package com.yahoo.security.tls;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.yahoo.security.SealedSharedKey;
import com.yahoo.security.tls.RequiredPeerCredential;
import com.yahoo.security.tls.TransportSecurityOptions;
import com.yahoo.security.tls.TransportSecurityOptionsEntity;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UncheckedIOException;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/yahoo/security/tls/TransportSecurityOptionsJsonSerializer.class */
public class TransportSecurityOptionsJsonSerializer {
    private static final ObjectMapper mapper = new ObjectMapper();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.yahoo.security.tls.TransportSecurityOptionsJsonSerializer$1, reason: invalid class name */
    /* loaded from: input_file:com/yahoo/security/tls/TransportSecurityOptionsJsonSerializer$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$yahoo$security$tls$TransportSecurityOptionsEntity$CredentialField;
        static final /* synthetic */ int[] $SwitchMap$com$yahoo$security$tls$RequiredPeerCredential$Field = new int[RequiredPeerCredential.Field.values().length];

        static {
            try {
                $SwitchMap$com$yahoo$security$tls$RequiredPeerCredential$Field[RequiredPeerCredential.Field.CN.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$yahoo$security$tls$RequiredPeerCredential$Field[RequiredPeerCredential.Field.SAN_DNS.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$yahoo$security$tls$RequiredPeerCredential$Field[RequiredPeerCredential.Field.SAN_URI.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SwitchMap$com$yahoo$security$tls$TransportSecurityOptionsEntity$CredentialField = new int[TransportSecurityOptionsEntity.CredentialField.values().length];
            try {
                $SwitchMap$com$yahoo$security$tls$TransportSecurityOptionsEntity$CredentialField[TransportSecurityOptionsEntity.CredentialField.CN.ordinal()] = 1;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$yahoo$security$tls$TransportSecurityOptionsEntity$CredentialField[TransportSecurityOptionsEntity.CredentialField.SAN_DNS.ordinal()] = 2;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$com$yahoo$security$tls$TransportSecurityOptionsEntity$CredentialField[TransportSecurityOptionsEntity.CredentialField.SAN_URI.ordinal()] = 3;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TransportSecurityOptions deserialize(InputStream inputStream) {
        try {
            return toTransportSecurityOptions((TransportSecurityOptionsEntity) mapper.readValue(inputStream, TransportSecurityOptionsEntity.class));
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void serialize(OutputStream outputStream, TransportSecurityOptions transportSecurityOptions) {
        try {
            mapper.writerWithDefaultPrettyPrinter().writeValue(outputStream, toTransportSecurityOptionsEntity(transportSecurityOptions));
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    private static TransportSecurityOptions toTransportSecurityOptions(TransportSecurityOptionsEntity transportSecurityOptionsEntity) {
        TransportSecurityOptions.Builder builder = new TransportSecurityOptions.Builder();
        TransportSecurityOptionsEntity.Files files = transportSecurityOptionsEntity.files;
        if (files != null) {
            if (files.certificatesFile != null && files.privateKeyFile != null) {
                builder.withCertificates(Paths.get(files.certificatesFile, new String[0]), Paths.get(files.privateKeyFile, new String[0]));
            } else if (files.certificatesFile != null || files.privateKeyFile != null) {
                throw new IllegalArgumentException("Both 'private-key' and 'certificates' must be configured together");
            }
            if (files.caCertificatesFile != null) {
                builder.withCaCertificates(Paths.get(files.caCertificatesFile, new String[0]));
            }
        }
        List<TransportSecurityOptionsEntity.AuthorizedPeer> list = transportSecurityOptionsEntity.authorizedPeers;
        if (list != null) {
            if (list.size() == 0) {
                throw new IllegalArgumentException("'authorized-peers' cannot be empty");
            }
            builder.withAuthorizedPeers(new AuthorizedPeers(toPeerPolicies(list)));
        }
        if (transportSecurityOptionsEntity.acceptedCiphers != null) {
            if (transportSecurityOptionsEntity.acceptedCiphers.isEmpty()) {
                throw new IllegalArgumentException("'accepted-ciphers' cannot be empty");
            }
            builder.withAcceptedCiphers(transportSecurityOptionsEntity.acceptedCiphers);
        }
        if (transportSecurityOptionsEntity.acceptedProtocols != null) {
            if (transportSecurityOptionsEntity.acceptedProtocols.isEmpty()) {
                throw new IllegalArgumentException("'accepted-protocols' cannot be empty");
            }
            builder.withAcceptedProtocols(transportSecurityOptionsEntity.acceptedProtocols);
        }
        if (transportSecurityOptionsEntity.isHostnameValidationDisabled != null) {
            builder.withHostnameValidationDisabled(transportSecurityOptionsEntity.isHostnameValidationDisabled.booleanValue());
        }
        return builder.build();
    }

    private static Set<PeerPolicy> toPeerPolicies(List<TransportSecurityOptionsEntity.AuthorizedPeer> list) {
        return (Set) list.stream().map(TransportSecurityOptionsJsonSerializer::toPeerPolicy).collect(Collectors.toSet());
    }

    private static PeerPolicy toPeerPolicy(TransportSecurityOptionsEntity.AuthorizedPeer authorizedPeer) {
        if (authorizedPeer.name == null) {
            throw missingFieldException("name");
        }
        if (authorizedPeer.requiredCredentials == null) {
            throw missingFieldException("required-credentials");
        }
        return new PeerPolicy(authorizedPeer.name, Optional.ofNullable(authorizedPeer.description), toCapabilities(authorizedPeer.capabilities), toRequestPeerCredentials(authorizedPeer.requiredCredentials));
    }

    private static CapabilitySet toCapabilities(List<String> list) {
        if (list == null) {
            return CapabilitySet.all();
        }
        if (list.isEmpty()) {
            throw new IllegalArgumentException("\"capabilities\" array must either be not present (implies all capabilities) or contain at least one capability name");
        }
        return CapabilitySet.fromNames(list);
    }

    private static List<RequiredPeerCredential> toRequestPeerCredentials(List<TransportSecurityOptionsEntity.RequiredCredential> list) {
        return (List) list.stream().map(TransportSecurityOptionsJsonSerializer::toRequiredPeerCredential).collect(Collectors.toList());
    }

    private static RequiredPeerCredential toRequiredPeerCredential(TransportSecurityOptionsEntity.RequiredCredential requiredCredential) {
        if (requiredCredential.field == null) {
            throw missingFieldException("field");
        }
        if (requiredCredential.matchExpression == null) {
            throw missingFieldException("must-match");
        }
        return RequiredPeerCredential.of(toField(requiredCredential.field), requiredCredential.matchExpression);
    }

    private static RequiredPeerCredential.Field toField(TransportSecurityOptionsEntity.CredentialField credentialField) {
        switch (AnonymousClass1.$SwitchMap$com$yahoo$security$tls$TransportSecurityOptionsEntity$CredentialField[credentialField.ordinal()]) {
            case SealedSharedKey.CURRENT_TOKEN_VERSION /* 1 */:
                return RequiredPeerCredential.Field.CN;
            case 2:
                return RequiredPeerCredential.Field.SAN_DNS;
            case 3:
                return RequiredPeerCredential.Field.SAN_URI;
            default:
                throw new IllegalArgumentException("Invalid field type: " + credentialField);
        }
    }

    private static TransportSecurityOptionsEntity toTransportSecurityOptionsEntity(TransportSecurityOptions transportSecurityOptions) {
        TransportSecurityOptionsEntity transportSecurityOptionsEntity = new TransportSecurityOptionsEntity();
        transportSecurityOptionsEntity.files = new TransportSecurityOptionsEntity.Files();
        transportSecurityOptions.getCaCertificatesFile().ifPresent(path -> {
            transportSecurityOptionsEntity.files.caCertificatesFile = path.toString();
        });
        transportSecurityOptions.getCertificatesFile().ifPresent(path2 -> {
            transportSecurityOptionsEntity.files.certificatesFile = path2.toString();
        });
        transportSecurityOptions.getPrivateKeyFile().ifPresent(path3 -> {
            transportSecurityOptionsEntity.files.privateKeyFile = path3.toString();
        });
        transportSecurityOptionsEntity.authorizedPeers = transportSecurityOptions.getAuthorizedPeers().peerPolicies().stream().sorted(Comparator.comparing((v0) -> {
            return v0.policyName();
        })).map(peerPolicy -> {
            TransportSecurityOptionsEntity.AuthorizedPeer authorizedPeer = new TransportSecurityOptionsEntity.AuthorizedPeer();
            authorizedPeer.name = peerPolicy.policyName();
            authorizedPeer.requiredCredentials = new ArrayList();
            authorizedPeer.description = peerPolicy.description().orElse(null);
            CapabilitySet capabilities = peerPolicy.capabilities();
            if (!capabilities.hasAll()) {
                authorizedPeer.capabilities = List.copyOf(capabilities.toNames());
            }
            for (RequiredPeerCredential requiredPeerCredential : peerPolicy.requiredCredentials()) {
                TransportSecurityOptionsEntity.RequiredCredential requiredCredential = new TransportSecurityOptionsEntity.RequiredCredential();
                requiredCredential.field = toField(requiredPeerCredential.field());
                requiredCredential.matchExpression = requiredPeerCredential.pattern().asString();
                authorizedPeer.requiredCredentials.add(requiredCredential);
            }
            return authorizedPeer;
        }).toList();
        if (!transportSecurityOptions.getAcceptedCiphers().isEmpty()) {
            transportSecurityOptionsEntity.acceptedCiphers = transportSecurityOptions.getAcceptedCiphers();
        }
        if (!transportSecurityOptions.getAcceptedProtocols().isEmpty()) {
            transportSecurityOptionsEntity.acceptedProtocols = transportSecurityOptions.getAcceptedProtocols();
        }
        if (transportSecurityOptions.isHostnameValidationDisabled()) {
            transportSecurityOptionsEntity.isHostnameValidationDisabled = true;
        }
        return transportSecurityOptionsEntity;
    }

    private static TransportSecurityOptionsEntity.CredentialField toField(RequiredPeerCredential.Field field) {
        switch (AnonymousClass1.$SwitchMap$com$yahoo$security$tls$RequiredPeerCredential$Field[field.ordinal()]) {
            case SealedSharedKey.CURRENT_TOKEN_VERSION /* 1 */:
                return TransportSecurityOptionsEntity.CredentialField.CN;
            case 2:
                return TransportSecurityOptionsEntity.CredentialField.SAN_DNS;
            case 3:
                return TransportSecurityOptionsEntity.CredentialField.SAN_URI;
            default:
                throw new IllegalArgumentException("Invalid field type: " + field);
        }
    }

    private static IllegalArgumentException missingFieldException(String str) {
        return new IllegalArgumentException(String.format("'%s' missing", str));
    }
}
