package org.apache.druid.server.security;

import com.google.common.base.Preconditions;
import com.google.common.base.Throwables;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.annotation.Nullable;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import org.apache.druid.metadata.PasswordProvider;
import org.eclipse.jetty.util.ssl.AliasedX509ExtendedKeyManager;

/* loaded from: input_file:org/apache/druid/server/security/TLSUtils.class */
public class TLSUtils {

    /* loaded from: input_file:org/apache/druid/server/security/TLSUtils$ClientSSLContextBuilder.class */
    public static class ClientSSLContextBuilder {
        private String protocol;
        private String trustStoreType;
        private String trustStorePath;
        private String trustStoreAlgorithm;
        private PasswordProvider trustStorePasswordProvider;
        private String keyStoreType;
        private String keyStorePath;
        private String keyStoreAlgorithm;
        private String certAlias;
        private PasswordProvider keyStorePasswordProvider;
        private PasswordProvider keyManagerFactoryPasswordProvider;

        public ClientSSLContextBuilder setProtocol(String str) {
            this.protocol = str;
            return this;
        }

        public ClientSSLContextBuilder setTrustStoreType(String str) {
            this.trustStoreType = str;
            return this;
        }

        public ClientSSLContextBuilder setTrustStorePath(String str) {
            this.trustStorePath = str;
            return this;
        }

        public ClientSSLContextBuilder setTrustStoreAlgorithm(String str) {
            this.trustStoreAlgorithm = str;
            return this;
        }

        public ClientSSLContextBuilder setTrustStorePasswordProvider(PasswordProvider passwordProvider) {
            this.trustStorePasswordProvider = passwordProvider;
            return this;
        }

        public ClientSSLContextBuilder setKeyStoreType(String str) {
            this.keyStoreType = str;
            return this;
        }

        public ClientSSLContextBuilder setKeyStorePath(String str) {
            this.keyStorePath = str;
            return this;
        }

        public ClientSSLContextBuilder setKeyStoreAlgorithm(String str) {
            this.keyStoreAlgorithm = str;
            return this;
        }

        public ClientSSLContextBuilder setCertAlias(String str) {
            this.certAlias = str;
            return this;
        }

        public ClientSSLContextBuilder setKeyStorePasswordProvider(PasswordProvider passwordProvider) {
            this.keyStorePasswordProvider = passwordProvider;
            return this;
        }

        public ClientSSLContextBuilder setKeyManagerFactoryPasswordProvider(PasswordProvider passwordProvider) {
            this.keyManagerFactoryPasswordProvider = passwordProvider;
            return this;
        }

        public SSLContext build() {
            Preconditions.checkNotNull(this.trustStorePath, "must specify a trustStorePath");
            return TLSUtils.createSSLContext(this.protocol, this.trustStoreType, this.trustStorePath, this.trustStoreAlgorithm, this.trustStorePasswordProvider, this.keyStoreType, this.keyStorePath, this.keyStoreAlgorithm, this.certAlias, this.keyStorePasswordProvider, this.keyManagerFactoryPasswordProvider);
        }
    }

    public static SSLContext createSSLContext(@Nullable String str, @Nullable String str2, String str3, @Nullable String str4, @Nullable PasswordProvider passwordProvider, @Nullable String str5, @Nullable String str6, @Nullable String str7, @Nullable String str8, @Nullable PasswordProvider passwordProvider2, @Nullable PasswordProvider passwordProvider3) {
        KeyManager[] keyManagerArr;
        SSLContext sSLContext = null;
        try {
            sSLContext = SSLContext.getInstance(str == null ? "TLSv1.2" : str);
            KeyStore keyStore = KeyStore.getInstance(str2 == null ? KeyStore.getDefaultType() : str2);
            keyStore.load(new FileInputStream(str3), passwordProvider == null ? null : passwordProvider.getPassword().toCharArray());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str4 == null ? TrustManagerFactory.getDefaultAlgorithm() : str4);
            trustManagerFactory.init(keyStore);
            if (str6 != null) {
                KeyStore keyStore2 = KeyStore.getInstance(str5 == null ? KeyStore.getDefaultType() : str5);
                keyStore2.load(new FileInputStream(str6), passwordProvider2 == null ? null : passwordProvider2.getPassword().toCharArray());
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str7 == null ? KeyManagerFactory.getDefaultAlgorithm() : str7);
                keyManagerFactory.init(keyStore2, passwordProvider3 == null ? null : passwordProvider3.getPassword().toCharArray());
                keyManagerArr = createAliasedKeyManagers(keyManagerFactory.getKeyManagers(), str8);
            } else {
                keyManagerArr = null;
            }
            sSLContext.init(keyManagerArr, trustManagerFactory.getTrustManagers(), null);
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            Throwables.propagate(e);
        }
        return sSLContext;
    }

    private static KeyManager[] createAliasedKeyManagers(KeyManager[] keyManagerArr, String str) {
        KeyManager[] keyManagerArr2 = new KeyManager[keyManagerArr.length];
        for (int i = 0; i < keyManagerArr.length; i++) {
            if (keyManagerArr[i] instanceof X509ExtendedKeyManager) {
                keyManagerArr2[i] = new AliasedX509ExtendedKeyManager((X509ExtendedKeyManager) keyManagerArr[i], str);
            } else {
                keyManagerArr2[i] = keyManagerArr[i];
            }
        }
        return keyManagerArr2;
    }
}
