package org.apache.nifi.framework.security.util;

import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.util.NiFiProperties;

/* loaded from: input_file:org/apache/nifi/framework/security/util/SslContextFactory.class */
public final class SslContextFactory {

    /* loaded from: input_file:org/apache/nifi/framework/security/util/SslContextFactory$ClientAuth.class */
    public enum ClientAuth {
        WANT,
        REQUIRED,
        NONE
    }

    public static SSLContext createSslContext(NiFiProperties niFiProperties) throws SslContextCreationException {
        return createSslContext(niFiProperties, false);
    }

    public static SSLContext createSslContext(NiFiProperties niFiProperties, boolean z) throws SslContextCreationException {
        KeyStore keyStore;
        if (!hasKeystoreProperties(niFiProperties)) {
            if (z) {
                throw new SslContextCreationException("SSL context cannot be created because keystore properties have not been configured.");
            }
            return null;
        }
        if (niFiProperties.getNeedClientAuth() && !hasTruststoreProperties(niFiProperties)) {
            throw new SslContextCreationException("Need client auth is set to 'true', but no truststore properties are configured.");
        }
        try {
            if (hasTruststoreProperties(niFiProperties)) {
                keyStore = KeyStore.getInstance(niFiProperties.getProperty("nifi.security.truststoreType"));
                FileInputStream fileInputStream = new FileInputStream(niFiProperties.getProperty("nifi.security.truststore"));
                Throwable th = null;
                try {
                    keyStore.load(fileInputStream, niFiProperties.getProperty("nifi.security.truststorePasswd").toCharArray());
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } finally {
                }
            } else {
                keyStore = null;
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            KeyStore keyStore2 = KeyStore.getInstance(niFiProperties.getProperty("nifi.security.keystoreType"));
            FileInputStream fileInputStream2 = new FileInputStream(niFiProperties.getProperty("nifi.security.keystore"));
            Throwable th3 = null;
            try {
                try {
                    keyStore2.load(fileInputStream2, niFiProperties.getProperty("nifi.security.keystorePasswd").toCharArray());
                    if (fileInputStream2 != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream2.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        } else {
                            fileInputStream2.close();
                        }
                    }
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    if (StringUtils.isNotBlank(niFiProperties.getProperty("nifi.security.keyPasswd"))) {
                        keyManagerFactory.init(keyStore2, niFiProperties.getProperty("nifi.security.keyPasswd").toCharArray());
                    } else {
                        keyManagerFactory.init(keyStore2, niFiProperties.getProperty("nifi.security.keystorePasswd").toCharArray());
                    }
                    SSLContext sSLContext = SSLContext.getInstance("TLS");
                    sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
                    sSLContext.getDefaultSSLParameters().setNeedClientAuth(niFiProperties.getNeedClientAuth());
                    return sSLContext;
                } finally {
                }
            } finally {
            }
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new SslContextCreationException(e);
        }
    }

    private static boolean hasKeystoreProperties(NiFiProperties niFiProperties) {
        return StringUtils.isNotBlank(niFiProperties.getProperty("nifi.security.keystore")) && StringUtils.isNotBlank(niFiProperties.getProperty("nifi.security.keystorePasswd")) && StringUtils.isNotBlank(niFiProperties.getProperty("nifi.security.keystoreType"));
    }

    private static boolean hasTruststoreProperties(NiFiProperties niFiProperties) {
        return StringUtils.isNotBlank(niFiProperties.getProperty("nifi.security.truststore")) && StringUtils.isNotBlank(niFiProperties.getProperty("nifi.security.truststorePasswd")) && StringUtils.isNotBlank(niFiProperties.getProperty("nifi.security.truststoreType"));
    }
}
