package org.wildfly.extras.creaper.core.online;

import com.google.common.io.ByteSource;
import com.google.common.io.Closeables;
import com.google.common.io.Files;
import com.google.common.io.Resources;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:org/wildfly/extras/creaper/core/online/SslOptions.class */
public final class SslOptions {
    private static final SslProtocol DEFAULT_PROTOCOL = SslProtocol.TLS;
    final SslProtocol protocol;
    final ByteSource keyStoreSource;
    final String keyStorePassword;
    final KeyStoreType keyStoreType;
    final String keyAlias;
    final String keyPassword;
    final ByteSource trustStoreSource;
    final String trustStorePassword;
    final KeyStoreType trustStoreType;
    final boolean hostnameVerification;

    /* loaded from: input_file:org/wildfly/extras/creaper/core/online/SslOptions$Builder.class */
    public static final class Builder {
        private SslProtocol protocol;
        private ByteSource keyStoreSource;
        private String keyStorePassword;
        private KeyStoreType keyStoreType;
        private String keyAlias;
        private String keyPassword;
        private ByteSource trustStoreSource;
        private String trustStorePassword;
        private KeyStoreType trustStoreType;
        private boolean hostnameVerification = true;

        public Builder protocol(SslProtocol sslProtocol) {
            this.protocol = sslProtocol;
            return this;
        }

        public Builder keyStore(File file) {
            if (file == null || !file.exists()) {
                throw new IllegalArgumentException("A file with the keystore must be provided.");
            }
            this.keyStoreSource = Files.asByteSource(file);
            return this;
        }

        public Builder keyStore(Class cls, String str) {
            if (cls == null) {
                throw new IllegalArgumentException("A class for loading the keystore must be provided.");
            }
            if (str == null) {
                throw new IllegalArgumentException("A path to the keystore must be provided.");
            }
            this.keyStoreSource = Resources.asByteSource(Resources.getResource(cls, str));
            return this;
        }

        public Builder keyStorePassword(String str) {
            this.keyStorePassword = str;
            return this;
        }

        public Builder key(String str, String str2) {
            this.keyAlias = str;
            this.keyPassword = str2;
            return this;
        }

        public Builder keyStoreType(KeyStoreType keyStoreType) {
            this.keyStoreType = keyStoreType;
            return this;
        }

        public Builder trustStore(File file) {
            if (file == null || !file.exists()) {
                throw new IllegalArgumentException("A file with the truststore must be provided.");
            }
            this.trustStoreSource = Files.asByteSource(file);
            return this;
        }

        public Builder trustStore(Class cls, String str) {
            if (cls == null) {
                throw new IllegalArgumentException("A class for loading the truststore must be provided.");
            }
            if (str == null) {
                throw new IllegalArgumentException("A path to the truststore must be provided.");
            }
            this.trustStoreSource = Resources.asByteSource(Resources.getResource(cls, str));
            return this;
        }

        public Builder trustStorePassword(String str) {
            this.trustStorePassword = str;
            return this;
        }

        public Builder trustStoreType(KeyStoreType keyStoreType) {
            this.trustStoreType = keyStoreType;
            return this;
        }

        public Builder turnOffHostnameVerification() {
            this.hostnameVerification = false;
            return this;
        }

        public SslOptions build() {
            return new SslOptions(this);
        }
    }

    private SslOptions(Builder builder) {
        this.protocol = builder.protocol != null ? builder.protocol : DEFAULT_PROTOCOL;
        this.keyStoreSource = builder.keyStoreSource;
        this.keyStorePassword = builder.keyStorePassword;
        this.keyStoreType = builder.keyStoreType != null ? builder.keyStoreType : KeyStoreType.DEFAULT_TYPE;
        this.keyAlias = builder.keyAlias;
        this.keyPassword = builder.keyPassword;
        this.trustStoreSource = builder.trustStoreSource;
        this.trustStorePassword = builder.trustStorePassword;
        this.trustStoreType = builder.trustStoreType != null ? builder.trustStoreType : KeyStoreType.DEFAULT_TYPE;
        this.hostnameVerification = builder.hostnameVerification;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLContext createSslContext() {
        KeyManager[] keyManagers = getKeyManagers();
        TrustManager[] trustManagers = getTrustManagers();
        try {
            SSLContext sSLContext = SSLContext.getInstance(this.protocol.protocolName());
            sSLContext.init(keyManagers, trustManagers, null);
            return sSLContext;
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException("Failed to create SSLContext.", e);
        }
    }

    private KeyManager[] getKeyManagers() {
        if (this.keyStoreSource == null && this.keyStoreType != KeyStoreType.PKCS11) {
            return null;
        }
        if (this.keyStoreSource != null && this.keyStoreType == KeyStoreType.PKCS11) {
            throw new IllegalArgumentException("The keystore type is PKCS#11, the keystore should not be set.");
        }
        KeyManagerFactory createKeyManagerFactory = createKeyManagerFactory();
        KeyStore createKeyStore = createKeyStore();
        char[] charArray = toCharArray(this.keyPassword != null ? this.keyPassword : this.keyStorePassword);
        if (this.keyAlias != null) {
            createKeyStore = createRepacementKeyStore(createKeyStore, charArray);
        }
        try {
            createKeyManagerFactory.init(createKeyStore, charArray);
            return createKeyManagerFactory.getKeyManagers();
        } catch (GeneralSecurityException e) {
            throw new IllegalArgumentException("Failed to init KeyManagerFactory for " + this.keyStoreSource, e);
        }
    }

    private TrustManager[] getTrustManagers() {
        if (this.trustStoreSource == null && this.trustStoreType != KeyStoreType.PKCS11) {
            return null;
        }
        if (this.trustStoreSource != null && this.trustStoreType == KeyStoreType.PKCS11) {
            throw new IllegalArgumentException("The truststore type is PKCS#11, the truststore should not be set.");
        }
        TrustManagerFactory createTrustManagerFactory = createTrustManagerFactory();
        try {
            createTrustManagerFactory.init(createTrustStore());
            return createTrustManagerFactory.getTrustManagers();
        } catch (KeyStoreException e) {
            throw new IllegalArgumentException("Failed to init TrustManagerFactory for " + this.trustStoreSource, e);
        }
    }

    private KeyStore createKeyStore() {
        KeyStore createStore = createStore(this.keyStoreType);
        InputStream inputStream = null;
        if (this.keyStoreSource != null) {
            inputStream = createStoreStream(this.keyStoreSource);
        }
        try {
            try {
                try {
                    createStore.load(inputStream, toCharArray(this.keyStorePassword));
                    Closeables.closeQuietly(inputStream);
                    return createStore;
                } catch (IOException e) {
                    if (e.getCause() instanceof UnrecoverableKeyException) {
                        throw new IllegalArgumentException("Failed to load keystore. Maybe the password is not correct.", e);
                    }
                    throw new IllegalStateException("Failed to load keystore. Maybe the keystore type is not correct.", e);
                }
            } catch (NoSuchAlgorithmException e2) {
                throw new IllegalStateException("Failed to load keystore.", e2);
            } catch (CertificateException e3) {
                throw new IllegalStateException("Failed to load keystore.", e3);
            }
        } catch (Throwable th) {
            Closeables.closeQuietly(inputStream);
            throw th;
        }
    }

    private KeyStore createRepacementKeyStore(KeyStore keyStore, char[] cArr) {
        KeyStore createEmptyStore = createEmptyStore(KeyStoreType.DEFAULT_TYPE);
        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(cArr);
        try {
            KeyStore.Entry entry = keyStore.getEntry(this.keyAlias, passwordProtection);
            if (entry == null) {
                throw new IllegalStateException("Failed to read certificate for alias '" + this.keyAlias + "'. Maybe wrong alias was provided.");
            }
            try {
                createEmptyStore.setEntry(this.keyAlias, entry, passwordProtection);
                return createEmptyStore;
            } catch (KeyStoreException e) {
                throw new IllegalStateException("Failed to write certificate for alias " + this.keyAlias, e);
            }
        } catch (KeyStoreException e2) {
            throw new IllegalStateException("Failed to read certificate for alias " + this.keyAlias, e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new IllegalStateException("Failed to read certificate for alias " + this.keyAlias, e3);
        } catch (UnrecoverableEntryException e4) {
            throw new IllegalStateException("Failed to read certificate for alias '" + this.keyAlias + "'. Maybe the password is not correct.", e4);
        }
    }

    private KeyStore createTrustStore() {
        KeyStore createStore = createStore(this.trustStoreType);
        InputStream inputStream = null;
        if (this.trustStoreSource != null) {
            inputStream = createStoreStream(this.trustStoreSource);
        }
        try {
            try {
                try {
                    createStore.load(inputStream, toCharArray(this.trustStorePassword));
                    Closeables.closeQuietly(inputStream);
                    return createStore;
                } catch (IOException e) {
                    if (e.getCause() instanceof UnrecoverableKeyException) {
                        throw new IllegalArgumentException("Failed to load truststore. Maybe the password is not correct.", e);
                    }
                    throw new IllegalStateException("Failed to load truststore. Maybe the truststore type is not correct.", e);
                }
            } catch (NoSuchAlgorithmException e2) {
                throw new IllegalStateException("Failed to load truststore.", e2);
            } catch (CertificateException e3) {
                throw new IllegalStateException("Failed to load truststore.", e3);
            }
        } catch (Throwable th) {
            Closeables.closeQuietly(inputStream);
            throw th;
        }
    }

    private static KeyManagerFactory createKeyManagerFactory() {
        try {
            return KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("KeyManagerFactory cannot be instantiated with default algorithm.", e);
        }
    }

    private static TrustManagerFactory createTrustManagerFactory() {
        try {
            return TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("TrustManagerFactory cannot be instantiated with default algorithm.", e);
        }
    }

    private static KeyStore createStore(KeyStoreType keyStoreType) {
        try {
            return KeyStore.getInstance(keyStoreType.typeName());
        } catch (KeyStoreException e) {
            throw new IllegalArgumentException("KeyStore of type '" + keyStoreType + "' cannot be instantiated.", e);
        }
    }

    private static KeyStore createEmptyStore(KeyStoreType keyStoreType) {
        KeyStore createStore = createStore(keyStoreType);
        try {
            createStore.load(null);
            return createStore;
        } catch (Exception e) {
            throw new IllegalStateException("Failed to load empty keystore.", e);
        }
    }

    private static InputStream createStoreStream(ByteSource byteSource) {
        try {
            return byteSource.openStream();
        } catch (IOException e) {
            throw new IllegalArgumentException("Unable to open store file " + byteSource, e);
        }
    }

    private static char[] toCharArray(String str) {
        if (str == null || str.isEmpty()) {
            return null;
        }
        return str.toCharArray();
    }
}
