package com.spotify.clienttlstools.https;

import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.spotify.clienttlstools.tls.CertKey;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import javax.net.ssl.HttpsURLConnection;
import org.apache.http.ssl.SSLContexts;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/spotify/clienttlstools/https/CertHttpsHandler.class */
abstract class CertHttpsHandler implements HttpsHandler {
    private static final Logger LOG = LoggerFactory.getLogger(CertHttpsHandler.class);
    private static final char[] KEY_STORE_PASSWORD = "FPLSlZQuM3ZCM3SjINSKuWyPK2HeS4".toCharArray();
    private final String user;
    private final boolean failOnCertError;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertHttpsHandler(String str, boolean z) {
        Preconditions.checkArgument(!Strings.isNullOrEmpty(str));
        this.user = str;
        this.failOnCertError = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getUser() {
        return this.user;
    }

    protected abstract CertKey createCertKey() throws IOException, GeneralSecurityException;

    protected abstract String getCertSource();

    @Override // com.spotify.clienttlstools.https.HttpsHandler
    public void handle(HttpsURLConnection httpsURLConnection) {
        try {
            CertKey createCertKey = createCertKey();
            Certificate cert = createCertKey.cert();
            PrivateKey key = createCertKey.key();
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                keyStore.setCertificateEntry("client", cert);
                keyStore.setKeyEntry("key", key, KEY_STORE_PASSWORD, new Certificate[]{cert});
                httpsURLConnection.setSSLSocketFactory(SSLContexts.custom().useProtocol("TLS").loadKeyMaterial(keyStore, KEY_STORE_PASSWORD).build().getSocketFactory());
            } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
                throw new RuntimeException(e);
            }
        } catch (IOException | GeneralSecurityException e2) {
            if (this.failOnCertError) {
                throw new RuntimeException(e2);
            }
            LOG.warn("Error when setting up client certificates fromPaths {}. Error was '{}'. No cert will be sent with request.", getCertSource(), e2.toString());
            LOG.debug("full exception fromPaths setting up ClientCertificate follows", e2);
        }
    }
}
