package com.hivemq.security.ssl;

import com.hivemq.bootstrap.ioc.lazysingleton.LazySingleton;
import com.hivemq.configuration.service.entity.Tls;
import com.hivemq.extension.sdk.api.annotations.NotNull;
import com.hivemq.extension.sdk.api.annotations.Nullable;
import com.hivemq.security.exception.SslException;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.List;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.lang3.StringUtils;

@LazySingleton
/* loaded from: input_file:com/hivemq/security/ssl/SslUtil.class */
public class SslUtil {
    @NotNull
    public TrustManagerFactory createTrustManagerFactory(@NotNull String str, @NotNull String str2, @NotNull String str3) {
        try {
            try {
                FileInputStream fileInputStream = new FileInputStream(new File(str2));
                try {
                    KeyStore keyStore = KeyStore.getInstance(str);
                    keyStore.load(fileInputStream, str3.toCharArray());
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(keyStore);
                    fileInputStream.close();
                    return trustManagerFactory;
                } catch (Throwable th) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (FileNotFoundException e) {
                throw new SslException("Cannot find TrustStore at path " + str2);
            }
        } catch (IOException | KeyStoreException e2) {
            throw new SslException("Not able to open or read TrustStore '" + str2 + "' with type '" + str + "'", e2);
        } catch (NoSuchAlgorithmException | CertificateException e3) {
            throw new SslException("Not able to read certificate from TrustStore '" + str2, e3);
        }
    }

    @NotNull
    public KeyManagerFactory createKeyManagerFactory(@NotNull String str, @NotNull String str2, @NotNull String str3, @NotNull String str4) {
        try {
            try {
                FileInputStream fileInputStream = new FileInputStream(new File(str2));
                try {
                    KeyStore keyStore = KeyStore.getInstance(str);
                    keyStore.load(fileInputStream, str3.toCharArray());
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore, str4.toCharArray());
                    fileInputStream.close();
                    return keyManagerFactory;
                } catch (Throwable th) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (IOException | KeyStoreException e) {
                throw new SslException("Not able to open or read KeyStore '" + str2 + "' with type '" + str + "'", e);
            } catch (NoSuchAlgorithmException | CertificateException e2) {
                throw new SslException("Not able to read certificate from KeyStore '" + str2, e2);
            }
        } catch (FileNotFoundException e3) {
            throw new SslException("Cannot find KeyStore at path " + str2);
        } catch (UnrecoverableKeyException e4) {
            throw new SslException("Not able to recover key from KeyStore, please check your private-key-password and your keyStorePassword", e4);
        }
    }

    @NotNull
    public SslContext createSslServerContext(@NotNull KeyManagerFactory keyManagerFactory, @Nullable TrustManagerFactory trustManagerFactory, @Nullable List<String> list, @Nullable List<String> list2) throws SSLException {
        SslContextBuilder forServer = SslContextBuilder.forServer(keyManagerFactory);
        forServer.sslProvider(SslProvider.JDK).trustManager(trustManagerFactory);
        if (list2 != null && !list2.isEmpty()) {
            forServer.protocols((String[]) list2.toArray(new String[0]));
        }
        if (list == null || list.size() <= 0) {
            forServer.ciphers((Iterable) null, SupportedCipherSuiteFilter.INSTANCE);
        } else {
            forServer.ciphers(list, SupportedCipherSuiteFilter.INSTANCE);
        }
        return forServer.build();
    }

    @NotNull
    public KeyManagerFactory getKeyManagerFactory(@NotNull Tls tls) throws SslException {
        return createKeyManagerFactory(tls.getKeystoreType(), tls.getKeystorePath(), tls.getKeystorePassword(), tls.getPrivateKeyPassword());
    }

    @Nullable
    public TrustManagerFactory getTrustManagerFactory(@NotNull Tls tls) throws SslException {
        if (StringUtils.isBlank(tls.getTruststorePath()) || tls.getTruststoreType() == null || tls.getTruststorePassword() == null) {
            return null;
        }
        return createTrustManagerFactory(tls.getTruststoreType(), tls.getTruststorePath(), tls.getTruststorePassword());
    }
}
