthTypeWithSocketValidator = null;
            this.chainAndAuthTypeWithSSLEngineValidator = null;
            this.trustManagerParametersValidator = null;
            this.shouldTrustedCertificatesBeConcealed = false;
        }

        public Builder withSystemTrustMaterial() {
            Optional<X509ExtendedTrustManager> createTrustManagerWithSystemTrustedCertificates = TrustManagerUtils.createTrustManagerWithSystemTrustedCertificates();
            List<X509ExtendedTrustManager> list = this.trustManagers;
            Objects.requireNonNull(list);
            createTrustManagerWithSystemTrustedCertificates.ifPresent((v1) -> {
                r1.add(v1);
            });
            return this;
        }

        public Builder withDefaultTrustMaterial() {
            this.trustManagers.add(TrustManagerUtils.createTrustManagerWithJdkTrustedCertificates());
            return this;
        }

        public Builder withSystemPropertyDerivedTrustMaterial() {
            return withSystemPropertyDerivedMaterial(SslConfigurator.TRUST_STORE_FILE, SslConfigurator.TRUST_STORE_PASSWORD, SslConfigurator.TRUST_STORE_TYPE, SslConfigurator.TRUST_STORE_PROVIDER, this::withTrustMaterial);
        }

        public Builder withUnsafeTrustMaterial() {
            return withTrustingAllCertificatesWithoutValidation();
        }

        public Builder withDummyTrustMaterial() {
            this.trustManagers.add(TrustManagerUtils.createDummyTrustManager());
            return this;
        }

        public Builder withSwappableTrustMaterial() {
            this.swappableTrustManagerEnabled = true;
            return this;
        }

        public Builder withLoggingTrustMaterial() {
            this.loggingTrustManagerEnabled = true;
            return this;
        }

        public <T extends X509TrustManager> Builder withTrustMaterial(T t) {
            this.trustManagers.add(TrustManagerUtils.wrapIfNeeded(t));
            return this;
        }

        public <T extends ManagerFactoryParameters> Builder withTrustMaterial(T t) {
            this.trustManagers.add(TrustManagerUtils.createTrustManager(t));
            return this;
        }

        public <T extends X509TrustManager> Builder withTrustMaterial(T t, TrustStoreTrustOptions<? extends CertPathTrustManagerParameters> trustStoreTrustOptions) {
            return withTrustMaterial(KeyStoreUtils.createTrustStore(t.getAcceptedIssuers()), trustStoreTrustOptions);
        }

        public <T extends TrustManagerFactory> Builder withTrustMaterial(T t) {
            this.trustManagers.add(TrustManagerUtils.getTrustManager(t));
            return this;
        }

        public Builder withTrustMaterial(String str, char[] cArr) {
            return withTrustMaterial(str, cArr, KeyStore.getDefaultType());
        }

        public Builder withTrustMaterial(String str, char[] cArr, TrustStoreTrustOptions<? extends CertPathTrustManagerParameters> trustStoreTrustOptions) {
            return withTrustMaterial(str, cArr, KeyStore.getDefaultType(), trustStoreTrustOptions);
        }

        public Builder withTrustMaterial(String str, char[] cArr, String str2) {
            if (StringUtils.isBlank(str) || StringUtils.isBlank(str2)) {
                throw new GenericKeyStoreException(TRUST_STORE_VALIDATION_EXCEPTION_MESSAGE);
            }
            this.trustStores.add(KeyStoreUtils.loadKeyStore(str, cArr, str2));
            return this;
        }

        public Builder withTrustMaterial(String str, char[] cArr, String str2, TrustStoreTrustOptions<? extends CertPathTrustManagerParameters> trustStoreTrustOptions) {
            if (StringUtils.isBlank(str) || StringUtils.isBlank(str2)) {
                throw new GenericKeyStoreException(TRUST_STORE_VALIDATION_EXCEPTION_MESSAGE);
            }
            return withTrustMaterial(KeyStoreUtils.loadKeyStore(str, cArr, str2), trustStoreTrustOptions);
        }

        public Builder withTrustMaterial(Path path, char[] cArr) {
            return withTrustMaterial(path, cArr, KeyStore.getDefaultType());
        }

        public Builder withTrustMaterial(Path path, char[] cArr, TrustStoreTrustOptions<? extends CertPathTrustManagerParameters> trustStoreTrustOptions) {
            return withTrustMaterial(path, cArr, KeyStore.getDefaultType(), trustStoreTrustOptions);
        }

        public Builder withTrustMaterial(Path path, char[] cArr, String str) {
            if (Objects.isNull(path) || StringUtils.isBlank(str)) {
                throw new GenericKeyStoreException(TRUST_STORE_VALIDATION_EXCEPTION_MESSAGE);
            }
            this.trustStores.add(KeyStoreUtils.loadKeyStore(path, cArr, str));
            return this;
        }

        private Builder withTrustMaterial(Path path, char[] cArr, String str, String str2) {
            if (Objects.isNull(path)) {
                throw new GenericKeyStoreException(TRUST_STORE_VALIDATION_EXCEPTION_MESSAGE);
            }
            KeyStore loadKeyStore = KeyStoreUtils.loadKeyStore(path, cArr, str);
            this.trustManagers.add(str2 == null ? TrustManagerUtils.createTrustManager(loadKeyStore, TrustManagerFactory.getDefaultAlgorithm()) : TrustManagerUtils.createTrustManager(loadKeyStore, TrustManagerFactory.getDefaultAlgorithm(), str2));
            return this;
        }

        public Builder withTrustMaterial(Path path, char[] cArr, String str, TrustStoreTrustOptions<? extends CertPathTrustManagerParameters> trustStoreTrustOptions) {
            if (Objects.isNull(path) || StringUtils.isBlank(str)) {
                throw new GenericKeyStoreException(TRUST_STORE_VALIDATION_EXCEPTION_MESSAGE);
            }
            return withTrustMaterial(KeyStoreUtils.loadKeyStore(path, cArr, str), trustStoreTrustOptions);
        }

        public Builder withTrustMaterial(InputStream inputStream, char[] cArr) {
            return withTrustMaterial(inputStream, cArr, KeyStore.getDefaultType());
        }

        public Builder withTrustMaterial(InputStream inputStream, char[] cArr, TrustStoreTrustOptions<? extends CertPathTrustManagerParameters> trustStoreTrustOptions) {
            return withTrustMaterial(inputStream, cArr, KeyStore.getDefaultType(), trustStoreTrustOptions);
        }

        public Builder withTrustMaterial(InputStream inputStream, char[] cArr, String str) {
            this.trustStores.add(KeyStoreUtils.loadKeyStore(inputStream, cArr, str));
            return this;
        }

        public Builder withTrustMaterial(InputStream inputStream, char[] cArr, String str, TrustStoreTrustOptions<? extends CertPathTrustManagerParameters> trustStoreTrustOptions) {
            return withTrustMaterial(KeyStoreUtils.loadKeyStore(inputStream, cArr, str), trustStoreTrustOptions);
        }

        public Builder withTrustMaterial(KeyStore keyStore) {
            validateKeyStore(keyStore, TRUST_STORE_VALIDATION_EXCEPTION_MESSAGE);
            this.trustStores.add(keyStore);
            return this;
        }

        public Builder withTrustMaterial(KeyStore keyStore, TrustStoreTrustOptions<? extends CertPathTrustManagerParameters> trustStoreTrustOptions) {
            try {
                return withTrustMaterial((Builder) trustStoreTrustOptions.apply(keyStore));
            } catch (Exception e) {
                throw new GenericSecurityException(e);
            }
        }

        public Builder withTrustMaterial(Set<X509Certificate> set, TrustAnchorTrustOptions<? extends CertPathTrustManagerParameters> trustAnchorTrustOptions) {
            try {
                return withTrustMaterial((Builder) trustAnchorTrustOptions.apply((Set<TrustAnchor>) set.stream().map(x509Certificate -> {
                    return new TrustAnchor(x509Certificate, null);
                }).collect(Collectors.toSet())));
            } catch (Exception e) {
                throw new GenericSecurityException(e);
            }
        }

        @SafeVarargs
        public final <T extends Certificate> Builder withTrustMaterial(T... tArr) {
            return withTrustMaterial(Arrays.asList(tArr));
        }

        public final <T extends Certificate> Builder withTrustMaterial(T[] tArr, TrustStoreTrustOptions<? extends CertPathTrustManagerParameters> trustStoreTrustOptions) {
            return withTrustMaterial(Arrays.asList(tArr), trustStoreTrustOptions);
        }

        public <T extends Certificate> Builder withTrustMaterial(List<T> list) {
            this.trustStores.add(KeyStoreUtils.createTrustStore(ValidationUtils.requireNotEmpty(list, CERTIFICATE_VALIDATION_EXCEPTION_MESSAGE)));
            return this;
        }

        public <T extends Certificate> Builder withTrustMaterial(List<T> list, TrustStoreTrustOptions<? extends CertPathTrustManagerParameters> trustStoreTrustOptions) {
            return withTrustMaterial(KeyStoreUtils.createTrustStore(ValidationUtils.requireNotEmpty(list, CERTIFICATE_VALIDATION_EXCEPTION_MESSAGE)), trustStoreTrustOptions);
        }

        public Builder withSystemPropertyDerivedIdentityMaterial() {
            return withSystemPropertyDerivedMaterial(SslConfigurator.KEY_STORE_FILE, SslConfigurator.KEY_STORE_PASSWORD, SslConfigurator.KEY_STORE_TYPE, SslConfigurator.KEY_STORE_PROVIDER, this::withIdentityMaterial);
        }

        public Builder withIdentityMaterial(String str, char[] cArr) {
            return withIdentityMaterial(str, cArr, cArr, KeyStore.getDefaultType());
        }

        public Builder withIdentityMaterial(String str, char[] cArr, char[] cArr2) {
            return withIdentityMaterial(str, cArr, cArr2, KeyStore.getDefaultType());
        }

        public Builder withIdentityMaterial(String str, char[] cArr, String str2) {
            return withIdentityMaterial(str, cArr, cArr, str2);
        }

        public Builder withIdentityMaterial(String str, char[] cArr, char[] cArr2, String str2) {
            if (StringUtils.isBlank(str) || StringUtils.isBlank(str2)) {
                throw new GenericKeyStoreException(IDENTITY_VALIDATION_EXCEPTION_MESSAGE);
            }
            this.identities.add(new KeyStoreHolder(KeyStoreUtils.loadKeyStore(str, cArr, str2), cArr2));
            return this;
        }

        public Builder withIdentityMaterial(Path path, char[] cArr) {
            return withIdentityMaterial(path, cArr, cArr, KeyStore.getDefaultType());
        }

        public Builder withIdentityMaterial(Path path, char[] cArr, char[] cArr2) {
            return withIdentityMaterial(path, cArr, cArr2, KeyStore.getDefaultType());
        }

        public Builder withIdentityMaterial(Path path, char[] cArr, String str) {
            return withIdentityMaterial(path, cArr, cArr, str);
        }

        public Builder withIdentityMaterial(Path path, char[] cArr, char[] cArr2, String str) {
            if (Objects.isNull(path) || StringUtils.isBlank(str)) {
                throw new GenericKeyStoreException(IDENTITY_VALIDATION_EXCEPTION_MESSAGE);
            }
            this.identities.add(new KeyStoreHolder(KeyStoreUtils.loadKeyStore(path, cArr, str), cArr2));
            return this;
        }

        private Builder withIdentityMaterial(Path path, char[] cArr, String str, String str2) {
            if (Objects.isNull(path)) {
                throw new GenericKeyStoreException(IDENTITY_VALIDATION_EXCEPTION_MESSAGE);
            }
            KeyStore loadKeyStore = KeyStoreUtils.loadKeyStore(path, cArr, str);
            this.identityManagers.add(str2 == null ? KeyManagerUtils.createKeyManager(loadKeyStore, cArr, KeyManagerFactory.getDefaultAlgorithm()) : KeyManagerUtils.createKeyManager(loadKeyStore, cArr, KeyManagerFactory.getDefaultAlgorithm(), str2));
            return this;
        }

        public Builder withIdentityMaterial(InputStream inputStream, char[] cArr) {
            return withIdentityMaterial(inputStream, cArr, cArr);
        }

        public Builder withIdentityMaterial(InputStream inputStream, char[] cArr, char[] cArr2) {
            return withIdentityMaterial(inputStream, cArr, cArr2, KeyStore.getDefaultType());
        }

        public Builder withIdentityMaterial(InputStream inputStream, char[] cArr, String str) {
            return withIdentityMaterial(inputStream, cArr, cArr, str);
        }

        public Builder withIdentityMaterial(InputStream inputStream, char[] cArr, char[] cArr2, String str) {
            if (Objects.isNull(inputStream) || StringUtils.isBlank(str)) {
                throw new GenericKeyStoreException(IDENTITY_VALIDATION_EXCEPTION_MESSAGE);
            }
            this.identities.add(new KeyStoreHolder(KeyStoreUtils.loadKeyStore(inputStream, cArr, str), cArr2));
            return this;
        }

        public Builder withIdentityMaterial(KeyStore keyStore, char[] cArr) {
            validateKeyStore(keyStore, IDENTITY_VALIDATION_EXCEPTION_MESSAGE);
            this.identities.add(new KeyStoreHolder(keyStore, cArr));
            return this;
        }

        @SafeVarargs
        public final <T extends Certificate> Builder withIdentityMaterial(Key key, char[] cArr, T... tArr) {
            return withIdentityMaterial(key, cArr, (String) null, tArr);
        }

        @SafeVarargs
        public final <T extends Certificate> Builder withIdentityMaterial(Key key, char[] cArr, String str, T... tArr) {
            return withIdentityMaterial(key, cArr, str, Arrays.asList(tArr));
        }

        public final <T extends Certificate> Builder withIdentityMaterial(Key key, char[] cArr, List<T> list) {
            return withIdentityMaterial(key, cArr, (String) null, list);
        }

        public final <T extends Certificate> Builder withIdentityMaterial(Key key, char[] cArr, String str, List<T> list) {
            this.identities.add(new KeyStoreHolder(KeyStoreUtils.createIdentityStore(key, cArr, str, (List<? extends Certificate>) list), cArr));
            return this;
        }

        public <T extends X509KeyManager> Builder withIdentityMaterial(T t) {
            this.identityManagers.add(KeyManagerUtils.wrapIfNeeded(t));
            return this;
        }

        public <T extends KeyManagerFactory> Builder withIdentityMaterial(T t) {
            this.identityManagers.add(KeyManagerUtils.getKeyManager(t));
            return this;
        }

        public Builder withDummyIdentityMaterial() {
            this.identityManagers.add(KeyManagerUtils.createDummyKeyManager());
            return this;
        }

        public Builder withSwappableIdentityMaterial() {
            this.swappableKeyManagerEnabled = true;
            return this;
        }

        public Builder withLoggingIdentityMaterial() {
            this.loggingKeyManagerEnabled = true;
            return this;
        }

        public Builder withInflatableTrustMaterial() {
            this.trustManagers.add(TrustManagerUtils.createInflatableTrustManager());
            return this;
        }

        @Deprecated
        public Builder withInflatableTrustMaterial(Path path, char[] cArr, String str, BiPredicate<X509Certificate[], String> biPredicate) {
            this.trustManagers.add(TrustManagerUtils.createInflatableTrustManager(path, cArr, str, biPredicate));
            return this;
        }

        public Builder withInflatableTrustMaterial(Path path, char[] cArr, String str, Predicate<TrustManagerParameters> predicate) {
            this.trustManagers.add(TrustManagerUtils.createInflatableTrustManager(path, cArr, str, predicate));
            return this;
        }

        private void validateKeyStore(KeyStore keyStore, String str) {
            if (Objects.isNull(keyStore)) {
                throw new GenericKeyStoreException(str);
            }
        }

        public Builder withIdentityRoute(String str, String... strArr) {
            return withIdentityRoute(str, (List<URI>) Arrays.stream(strArr).map(URI::create).collect(Collectors.toList()));
        }

        public Builder withIdentityRoute(Map<String, List<String>> map) {
            map.entrySet().stream().map(entry -> {
                return new AbstractMap.SimpleEntry((String) entry.getKey(), (List) ((List) entry.getValue()).stream().map(URI::create).collect(Collectors.toList()));
            }).forEach(simpleEntry -> {
                withIdentityRoute((String) simpleEntry.getKey(), (List<URI>) simpleEntry.getValue());
            });
            return this;
        }

        private Builder withIdentityRoute(String str, List<URI> list) {
            if (StringUtils.isBlank(str)) {
                throw new IllegalArgumentException("alias should be present");
            }
            ValidationUtils.requireNotEmpty(list, String.format("At least one host should be present. No host(s) found for the given alias: [%s]", str));
            for (URI uri : list) {
                UriUtils.validate(uri);
                if (this.preferredAliasToHost.containsKey(str)) {
                    this.preferredAliasToHost.get(str).add(uri);
                } else {
                    this.preferredAliasToHost.put(str, new ArrayList(Collections.singletonList(uri)));
                }
            }
            return this;
        }

        public <T extends HostnameVerifier> Builder withHostnameVerifier(T t) {
            this.hostnameVerifier = t;
            return this;
        }

        public Builder withUnsafeHostnameVerifier() {
            this.hostnameVerifier = HostnameVerifierUtils.createUnsafe();
            return this;
        }

        public Builder withHostnameVerifierEnhancer(Predicate<HostnameVerifierParameters> predicate) {
            this.hostnameVerifierEnhancer = predicate;
            return this;
        }

        public Builder withCiphers(String... strArr) {
            this.ciphers.addAll(Arrays.asList(strArr));
            return this;
        }

        public Builder withSystemPropertyDerivedCiphers() {
            this.ciphers.addAll(extractPropertyValues("https.cipherSuites"));
            return this;
        }

        public Builder withProtocols(String... strArr) {
            this.protocols.addAll(Arrays.asList(strArr));
            return this;
        }

        public Builder withSystemPropertyDerivedProtocols() {
            this.protocols.addAll(extractPropertyValues("https.protocols"));
            return this;
        }

        private List<String> extractPropertyValues(String str) {
            return ValidationUtils.requireNotEmpty((List) Arrays.stream(ValidationUtils.requireNotBlank(System.getProperty(str), String.format(SYSTEM_PROPERTY_VALIDATION_EXCEPTION_MESSAGE, str)).split(FieldConfig.TEXT_INDEX_STOP_WORD_SEPERATOR)).map((v0) -> {
                return v0.trim();
            }).filter((v0) -> {
                return StringUtils.isNotBlank(v0);
            }).distinct().collect(Collectors.toList()), String.format(SYSTEM_PROPERTY_VALIDATION_EXCEPTION_MESSAGE, str));
        }

        public Builder withNeedClientAuthentication() {
            return withNeedClientAuthentication(true);
        }

        public Builder withNeedClientAuthentication(boolean z) {
            this.sslParameters.setNeedClientAuth(z);
            return this;
        }

        public Builder withWantClientAuthentication() {
            return withWantClientAuthentication(true);
        }

        public Builder withWantClientAuthentication(boolean z) {
            this.sslParameters.setWantClientAuth(z);
            return this;
        }

        public Builder withSessionTimeout(int i) {
            this.sessionTimeoutInSeconds = i;
            return this;
        }

        public Builder withSessionCacheSize(int i) {
            this.sessionCacheSizeInBytes = i;
            return this;
        }

        public Builder withSslContextAlgorithm(String str) {
            this.sslContextAlgorithm = str;
            return this;
        }

        public <T extends Provider> Builder withSecurityProvider(T t) {
            this.securityProvider = t;
            return this;
        }

        public Builder withSecurityProvider(String str) {
            this.securityProviderName = str;
            return this;
        }

        public <T extends SecureRandom> Builder withSecureRandom(T t) {
            this.secureRandom = t;
            return this;
        }

        public Builder withTrustingAllCertificatesWithoutValidation() {
            this.trustManagers.add(TrustManagerUtils.createUnsafeTrustManager());
            SSLFactory.LOGGER.debug("UnsafeTrustManager is being used. Client/Server certificates will be accepted without validation.");
            return this;
        }

        @Deprecated
        public Builder withTrustEnhancer(ChainAndAuthTypeValidator chainAndAuthTypeValidator) {
            this.chainAndAuthTypeValidator = chainAndAuthTypeValidator;
            return this;
        }

        @Deprecated
        public Builder withTrustEnhancer(ChainAndAuthTypeWithSocketValidator chainAndAuthTypeWithSocketValidator) {
            this.chainAndAuthTypeWithSocketValidator = chainAndAuthTypeWithSocketValidator;
            return this;
        }

        @Deprecated
        public Builder withTrustEnhancer(ChainAndAuthTypeWithSSLEngineValidator chainAndAuthTypeWithSSLEngineValidator) {
            this.chainAndAuthTypeWithSSLEngineValidator = chainAndAuthTypeWithSSLEngineValidator;
            return this;
        }

        public Builder withTrustEnhancer(Predicate<TrustManagerParameters> predicate) {
            this.trustManagerParametersValidator = predicate;
            return this;
        }

        public Builder withConcealedTrustMaterial() {
            this.shouldTrustedCertificatesBeConcealed = true;
            return this;
        }

        private Builder withSystemPropertyDerivedMaterial(String str, String str2, String str3, String str4, QuadConsumer<Path, char[], String, String> quadConsumer) {
            quadConsumer.accept((Path) Optional.ofNullable(System.getProperty(str)).map((v0) -> {
                return v0.trim();
            }).filter((v0) -> {
                return StringUtils.isNotBlank(v0);
            }).map(str5 -> {
                return Paths.get(str5, new String[0]);
            }).orElse(null), (char[]) Optional.ofNullable(System.getProperty(str2)).map((v0) -> {
                return v0.trim();
            }).filter((v0) -> {
                return StringUtils.isNotBlank(v0);
            }).map((v0) -> {
                return v0.toCharArray();
            }).orElse(null), (String) Optional.ofNullable(System.getProperty(str3)).map((v0) -> {
                return v0.trim();
            }).filter((v0) -> {
                return StringUtils.isNotBlank(v0);
            }).orElseGet(KeyStore::getDefaultType), (String) Optional.ofNullable(System.getProperty(str4)).map((v0) -> {
                return v0.trim();
            }).filter((v0) -> {
                return StringUtils.isNotBlank(v0);
            }).orElse(null));
            return this;
        }

        public SSLFactory build() {
            if (!isIdentityMaterialPresent() && !isTrustMaterialPresent()) {
                throw new GenericSecurityException(IDENTITY_AND_TRUST_MATERIAL_VALIDATION_EXCEPTION_MESSAGE);
            }
            X509ExtendedKeyManager createKeyManager = isIdentityMaterialPresent() ? createKeyManager() : null;
            X509ExtendedTrustManager createTrustManager = isTrustMaterialPresent() ? createTrustManager() : null;
            SSLContext createSslContext = SSLContextUtils.createSslContext(createKeyManager, createTrustManager, this.secureRandom, this.sslContextAlgorithm, this.securityProviderName, this.securityProvider);
            if (this.sessionTimeoutInSeconds >= 0) {
                SSLSessionUtils.updateSessionTimeout(createSslContext, this.sessionTimeoutInSeconds);
            }
            if (this.sessionCacheSizeInBytes >= 0) {
                SSLSessionUtils.updateSessionCacheSize(createSslContext, this.sessionCacheSizeInBytes);
            }
            SSLParameters createSslParameters = createSslParameters(createSslContext);
            return new SSLFactory(new SSLMaterial.Builder().withSslContext(new FenixSSLContext(createSslContext, createSslParameters)).withKeyManager(createKeyManager).withTrustManager(createTrustManager).withSslParameters(createSslParameters).withHostnameVerifier((HostnameVerifier) Optional.ofNullable(this.hostnameVerifierEnhancer).map(predicate -> {
                return HostnameVerifierUtils.createEnhanceable(this.hostnameVerifier, predicate);
            }).orElse(this.hostnameVerifier)).withCiphers(Collections.unmodifiableList(Arrays.asList(createSslParameters.getCipherSuites()))).withProtocols(Collections.unmodifiableList(Arrays.asList(createSslParameters.getProtocols()))).build());
        }

        private boolean isTrustMaterialPresent() {
            return (this.trustStores.isEmpty() && this.trustManagers.isEmpty()) ? false : true;
        }

        private boolean isIdentityMaterialPresent() {
            return (this.identities.isEmpty() && this.identityManagers.isEmpty()) ? false : true;
        }

        private X509ExtendedKeyManager createKeyManager() {
            return KeyManagerUtils.keyManagerBuilder().withKeyManagers(this.identityManagers).withIdentities(this.identities).withSwappableKeyManager(this.swappableKeyManagerEnabled).withLoggingKeyManager(this.loggingKeyManagerEnabled).withIdentityRoute(this.preferredAliasToHost).build();
        }

        private X509ExtendedTrustManager createTrustManager() {
            return TrustManagerUtils.trustManagerBuilder().withTrustManagers(this.trustManagers).withTrustStores(this.trustStores).withSwappableTrustManager(this.swappableTrustManagerEnabled).withLoggingTrustManager(this.loggingTrustManagerEnabled).withTrustEnhancer(this.trustManagerParametersValidator).withTrustEnhancer(this.shouldTrustedCertificatesBeConcealed).withTrustEnhancer(this.chainAndAuthTypeValidator).withTrustEnhancer(this.chainAndAuthTypeWithSocketValidator).withTrustEnhancer(this.chainAndAuthTypeWithSSLEngineValidator).build();
        }

        private SSLParameters createSslParameters(SSLContext sSLContext) {
            SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
            List asList = Arrays.asList(defaultSSLParameters.getCipherSuites());
            List asList2 = Arrays.asList(defaultSSLParameters.getProtocols());
            Stream<String> filter = this.ciphers.stream().distinct().filter((v0) -> {
                return StringUtils.isNotBlank(v0);
            });
            Objects.requireNonNull(asList);
            String[] strArr = (String[]) filter.filter((v1) -> {
                return r1.contains(v1);
            }).collect(CollectorsUtils.toStringArray());
            Stream<String> filter2 = this.protocols.stream().distinct().filter((v0) -> {
                return StringUtils.isNotBlank(v0);
            });
            Objects.requireNonNull(asList2);
            String[] strArr2 = (String[]) filter2.filter((v1) -> {
                return r1.contains(v1);
            }).collect(CollectorsUtils.toStringArray());
            this.sslParameters.setCipherSuites(strArr);
            this.sslParameters.setProtocols(strArr2);
            return SSLParametersUtils.merge(this.sslParameters, defaultSSLParameters);
        }
    }

    private SSLFactory(SSLMaterial sSLMaterial) {
        this.sslMaterial = sSLMaterial;
    }

    public SSLContext getSslContext() {
        return this.sslMaterial.getSslContext();
    }

    public SSLSocketFactory getSslSocketFactory() {
        return this.sslMaterial.getSslContext().getSocketFactory();
    }

    public SSLServerSocketFactory getSslServerSocketFactory() {
        return this.sslMaterial.getSslContext().getServerSocketFactory();
    }

    public Optional<X509ExtendedKeyManager> getKeyManager() {
        return Optional.ofNullable(this.sslMaterial.getKeyManager());
    }

    public Optional<KeyManagerFactory> getKeyManagerFactory() {
        return getKeyManager().map((v0) -> {
            return KeyManagerUtils.createKeyManagerFactory(v0);
        });
    }

    public Optional<X509ExtendedTrustManager> getTrustManager() {
        return Optional.ofNullable(this.sslMaterial.getTrustManager());
    }

    public Optional<TrustManagerFactory> getTrustManagerFactory() {
        return getTrustManager().map((v0) -> {
            return TrustManagerUtils.createTrustManagerFactory(v0);
        });
    }

    public List<X509Certificate> getTrustedCertificates() {
        return (List) getTrustManager().map((v0) -> {
            return v0.getAcceptedIssuers();
        }).map((v0) -> {
            return Arrays.asList(v0);
        }).map(Collections::unmodifiableList).orElseGet(Collections::emptyList);
    }

    public HostnameVerifier getHostnameVerifier() {
        return this.sslMaterial.getHostnameVerifier();
    }

    public List<String> getCiphers() {
        return this.sslMaterial.getCiphers();
    }

    public List<String> getProtocols() {
        return this.sslMaterial.getProtocols();
    }

    public SSLParameters getSslParameters() {
        return SSLParametersUtils.copy(this.sslMaterial.getSslParameters());
    }

    public SSLEngine getSSLEngine() {
        return getSSLEngine(null, null);
    }

    public SSLEngine getSSLEngine(String str, Integer num) {
        return (Objects.nonNull(str) && Objects.nonNull(num)) ? this.sslMaterial.getSslContext().createSSLEngine(str, num.intValue()) : this.sslMaterial.getSslContext().createSSLEngine();
    }

    public static Builder builder() {
        return new Builder();
    }
}
