package org.wso2.carbon.inbound.endpoint.protocol.websocket.ssl;

import io.netty.handler.ssl.SslHandler;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:org/wso2/carbon/inbound/endpoint/protocol/websocket/ssl/SSLHandlerFactory.class */
public class SSLHandlerFactory {
    private static final String protocol = "TLS";
    private final SSLContext serverContext;
    private boolean needClientAuth;
    private String[] cipherSuites;
    private String[] sslProtocols;

    public SSLHandlerFactory(InboundWebsocketSSLConfiguration inboundWebsocketSSLConfiguration) {
        String property = Security.getProperty("ssl.KeyManagerFactory.algorithm");
        property = property == null ? "SunX509" : property;
        try {
            KeyStore keyStore = getKeyStore(inboundWebsocketSSLConfiguration.getKeyStore(), inboundWebsocketSSLConfiguration.getKeyStorePass());
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(property);
            keyManagerFactory.init(keyStore, inboundWebsocketSSLConfiguration.getCertPass() != null ? inboundWebsocketSSLConfiguration.getCertPass().toCharArray() : inboundWebsocketSSLConfiguration.getKeyStorePass().toCharArray());
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            TrustManager[] trustManagerArr = null;
            if (inboundWebsocketSSLConfiguration.getTrustStore() != null) {
                this.needClientAuth = true;
                KeyStore keyStore2 = getKeyStore(inboundWebsocketSSLConfiguration.getTrustStore(), inboundWebsocketSSLConfiguration.getTrustStorePass());
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(property);
                trustManagerFactory.init(keyStore2);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            }
            this.serverContext = SSLContext.getInstance(protocol);
            this.serverContext.init(keyManagers, trustManagerArr, null);
            this.cipherSuites = inboundWebsocketSSLConfiguration.getCipherSuites();
            this.sslProtocols = inboundWebsocketSSLConfiguration.getSslProtocols();
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new IllegalArgumentException("Failed to initialize the server side SSLContext", e);
        }
    }

    private static KeyStore getKeyStore(File file, String str) throws IOException {
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(fileInputStream, str.toCharArray());
                fileInputStream.close();
                return keyStore;
            } finally {
            }
        } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new IOException(e);
        }
    }

    public SslHandler create() {
        SSLEngine createSSLEngine = this.serverContext.createSSLEngine();
        if (this.cipherSuites != null) {
            createSSLEngine.setEnabledCipherSuites(this.cipherSuites);
        }
        if (this.sslProtocols != null) {
            createSSLEngine.setEnabledProtocols(this.sslProtocols);
        }
        createSSLEngine.setNeedClientAuth(this.needClientAuth);
        createSSLEngine.setUseClientMode(false);
        return new SslHandler(createSSLEngine);
    }
}
