package io.hekate.network.internal;

import io.hekate.cluster.health.DefaultFailureDetectorConfig;
import io.hekate.core.internal.util.ConfigCheck;
import io.hekate.core.resource.ResourceLoadingException;
import io.hekate.core.resource.ResourceService;
import io.hekate.network.NetworkSslConfig;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.OpenSslX509KeyManagerFactory;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Provider;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:io/hekate/network/internal/NettySslUtils.class */
final class NettySslUtils {
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.hekate.network.internal.NettySslUtils$1, reason: invalid class name */
    /* loaded from: input_file:io/hekate/network/internal/NettySslUtils$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$hekate$network$NetworkSslConfig$Provider = new int[NetworkSslConfig.Provider.values().length];

        static {
            try {
                $SwitchMap$io$hekate$network$NetworkSslConfig$Provider[NetworkSslConfig.Provider.AUTO.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$hekate$network$NetworkSslConfig$Provider[NetworkSslConfig.Provider.JDK.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$hekate$network$NetworkSslConfig$Provider[NetworkSslConfig.Provider.OPEN_SSL.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    private NettySslUtils() {
    }

    public static SslContext clientContext(NetworkSslConfig networkSslConfig, ResourceService resourceService) {
        ConfigCheck checkConfig = checkConfig(networkSslConfig);
        try {
            return SslContextBuilder.forClient().sslProvider(provider(networkSslConfig)).trustManager(trustManager(networkSslConfig, resourceService)).sessionCacheSize(networkSslConfig.getSslSessionCacheSize()).sessionTimeout(networkSslConfig.getSslSessionCacheTimeout()).build();
        } catch (ResourceLoadingException | IOException | GeneralSecurityException e) {
            throw checkConfig.fail(e);
        }
    }

    public static SslContext serverContext(NetworkSslConfig networkSslConfig, ResourceService resourceService) {
        ConfigCheck checkConfig = checkConfig(networkSslConfig);
        try {
            return SslContextBuilder.forServer(keyManager(networkSslConfig, resourceService)).sslProvider(provider(networkSslConfig)).trustManager(trustManager(networkSslConfig, resourceService)).sessionCacheSize(networkSslConfig.getSslSessionCacheSize()).sessionTimeout(networkSslConfig.getSslSessionCacheTimeout()).build();
        } catch (ResourceLoadingException | IOException | GeneralSecurityException e) {
            throw checkConfig.fail(e);
        }
    }

    private static KeyManagerFactory keyManager(NetworkSslConfig networkSslConfig, ResourceService resourceService) throws GeneralSecurityException, IOException, ResourceLoadingException {
        OpenSslX509KeyManagerFactory openSslX509KeyManagerFactory = (networkSslConfig.getKeyStoreAlgorithm() == null || networkSslConfig.getKeyStoreAlgorithm().isEmpty()) ? provider(networkSslConfig) == SslProvider.OPENSSL ? new OpenSslX509KeyManagerFactory() : KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()) : provider(networkSslConfig) == SslProvider.OPENSSL ? new OpenSslX509KeyManagerFactory(networkSslConfig.getKeyStoreAlgorithm(), (Provider) null) : KeyManagerFactory.getInstance(networkSslConfig.getKeyStoreAlgorithm());
        openSslX509KeyManagerFactory.init(keyStore(networkSslConfig.getKeyStorePath(), networkSslConfig.getKeyStorePassword(), networkSslConfig.getKeyStoreType(), resourceService), networkSslConfig.getKeyStorePassword().toCharArray());
        return openSslX509KeyManagerFactory;
    }

    private static TrustManagerFactory trustManager(NetworkSslConfig networkSslConfig, ResourceService resourceService) throws GeneralSecurityException, IOException, ResourceLoadingException {
        if (networkSslConfig.getTrustStorePath() == null || networkSslConfig.getTrustStorePath().isEmpty()) {
            return InsecureTrustManagerFactory.INSTANCE;
        }
        TrustManagerFactory trustManagerFactory = (networkSslConfig.getTrustStoreAlgorithm() == null || networkSslConfig.getTrustStoreAlgorithm().isEmpty()) ? TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()) : TrustManagerFactory.getInstance(networkSslConfig.getTrustStoreAlgorithm());
        trustManagerFactory.init(keyStore(networkSslConfig.getTrustStorePath(), networkSslConfig.getTrustStorePassword(), networkSslConfig.getTrustStoreType(), resourceService));
        return trustManagerFactory;
    }

    private static KeyStore keyStore(String str, String str2, String str3, ResourceService resourceService) throws IOException, GeneralSecurityException, ResourceLoadingException {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError("Key store path null.");
        }
        if (!$assertionsDisabled && str2 == null) {
            throw new AssertionError("Key store password is null.");
        }
        if (!$assertionsDisabled && resourceService == null) {
            throw new AssertionError("Resource service is null.");
        }
        KeyStore keyStore = (str3 == null || str3.isEmpty()) ? KeyStore.getInstance(KeyStore.getDefaultType()) : KeyStore.getInstance(str3);
        InputStream load = resourceService.load(str);
        Throwable th = null;
        try {
            try {
                keyStore.load(load, str2.toCharArray());
                if (load != null) {
                    if (0 != 0) {
                        try {
                            load.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        load.close();
                    }
                }
                return keyStore;
            } finally {
            }
        } catch (Throwable th3) {
            if (load != null) {
                if (th != null) {
                    try {
                        load.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    load.close();
                }
            }
            throw th3;
        }
    }

    private static ConfigCheck checkConfig(NetworkSslConfig networkSslConfig) {
        ConfigCheck configCheck = ConfigCheck.get(NetworkSslConfig.class);
        configCheck.notNull(networkSslConfig.getProvider(), "provider");
        configCheck.notEmpty(networkSslConfig.getKeyStorePath(), "key store path");
        configCheck.notEmpty(networkSslConfig.getKeyStorePassword(), "key store password");
        if (networkSslConfig.getTrustStorePath() != null && !networkSslConfig.getTrustStorePath().isEmpty()) {
            configCheck.notEmpty(networkSslConfig.getTrustStorePassword(), "trust store password");
        }
        return configCheck;
    }

    private static SslProvider provider(NetworkSslConfig networkSslConfig) {
        switch (AnonymousClass1.$SwitchMap$io$hekate$network$NetworkSslConfig$Provider[networkSslConfig.getProvider().ordinal()]) {
            case 1:
                return OpenSsl.isAvailable() ? SslProvider.OPENSSL : SslProvider.JDK;
            case DefaultFailureDetectorConfig.DEFAULT_FAILURE_DETECTION_QUORUM /* 2 */:
                return SslProvider.JDK;
            case 3:
                return SslProvider.OPENSSL;
            default:
                throw new IllegalArgumentException("Unexpected SSL provider: " + networkSslConfig.getProvider());
        }
    }

    static {
        $assertionsDisabled = !NettySslUtils.class.desiredAssertionStatus();
    }
}
