package org.mockserver.examples.proxy.service;

import com.google.common.base.Joiner;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.function.Function;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.lang3.StringUtils;
import org.mockserver.configuration.Configuration;
import org.mockserver.log.model.LogEntry;
import org.mockserver.logging.MockServerLogger;
import org.mockserver.socket.tls.ForwardProxyTLSX509CertificatesTrustManager;
import org.mockserver.socket.tls.KeyAndCertificateFactory;
import org.mockserver.socket.tls.KeyAndCertificateFactoryFactory;
import org.mockserver.socket.tls.PEMToFile;
import org.slf4j.event.Level;

/* loaded from: input_file:org/mockserver/examples/proxy/service/ExampleNettySslContextFactory.class */
public class ExampleNettySslContextFactory {
    private static final String[] TLS_PROTOCOLS = "TLSv1,TLSv1.1,TLSv1.2".split(",");
    public static Function<SslContextBuilder, SslContext> clientSslContextBuilderFunction = sslContextBuilder -> {
        try {
            return sslContextBuilder.build();
        } catch (SSLException e) {
            throw new RuntimeException(e);
        }
    };
    private final Configuration configuration;
    private final MockServerLogger mockServerLogger;
    private final KeyAndCertificateFactory keyAndCertificateFactory;
    private SslContext clientSslContext;
    private SslContext serverSslContext;
    private Function<SslContextBuilder, SslContext> instanceClientSslContextBuilderFunction;

    /* renamed from: org.mockserver.examples.proxy.service.ExampleNettySslContextFactory$1, reason: invalid class name */
    /* loaded from: input_file:org/mockserver/examples/proxy/service/ExampleNettySslContextFactory$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$mockserver$socket$tls$ForwardProxyTLSX509CertificatesTrustManager = new int[ForwardProxyTLSX509CertificatesTrustManager.values().length];

        static {
            try {
                $SwitchMap$org$mockserver$socket$tls$ForwardProxyTLSX509CertificatesTrustManager[ForwardProxyTLSX509CertificatesTrustManager.ANY.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$mockserver$socket$tls$ForwardProxyTLSX509CertificatesTrustManager[ForwardProxyTLSX509CertificatesTrustManager.JVM.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$mockserver$socket$tls$ForwardProxyTLSX509CertificatesTrustManager[ForwardProxyTLSX509CertificatesTrustManager.CUSTOM.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    @Deprecated
    public ExampleNettySslContextFactory(MockServerLogger mockServerLogger) {
        this.clientSslContext = null;
        this.serverSslContext = null;
        this.instanceClientSslContextBuilderFunction = clientSslContextBuilderFunction;
        this.configuration = Configuration.configuration();
        this.mockServerLogger = mockServerLogger;
        this.keyAndCertificateFactory = KeyAndCertificateFactoryFactory.createKeyAndCertificateFactory(this.configuration, mockServerLogger);
        System.setProperty("https.protocols", Joiner.on(",").join(TLS_PROTOCOLS));
        if (this.configuration.proactivelyInitialiseTLS().booleanValue()) {
            createServerSslContext();
        }
    }

    public ExampleNettySslContextFactory(Configuration configuration, MockServerLogger mockServerLogger) {
        this.clientSslContext = null;
        this.serverSslContext = null;
        this.instanceClientSslContextBuilderFunction = clientSslContextBuilderFunction;
        this.configuration = configuration;
        this.mockServerLogger = mockServerLogger;
        this.keyAndCertificateFactory = KeyAndCertificateFactoryFactory.createKeyAndCertificateFactory(configuration, mockServerLogger);
        System.setProperty("https.protocols", Joiner.on(",").join(TLS_PROTOCOLS));
        if (configuration.proactivelyInitialiseTLS().booleanValue()) {
            createServerSslContext();
        }
    }

    public ExampleNettySslContextFactory withClientSslContextBuilderFunction(Function<SslContextBuilder, SslContext> function) {
        this.instanceClientSslContextBuilderFunction = function;
        return this;
    }

    public synchronized SslContext createClientSslContext(boolean z) {
        if (this.clientSslContext == null || this.configuration.rebuildTLSContext()) {
            try {
                if (this.keyAndCertificateFactory.certificateNotYetCreated()) {
                    this.keyAndCertificateFactory.buildAndSavePrivateKeyAndX509Certificate();
                }
                SslContextBuilder keyManager = SslContextBuilder.forClient().protocols(TLS_PROTOCOLS).keyManager(forwardProxyPrivateKey(), forwardProxyCertificateChain());
                if (z) {
                    switch (AnonymousClass1.$SwitchMap$org$mockserver$socket$tls$ForwardProxyTLSX509CertificatesTrustManager[this.configuration.forwardProxyTLSX509CertificatesTrustManagerType().ordinal()]) {
                        case 1:
                            keyManager.trustManager(InsecureTrustManagerFactory.INSTANCE);
                            break;
                        case 2:
                            ArrayList arrayList = new ArrayList();
                            arrayList.add(this.keyAndCertificateFactory.x509Certificate());
                            arrayList.add(this.keyAndCertificateFactory.certificateAuthorityX509Certificate());
                            keyManager.trustManager(jvmCAX509TrustCertificates(arrayList));
                            break;
                        case 3:
                            keyManager.trustManager(customCAX509TrustCertificates());
                            break;
                    }
                } else {
                    ArrayList arrayList2 = new ArrayList();
                    if (StringUtils.isNotBlank(this.configuration.tlsMutualAuthenticationCertificateChain())) {
                        arrayList2.addAll(PEMToFile.x509ChainFromPEMFile(this.configuration.tlsMutualAuthenticationCertificateChain()));
                        arrayList2.add(this.keyAndCertificateFactory.certificateAuthorityX509Certificate());
                    } else {
                        arrayList2.add(this.keyAndCertificateFactory.certificateAuthorityX509Certificate());
                    }
                    keyManager.trustManager(jvmCAX509TrustCertificates(arrayList2));
                }
                this.clientSslContext = this.instanceClientSslContextBuilderFunction.apply(keyManager);
                this.configuration.rebuildTLSContext(false);
            } catch (Throwable th) {
                throw new RuntimeException("Exception creating SSL context for client", th);
            }
        }
        return this.clientSslContext;
    }

    private PrivateKey forwardProxyPrivateKey() {
        return StringUtils.isNotBlank(this.configuration.forwardProxyPrivateKey()) ? PEMToFile.privateKeyFromPEMFile(this.configuration.forwardProxyPrivateKey()) : this.keyAndCertificateFactory.privateKey();
    }

    private X509Certificate[] forwardProxyCertificateChain() {
        return StringUtils.isNotBlank(this.configuration.forwardProxyCertificateChain()) ? (X509Certificate[]) PEMToFile.x509ChainFromPEMFile(this.configuration.forwardProxyCertificateChain()).toArray(new X509Certificate[0]) : new X509Certificate[]{this.keyAndCertificateFactory.x509Certificate(), this.keyAndCertificateFactory.certificateAuthorityX509Certificate()};
    }

    private X509Certificate[] jvmCAX509TrustCertificates(List<X509Certificate> list) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        return (X509Certificate[]) ((List) Arrays.stream(trustManagerFactory.getTrustManagers()).filter(trustManager -> {
            return trustManager instanceof X509TrustManager;
        }).flatMap(trustManager2 -> {
            return Arrays.stream(((X509TrustManager) trustManager2).getAcceptedIssuers());
        }).collect(() -> {
            return list;
        }, (v0, v1) -> {
            v0.add(v1);
        }, (v0, v1) -> {
            v0.addAll(v1);
        })).toArray(new X509Certificate[0]);
    }

    private X509Certificate[] customCAX509TrustCertificates() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.keyAndCertificateFactory.x509Certificate());
        arrayList.add(this.keyAndCertificateFactory.certificateAuthorityX509Certificate());
        arrayList.addAll(PEMToFile.x509ChainFromPEMFile(this.configuration.forwardProxyTLSCustomTrustX509Certificates()));
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
    }

    public synchronized SslContext createServerSslContext() {
        if (this.serverSslContext == null || this.keyAndCertificateFactory.certificateNotYetCreated() || (this.configuration.rebuildServerTLSContext() && !this.configuration.preventCertificateDynamicUpdate().booleanValue())) {
            try {
                this.keyAndCertificateFactory.buildAndSavePrivateKeyAndX509Certificate();
                this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.DEBUG).setMessageFormat("using certificate authority serial:{}issuer:{}subject:{}and certificate serial:{}issuer:{}subject:{}").setArguments(new Object[]{this.keyAndCertificateFactory.certificateAuthorityX509Certificate().getSerialNumber(), this.keyAndCertificateFactory.certificateAuthorityX509Certificate().getIssuerDN(), this.keyAndCertificateFactory.certificateAuthorityX509Certificate().getSubjectDN(), this.keyAndCertificateFactory.x509Certificate().getSerialNumber(), this.keyAndCertificateFactory.x509Certificate().getIssuerDN(), this.keyAndCertificateFactory.x509Certificate().getSubjectDN()}));
                SslContextBuilder clientAuth = SslContextBuilder.forServer(this.keyAndCertificateFactory.privateKey(), new X509Certificate[]{this.keyAndCertificateFactory.x509Certificate(), this.keyAndCertificateFactory.certificateAuthorityX509Certificate()}).protocols(TLS_PROTOCOLS).clientAuth(this.configuration.tlsMutualAuthenticationRequired().booleanValue() ? ClientAuth.REQUIRE : ClientAuth.OPTIONAL);
                if (this.configuration.tlsMutualAuthenticationRequired().booleanValue()) {
                    clientAuth.trustManager(trustCertificateChain());
                } else {
                    clientAuth.trustManager(InsecureTrustManagerFactory.INSTANCE);
                }
                this.serverSslContext = clientAuth.build();
                this.configuration.rebuildServerTLSContext(false);
            } catch (Throwable th) {
                this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.ERROR).setMessageFormat("exception creating SSL context for server" + th.getMessage()).setThrowable(th));
            }
        }
        return this.serverSslContext;
    }

    private X509Certificate[] trustCertificateChain() {
        return trustCertificateChain(this.configuration.tlsMutualAuthenticationCertificateChain());
    }

    public X509Certificate[] trustCertificateChain(String str) {
        if (!StringUtils.isNotBlank(str)) {
            return (X509Certificate[]) Collections.singletonList(this.keyAndCertificateFactory.certificateAuthorityX509Certificate()).toArray(new X509Certificate[0]);
        }
        List x509ChainFromPEMFile = PEMToFile.x509ChainFromPEMFile(str);
        x509ChainFromPEMFile.add(this.keyAndCertificateFactory.certificateAuthorityX509Certificate());
        return (X509Certificate[]) x509ChainFromPEMFile.toArray(new X509Certificate[0]);
    }
}
