package org.rapidoid.net.tls;

import java.io.File;
import java.io.FileInputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.rapidoid.RapidoidThing;
import org.rapidoid.log.Log;
import org.rapidoid.u.U;

/* loaded from: input_file:org/rapidoid/net/tls/TLSUtil.class */
public class TLSUtil extends RapidoidThing {
    public static SSLContext createTrustingContext() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            try {
                sSLContext.init(null, new TrustManager[]{new X509TrustManager() { // from class: org.rapidoid.net.tls.TLSUtil.1
                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }
                }}, null);
                return sSLContext;
            } catch (KeyManagementException e) {
                throw U.rte(e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw U.rte(e2);
        }
    }

    public static SSLContext createContext(String str, char[] cArr, char[] cArr2, String str2, char[] cArr3, boolean z) {
        U.must(U.notEmpty(str), "The TLS keystore filename isn't configured!");
        boolean exists = new File(str).exists();
        U.must(exists || z, "The keystore '%s' doesn't exist and self-signed certificate generation is disabled!", str);
        if (!exists && z) {
            try {
                SelfSignedCertInfo selfSignedCertInfo = new SelfSignedCertInfo();
                selfSignedCertInfo.alias("rapidoid");
                selfSignedCertInfo.password(cArr);
                Log.warn("Keystore doesn't exist, creating a keystore with self-signed certificate", "keystore", str, "alias", selfSignedCertInfo.alias());
                SelfSignedCertGen.generate(selfSignedCertInfo, str, cArr);
            } catch (Exception e) {
                throw U.rte(e);
            }
        }
        Log.info("Initializing TLS context", "keystore", str, "truststore", str2);
        KeyManager[] initKeyManagers = initKeyManagers(str, cArr, cArr2);
        TrustManager[] initTrustManagers = initTrustManagers(str2, cArr3);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(initKeyManagers, initTrustManagers, null);
        return sSLContext;
    }

    private static KeyManager[] initKeyManagers(String str, char[] cArr, char[] cArr2) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(new FileInputStream(str), cArr);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, cArr2);
        return keyManagerFactory.getKeyManagers();
    }

    private static TrustManager[] initTrustManagers(String str, char[] cArr) throws Exception {
        if (!U.notEmpty(str)) {
            return null;
        }
        U.notNull(cArr, "trustStorePassword", new Object[0]);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(new FileInputStream(str), cArr);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }
}
