package org.keycloak.admin.client;

import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import java.util.Optional;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.transport.http.HTTPConduit;

/* loaded from: input_file:org/keycloak/admin/client/KeycloakWebClientFactory.class */
public class KeycloakWebClientFactory {
    public static WebClient create(String str, List<Object> list, Optional<String> optional) throws Exception {
        WebClient create = WebClient.create(str, list);
        secure(create, optional);
        return create;
    }

    private static void secure(WebClient webClient, Optional<String> optional) throws Exception {
        HTTPConduit conduit = WebClient.getConfig(webClient).getConduit();
        if (optional.isPresent()) {
            TLSClientParameters tLSClientParameters = new TLSClientParameters();
            tLSClientParameters.setDisableCNCheck(true);
            KeyStore keyStore = KeyStore.getInstance("JKS");
            if (!new File(optional.get()).exists()) {
                throw new Exception("Connot load certificate");
            }
            FileInputStream fileInputStream = new FileInputStream(optional.get());
            try {
                keyStore.load(fileInputStream, null);
                fileInputStream.close();
                tLSClientParameters.setTrustManagers(getTrustManagers(keyStore));
                conduit.setTlsClientParameters(tLSClientParameters);
            } catch (Throwable th) {
                try {
                    fileInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
    }

    private static TrustManager[] getTrustManagers(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }
}
