package com.ibm.ws.security.common.jwk.impl;

import com.ibm.ejs.ras.TraceNLS;
import com.ibm.json.java.JSONArray;
import com.ibm.json.java.JSONObject;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ssl.JSSEHelper;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.jwk.interfaces.JWK;
import com.ibm.ws.security.common.jwk.internal.JwkConstants;
import com.ibm.wsspi.ssl.SSLSupport;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URL;
import java.security.AccessController;
import java.security.KeyStoreException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.net.ssl.SSLSocketFactory;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.StrictHostnameVerifier;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/common/jwk/impl/JwKRetriever.class */
public class JwKRetriever {
    private static final TraceComponent tc = Tr.register(JwKRetriever.class);
    static final String PEM_BEGIN_TOKEN = "-----BEGIN";
    static final String PEM_END_TOKEN = "--END--";
    static final String JWKS = "keys";
    static final String JSON_START = "{";
    String configId;
    String sslConfigurationName;
    String jwkEndpointUrl;
    String sigAlg;
    JWKSet jwkSet;
    SSLSupport sslSupport;
    String keyFileName;
    boolean hostNameVerificationEnabled;
    String jwkClientId;
    String jwkClientSecret;
    String keyLocation;
    String publicKeyText;
    String locationUsed;
    static final long serialVersionUID = -6699821680742349711L;

    public JwKRetriever(String str, String str2, String str3, JWKSet jWKSet, SSLSupport sSLSupport, boolean z, String str4, @Sensitive String str5) {
        this.configId = null;
        this.sslConfigurationName = null;
        this.jwkEndpointUrl = null;
        this.sigAlg = "RS256";
        this.jwkSet = null;
        this.sslSupport = null;
        this.keyFileName = null;
        this.hostNameVerificationEnabled = true;
        this.jwkClientId = null;
        this.jwkClientSecret = null;
        this.keyLocation = null;
        this.publicKeyText = null;
        this.locationUsed = null;
        this.configId = str;
        this.sslConfigurationName = str2;
        this.jwkEndpointUrl = str3;
        this.jwkSet = jWKSet;
        this.sslSupport = sSLSupport;
        this.hostNameVerificationEnabled = z;
        this.jwkClientId = str4;
        this.jwkClientSecret = str5;
    }

    public JwKRetriever(String str, String str2, String str3, JWKSet jWKSet, SSLSupport sSLSupport, boolean z, String str4, @Sensitive String str5, String str6, String str7) {
        this.configId = null;
        this.sslConfigurationName = null;
        this.jwkEndpointUrl = null;
        this.sigAlg = "RS256";
        this.jwkSet = null;
        this.sslSupport = null;
        this.keyFileName = null;
        this.hostNameVerificationEnabled = true;
        this.jwkClientId = null;
        this.jwkClientSecret = null;
        this.keyLocation = null;
        this.publicKeyText = null;
        this.locationUsed = null;
        this.configId = str;
        this.sslConfigurationName = str2;
        this.jwkEndpointUrl = str3;
        this.jwkSet = jWKSet;
        this.sslSupport = sSLSupport;
        this.hostNameVerificationEnabled = z;
        this.jwkClientId = str4;
        this.jwkClientSecret = str5;
        this.publicKeyText = str6;
        this.keyLocation = str7;
    }

    public PublicKey getPublicKeyFromJwk(String str, String str2, boolean z) throws PrivilegedActionException, IOException, KeyStoreException, InterruptedException {
        return getPublicKeyFromJwk(str, str2, null, z);
    }

    @FFDCIgnore({KeyStoreException.class})
    public PublicKey getPublicKeyFromJwk(String str, String str2, String str3, boolean z) throws PrivilegedActionException, IOException, KeyStoreException, InterruptedException {
        PublicKey publicKey = null;
        KeyStoreException keyStoreException = null;
        InterruptedException interruptedException = null;
        try {
            publicKey = remoteHttpCall(this.jwkEndpointUrl, this.publicKeyText, this.keyLocation) ? getJwkRemote(str, str2, str3, z) : getJwkLocal(str, str2, this.publicKeyText, this.keyLocation, str3);
        } catch (InterruptedException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.common.jwk.impl.JwKRetriever", "158", this, new Object[]{str, str2, str3, Boolean.valueOf(z)});
            interruptedException = e;
        } catch (KeyStoreException e2) {
            keyStoreException = e2;
        }
        if (publicKey == null) {
            if (keyStoreException != null) {
                throw keyStoreException;
            }
            if (interruptedException != null) {
                throw interruptedException;
            }
        }
        return publicKey;
    }

    protected PublicKey getJwkCache(String str, String str2) {
        return str != null ? this.jwkSet.getPublicKeyByKid(str) : str2 != null ? this.jwkSet.getPublicKeyByx5t(str2) : this.jwkSet.getPublicKeyByKid(null);
    }

    private PublicKey getJwkFromJWKSet(String str, String str2, String str3, String str4) {
        return str2 != null ? this.jwkSet.getPublicKeyBySetIdAndKid(str, str2) : str3 != null ? this.jwkSet.getPublicKeyBySetIdAndx5t(str, str3) : str4 != null ? this.jwkSet.getPublicKeyBySetIdAndUse(str, str4) : this.jwkSet.getPublicKeyBySetId(str);
    }

    protected boolean remoteHttpCall(String str, String str2, String str3) {
        boolean z = true;
        if (str == null) {
            if (str2 != null) {
                z = false;
            } else if (str3 != null && !str3.startsWith("http")) {
                z = false;
            }
        }
        return z;
    }

    @FFDCIgnore({Exception.class})
    protected PublicKey getPublicKeyFromFile(String str, String str2, String str3, String str4) {
        InputStream inputStream;
        PublicKey publicKey = null;
        try {
            String str5 = Thread.currentThread().getContextClassLoader().toString() + str;
            File file = new File(str.startsWith("file:") ? new URI(str).getPath() : str);
            String canonicalPath = file.getCanonicalPath();
            synchronized (this.jwkSet) {
                publicKey = getJwkFromJWKSet(canonicalPath, str2, str3, str4);
                if (publicKey == null) {
                    publicKey = getJwkFromJWKSet(str5, str2, str3, str4);
                }
                if (publicKey == null && (inputStream = getInputStream(file, canonicalPath, str, str5)) != null) {
                    parseJwk(getKeyAsString(inputStream), null, this.jwkSet, this.sigAlg);
                    publicKey = getJwkFromJWKSet(this.locationUsed, str2, str3, str4);
                }
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught exception opening file from location [" + str + "]: " + e.getMessage(), new Object[0]);
            }
        }
        return publicKey;
    }

    @FFDCIgnore({PrivilegedActionException.class})
    protected InputStream getInputStream(final File file, String str, String str2, String str3) throws IOException {
        if (file != null) {
            FileInputStream fileInputStream = null;
            try {
                fileInputStream = (FileInputStream) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.security.common.jwk.impl.JwKRetriever.1
                    static final long serialVersionUID = 692077785079817151L;
                    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        if (file.exists()) {
                            return new FileInputStream(file);
                        }
                        return null;
                    }
                });
            } catch (PrivilegedActionException e) {
            }
            if (fileInputStream != null) {
                this.locationUsed = str;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "input stream obtained from file system and locationUsed set to: " + this.locationUsed, new Object[0]);
                }
                return fileInputStream;
            }
        }
        URL resource = Thread.currentThread().getContextClassLoader().getResource(str2);
        this.locationUsed = str3;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "input stream obtained from classloader and  locationUsed set to: " + this.locationUsed, new Object[0]);
        }
        if (resource != null) {
            return resource.openStream();
        }
        return null;
    }

    protected PublicKey getJwkLocal(String str, String str2, String str3, String str4, String str5) {
        PublicKey publicKey;
        if (str3 == null && str4 != null) {
            return getPublicKeyFromFile(str4, str, str2, str5);
        }
        if (str3 == null) {
            return null;
        }
        synchronized (this.jwkSet) {
            PublicKey jwkFromJWKSet = getJwkFromJWKSet(str3, str, str2, str5);
            if (jwkFromJWKSet == null) {
                parseJwk(str3, null, this.jwkSet, this.sigAlg);
                jwkFromJWKSet = getJwkFromJWKSet(str3, str, str2, str5);
            }
            publicKey = jwkFromJWKSet;
        }
        return publicKey;
    }

    protected String getKeyAsString(InputStream inputStream) {
        StringBuilder sb = new StringBuilder();
        try {
            InputStreamReader inputStreamReader = new InputStreamReader(inputStream, "UTF-8");
            for (int read = inputStreamReader.read(); read >= 0; read = inputStreamReader.read()) {
                sb.append((char) read);
            }
        } catch (UnsupportedEncodingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.common.jwk.impl.JwKRetriever", "321", this, new Object[]{inputStream});
        } catch (IOException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.common.jwk.impl.JwKRetriever", "323", this, new Object[]{inputStream});
        }
        return sb.toString();
    }

    protected boolean isPEM(String str) {
        return str != null && str.startsWith(PEM_BEGIN_TOKEN);
    }

    @FFDCIgnore({KeyStoreException.class})
    protected PublicKey getJwkRemote(String str, String str2, String str3, boolean z) throws KeyStoreException, InterruptedException {
        PublicKey jwkFromJWKSet;
        this.locationUsed = this.jwkEndpointUrl;
        if (this.locationUsed == null) {
            this.locationUsed = this.keyLocation;
        }
        if (this.locationUsed == null || !this.locationUsed.startsWith("http")) {
            return null;
        }
        try {
            synchronized (this.jwkSet) {
                jwkFromJWKSet = getJwkFromJWKSet(this.locationUsed, str, str2, str3);
                if (jwkFromJWKSet == null) {
                    jwkFromJWKSet = doJwkRemote(str, str2, str3, z);
                }
            }
            return jwkFromJWKSet;
        } catch (KeyStoreException e) {
            throw e;
        }
    }

    @FFDCIgnore({Exception.class, KeyStoreException.class})
    protected PublicKey doJwkRemote(String str, String str2, String str3, boolean z) throws KeyStoreException {
        this.locationUsed = this.jwkEndpointUrl;
        if (this.locationUsed == null) {
            this.locationUsed = this.keyLocation;
        }
        try {
            if (!parseJwk(getHTTPRequestAsString(createHTTPClient(getSSLSocketFactory(this.locationUsed, this.sslConfigurationName, this.sslSupport), this.locationUsed, this.hostNameVerificationEnabled, z), this.locationUsed), null, this.jwkSet, this.sigAlg) && tc.isDebugEnabled()) {
                Tr.debug(tc, "No JWK can be found through '" + this.locationUsed + "'", new Object[0]);
            }
        } catch (KeyStoreException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Fail to retrieve remote key: ", new Object[]{e.getCause()});
            }
            throw e;
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Fail to retrieve remote key: ", new Object[]{e2.getCause()});
            }
        }
        return getJwkFromJWKSet(this.locationUsed, str, str2, str3);
    }

    public boolean parseJwk(String str, FileInputStream fileInputStream, JWKSet jWKSet, String str2) {
        boolean z = false;
        if (str != null) {
            z = parseKeyText(str, this.locationUsed, jWKSet, str2);
        } else if (fileInputStream != null) {
            z = parseKeyText(getKeyAsString(fileInputStream), this.locationUsed, jWKSet, str2);
        }
        return z;
    }

    protected boolean parseKeyText(String str, String str2, JWKSet jWKSet, String str3) {
        HashSet<JWK> hashSet = new HashSet();
        JWK jwk = null;
        if (isPEM(str) && "RS256".equals(str3)) {
            jwk = parsePEMFormat(str, str3);
        } else {
            JSONObject parseJsonObject = parseJsonObject(str);
            if (parseJsonObject != null) {
                jwk = parseJwkFormat(parseJsonObject, str3);
                if (jwk == null && parseJsonObject.containsKey(JWKS)) {
                    hashSet.addAll(parseJwksFormat(parseJsonObject, str3));
                }
            }
        }
        if (jwk != null) {
            hashSet.add(jwk);
        }
        for (JWK jwk2 : hashSet) {
            if (str2 != null) {
                this.jwkSet.add(str2, jwk2);
            } else {
                this.jwkSet.add(str, jwk2);
            }
        }
        return !hashSet.isEmpty();
    }

    @FFDCIgnore({Exception.class})
    private JWK parsePEMFormat(String str, String str2) {
        Jose4jRsaJWK jose4jRsaJWK = null;
        try {
            jose4jRsaJWK = new Jose4jRsaJWK((RSAPublicKey) PemKeyUtil.getPublicKey(str));
            jose4jRsaJWK.setAlgorithm(str2);
            jose4jRsaJWK.setUse(JwkConstants.sig);
        } catch (Exception e) {
        }
        return jose4jRsaJWK;
    }

    private JWK parseJwkFormat(JSONObject jSONObject, String str) {
        Object obj = jSONObject.get(JwkConstants.kty);
        if (obj == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "JSON object is missing 'kty' entry", new Object[0]);
            return null;
        }
        if (!(obj instanceof String)) {
            return null;
        }
        JWK createJwkBasedOnKty = createJwkBasedOnKty((String) obj, jSONObject, str);
        if (createJwkBasedOnKty != null) {
            createJwkBasedOnKty.parse();
        }
        return createJwkBasedOnKty;
    }

    private Set<JWK> parseJwksFormat(JSONObject jSONObject, String str) {
        JWK parseJwkFormat;
        Set<JWK> emptySet = Collections.emptySet();
        new JSONArray();
        Object obj = jSONObject.get(JWKS);
        if (obj != null) {
            emptySet = new HashSet();
            Iterator it = parseJsonArray(obj.toString()).iterator();
            while (it.hasNext()) {
                JSONObject parseJsonObject = parseJsonObject(it.next().toString());
                if (parseJsonObject != null && (parseJwkFormat = parseJwkFormat(parseJsonObject, str)) != null) {
                    emptySet.add(parseJwkFormat);
                }
            }
        }
        return emptySet;
    }

    @FFDCIgnore({Exception.class})
    JSONObject parseJsonObject(String str) {
        JSONObject jSONObject = null;
        try {
            if (!str.startsWith(JSON_START)) {
                str = new String(Base64.decodeBase64(str), "UTF-8");
            }
            jSONObject = JSONObject.parse(str);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught exception parsing JSON string [" + str + "]: " + e.getMessage(), new Object[0]);
            }
        }
        return jSONObject;
    }

    @FFDCIgnore({Exception.class})
    JSONObject parseJsonObject(InputStream inputStream) {
        JSONObject jSONObject = null;
        try {
            jSONObject = JSONObject.parse(inputStream);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught exception parsing input stream [" + inputStream.toString() + "]: " + e.getMessage(), new Object[0]);
            }
        }
        return jSONObject;
    }

    @FFDCIgnore({Exception.class})
    JSONArray parseJsonArray(String str) {
        JSONArray jSONArray = null;
        try {
            jSONArray = JSONArray.parse(str);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught exception parsing JSON string [" + str + "]: " + e.getMessage(), new Object[0]);
            }
        }
        return jSONArray;
    }

    boolean jsonObjectContainsKtyForValidJwk(JSONObject jSONObject, JWKSet jWKSet, String str) {
        if (jSONObject == null) {
            return false;
        }
        String str2 = (String) jSONObject.get(JwkConstants.kty);
        if (str2 == null) {
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "JSON object is missing 'kty' entry", new Object[0]);
            return false;
        }
        JWK createJwkBasedOnKty = createJwkBasedOnKty(str2, jSONObject, str);
        if (createJwkBasedOnKty == null) {
            return false;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Parsing JWK and adding it to JWK set", new Object[0]);
        }
        createJwkBasedOnKty.parse();
        jWKSet.addJWK(createJwkBasedOnKty);
        if (!tc.isDebugEnabled()) {
            return true;
        }
        Tr.debug(tc, "add remote key for keyid: ", new Object[]{createJwkBasedOnKty.getKeyID()});
        return true;
    }

    JWK createJwkBasedOnKty(String str, JSONObject jSONObject, String str2) {
        JWK jwk = null;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "kty of JWK is '" + str + "'", new Object[0]);
        }
        if ("RSA".equalsIgnoreCase(str)) {
            jwk = getRsaJwk(jSONObject);
        } else if (JwkConstants.EC.equalsIgnoreCase(str)) {
            jwk = getEllipticCurveJwk(jSONObject, str2);
        }
        return jwk;
    }

    JWK getRsaJwk(JSONObject jSONObject) {
        return Jose4jRsaJWK.getInstance(jSONObject);
    }

    JWK getEllipticCurveJwk(JSONObject jSONObject, String str) {
        if (str == null || !str.startsWith("ES")) {
            return null;
        }
        return Jose4jEllipticCurveJWK.getInstance(jSONObject);
    }

    protected JSSEHelper getJSSEHelper(SSLSupport sSLSupport) throws SSLException {
        if (sSLSupport != null) {
            return sSLSupport.getJSSEHelper();
        }
        return null;
    }

    protected SSLSocketFactory getSSLSocketFactory(String str, String str2, SSLSupport sSLSupport) throws SSLException {
        try {
            SSLSocketFactory sSLSocketFactory = sSLSupport.getSSLSocketFactory(str2);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "sslSocketFactory () get: " + sSLSocketFactory, new Object[0]);
            }
            if (sSLSocketFactory == null && str != null && str.startsWith("https")) {
                throw new SSLException(Tr.formatMessage(tc, "JWT_HTTPS_WITH_SSLCONTEXT_NULL", new Object[]{"Null ssl socket factory", this.configId}));
            }
            return sSLSocketFactory;
        } catch (javax.net.ssl.SSLException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.common.jwk.impl.JwKRetriever", "621", this, new Object[]{str, str2, sSLSupport});
            throw new SSLException(e.getMessage());
        }
    }

    @FFDCIgnore({KeyStoreException.class})
    protected String getHTTPRequestAsString(HttpClient httpClient, String str) throws Exception {
        try {
            HttpGet httpGet = new HttpGet(str);
            httpGet.addHeader("content-type", "application/json");
            try {
                HttpResponse execute = httpClient.execute(httpGet);
                int statusCode = execute.getStatusLine().getStatusCode();
                if (statusCode != 200) {
                    String entityUtils = EntityUtils.toString(execute.getEntity(), "UTF-8");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "status:" + statusCode + " errorMsg:" + entityUtils, new Object[0]);
                    }
                    throw new Exception(logCWWKS6049E(str, statusCode, entityUtils));
                }
                String entityUtils2 = EntityUtils.toString(execute.getEntity(), "UTF-8");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Response: ", new Object[]{entityUtils2});
                }
                if (entityUtils2 == null || entityUtils2.isEmpty()) {
                    throw new Exception(logCWWKS6049E(str, statusCode, entityUtils2));
                }
                return entityUtils2;
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.common.jwk.impl.JwKRetriever", "647", this, new Object[]{httpClient, str});
                logCWWKS6049E(str, 0, "IOException: " + e.getMessage() + " " + e.getCause());
                throw e;
            }
        } catch (KeyStoreException e2) {
            throw e2;
        }
    }

    private String logCWWKS6049E(String str, int i, String str2) {
        String formattedMessage = TraceNLS.getFormattedMessage(getClass(), "com.ibm.ws.security.jwt.internal.resources.JWTMessages", "JWT_JWK_RETRIEVE_FAILED", new Object[]{str, Integer.valueOf(i), str2}, "CWWKS6049E: A JSON Web Key (JWK) was not returned from the URL [" + str + "]. The response status was [" + i + "] and the content returned was [" + str2 + "].");
        Tr.error(tc, formattedMessage, new Object[0]);
        return formattedMessage;
    }

    public HttpClient createHTTPClient(SSLSocketFactory sSLSocketFactory, String str, boolean z, boolean z2) {
        boolean z3 = false;
        if (this.jwkClientId != null && this.jwkClientSecret != null) {
            z3 = true;
        }
        BasicCredentialsProvider basicCredentialsProvider = null;
        if (z3) {
            basicCredentialsProvider = createCredentialsProvider();
        }
        return createHttpClient(str.startsWith("https:"), z, sSLSocketFactory, z3, basicCredentialsProvider, z2);
    }

    protected HttpClientBuilder getBuilder(boolean z) {
        return z ? HttpClientBuilder.create().useSystemProperties() : HttpClientBuilder.create();
    }

    private HttpClient createHttpClient(boolean z, boolean z2, SSLSocketFactory sSLSocketFactory, boolean z3, BasicCredentialsProvider basicCredentialsProvider, boolean z4) {
        CloseableHttpClient build;
        if (z) {
            SSLConnectionSocketFactory sSLConnectionSocketFactory = !z2 ? new SSLConnectionSocketFactory(sSLSocketFactory, new AllowAllHostnameVerifier()) : new SSLConnectionSocketFactory(sSLSocketFactory, new StrictHostnameVerifier());
            build = z3 ? getBuilder(z4).setDefaultCredentialsProvider(basicCredentialsProvider).setSSLSocketFactory(sSLConnectionSocketFactory).build() : getBuilder(z4).setSSLSocketFactory(sSLConnectionSocketFactory).build();
        } else {
            build = z3 ? getBuilder(z4).setDefaultCredentialsProvider(basicCredentialsProvider).build() : getBuilder(z4).build();
        }
        return build;
    }

    private BasicCredentialsProvider createCredentialsProvider() {
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(this.jwkClientId, this.jwkClientSecret));
        return basicCredentialsProvider;
    }
}
