package io.deephaven.ssl.config.impl;

import io.deephaven.ssl.config.Ciphers;
import io.deephaven.ssl.config.CiphersExplicit;
import io.deephaven.ssl.config.CiphersIntermediate;
import io.deephaven.ssl.config.CiphersJdk;
import io.deephaven.ssl.config.CiphersModern;
import io.deephaven.ssl.config.CiphersProperties;
import io.deephaven.ssl.config.Identity;
import io.deephaven.ssl.config.IdentityKeyStore;
import io.deephaven.ssl.config.IdentityList;
import io.deephaven.ssl.config.IdentityPrivateKey;
import io.deephaven.ssl.config.IdentityProperties;
import io.deephaven.ssl.config.Protocols;
import io.deephaven.ssl.config.ProtocolsExplicit;
import io.deephaven.ssl.config.ProtocolsIntermediate;
import io.deephaven.ssl.config.ProtocolsJdk;
import io.deephaven.ssl.config.ProtocolsModern;
import io.deephaven.ssl.config.ProtocolsProperties;
import io.deephaven.ssl.config.SSLConfig;
import io.deephaven.ssl.config.Trust;
import io.deephaven.ssl.config.TrustAll;
import io.deephaven.ssl.config.TrustCertificates;
import io.deephaven.ssl.config.TrustJdk;
import io.deephaven.ssl.config.TrustList;
import io.deephaven.ssl.config.TrustProperties;
import io.deephaven.ssl.config.TrustStore;
import io.deephaven.ssl.config.TrustSystem;
import io.grpc.util.CertificateUtils;
import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.Iterator;
import nl.altindag.ssl.SSLFactory;
import nl.altindag.ssl.exception.GenericKeyStoreException;

/* loaded from: input_file:io/deephaven/ssl/config/impl/KickstartUtils.class */
public class KickstartUtils {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.deephaven.ssl.config.impl.KickstartUtils$5, reason: invalid class name */
    /* loaded from: input_file:io/deephaven/ssl/config/impl/KickstartUtils$5.class */
    public static /* synthetic */ class AnonymousClass5 {
        static final /* synthetic */ int[] $SwitchMap$io$deephaven$ssl$config$SSLConfig$ClientAuth = new int[SSLConfig.ClientAuth.values().length];

        static {
            try {
                $SwitchMap$io$deephaven$ssl$config$SSLConfig$ClientAuth[SSLConfig.ClientAuth.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$deephaven$ssl$config$SSLConfig$ClientAuth[SSLConfig.ClientAuth.WANTED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$deephaven$ssl$config$SSLConfig$ClientAuth[SSLConfig.ClientAuth.NEEDED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public static SSLFactory create(SSLConfig sSLConfig) {
        SSLFactory.Builder builder = SSLFactory.builder();
        sSLConfig.identity().ifPresent(identity -> {
            addIdentity(builder, identity);
        });
        sSLConfig.trust().ifPresent(trust -> {
            addTrust(builder, trust);
        });
        sSLConfig.protocols().ifPresent(protocols -> {
            addProtocols(builder, protocols);
        });
        sSLConfig.ciphers().ifPresent(ciphers -> {
            addCiphers(builder, ciphers);
        });
        sSLConfig.clientAuthentication().ifPresent(clientAuth -> {
            addClientAuth(builder, clientAuth);
        });
        return builder.build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void addTrust(final SSLFactory.Builder builder, Trust trust) {
        trust.walk(new Trust.Visitor<Void>() { // from class: io.deephaven.ssl.config.impl.KickstartUtils.1
            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m6visit(TrustStore trustStore) {
                KickstartUtils.addTrust(builder, trustStore);
                return null;
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m5visit(TrustCertificates trustCertificates) {
                KickstartUtils.addTrust(builder, trustCertificates);
                return null;
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m4visit(TrustJdk trustJdk) {
                builder.withDefaultTrustMaterial();
                return null;
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m3visit(TrustProperties trustProperties) {
                builder.withSystemPropertyDerivedTrustMaterial();
                return null;
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m2visit(TrustSystem trustSystem) {
                builder.withSystemTrustMaterial();
                return null;
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m1visit(TrustAll trustAll) {
                builder.withTrustingAllCertificatesWithoutValidation();
                return null;
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m0visit(TrustList trustList) {
                Iterator it = trustList.values().iterator();
                while (it.hasNext()) {
                    KickstartUtils.addTrust(builder, (Trust) it.next());
                }
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void addTrust(SSLFactory.Builder builder, TrustCertificates trustCertificates) {
        Iterator it = trustCertificates.path().iterator();
        while (it.hasNext()) {
            try {
                builder.withTrustMaterial(readX509Certificates(Paths.get((String) it.next(), new String[0])));
            } catch (CertificateException e) {
                throw new RuntimeException(e);
            } catch (GenericKeyStoreException e2) {
                throw new RuntimeException(e2.getCause());
            } catch (IOException e3) {
                throw new UncheckedIOException(e3);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void addTrust(SSLFactory.Builder builder, TrustStore trustStore) {
        try {
            builder.withTrustMaterial(Paths.get(trustStore.path(), new String[0]), trustStore.password().toCharArray());
        } catch (GenericKeyStoreException e) {
            throw new RuntimeException(e.getCause());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void addIdentity(final SSLFactory.Builder builder, Identity identity) {
        identity.walk(new Identity.Visitor<Void>() { // from class: io.deephaven.ssl.config.impl.KickstartUtils.2
            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m10visit(IdentityKeyStore identityKeyStore) {
                KickstartUtils.addIdentity(builder, identityKeyStore);
                return null;
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m9visit(IdentityPrivateKey identityPrivateKey) {
                KickstartUtils.addIdentity(builder, identityPrivateKey);
                return null;
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m8visit(IdentityProperties identityProperties) {
                builder.withSystemPropertyDerivedIdentityMaterial();
                return null;
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m7visit(IdentityList identityList) {
                Iterator it = identityList.values().iterator();
                while (it.hasNext()) {
                    KickstartUtils.addIdentity(builder, (Identity) it.next());
                }
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void addCiphers(final SSLFactory.Builder builder, Ciphers ciphers) {
        ciphers.walk(new Ciphers.Visitor<Void>() { // from class: io.deephaven.ssl.config.impl.KickstartUtils.3
            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m15visit(CiphersJdk ciphersJdk) {
                return null;
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m14visit(CiphersModern ciphersModern) {
                builder.withCiphers((String[]) ciphersModern.ciphers().toArray(new String[0]));
                return null;
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m13visit(CiphersIntermediate ciphersIntermediate) {
                builder.withCiphers((String[]) ciphersIntermediate.ciphers().toArray(new String[0]));
                return null;
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m12visit(CiphersProperties ciphersProperties) {
                builder.withSystemPropertyDerivedCiphers();
                return null;
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m11visit(CiphersExplicit ciphersExplicit) {
                builder.withCiphers((String[]) ciphersExplicit.values().toArray(new String[0]));
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void addProtocols(final SSLFactory.Builder builder, Protocols protocols) {
        protocols.walk(new Protocols.Visitor<Object>() { // from class: io.deephaven.ssl.config.impl.KickstartUtils.4
            public Object visit(ProtocolsJdk protocolsJdk) {
                return null;
            }

            public Object visit(ProtocolsModern protocolsModern) {
                builder.withProtocols((String[]) protocolsModern.protocols().toArray(new String[0]));
                return null;
            }

            public Object visit(ProtocolsIntermediate protocolsIntermediate) {
                builder.withProtocols((String[]) protocolsIntermediate.protocols().toArray(new String[0]));
                return null;
            }

            public Object visit(ProtocolsProperties protocolsProperties) {
                builder.withSystemPropertyDerivedProtocols();
                return null;
            }

            public Object visit(ProtocolsExplicit protocolsExplicit) {
                builder.withProtocols((String[]) protocolsExplicit.values().toArray(new String[0]));
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void addClientAuth(SSLFactory.Builder builder, SSLConfig.ClientAuth clientAuth) {
        switch (AnonymousClass5.$SwitchMap$io$deephaven$ssl$config$SSLConfig$ClientAuth[clientAuth.ordinal()]) {
            case 1:
                return;
            case 2:
                builder.withWantClientAuthentication();
                return;
            case 3:
                builder.withNeedClientAuthentication();
                return;
            default:
                throw new IllegalStateException("Unexpected client auth: " + clientAuth);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void addIdentity(SSLFactory.Builder builder, IdentityKeyStore identityKeyStore) {
        char[] charArray = identityKeyStore.password().toCharArray();
        try {
            if (identityKeyStore.keystoreType().isPresent()) {
                builder.withIdentityMaterial(Paths.get(identityKeyStore.path(), new String[0]), charArray, (String) identityKeyStore.keystoreType().get());
            } else {
                builder.withIdentityMaterial(Paths.get(identityKeyStore.path(), new String[0]), charArray);
            }
        } catch (GenericKeyStoreException e) {
            throw new RuntimeException(e.getCause());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void addIdentity(SSLFactory.Builder builder, IdentityPrivateKey identityPrivateKey) {
        try {
            builder.withIdentityMaterial(readPrivateKey(Paths.get(identityPrivateKey.privateKeyPath(), new String[0])), (char[]) identityPrivateKey.privateKeyPassword().map((v0) -> {
                return v0.toCharArray();
            }).orElse(null), (String) identityPrivateKey.alias().orElse(null), readX509Certificates(Paths.get(identityPrivateKey.certChainPath(), new String[0])));
        } catch (GenericKeyStoreException e) {
            throw new RuntimeException(e.getCause());
        } catch (IOException e2) {
            throw new UncheckedIOException(e2);
        } catch (NoSuchAlgorithmException | CertificateException | InvalidKeySpecException e3) {
            throw new RuntimeException(e3);
        }
    }

    private static PrivateKey readPrivateKey(Path path) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        try {
            PrivateKey privateKey = CertificateUtils.getPrivateKey(newInputStream);
            if (newInputStream != null) {
                newInputStream.close();
            }
            return privateKey;
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static X509Certificate[] readX509Certificates(Path path) throws IOException, CertificateException {
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        try {
            X509Certificate[] x509Certificates = CertificateUtils.getX509Certificates(newInputStream);
            if (newInputStream != null) {
                newInputStream.close();
            }
            return x509Certificates;
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
