package io.joyrpc.transport.netty4.ssl;

import io.joyrpc.cluster.distribution.RateLimiter;
import io.joyrpc.constants.Constants;
import io.joyrpc.exception.SslException;
import io.joyrpc.extension.URL;
import io.joyrpc.util.ClassUtils;
import io.joyrpc.util.StringUtils;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.security.KeyStore;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:io/joyrpc/transport/netty4/ssl/SslContextManager.class */
public class SslContextManager {
    private static final Map<String, SslContext> SERVER_SSL_CONTEXTS = new ConcurrentHashMap();
    private static final Map<String, SslContext> CLIENT_SSL_CONTEXTS = new ConcurrentHashMap();

    public static SslContext getServerSslContext(URL url) throws SslException {
        if (!url.getBoolean(Constants.SSL_ENABLE).booleanValue()) {
            return null;
        }
        String string = url.getString(Constants.SSL_PK_PATH);
        String string2 = url.getString(Constants.SSL_CA_PATH);
        ClientAuth valueOf = ClientAuth.valueOf(url.getString(Constants.SSL_CLIENT_AUTH));
        if (StringUtils.isEmpty(string)) {
            throw new SslException("pkPath must not be empty.");
        }
        if (StringUtils.isEmpty(string2) && valueOf != ClientAuth.NONE) {
            throw new SslException("caPath must not be empty.");
        }
        return SERVER_SSL_CONTEXTS.computeIfAbsent(string + RateLimiter.DELIMITER + string2, str -> {
            try {
                KeyManagerFactory keyManagerFactory = getKeyManagerFactory(url);
                TrustManagerFactory trustManagerFactory = getTrustManagerFactory(url);
                String string3 = url.getString(Constants.SSL_PROTOCOLS);
                return SslContextBuilder.forServer(keyManagerFactory).trustManager(trustManagerFactory).protocols(StringUtils.isEmpty(string3) ? null : StringUtils.split(string3, StringUtils.SEMICOLON_COMMA_WHITESPACE)).clientAuth(valueOf).build();
            } catch (Throwable th) {
                throw new SslException("Failed to initialize the server-side SSLContext", th);
            }
        });
    }

    public static SslContext getClientSslContext(URL url) throws SslException {
        if (!url.getBoolean(Constants.SSL_ENABLE).booleanValue()) {
            return null;
        }
        String string = url.getString(Constants.SSL_PK_PATH);
        String string2 = url.getString(Constants.SSL_CA_PATH);
        if (StringUtils.isEmpty(string2)) {
            throw new SslException("caPath must not be empty.");
        }
        return CLIENT_SSL_CONTEXTS.computeIfAbsent(string + RateLimiter.DELIMITER + string2, str -> {
            try {
                KeyManagerFactory keyManagerFactory = getKeyManagerFactory(url);
                TrustManagerFactory trustManagerFactory = getTrustManagerFactory(url);
                String string3 = url.getString(Constants.SSL_PROTOCOLS);
                return SslContextBuilder.forClient().keyManager(keyManagerFactory).trustManager(trustManagerFactory).protocols(StringUtils.isEmpty(string3) ? null : StringUtils.split(string3, StringUtils.SEMICOLON_COMMA_WHITESPACE)).build();
            } catch (Throwable th) {
                throw new SslException("Failed to connect " + url.toString(false, false, new String[0]) + ". caused by:failed to initialize the client-side SSLContext", th);
            }
        });
    }

    protected static KeyManagerFactory getKeyManagerFactory(URL url) throws Exception {
        String string = url.getString(Constants.SSL_PK_PATH);
        if (StringUtils.isEmpty(string)) {
            return null;
        }
        String string2 = url.getString(Constants.SSL_PASSWORD);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(url.getString(Constants.SSL_CERTIFICATE));
        keyManagerFactory.init(getKeyStore(string, string2, url.getString(Constants.SSL_KEYSTORE)), string2.toCharArray());
        return keyManagerFactory;
    }

    protected static TrustManagerFactory getTrustManagerFactory(URL url) throws Exception {
        String string = url.getString(Constants.SSL_CA_PATH);
        if (StringUtils.isEmpty(string)) {
            return null;
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(url.getString(Constants.SSL_CERTIFICATE));
        trustManagerFactory.init(getKeyStore(string, url.getString(Constants.SSL_PASSWORD), url.getString(Constants.SSL_KEYSTORE)));
        return trustManagerFactory;
    }

    protected static KeyStore getKeyStore(String str, String str2, String str3) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(str3);
        InputStream fileInputStream = new File(str).exists() ? new FileInputStream(str) : ClassUtils.getCurrentClassLoader().getResourceAsStream(str);
        if (fileInputStream == null) {
            throw new FileNotFoundException("file is not found. " + str);
        }
        try {
            keyStore.load(fileInputStream, str2.toCharArray());
            fileInputStream.close();
            return keyStore;
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }
}
