package io.quarkus.runtime.configuration.ssl;

import io.quarkus.runtime.annotations.ConfigGroup;
import io.quarkus.runtime.annotations.ConfigItem;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.OptionalInt;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509ExtendedKeyManager;
import org.jboss.logging.Logger;
import org.wildfly.common.iteration.CodePointIterator;
import org.wildfly.security.pem.Pem;
import org.wildfly.security.pem.PemEntry;
import org.wildfly.security.ssl.CipherSuiteSelector;
import org.wildfly.security.ssl.Protocol;
import org.wildfly.security.ssl.ProtocolSelector;
import org.wildfly.security.ssl.SSLContextBuilder;

@ConfigGroup
/* loaded from: input_file:io/quarkus/runtime/configuration/ssl/ServerSslConfig.class */
public class ServerSslConfig {
    public CertificateConfig certificate;

    @ConfigItem
    public Optional<CipherSuiteSelector> cipherSuites;

    @ConfigItem(defaultValue = "TLSv1.3,TLSv1.2")
    public List<Protocol> protocols;

    @ConfigItem
    public Optional<String> providerName;

    @ConfigItem
    public OptionalInt sessionCacheSize;

    @ConfigItem
    public Optional<Duration> sessionTimeout;

    public SSLContext toSSLContext() throws GeneralSecurityException, IOException {
        String str;
        KeyStore keyStore;
        Logger logger = Logger.getLogger("io.quarkus.configuration.ssl");
        Optional<Path> optional = this.certificate.file;
        Optional<Path> optional2 = this.certificate.keyFile;
        Optional<Path> optional3 = this.certificate.keyStoreFile;
        String str2 = this.certificate.keyStorePassword;
        if (optional.isPresent() && optional2.isPresent()) {
            keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, str2.toCharArray());
            Path path = optional.get();
            Iterator parsePemContent = Pem.parsePemContent(load(path));
            ArrayList arrayList = new ArrayList();
            while (parsePemContent.hasNext()) {
                PemEntry pemEntry = (PemEntry) parsePemContent.next();
                X509Certificate x509Certificate = (X509Certificate) pemEntry.tryCast(X509Certificate.class);
                if (x509Certificate != null) {
                    arrayList.add(x509Certificate);
                } else {
                    logger.warnf("Ignoring non-certificate in certificate file \"%s\" (the type was %s)", path, pemEntry.getEntry().getClass());
                }
            }
            if (arrayList.isEmpty()) {
                logger.warnf("No certificate found in file \"%s\"", path);
            }
            Path path2 = optional2.get();
            Iterator parsePemContent2 = Pem.parsePemContent(load(path2));
            while (parsePemContent2.hasNext()) {
                PemEntry pemEntry2 = (PemEntry) parsePemContent2.next();
                PrivateKey privateKey = (PrivateKey) pemEntry2.tryCast(PrivateKey.class);
                if (privateKey != null) {
                    if (parsePemContent2.hasNext()) {
                        logger.warnf("Ignoring extra content in key file \"%s\"", path2);
                    }
                    keyStore.setEntry("default", new KeyStore.PrivateKeyEntry(privateKey, (Certificate[]) arrayList.toArray(new X509Certificate[0])), new KeyStore.PasswordProtection(str2.toCharArray()));
                } else {
                    logger.warnf("Ignoring non-key in key file \"%s\" (the type was %s)", path2, pemEntry2.getEntry().getClass());
                }
            }
            logger.warnf("No key found in file \"%s\"", path2);
            return null;
        }
        if (!optional3.isPresent()) {
            return null;
        }
        Path path3 = optional3.get();
        Optional<String> optional4 = this.certificate.keyStoreFileType;
        if (optional4.isPresent()) {
            str = optional4.get();
        } else {
            String path4 = path3.toString();
            str = path4.endsWith(".jks") ? "jks" : path4.endsWith(".jceks") ? "jceks" : (path4.endsWith(".p12") || path4.endsWith(".pkcs12") || path4.endsWith(".pfx")) ? "pkcs12" : "jks";
        }
        keyStore = KeyStore.getInstance(str);
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream(path3.toString());
        if (resourceAsStream != null) {
            Throwable th = null;
            try {
                try {
                    keyStore.load(resourceAsStream, null);
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (resourceAsStream != null) {
                    if (th != null) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
                throw th3;
            }
        } else {
            InputStream newInputStream = Files.newInputStream(path3, new OpenOption[0]);
            Throwable th5 = null;
            try {
                try {
                    keyStore.load(newInputStream, null);
                    if (newInputStream != null) {
                        if (0 != 0) {
                            try {
                                newInputStream.close();
                            } catch (Throwable th6) {
                                th5.addSuppressed(th6);
                            }
                        } else {
                            newInputStream.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th7) {
                if (newInputStream != null) {
                    if (th5 != null) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th8) {
                            th5.addSuppressed(th8);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                throw th7;
            }
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, str2.toCharArray());
        SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
        sSLContextBuilder.setCipherSuiteSelector(this.cipherSuites.orElse(CipherSuiteSelector.openSslDefault()));
        sSLContextBuilder.setProtocolSelector(this.protocols.isEmpty() ? ProtocolSelector.defaultProtocols() : ProtocolSelector.empty().add((Protocol[]) this.protocols.toArray(new Protocol[0])));
        sSLContextBuilder.setKeyManager((X509ExtendedKeyManager) keyManagerFactory.getKeyManagers()[0]);
        if (this.sessionCacheSize.isPresent()) {
            sSLContextBuilder.setSessionCacheSize(this.sessionCacheSize.getAsInt());
        }
        if (this.sessionTimeout.isPresent()) {
            sSLContextBuilder.setSessionTimeout((int) Math.min(2147483647L, this.sessionTimeout.get().getSeconds()));
        }
        if (this.providerName.isPresent()) {
            sSLContextBuilder.setProviderName(this.providerName.get());
        }
        return (SSLContext) sSLContextBuilder.build().create();
    }

    static CodePointIterator load(Path path) throws IOException {
        int intExact = Math.toIntExact(Files.size(path));
        char[] cArr = new char[intExact];
        int i = 0;
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        Throwable th = null;
        try {
            InputStreamReader inputStreamReader = new InputStreamReader(newInputStream, StandardCharsets.UTF_8);
            Throwable th2 = null;
            while (i < intExact) {
                try {
                    try {
                        int read = inputStreamReader.read(cArr, i, intExact - i);
                        if (read == -1) {
                            break;
                        }
                        i += read;
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (inputStreamReader != null) {
                        if (th2 != null) {
                            try {
                                inputStreamReader.close();
                            } catch (Throwable th4) {
                                th2.addSuppressed(th4);
                            }
                        } else {
                            inputStreamReader.close();
                        }
                    }
                    throw th3;
                }
            }
            if (inputStreamReader != null) {
                if (0 != 0) {
                    try {
                        inputStreamReader.close();
                    } catch (Throwable th5) {
                        th2.addSuppressed(th5);
                    }
                } else {
                    inputStreamReader.close();
                }
            }
            return CodePointIterator.ofChars(cArr, 0, i);
        } finally {
            if (newInputStream != null) {
                if (0 != 0) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    newInputStream.close();
                }
            }
        }
    }
}
