package io.harness.cfsdk.utils;

import ag.c;
import ag.e;
import io.harness.cfsdk.CfConfiguration;
import io.harness.cfsdk.cloud.openapi.client.ApiClient;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;

/* loaded from: classes3.dex */
public class TlsUtils {
    private static final c log = e.k(TlsUtils.class);

    private TlsUtils() {
    }

    private static byte[] certToByteArray(X509Certificate x509Certificate) {
        try {
            return x509Certificate.getEncoded();
        } catch (Exception e10) {
            throw new RuntimeException(e10);
        }
    }

    public static void setupTls(ApiClient apiClient, CfConfiguration cfConfiguration) {
        List<X509Certificate> tlsTrustedCAs;
        if (cfConfiguration == null || (tlsTrustedCAs = cfConfiguration.getTlsTrustedCAs()) == null || tlsTrustedCAs.isEmpty()) {
            return;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Iterator<X509Certificate> it = tlsTrustedCAs.iterator();
        while (it.hasNext()) {
            byte[] certToByteArray = certToByteArray(it.next());
            byteArrayOutputStream.write(certToByteArray, 0, certToByteArray.length);
        }
        apiClient.setSslCaCert(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
    }

    public static void setupTls(io.harness.cfsdk.cloud.openapi.metric.ApiClient apiClient, CfConfiguration cfConfiguration) {
        List<X509Certificate> tlsTrustedCAs;
        if (cfConfiguration == null || (tlsTrustedCAs = cfConfiguration.getTlsTrustedCAs()) == null || tlsTrustedCAs.isEmpty()) {
            return;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Iterator<X509Certificate> it = tlsTrustedCAs.iterator();
        while (it.hasNext()) {
            byte[] certToByteArray = certToByteArray(it.next());
            byteArrayOutputStream.write(certToByteArray, 0, certToByteArray.length);
        }
        apiClient.setSslCaCert(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
    }

    public static void setupTls(OkHttpClient.Builder builder, List<X509Certificate> list) {
        if (list != null) {
            try {
                if (list.isEmpty()) {
                    return;
                }
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                for (int i10 = 0; i10 < list.size(); i10++) {
                    keyStore.setCertificateEntry("ca" + i10, list.get(i10));
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(null, trustManagers, new SecureRandom());
                builder.sslSocketFactory(sSLContext.getSocketFactory(), (X509TrustManager) trustManagers[0]);
            } catch (IOException | GeneralSecurityException e10) {
                String str = "Failed to setup TLS on SSE endpoint: " + e10.getMessage();
                log.a("Failed to setup TLS on SSE endpoint: {}", str);
                throw new RuntimeException(str, e10);
            }
        }
    }
}
