package org.xipki.util.http;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Collection;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.xipki.util.Args;

/* loaded from: input_file:WEB-INF/lib/util-5.3.11.jar:org/xipki/util/http/SSLContextBuilder.class */
public class SSLContextBuilder {
    private static final String TLS = "TLS";
    private String protocol;
    private SecureRandom secureRandom;
    private Provider provider;
    private String keyManagerFactoryAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
    private String keyStoreType = KeyStore.getDefaultType();
    private String trustManagerFactoryAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
    private final Set<KeyManager> keyManagers = new LinkedHashSet();
    private final Set<TrustManager> trustManagers = new LinkedHashSet();

    public static SSLContextBuilder create() {
        return new SSLContextBuilder();
    }

    public SSLContextBuilder setProtocol(String str) {
        this.protocol = str;
        return this;
    }

    public SSLContextBuilder setSecureRandom(SecureRandom secureRandom) {
        this.secureRandom = secureRandom;
        return this;
    }

    public SSLContextBuilder setProvider(Provider provider) {
        this.provider = provider;
        return this;
    }

    public SSLContextBuilder setProvider(String str) {
        if (str != null && !str.trim().isEmpty()) {
            this.provider = Security.getProvider(str);
        }
        return this;
    }

    public SSLContextBuilder setKeyStoreType(String str) {
        this.keyStoreType = str;
        return this;
    }

    public SSLContextBuilder setKeyManagerFactoryAlgorithm(String str) {
        this.keyManagerFactoryAlgorithm = str;
        return this;
    }

    public SSLContextBuilder setTrustManagerFactoryAlgorithm(String str) {
        this.trustManagerFactoryAlgorithm = str;
        return this;
    }

    public SSLContextBuilder loadTrustMaterial(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this.trustManagerFactoryAlgorithm == null ? TrustManagerFactory.getDefaultAlgorithm() : this.trustManagerFactoryAlgorithm);
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers != null) {
            for (TrustManager trustManager : trustManagers) {
                this.trustManagers.add(trustManager);
            }
        }
        return this;
    }

    public SSLContextBuilder loadTrustMaterial() throws NoSuchAlgorithmException, KeyStoreException {
        return loadTrustMaterial((KeyStore) null);
    }

    public SSLContextBuilder loadTrustMaterial(File file, char[] cArr) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException {
        Args.notNull(file, "Truststore file");
        return loadTrustMaterial(new FileInputStream(file), cArr);
    }

    public SSLContextBuilder loadTrustMaterial(InputStream inputStream, char[] cArr) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException {
        Args.notNull(inputStream, "Truststore instream");
        KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
        try {
            keyStore.load(inputStream, cArr);
            inputStream.close();
            return loadTrustMaterial(keyStore);
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    public SSLContextBuilder loadKeyMaterial(KeyStore keyStore, char[] cArr) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.keyManagerFactoryAlgorithm == null ? KeyManagerFactory.getDefaultAlgorithm() : this.keyManagerFactoryAlgorithm);
        keyManagerFactory.init(keyStore, cArr);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (keyManagers != null) {
            for (KeyManager keyManager : keyManagers) {
                this.keyManagers.add(keyManager);
            }
        }
        return this;
    }

    public SSLContextBuilder loadKeyMaterial(File file, char[] cArr, char[] cArr2) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, CertificateException, IOException {
        Args.notNull(file, "Keystore file");
        return loadKeyMaterial(new FileInputStream(file), cArr, cArr2);
    }

    public SSLContextBuilder loadKeyMaterial(InputStream inputStream, char[] cArr, char[] cArr2) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, CertificateException, IOException {
        Args.notNull(inputStream, "Keystore instream");
        KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
        try {
            keyStore.load(inputStream, cArr);
            inputStream.close();
            return loadKeyMaterial(keyStore, cArr2);
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    protected void initSSLContext(SSLContext sSLContext, Collection<KeyManager> collection, Collection<TrustManager> collection2, SecureRandom secureRandom) throws KeyManagementException {
        sSLContext.init(!collection.isEmpty() ? (KeyManager[]) collection.toArray(new KeyManager[collection.size()]) : null, !collection2.isEmpty() ? (TrustManager[]) collection2.toArray(new TrustManager[collection2.size()]) : null, secureRandom);
    }

    public SSLContext build() throws NoSuchAlgorithmException, KeyManagementException {
        String str = this.protocol != null ? this.protocol : TLS;
        SSLContext sSLContext = this.provider != null ? SSLContext.getInstance(str, this.provider) : SSLContext.getInstance(str);
        initSSLContext(sSLContext, this.keyManagers, this.trustManagers, this.secureRandom);
        return sSLContext;
    }

    public String toString() {
        return "[provider=" + this.provider + ", protocol=" + this.protocol + ", keyStoreType=" + this.keyStoreType + ", keyManagerFactoryAlgorithm=" + this.keyManagerFactoryAlgorithm + ", keyManagers=" + this.keyManagers + ", trustManagerFactoryAlgorithm=" + this.trustManagerFactoryAlgorithm + ", trustManagers=" + this.trustManagers + ", secureRandom=" + this.secureRandom + "]";
    }
}
