package com.github.tomakehurst.wiremock.jetty94;

import com.github.tomakehurst.wiremock.common.BrowserProxySettings;
import com.github.tomakehurst.wiremock.common.Exceptions;
import com.github.tomakehurst.wiremock.common.HttpsSettings;
import com.github.tomakehurst.wiremock.common.Notifier;
import com.github.tomakehurst.wiremock.common.ssl.KeyStoreSettings;
import com.github.tomakehurst.wiremock.http.ssl.CertificateAuthority;
import com.github.tomakehurst.wiremock.http.ssl.CertificateGenerationUnsupportedException;
import com.github.tomakehurst.wiremock.http.ssl.X509KeyStore;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import org.eclipse.jetty.http2.HTTP2Cipher;
import org.eclipse.jetty.util.ssl.SslContextFactory;

/* loaded from: input_file:META-INF/rewrite/classpath/wiremock-jre8-2.35.0.jar:com/github/tomakehurst/wiremock/jetty94/SslContexts.class */
public class SslContexts {
    public static SslContextFactory.Server buildHttp2SslContextFactory(HttpsSettings httpsSettings) {
        SslContextFactory.Server defaultSslContextFactory = defaultSslContextFactory(httpsSettings.keyStore());
        defaultSslContextFactory.setKeyManagerPassword(httpsSettings.keyManagerPassword());
        setupClientAuth(defaultSslContextFactory, httpsSettings);
        defaultSslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
        return defaultSslContextFactory;
    }

    public static SslContextFactory.Server buildManInTheMiddleSslContextFactory(HttpsSettings httpsSettings, BrowserProxySettings browserProxySettings, Notifier notifier) {
        SslContextFactory.Server buildSslContextFactory = buildSslContextFactory(notifier, browserProxySettings.caKeyStore(), httpsSettings.keyStore());
        setupClientAuth(buildSslContextFactory, httpsSettings);
        return buildSslContextFactory;
    }

    private static void setupClientAuth(SslContextFactory.Server server, HttpsSettings httpsSettings) {
        if (httpsSettings.hasTrustStore()) {
            server.setTrustStorePath(httpsSettings.trustStorePath());
            server.setTrustStorePassword(httpsSettings.trustStorePassword());
        }
        server.setNeedClientAuth(httpsSettings.needClientAuth());
    }

    private static SslContextFactory.Server buildSslContextFactory(Notifier notifier, KeyStoreSettings keyStoreSettings, KeyStoreSettings keyStoreSettings2) {
        if (keyStoreSettings.exists()) {
            return certificateGeneratingSslContextFactory(notifier, keyStoreSettings, toX509KeyStore(keyStoreSettings));
        }
        try {
            return certificateGeneratingSslContextFactory(notifier, keyStoreSettings, buildKeyStore(keyStoreSettings));
        } catch (Exception e) {
            notifier.error("Unable to generate a certificate authority", e);
            return defaultSslContextFactory(keyStoreSettings2);
        }
    }

    private static SslContextFactory.Server defaultSslContextFactory(KeyStoreSettings keyStoreSettings) {
        SslContextFactory.Server server = new SslContextFactory.Server();
        setupKeyStore(server, keyStoreSettings);
        return server;
    }

    private static SslContextFactory.Server certificateGeneratingSslContextFactory(Notifier notifier, KeyStoreSettings keyStoreSettings, X509KeyStore x509KeyStore) {
        CertificateGeneratingSslContextFactory certificateGeneratingSslContextFactory = new CertificateGeneratingSslContextFactory(x509KeyStore, notifier);
        setupKeyStore(certificateGeneratingSslContextFactory, keyStoreSettings);
        certificateGeneratingSslContextFactory.setKeyStorePassword(keyStoreSettings.password());
        return certificateGeneratingSslContextFactory;
    }

    private static void setupKeyStore(SslContextFactory.Server server, KeyStoreSettings keyStoreSettings) {
        server.setKeyStore(keyStoreSettings.loadStore());
        server.setKeyStorePassword(keyStoreSettings.password());
        server.setKeyStoreType(keyStoreSettings.type());
    }

    private static X509KeyStore toX509KeyStore(KeyStoreSettings keyStoreSettings) {
        try {
            return new X509KeyStore(keyStoreSettings.loadStore(), keyStoreSettings.password().toCharArray());
        } catch (KeyStoreException e) {
            return (X509KeyStore) Exceptions.throwUnchecked(e, null);
        }
    }

    private static X509KeyStore buildKeyStore(KeyStoreSettings keyStoreSettings) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, CertificateGenerationUnsupportedException {
        CertificateAuthority generateCertificateAuthority = CertificateAuthority.generateCertificateAuthority();
        KeyStore keyStore = KeyStore.getInstance(keyStoreSettings.type());
        char[] charArray = keyStoreSettings.password().toCharArray();
        keyStore.load(null, charArray);
        keyStore.setKeyEntry("wiremock-ca", generateCertificateAuthority.key(), charArray, generateCertificateAuthority.certificateChain());
        keyStoreSettings.getSource().save(keyStore);
        return new X509KeyStore(keyStore, charArray);
    }
}
