package org.kiwiproject.security;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Objects;
import java.util.Optional;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.kiwiproject.base.KiwiPreconditions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/kiwiproject/security/KiwiSecurity.class */
public final class KiwiSecurity {

    @Generated
    private static final Logger LOG = LoggerFactory.getLogger(KiwiSecurity.class);
    private static final String ERROR_CREATING_SSL_CONTEXT = "Error creating SSLContext";
    private static final String ALGORITHM_NAME_CANNOT_BE_BLANK = "algorithm cannot be blank";

    public static SSLContext createSslContext(String str, String str2, String str3, String str4, SSLContextProtocol sSLContextProtocol) {
        KiwiPreconditions.checkArgumentNotNull(sSLContextProtocol, "protocol cannot be null");
        return createSslContext(str, str2, str3, str4, sSLContextProtocol.value);
    }

    public static SSLContext createSslContext(String str, String str2, String str3, String str4, String str5) {
        return createSslContext(str, str2, KeyStoreType.JKS.value, str3, str4, KeyStoreType.JKS.value, str5);
    }

    public static SSLContext createSslContext(String str, String str2, String str3, String str4, String str5, String str6, SSLContextProtocol sSLContextProtocol) {
        KiwiPreconditions.checkArgumentNotNull(sSLContextProtocol, "protocol cannot be null");
        return createSslContext(str, str2, str3, str4, str5, str6, sSLContextProtocol.value);
    }

    public static SSLContext createSslContext(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        return createSslContext(str, str2, str3, KeyManagerFactory.getDefaultAlgorithm(), str4, str5, str6, TrustManagerFactory.getDefaultAlgorithm(), str7);
    }

    public static SSLContext createSslContext(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9) {
        if (StringUtils.isNotBlank(str)) {
            KiwiPreconditions.checkArgumentNotNull(str2, "keyStorePassword cannot be null");
            KiwiPreconditions.checkArgumentNotBlank(str3, "keyStoreType cannot be blank");
            KiwiPreconditions.checkArgumentNotBlank(str4, "keyManagerAlgorithm cannot be blank");
        }
        KiwiPreconditions.checkArgumentNotBlank(str5, "trustStorePath cannot be blank");
        KiwiPreconditions.checkArgumentNotNull(str6, "trustStorePassword cannot be null");
        KiwiPreconditions.checkArgumentNotBlank(str7, "trustStoreType cannot be blank");
        KiwiPreconditions.checkArgumentNotBlank(str8, "trustManagerAlgorithm cannot be blank");
        KiwiPreconditions.checkArgumentNotBlank(str9, "protocol cannot be blank");
        try {
            KeyManager[] keyManagerArr = (KeyManager[]) getKeyStore(str3, str, str2).map(keyStore -> {
                return getKeyManagers(keyStore, str2, str4);
            }).orElse(null);
            TrustManager[] trustManagers = getTrustManagers(getKeyStore(str7, str5, str6).orElseThrow(IllegalArgumentException::new), str8);
            SSLContext sSLContext = SSLContext.getInstance(str9);
            sSLContext.init(keyManagerArr, trustManagers, null);
            return sSLContext;
        } catch (Exception e) {
            LOG.error(ERROR_CREATING_SSL_CONTEXT, e);
            throw new SSLContextException(ERROR_CREATING_SSL_CONTEXT, unwrapNestedSslContextExceptionOrTake(e));
        }
    }

    private static Throwable unwrapNestedSslContextExceptionOrTake(Exception exc) {
        if (!(exc instanceof SSLContextException)) {
            return exc;
        }
        LOG.trace("Unwrapping nested SSLContextException");
        return exc.getCause();
    }

    public static Optional<KeyStore> getKeyStore(KeyStoreType keyStoreType, String str, String str2) {
        KiwiPreconditions.checkArgumentNotNull(keyStoreType, "keyStoreType cannot be null");
        return getKeyStore(keyStoreType.value, str, str2);
    }

    public static Optional<KeyStore> getKeyStore(String str, String str2, String str3) {
        LOG.trace("Get and load {} KeyStore/TrustStore for {}", str, str2);
        if (Objects.isNull(str2) || Objects.isNull(str3)) {
            LOG.debug("No keystore specified (path and/or password is null)");
            return Optional.empty();
        }
        KiwiPreconditions.checkArgumentNotBlank(str, "keyStoreType cannot be blank");
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            InputStream openStream = Paths.get(str2, new String[0]).toUri().toURL().openStream();
            try {
                keyStore.load(openStream, str3.toCharArray());
                if (openStream != null) {
                    openStream.close();
                }
                return Optional.of(keyStore);
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new SSLContextException("Error getting key store", e);
        }
    }

    public static KeyManager[] getKeyManagers(KeyStore keyStore, String str) {
        return getKeyManagers(keyStore, str, KeyManagerFactory.getDefaultAlgorithm());
    }

    public static KeyManager[] getKeyManagers(KeyStore keyStore, String str, String str2) {
        KiwiPreconditions.checkArgumentNotNull(keyStore, "keyStore cannot be null");
        KiwiPreconditions.checkArgumentNotNull(str, "keyStorePassword cannot be null (but can be blank)");
        KiwiPreconditions.checkArgumentNotBlank(str2, ALGORITHM_NAME_CANNOT_BE_BLANK);
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str2);
            keyManagerFactory.init(keyStore, str.toCharArray());
            return keyManagerFactory.getKeyManagers();
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new SSLContextException("Error getting key managers", e);
        }
    }

    public static TrustManager[] getTrustManagers(KeyStore keyStore) {
        return getTrustManagers(keyStore, TrustManagerFactory.getDefaultAlgorithm());
    }

    public static TrustManager[] getTrustManagers(KeyStore keyStore, String str) {
        KiwiPreconditions.checkArgumentNotNull(keyStore, "trustStore cannot be null");
        KiwiPreconditions.checkArgumentNotBlank(str, ALGORITHM_NAME_CANNOT_BE_BLANK);
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
            trustManagerFactory.init(keyStore);
            return trustManagerFactory.getTrustManagers();
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new SSLContextException("Error getting trust managers", e);
        }
    }

    @Generated
    private KiwiSecurity() {
        throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
    }
}
