package org.voltcore.utils.ssl;

import com.google_voltpatches.common.collect.ImmutableSet;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:org/voltcore/utils/ssl/SSLConfiguration.class */
public class SSLConfiguration {
    public static final String KEYSTORE_CONFIG_PROP = "keyStore";
    public static final String KEYSTORE_PASSWORD_CONFIG_PROP = "keyStorePassword";
    public static final String TRUSTSTORE_CONFIG_PROP = "trustStore";
    public static final String TRUSTSTORE_PASSWORD_CONFIG_PROP = "trustStorePassword";
    public static Set<String> PREFERRED_CIPHERS = ImmutableSet.builder().add((ImmutableSet.Builder) "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256").add((ImmutableSet.Builder) "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384").add((ImmutableSet.Builder) "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384").add((ImmutableSet.Builder) "TLS_RSA_WITH_AES_256_GCM_SHA384").add((ImmutableSet.Builder) "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384").add((ImmutableSet.Builder) "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384").add((ImmutableSet.Builder) "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384").add((ImmutableSet.Builder) "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384").add((ImmutableSet.Builder) "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256").add((ImmutableSet.Builder) "TLS_RSA_WITH_AES_128_GCM_SHA256").add((ImmutableSet.Builder) "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256").add((ImmutableSet.Builder) "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256").add((ImmutableSet.Builder) "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256").add((ImmutableSet.Builder) "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256").add((ImmutableSet.Builder) "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA").add((ImmutableSet.Builder) "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA").add((ImmutableSet.Builder) "TLS_RSA_WITH_AES_256_CBC_SHA").add((ImmutableSet.Builder) "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA").add((ImmutableSet.Builder) "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA").add((ImmutableSet.Builder) "TLS_DHE_RSA_WITH_AES_256_CBC_SHA").add((ImmutableSet.Builder) "TLS_DHE_DSS_WITH_AES_256_CBC_SHA").add((ImmutableSet.Builder) "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA").add((ImmutableSet.Builder) "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA").add((ImmutableSet.Builder) "TLS_RSA_WITH_AES_128_CBC_SHA").add((ImmutableSet.Builder) "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA").add((ImmutableSet.Builder) "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA").add((ImmutableSet.Builder) "TLS_DHE_RSA_WITH_AES_128_CBC_SHA").add((ImmutableSet.Builder) "TLS_DHE_DSS_WITH_AES_128_CBC_SHA").build();
    public static Set<String> GCM_CIPHERS = ImmutableSet.builder().add((ImmutableSet.Builder) "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256").add((ImmutableSet.Builder) "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384").add((ImmutableSet.Builder) "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384").add((ImmutableSet.Builder) "TLS_RSA_WITH_AES_256_GCM_SHA384").add((ImmutableSet.Builder) "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384").add((ImmutableSet.Builder) "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384").add((ImmutableSet.Builder) "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384").add((ImmutableSet.Builder) "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384").add((ImmutableSet.Builder) "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256").add((ImmutableSet.Builder) "TLS_RSA_WITH_AES_128_GCM_SHA256").add((ImmutableSet.Builder) "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256").add((ImmutableSet.Builder) "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256").add((ImmutableSet.Builder) "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256").add((ImmutableSet.Builder) "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256").build();

    /* loaded from: input_file:org/voltcore/utils/ssl/SSLConfiguration$SslConfig.class */
    public static class SslConfig {
        public final String keyStorePath;
        public final String keyStorePassword;
        public final String trustStorePath;
        public final String trustStorePassword;

        public SslConfig() {
            this(null, null, null, null);
        }

        public SslConfig(String str, String str2, String str3, String str4) {
            String property = System.getProperty("javax.net.ssl.keyStore");
            str = property != null ? property : str;
            String property2 = System.getProperty("javax.net.ssl.keyStorePassword");
            str2 = property2 != null ? property2 : str2;
            String property3 = System.getProperty("javax.net.ssl.trustStore");
            str3 = property3 != null ? property3 : str3;
            String property4 = System.getProperty("javax.net.ssl.trustStorePassword");
            str4 = property4 != null ? property4 : str4;
            this.keyStorePath = str;
            this.keyStorePassword = str2;
            this.trustStorePath = str3;
            this.trustStorePassword = str4;
        }

        public String toString() {
            return "SslConfig [keyStorePath=" + this.keyStorePath + ", trustStorePath=" + this.trustStorePath + "]";
        }
    }

    public static SSLContext createSslContext(SslConfig sslConfig) {
        if (sslConfig == null) {
            throw new IllegalArgumentException("sslConfig is null");
        }
        KeyManager[] keyManagerArr = null;
        TrustManager[] trustManagerArr = null;
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            if (sslConfig.keyStorePath != null && sslConfig.keyStorePassword != null) {
                keyManagerArr = createKeyManagers(sslConfig.keyStorePath, sslConfig.keyStorePassword, sslConfig.keyStorePassword);
            }
            if (sslConfig.trustStorePath != null && sslConfig.trustStorePassword != null) {
                trustManagerArr = createTrustManagers(sslConfig.trustStorePath, sslConfig.trustStorePassword);
            }
            sSLContext.init(keyManagerArr, trustManagerArr, new SecureRandom());
            return sSLContext;
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new IllegalArgumentException("Failed to initialize SSL using " + sslConfig, e);
        }
    }

    private static KeyManager[] createKeyManagers(String str, String str2, String str3) throws FileNotFoundException, KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        FileInputStream fileInputStream = new FileInputStream(str);
        Throwable th = null;
        try {
            try {
                keyStore.load(fileInputStream, str2.toCharArray());
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, str3.toCharArray());
                return keyManagerFactory.getKeyManagers();
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    private static TrustManager[] createTrustManagers(String str, String str2) throws KeyStoreException, FileNotFoundException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        FileInputStream fileInputStream = new FileInputStream(str);
        Throwable th = null;
        try {
            try {
                keyStore.load(fileInputStream, str2.toCharArray());
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                return trustManagerFactory.getTrustManagers();
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }
}
