package io.helidon.webserver;

import io.helidon.common.Builder;
import io.helidon.common.CollectionsHelper;
import io.helidon.common.pki.KeyConfig;
import io.helidon.config.Config;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Random;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:io/helidon/webserver/SSLContextBuilder.class */
public final class SSLContextBuilder implements Builder<SSLContext> {
    private static final String PROTOCOL = "TLS";
    private static final Random RANDOM = new Random();
    private KeyConfig privateKeyConfig;
    private KeyConfig trustConfig;
    private long sessionCacheSize;
    private long sessionTimeout;

    private SSLContextBuilder() {
    }

    public static SSLContextBuilder create(KeyConfig keyConfig) {
        return new SSLContextBuilder().privateKeyConfig(keyConfig);
    }

    public static SSLContext fromConfig(Config config) {
        return new SSLContextBuilder().privateKeyConfig(KeyConfig.fromConfig(config.get("private-key"))).sessionCacheSize(config.get("sessionCacheSize").asInt(0)).sessionTimeout(config.get("sessionTimeout").asInt(0)).trustConfig(KeyConfig.fromConfig(config.get("trust"))).m16build();
    }

    private SSLContextBuilder privateKeyConfig(KeyConfig keyConfig) {
        this.privateKeyConfig = keyConfig;
        return this;
    }

    public SSLContextBuilder trustConfig(KeyConfig keyConfig) {
        this.trustConfig = keyConfig;
        return this;
    }

    public SSLContextBuilder sessionCacheSize(long j) {
        this.sessionCacheSize = j;
        return this;
    }

    public SSLContextBuilder sessionTimeout(long j) {
        this.sessionTimeout = j;
        return this;
    }

    /* renamed from: build, reason: merged with bridge method [inline-methods] */
    public SSLContext m16build() {
        Objects.requireNonNull(this.privateKeyConfig, "The private key config must be set!");
        try {
            return newSSLContext(this.privateKeyConfig, this.trustConfig, this.sessionCacheSize, this.sessionTimeout);
        } catch (IOException | GeneralSecurityException e) {
            throw new IllegalStateException("Building of the SSLContext of unsuccessful!", e);
        }
    }

    private static SSLContext newSSLContext(KeyConfig keyConfig, KeyConfig keyConfig2, long j, long j2) throws IOException, GeneralSecurityException {
        KeyManagerFactory buildKmf = buildKmf(keyConfig);
        TrustManagerFactory buildTmf = buildTmf(keyConfig2);
        SSLContext sSLContext = SSLContext.getInstance(PROTOCOL);
        sSLContext.init(buildKmf.getKeyManagers(), buildTmf.getTrustManagers(), null);
        SSLSessionContext serverSessionContext = sSLContext.getServerSessionContext();
        if (j > 0) {
            serverSessionContext.setSessionCacheSize((int) Math.min(j, 2147483647L));
        }
        if (j2 > 0) {
            serverSessionContext.setSessionTimeout((int) Math.min(j2, 2147483647L));
        }
        return sSLContext;
    }

    private static KeyManagerFactory buildKmf(KeyConfig keyConfig) throws IOException, GeneralSecurityException {
        String property = Security.getProperty("ssl.KeyManagerFactory.algorithm");
        if (property == null) {
            property = "SunX509";
        }
        byte[] bArr = new byte[64];
        RANDOM.nextBytes(bArr);
        char[] charArray = Base64.getEncoder().encodeToString(bArr).toCharArray();
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        keyStore.setKeyEntry("key", (Key) keyConfig.getPrivateKey().orElseThrow(() -> {
            return new RuntimeException("Private key not available");
        }), charArray, (Certificate[]) keyConfig.getCertChain().toArray(new Certificate[0]));
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(property);
        keyManagerFactory.init(keyStore, charArray);
        return keyManagerFactory;
    }

    private static TrustManagerFactory buildTmf(KeyConfig keyConfig) throws IOException, GeneralSecurityException {
        List listOf = keyConfig == null ? CollectionsHelper.listOf() : keyConfig.getCerts();
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        int i = 1;
        Iterator it = listOf.iterator();
        while (it.hasNext()) {
            keyStore.setCertificateEntry(String.valueOf(i), (X509Certificate) it.next());
            i++;
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }
}
