package org.logstash.netty;

import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.Ciphers;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.SSLEngine;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:BOOT-INF/classes/org/logstash/netty/SslSimpleBuilder.class */
public class SslSimpleBuilder {
    private File sslKeyFile;
    private File sslCertificateFile;
    private String[] ciphers;
    private String[] certificateAuthorities;
    private String passPhrase;
    private static final Logger logger = LogManager.getLogger((Class<?>) SslSimpleBuilder.class);
    public static final String[] DEFAULT_CIPHERS = {Ciphers.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, Ciphers.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, Ciphers.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, Ciphers.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, Ciphers.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, Ciphers.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256};
    private SslClientVerifyMode verifyMode = SslClientVerifyMode.FORCE_PEER;
    private long handshakeTimeoutMilliseconds = 10000;
    private String[] protocols = {"TLSv1.2"};

    /* loaded from: input_file:BOOT-INF/classes/org/logstash/netty/SslSimpleBuilder$SslClientVerifyMode.class */
    public enum SslClientVerifyMode {
        VERIFY_PEER,
        FORCE_PEER
    }

    public SslSimpleBuilder(String str, String str2, String str3) throws FileNotFoundException {
        this.ciphers = DEFAULT_CIPHERS;
        this.sslCertificateFile = new File(str);
        this.sslKeyFile = new File(str2);
        this.passPhrase = str3;
        this.ciphers = DEFAULT_CIPHERS;
    }

    public SslSimpleBuilder setProtocols(String[] strArr) {
        this.protocols = strArr;
        return this;
    }

    public SslSimpleBuilder setCipherSuites(String[] strArr) throws IllegalArgumentException {
        for (String str : strArr) {
            if (!OpenSsl.isCipherSuiteAvailable(str)) {
                throw new IllegalArgumentException("Cipher `" + str + "` is not available");
            }
            logger.debug("Cipher is supported: " + str);
        }
        this.ciphers = strArr;
        return this;
    }

    public SslSimpleBuilder setCertificateAuthorities(String[] strArr) {
        this.certificateAuthorities = strArr;
        return this;
    }

    public SslSimpleBuilder setHandshakeTimeoutMilliseconds(int i) {
        this.handshakeTimeoutMilliseconds = i;
        return this;
    }

    public SslSimpleBuilder setVerifyMode(SslClientVerifyMode sslClientVerifyMode) {
        this.verifyMode = sslClientVerifyMode;
        return this;
    }

    public File getSslKeyFile() {
        return this.sslKeyFile;
    }

    public File getSslCertificateFile() {
        return this.sslCertificateFile;
    }

    public SslHandler build(ByteBufAllocator byteBufAllocator) throws IOException, NoSuchAlgorithmException, CertificateException {
        SslContextBuilder forServer = SslContextBuilder.forServer(this.sslCertificateFile, this.sslKeyFile, this.passPhrase);
        if (logger.isDebugEnabled()) {
            logger.debug("Available ciphers:" + Arrays.toString(OpenSsl.availableOpenSslCipherSuites().toArray()));
        }
        logger.debug("Ciphers:  " + Arrays.toString(this.ciphers));
        forServer.ciphers(Arrays.asList(this.ciphers));
        if (requireClientAuth()) {
            if (logger.isDebugEnabled()) {
                logger.debug("Certificate Authorities: " + Arrays.toString(this.certificateAuthorities));
            }
            forServer.trustManager(loadCertificateCollection(this.certificateAuthorities));
        }
        SslHandler newHandler = forServer.build().newHandler(byteBufAllocator);
        if (logger.isDebugEnabled()) {
            logger.debug("TLS: " + Arrays.toString(this.protocols));
        }
        SSLEngine engine = newHandler.engine();
        engine.setEnabledProtocols(this.protocols);
        if (requireClientAuth()) {
            engine.setUseClientMode(false);
            if (this.verifyMode == SslClientVerifyMode.FORCE_PEER) {
                engine.setNeedClientAuth(true);
            } else if (this.verifyMode == SslClientVerifyMode.VERIFY_PEER) {
                engine.setWantClientAuth(true);
            }
        }
        newHandler.setHandshakeTimeoutMillis(this.handshakeTimeoutMilliseconds);
        return newHandler;
    }

    private X509Certificate[] loadCertificateCollection(String[] strArr) throws IOException, CertificateException {
        logger.debug("Load certificates collection");
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            logger.debug("Loading certificates from file " + str);
            FileInputStream fileInputStream = new FileInputStream(str);
            try {
                arrayList.addAll((List) certificateFactory.generateCertificates(fileInputStream));
                fileInputStream.close();
            } catch (Throwable th) {
                try {
                    fileInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    private boolean requireClientAuth() {
        return this.certificateAuthorities != null;
    }

    private FileInputStream createFileInputStream(String str) throws FileNotFoundException {
        return new FileInputStream(str);
    }

    String[] getProtocols() {
        return (String[]) this.protocols.clone();
    }
}
