package org.seedstack.seed.core.internal.crypto;

import com.google.common.base.Strings;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import org.seedstack.seed.SeedException;
import org.seedstack.seed.crypto.CryptoConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/seedstack/seed/core/internal/crypto/SSLBuilder.class */
class SSLBuilder {
    private static final Logger LOGGER = LoggerFactory.getLogger(SSLBuilder.class);
    private final KeyStore trustStore;
    private final Map<String, KeyStore> keyStores;
    private SSLContext sslContext = null;
    private List<KeyManagerAdapter> keyManagerAdapters = new ArrayList();

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLBuilder(KeyStore keyStore, Map<String, KeyStore> map) {
        this.trustStore = keyStore;
        this.keyStores = map;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized SSLContext getSSLContext(CryptoConfig cryptoConfig) {
        TrustManager[] trustManagerArr;
        KeyManager[] keyManagerArr;
        if (this.sslContext == null) {
            CryptoConfig.SSLConfig ssl = cryptoConfig.ssl();
            if (this.trustStore != null) {
                LOGGER.info("Using the configured truststore for SSL");
                trustManagerArr = getTrustManagers(ssl, this.trustStore);
            } else {
                LOGGER.info("No truststore configured, platform default will be used for SSL");
                trustManagerArr = null;
            }
            if (cryptoConfig.keyStores().containsKey(ssl.getKeystore())) {
                LOGGER.info("Keystore '{}' will be used for SSL X509 certificates", ssl.getKeystore());
                keyManagerArr = getKeyManagers(ssl);
            } else {
                LOGGER.debug("Keystore '{}' is not configured, platform default will be used for SSL", ssl.getKeystore());
                keyManagerArr = null;
            }
            try {
                this.sslContext = SSLContext.getInstance(ssl.getProtocol());
                String randomAlgorithm = ssl.getRandomAlgorithm();
                if (Strings.isNullOrEmpty(randomAlgorithm)) {
                    this.sslContext.init(keyManagerArr, trustManagerArr, null);
                } else {
                    this.sslContext.init(keyManagerArr, trustManagerArr, SecureRandom.getInstance(randomAlgorithm));
                }
            } catch (NoSuchAlgorithmException e) {
                throw SeedException.wrap(e, CryptoErrorCode.ALGORITHM_CANNOT_BE_FOUND);
            } catch (Exception e2) {
                throw SeedException.wrap(e2, CryptoErrorCode.UNEXPECTED_EXCEPTION);
            }
        }
        return this.sslContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized List<KeyManagerAdapter> getKeyManagerAdapters() {
        return Collections.unmodifiableList(this.keyManagerAdapters);
    }

    private KeyManager[] getKeyManagers(CryptoConfig.SSLConfig sSLConfig) {
        try {
            String keyManagerAlgorithm = sSLConfig.getKeyManagerAlgorithm();
            KeyManagerFactory keyManagerFactory = Strings.isNullOrEmpty(keyManagerAlgorithm) ? KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()) : KeyManagerFactory.getInstance(keyManagerAlgorithm);
            try {
                KeyStore keyStore = this.keyStores.get(sSLConfig.getKeystore());
                if (keyStore == null) {
                    throw SeedException.createNew(CryptoErrorCode.KEYSTORE_CONFIGURATION_ERROR).put("ksName", sSLConfig.getKeystore());
                }
                keyManagerFactory.init(keyStore, (char[]) Optional.ofNullable(sSLConfig.getKeyPassword()).map((v0) -> {
                    return v0.toCharArray();
                }).orElse(null));
                return (KeyManager[]) Arrays.stream(keyManagerFactory.getKeyManagers()).map(keyManager -> {
                    if (!(keyManager instanceof X509KeyManager)) {
                        return keyManager;
                    }
                    KeyManagerAdapter keyManagerAdapter = new KeyManagerAdapter((X509KeyManager) keyManager);
                    this.keyManagerAdapters.add(keyManagerAdapter);
                    return keyManagerAdapter;
                }).toArray(i -> {
                    return new KeyManager[i];
                });
            } catch (KeyStoreException e) {
                throw SeedException.wrap(e, CryptoErrorCode.UNEXPECTED_EXCEPTION);
            } catch (NoSuchAlgorithmException e2) {
                throw SeedException.wrap(e2, CryptoErrorCode.ALGORITHM_CANNOT_BE_FOUND);
            } catch (UnrecoverableKeyException e3) {
                throw SeedException.wrap(e3, CryptoErrorCode.UNRECOVERABLE_KEY);
            }
        } catch (NoSuchAlgorithmException e4) {
            throw SeedException.wrap(e4, CryptoErrorCode.ALGORITHM_CANNOT_BE_FOUND);
        }
    }

    private TrustManager[] getTrustManagers(CryptoConfig.SSLConfig sSLConfig, KeyStore keyStore) {
        try {
            String trustManagerAlgorithm = sSLConfig.getTrustManagerAlgorithm();
            TrustManagerFactory trustManagerFactory = Strings.isNullOrEmpty(trustManagerAlgorithm) ? TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()) : TrustManagerFactory.getInstance(trustManagerAlgorithm);
            trustManagerFactory.init(keyStore);
            return trustManagerFactory.getTrustManagers();
        } catch (KeyStoreException e) {
            throw SeedException.wrap(e, CryptoErrorCode.UNEXPECTED_EXCEPTION);
        } catch (NoSuchAlgorithmException e2) {
            throw SeedException.wrap(e2, CryptoErrorCode.ALGORITHM_CANNOT_BE_FOUND);
        }
    }
}
