package org.ballerinalang.net.grpc.ssl;

import io.grpc.netty.GrpcSslContexts;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.ballerinalang.net.grpc.exception.GrpcSSLValidationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/ballerinalang/net/grpc/ssl/SSLHandlerFactory.class */
public class SSLHandlerFactory {
    private static final Logger LOG = LoggerFactory.getLogger(SSLHandlerFactory.class);
    private static final String SSL_SERVER_KEY_FILE = "grpcSslServer.key";
    private static final String SSL_SERVER_CERT_FILE = "grpcSslServer.pem";
    private SSLConfig sslConfig;
    private KeyManagerFactory kmf;
    private TrustManagerFactory tmf;

    public SSLHandlerFactory(SSLConfig sSLConfig) {
        this.sslConfig = sSLConfig;
        String property = Security.getProperty("ssl.KeyManagerFactory.algorithm");
        property = property == null ? "SunX509" : property;
        String sSLProtocol = sSLConfig.getSSLProtocol();
        try {
            KeyManager[] keyManagerArr = null;
            if (sSLConfig.getKeyStore() != null) {
                KeyStore keyStore = getKeyStore(sSLConfig.getKeyStore(), sSLConfig.getKeyStorePass());
                this.kmf = KeyManagerFactory.getInstance(property);
                if (keyStore != null) {
                    this.kmf.init(keyStore, sSLConfig.getCertPass() != null ? sSLConfig.getCertPass().toCharArray() : sSLConfig.getKeyStorePass().toCharArray());
                    keyManagerArr = this.kmf.getKeyManagers();
                }
            }
            TrustManager[] trustManagerArr = null;
            if (sSLConfig.getTrustStore() != null && sSLConfig.getTrustStore().isFile()) {
                KeyStore keyStore2 = getKeyStore(sSLConfig.getTrustStore(), sSLConfig.getTrustStorePass());
                this.tmf = TrustManagerFactory.getInstance(property);
                this.tmf.init(keyStore2);
                trustManagerArr = this.tmf.getTrustManagers();
            }
            SSLContext.getInstance(sSLProtocol).init(keyManagerArr, trustManagerArr, null);
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new IllegalArgumentException("Failed to initialize the SSLContext", e);
        }
    }

    private KeyStore getKeyStore(File file, String str) throws IOException {
        KeyStore keyStore = null;
        String tLSStoreType = this.sslConfig.getTLSStoreType();
        if (file != null && file.isFile() && str != null && !str.isEmpty()) {
            try {
                FileInputStream fileInputStream = new FileInputStream(file);
                Throwable th = null;
                try {
                    try {
                        keyStore = KeyStore.getInstance(tLSStoreType);
                        keyStore.load(fileInputStream, str.toCharArray());
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new IOException(e);
            }
        }
        return keyStore;
    }

    public SslContext createHttp2TLSContextForServer() throws SSLException {
        List<String> preferredTestCiphers = (this.sslConfig.getCipherSuites() == null || this.sslConfig.getCipherSuites().length <= 0) ? SSLHandlerUtils.preferredTestCiphers() : Arrays.asList(this.sslConfig.getCipherSuites());
        SslProvider sslProvider = SslProvider.JDK;
        File file = new File(SSL_SERVER_KEY_FILE);
        File file2 = new File(SSL_SERVER_CERT_FILE);
        try {
            if (file.createNewFile() && file2.createNewFile()) {
                LOG.debug("Successfully created meta cert and key files. ");
            }
            try {
                SSLHandlerUtils.writeFile(getKeyStore(this.sslConfig.getKeyStore(), this.sslConfig.getKeyStorePass()), this.sslConfig.getKeyStorePass());
                try {
                    SslContext build = GrpcSslContexts.forServer(file2, file).keyManager(this.kmf).sslProvider(sslProvider).ciphers(preferredTestCiphers, SupportedCipherSuiteFilter.INSTANCE).applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, new String[]{"h2", "http/1.1"})).clientAuth(ClientAuth.NONE).build();
                    if (file.delete() && file2.delete()) {
                        LOG.debug("Successfully deleted meta cert and key files. ");
                    }
                    return build;
                } catch (SSLException e) {
                    throw new GrpcSSLValidationException("Error generating SSL context.", e);
                }
            } catch (KeyStoreException e2) {
                throw new GrpcSSLValidationException("Error writing intermediate cert temporary files.", e2);
            }
        } catch (IOException e3) {
            throw new GrpcSSLValidationException("Error generating intermediate cert temporary files.", e3);
        }
    }

    public SslContext createHttp2TLSContextForClient() throws SSLException {
        return GrpcSslContexts.forClient().sslProvider(SslProvider.JDK).trustManager(this.tmf).protocols(this.sslConfig.getEnableProtocols()).ciphers((this.sslConfig.getCipherSuites() == null || this.sslConfig.getCipherSuites().length <= 0) ? SSLHandlerUtils.preferredTestCiphers() : Arrays.asList(this.sslConfig.getCipherSuites()), SupportedCipherSuiteFilter.INSTANCE).applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, new String[]{"h2", "http/1.1"})).build();
    }
}
