package io.temporal.serviceclient;

import io.grpc.netty.shaded.io.netty.handler.ssl.ApplicationProtocolConfig;
import io.grpc.netty.shaded.io.netty.handler.ssl.SslContext;
import io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder;
import io.grpc.netty.shaded.io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:io/temporal/serviceclient/SimpleSslContextBuilder.class */
public class SimpleSslContextBuilder {
    private static final ApplicationProtocolConfig DEFAULT_APPLICATION_PROTOCOL_CONFIG = new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, new String[]{"h2"});
    private final InputStream keyCertChain;
    private final InputStream key;
    private TrustManager trustManager;
    private boolean useInsecureTrustManager;
    private String keyPassword;

    /* loaded from: input_file:io/temporal/serviceclient/SimpleSslContextBuilder$UnknownDefaultTrustManagerException.class */
    public static final class UnknownDefaultTrustManagerException extends RuntimeException {
        public UnknownDefaultTrustManagerException(Throwable th) {
            super(th);
        }

        public UnknownDefaultTrustManagerException(String str) {
            super(str);
        }
    }

    public static SimpleSslContextBuilder newBuilder(InputStream inputStream, InputStream inputStream2) {
        return new SimpleSslContextBuilder(inputStream, inputStream2);
    }

    private SimpleSslContextBuilder(InputStream inputStream, InputStream inputStream2) {
        this.keyCertChain = inputStream;
        this.key = inputStream2;
    }

    public SslContext build() throws SSLException {
        if (this.trustManager == null || !this.useInsecureTrustManager) {
            return SslContextBuilder.forClient().trustManager(this.trustManager != null ? this.trustManager : this.useInsecureTrustManager ? InsecureTrustManagerFactory.INSTANCE.getTrustManagers()[0] : getDefaultTrustManager()).keyManager(this.keyCertChain, this.key, this.keyPassword).applicationProtocolConfig(DEFAULT_APPLICATION_PROTOCOL_CONFIG).build();
        }
        throw new IllegalArgumentException("Can not use insecure trust manager if custom trust manager is set.");
    }

    public SimpleSslContextBuilder setTrustManager(TrustManager trustManager) {
        this.trustManager = trustManager;
        return this;
    }

    public SimpleSslContextBuilder setUseInsecureTrustManager(boolean z) {
        this.useInsecureTrustManager = z;
        return this;
    }

    public SimpleSslContextBuilder setKeyPassword(String str) {
        this.keyPassword = str;
        return this;
    }

    private X509TrustManager getDefaultTrustManager() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            throw new UnknownDefaultTrustManagerException("Unable to find X509TrustManager in the list of default trust managers.");
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new UnknownDefaultTrustManagerException(e);
        }
    }
}
