package net.shibboleth.utilities.java.support.httpclient;

import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.conn.ssl.StrictHostnameVerifier;

/* loaded from: input_file:BOOT-INF/lib/java-support-7.2.0.jar:net/shibboleth/utilities/java/support/httpclient/HttpClientSupport.class */
public final class HttpClientSupport {
    private HttpClientSupport() {
    }

    public static LayeredConnectionSocketFactory buildStrictTLSSocketFactory() {
        return new TLSSocketFactoryBuilder().setHostnameVerifier(new StrictHostnameVerifier()).build();
    }

    public static LayeredConnectionSocketFactory buildNoTrustTLSSocketFactory() {
        return new TLSSocketFactoryBuilder().setTrustManagers(Collections.singletonList(buildNoTrustX509TrustManager())).setHostnameVerifier(new AllowAllHostnameVerifier()).build();
    }

    @Deprecated
    public static SSLConnectionSocketFactory buildStrictSSLConnectionSocketFactory() {
        return new SSLConnectionSocketFactory(SSLContexts.createDefault(), SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER);
    }

    @Deprecated
    public static SSLConnectionSocketFactory buildNoTrustSSLConnectionSocketFactory() {
        X509TrustManager buildNoTrustX509TrustManager = buildNoTrustX509TrustManager();
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{buildNoTrustX509TrustManager}, null);
            return new SSLConnectionSocketFactory(sSLContext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        } catch (KeyManagementException e) {
            throw new RuntimeException("Some how the trust everything trust manager didn't trust everything", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("TLS SSLContext type is required to be supported by the JVM but is not", e2);
        }
    }

    public static X509TrustManager buildNoTrustX509TrustManager() {
        return new X509TrustManager() { // from class: net.shibboleth.utilities.java.support.httpclient.HttpClientSupport.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }
        };
    }
}
