package org.apache.pulsar.common.util.keystoretls;

import com.google.common.base.Strings;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import org.apache.pulsar.common.util.SecurityUtility;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/bundled-dependencies/pulsar-common-2.8.1.29.jar:org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.class */
public class KeyStoreSSLContext {
    public static final String DEFAULT_KEYSTORE_TYPE = "JKS";
    public static final String DEFAULT_SSL_PROTOCOL = "TLS";
    public static final String DEFAULT_SSL_ENABLED_PROTOCOLS = "TLSv1.3,TLSv1.2";
    private final Mode mode;
    private String sslProviderString;
    private String keyStoreTypeString;
    private String keyStorePath;
    private String keyStorePassword;
    private boolean allowInsecureConnection;
    private String trustStoreTypeString;
    private String trustStorePath;
    private String trustStorePassword;
    private boolean needClientAuth;
    private Set<String> ciphers;
    private Set<String> protocols;
    private SSLContext sslContext;
    private String protocol = "TLS";
    private String kmfAlgorithm = DEFAULT_SSL_KEYMANGER_ALGORITHM;
    private String tmfAlgorithm = DEFAULT_SSL_TRUSTMANAGER_ALGORITHM;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) KeyStoreSSLContext.class);
    public static final String DEFAULT_SSL_KEYMANGER_ALGORITHM = KeyManagerFactory.getDefaultAlgorithm();
    public static final String DEFAULT_SSL_TRUSTMANAGER_ALGORITHM = TrustManagerFactory.getDefaultAlgorithm();
    public static final Provider BC_PROVIDER = SecurityUtility.getProvider();

    /* loaded from: input_file:META-INF/bundled-dependencies/pulsar-common-2.8.1.29.jar:org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext$Mode.class */
    public enum Mode {
        CLIENT,
        SERVER
    }

    public KeyStoreSSLContext(Mode mode, String str, String str2, String str3, String str4, boolean z, String str5, String str6, String str7, boolean z2, Set<String> set, Set<String> set2) {
        this.mode = mode;
        this.sslProviderString = str;
        this.keyStoreTypeString = Strings.isNullOrEmpty(str2) ? "JKS" : str2;
        this.keyStorePath = str3;
        this.keyStorePassword = str4;
        this.trustStoreTypeString = Strings.isNullOrEmpty(str5) ? "JKS" : str5;
        this.trustStorePath = str6;
        this.trustStorePassword = str7;
        this.needClientAuth = z2;
        this.ciphers = set;
        this.protocols = set2;
        if (set2 == null || set2.size() <= 0) {
            this.protocols = new HashSet(Arrays.asList(DEFAULT_SSL_ENABLED_PROTOCOLS.split("\\s*,\\s*")));
        } else {
            this.protocols = set2;
        }
        if (set == null || set.size() <= 0) {
            this.ciphers = null;
        } else {
            this.ciphers = set;
        }
        this.allowInsecureConnection = z;
    }

    public SSLContext createSSLContext() throws GeneralSecurityException, IOException {
        TrustManagerFactory trustManagerFactory;
        FileInputStream fileInputStream;
        SSLContext sSLContext = this.sslProviderString != null ? SSLContext.getInstance(this.protocol, this.sslProviderString) : SSLContext.getInstance(this.protocol);
        KeyManager[] keyManagerArr = null;
        if (!Strings.isNullOrEmpty(this.keyStorePath)) {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.kmfAlgorithm);
            KeyStore keyStore = KeyStore.getInstance(this.keyStoreTypeString);
            char[] charArray = this.keyStorePassword.toCharArray();
            fileInputStream = new FileInputStream(this.keyStorePath);
            Throwable th = null;
            try {
                try {
                    keyStore.load(fileInputStream, charArray);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    keyManagerFactory.init(keyStore, charArray);
                    keyManagerArr = keyManagerFactory.getKeyManagers();
                } finally {
                }
            } finally {
            }
        }
        if (this.allowInsecureConnection) {
            trustManagerFactory = InsecureTrustManagerFactory.INSTANCE;
        } else {
            trustManagerFactory = this.sslProviderString != null ? TrustManagerFactory.getInstance(this.tmfAlgorithm, this.sslProviderString) : TrustManagerFactory.getInstance(this.tmfAlgorithm);
            KeyStore keyStore2 = KeyStore.getInstance(this.trustStoreTypeString);
            char[] charArray2 = this.trustStorePassword.toCharArray();
            fileInputStream = new FileInputStream(this.trustStorePath);
            Throwable th3 = null;
            try {
                try {
                    keyStore2.load(fileInputStream, charArray2);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    trustManagerFactory.init(keyStore2);
                } finally {
                }
            } finally {
            }
        }
        sSLContext.init(keyManagerArr, SecurityUtility.processConscryptTrustManagers(trustManagerFactory.getTrustManagers()), new SecureRandom());
        this.sslContext = sSLContext;
        return sSLContext;
    }

    public SSLContext getSslContext() {
        if (this.sslContext == null) {
            throw new IllegalStateException("createSSLContext hasn't been called.");
        }
        return this.sslContext;
    }

    public SSLEngine createSSLEngine() {
        return configureSSLEngine(getSslContext().createSSLEngine());
    }

    public SSLEngine createSSLEngine(String str, int i) {
        return configureSSLEngine(getSslContext().createSSLEngine(str, i));
    }

    private SSLEngine configureSSLEngine(SSLEngine sSLEngine) {
        sSLEngine.setEnabledProtocols((String[]) this.protocols.toArray(new String[0]));
        sSLEngine.setEnabledCipherSuites(sSLEngine.getSupportedCipherSuites());
        if (this.mode == Mode.SERVER) {
            sSLEngine.setNeedClientAuth(this.needClientAuth);
            sSLEngine.setUseClientMode(false);
        } else {
            sSLEngine.setUseClientMode(true);
        }
        return sSLEngine;
    }

    public static KeyStoreSSLContext createClientKeyStoreSslContext(String str, String str2, String str3, String str4, boolean z, String str5, String str6, String str7, Set<String> set, Set<String> set2) throws GeneralSecurityException, SSLException, FileNotFoundException, IOException {
        KeyStoreSSLContext keyStoreSSLContext = new KeyStoreSSLContext(Mode.CLIENT, str, str2, str3, str4, z, str5, str6, str7, false, set, set2);
        keyStoreSSLContext.createSSLContext();
        return keyStoreSSLContext;
    }

    public static KeyStoreSSLContext createServerKeyStoreSslContext(String str, String str2, String str3, String str4, boolean z, String str5, String str6, String str7, boolean z2, Set<String> set, Set<String> set2) throws GeneralSecurityException, SSLException, FileNotFoundException, IOException {
        KeyStoreSSLContext keyStoreSSLContext = new KeyStoreSSLContext(Mode.SERVER, str, str2, str3, str4, z, str5, str6, str7, z2, set, set2);
        keyStoreSSLContext.createSSLContext();
        return keyStoreSSLContext;
    }

    public static SSLContext createServerSslContext(String str, String str2, String str3, String str4, boolean z, String str5, String str6, String str7, boolean z2) throws GeneralSecurityException, SSLException, FileNotFoundException, IOException {
        return createServerKeyStoreSslContext(str, str2, str3, str4, z, str5, str6, str7, z2, null, null).getSslContext();
    }

    public static SSLContext createClientSslContext(String str, String str2, String str3, String str4, boolean z, String str5, String str6, String str7, Set<String> set, Set<String> set2) throws GeneralSecurityException, SSLException, FileNotFoundException, IOException {
        return new KeyStoreSSLContext(Mode.CLIENT, str, str2, str3, str4, z, str5, str6, str7, false, set, set2).createSSLContext();
    }

    public static SSLContext createClientSslContext(String str, String str2, String str3, String str4, String str5, String str6) throws GeneralSecurityException, SSLException, FileNotFoundException, IOException {
        return new KeyStoreSSLContext(Mode.CLIENT, null, str, str2, str3, false, str4, str5, str6, false, null, null).createSSLContext();
    }

    public static SslContextFactory createSslContextFactory(String str, String str2, String str3, String str4, boolean z, String str5, String str6, String str7, boolean z2, long j) throws GeneralSecurityException, SSLException, FileNotFoundException, IOException {
        Provider provider;
        if (str == null && (provider = SecurityUtility.CONSCRYPT_PROVIDER) != null) {
            str = provider.getName();
        }
        SslContextFactoryWithAutoRefresh sslContextFactoryWithAutoRefresh = new SslContextFactoryWithAutoRefresh(str, str2, str3, str4, z, str5, str6, str7, z2, j);
        if (z2) {
            sslContextFactoryWithAutoRefresh.setNeedClientAuth(true);
        } else {
            sslContextFactoryWithAutoRefresh.setWantClientAuth(true);
        }
        sslContextFactoryWithAutoRefresh.setTrustAll(true);
        return sslContextFactoryWithAutoRefresh;
    }

    public Mode getMode() {
        return this.mode;
    }
}
