package org.apache.nifi.stateless.config;

import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.util.Optional;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.nifi.security.ssl.StandardKeyManagerBuilder;
import org.apache.nifi.security.ssl.StandardKeyStoreBuilder;
import org.apache.nifi.security.ssl.StandardSslContextBuilder;
import org.apache.nifi.security.ssl.StandardTrustManagerBuilder;
import org.apache.nifi.security.util.TlsPlatform;
import org.apache.nifi.web.client.ssl.TlsContext;

/* loaded from: input_file:org/apache/nifi/stateless/config/SslConfigurationUtil.class */
public class SslConfigurationUtil {
    public static TlsContext createTlsContext(SslContextDefinition sslContextDefinition) throws StatelessConfigurationException {
        X509ExtendedKeyManager build;
        if (sslContextDefinition.getKeystoreFile() == null) {
            build = null;
        } else {
            build = new StandardKeyManagerBuilder().keyStore(getKeyStore(sslContextDefinition)).keyPassword(sslContextDefinition.getKeystorePass().toCharArray()).build();
        }
        final X509ExtendedTrustManager build2 = new StandardTrustManagerBuilder().trustStore(getTrustStore(sslContextDefinition)).build();
        final X509ExtendedKeyManager x509ExtendedKeyManager = build;
        return new TlsContext() { // from class: org.apache.nifi.stateless.config.SslConfigurationUtil.1
            public String getProtocol() {
                return TlsPlatform.getLatestProtocol();
            }

            public X509TrustManager getTrustManager() {
                return build2;
            }

            public Optional<X509KeyManager> getKeyManager() {
                return Optional.ofNullable(x509ExtendedKeyManager);
            }
        };
    }

    public static SSLContext createSslContext(SslContextDefinition sslContextDefinition) throws StatelessConfigurationException {
        if (sslContextDefinition == null || sslContextDefinition.getTruststoreFile() == null) {
            return null;
        }
        StandardSslContextBuilder standardSslContextBuilder = new StandardSslContextBuilder();
        standardSslContextBuilder.trustManager(new StandardTrustManagerBuilder().trustStore(getTrustStore(sslContextDefinition)).build());
        if (sslContextDefinition.getKeystoreFile() != null) {
            KeyStore keyStore = getKeyStore(sslContextDefinition);
            standardSslContextBuilder.keyManager(new StandardKeyManagerBuilder().keyStore(keyStore).keyPassword(sslContextDefinition.getKeystorePass().toCharArray()).build());
        }
        return standardSslContextBuilder.build();
    }

    private static KeyStore getTrustStore(SslContextDefinition sslContextDefinition) throws StatelessConfigurationException {
        StandardKeyStoreBuilder password = new StandardKeyStoreBuilder().type(sslContextDefinition.getTruststoreType()).password(sslContextDefinition.getTruststorePass().toCharArray());
        Path path = Paths.get(sslContextDefinition.getTruststoreFile(), new String[0]);
        try {
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            try {
                password.inputStream(newInputStream);
                KeyStore build = password.build();
                if (newInputStream != null) {
                    newInputStream.close();
                }
                return build;
            } finally {
            }
        } catch (Exception e) {
            throw new StatelessConfigurationException("Load Trust Store [%s] failed".formatted(path), e);
        }
    }

    private static KeyStore getKeyStore(SslContextDefinition sslContextDefinition) throws StatelessConfigurationException {
        StandardKeyStoreBuilder password = new StandardKeyStoreBuilder().type(sslContextDefinition.getKeystoreType()).password(sslContextDefinition.getKeystorePass().toCharArray());
        Path path = Paths.get(sslContextDefinition.getKeystoreFile(), new String[0]);
        try {
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            try {
                password.inputStream(newInputStream);
                KeyStore build = password.build();
                if (newInputStream != null) {
                    newInputStream.close();
                }
                return build;
            } finally {
            }
        } catch (Exception e) {
            throw new StatelessConfigurationException("Load Key Store [%s] failed".formatted(path), e);
        }
    }
}
