package org.tio.core.ssl;

import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.tio.utils.hutool.ResourceUtil;
import org.tio.utils.hutool.StrUtil;

/* loaded from: input_file:org/tio/core/ssl/SslConfig.class */
public class SslConfig {
    private final ClientAuth clientAuth;
    private final KeyManager[] kms;
    private final TrustManager[] tms;
    private SSLEngineCustomizer sslEngineCustomizer;

    public SslConfig(TrustManager[] trustManagerArr) {
        this(ClientAuth.NONE, null, trustManagerArr);
    }

    public SslConfig(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) {
        this(ClientAuth.NONE, keyManagerArr, trustManagerArr);
    }

    public SslConfig(ClientAuth clientAuth, TrustManager[] trustManagerArr) {
        this(clientAuth, null, trustManagerArr);
    }

    public SslConfig(ClientAuth clientAuth, KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) {
        this.clientAuth = clientAuth;
        this.kms = keyManagerArr;
        this.tms = trustManagerArr;
    }

    public ClientAuth getClientAuth() {
        return this.clientAuth;
    }

    public SSLContext getSslContext() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(this.kms, this.tms, new SecureRandom());
            return sSLContext;
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new IllegalArgumentException(e);
        }
    }

    public SSLEngineCustomizer getSslEngineCustomizer() {
        return this.sslEngineCustomizer;
    }

    public void setSslEngineCustomizer(SSLEngineCustomizer sSLEngineCustomizer) {
        this.sslEngineCustomizer = sSLEngineCustomizer;
    }

    public static SslConfig forServer(String str, String str2) {
        return forServer(str, str2, ClientAuth.NONE);
    }

    public static SslConfig forServer(String str, String str2, ClientAuth clientAuth) {
        return forServer(str, str2, (String) null, (String) null, clientAuth);
    }

    public static SslConfig forServer(String str, String str2, String str3, String str4, ClientAuth clientAuth) {
        return new SslConfig(clientAuth, getKeyManager(str, str2), getTrustManager(str3, str4));
    }

    public static SslConfig forServer(InputStream inputStream, String str) {
        return forServer(inputStream, str, ClientAuth.NONE);
    }

    public static SslConfig forServer(SslCertType sslCertType, InputStream inputStream, String str) {
        return forServer(sslCertType, inputStream, str, ClientAuth.NONE);
    }

    public static SslConfig forServer(InputStream inputStream, String str, ClientAuth clientAuth) {
        return forServer(inputStream, str, (InputStream) null, (String) null, clientAuth);
    }

    public static SslConfig forServer(SslCertType sslCertType, InputStream inputStream, String str, ClientAuth clientAuth) {
        return forServer(sslCertType, inputStream, str, null, null, clientAuth);
    }

    public static SslConfig forServer(InputStream inputStream, String str, InputStream inputStream2, String str2, ClientAuth clientAuth) {
        return forServer(SslCertType.JKS, inputStream, str, inputStream2, str2, clientAuth);
    }

    public static SslConfig forServer(SslCertType sslCertType, InputStream inputStream, String str, InputStream inputStream2, String str2, ClientAuth clientAuth) {
        return new SslConfig(clientAuth, getKeyManager(sslCertType, inputStream, str), getTrustManager(inputStream2, str2));
    }

    public static SslConfig forClient() {
        return forClient((InputStream) null, (String) null);
    }

    public static SslConfig forClient(String str) {
        return new SslConfig(getCrtTrustManagers(StrUtil.startWithIgnoreCase(str, "classpath:") ? ResourceUtil.getResourceAsStream(str) : ResourceUtil.getFileResource(str)));
    }

    public static SslConfig forClient(String str, String str2) {
        return forClient((String) null, (String) null, str, str2);
    }

    public static SslConfig forClient(String str, String str2, String str3, String str4) {
        return new SslConfig(getKeyManager(str, str2), getTrustManager(str3, str4));
    }

    public static SslConfig forClient(InputStream inputStream) {
        return new SslConfig(getCrtTrustManagers(inputStream));
    }

    public static SslConfig forClient(InputStream inputStream, String str) {
        return forClient((InputStream) null, (String) null, inputStream, str);
    }

    public static SslConfig forClient(InputStream inputStream, String str, InputStream inputStream2, String str2) {
        return forClient(SslCertType.JKS, inputStream, str, inputStream2, str2);
    }

    public static SslConfig forClient(SslCertType sslCertType, InputStream inputStream, String str, InputStream inputStream2, String str2) {
        return new SslConfig(getKeyManager(sslCertType, inputStream, str), getTrustManager(sslCertType, inputStream2, str2));
    }

    public static KeyManager[] getKeyManager(String str, String str2) {
        return getKeyManager(SslCertType.from(str), str == null ? null : StrUtil.startWithIgnoreCase(str, "classpath:") ? ResourceUtil.getResourceAsStream(str) : ResourceUtil.getFileResource(str), str2);
    }

    public static KeyManager[] getKeyManager(SslCertType sslCertType, InputStream inputStream, String str) {
        if (inputStream == null) {
            return null;
        }
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance(sslCertType.getType());
            char[] charArray = str == null ? null : str.toCharArray();
            keyStore.load(inputStream, charArray);
            keyManagerFactory.init(keyStore, charArray);
            return keyManagerFactory.getKeyManagers();
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    public static TrustManager[] getTrustManager(String str, String str2) {
        return getTrustManager(SslCertType.from(str), str == null ? null : StrUtil.startWithIgnoreCase(str, "classpath:") ? ResourceUtil.getResourceAsStream(str) : ResourceUtil.getFileResource(str), str2);
    }

    public static TrustManager[] getTrustManager(InputStream inputStream, String str) {
        return getTrustManager(SslCertType.JKS, inputStream, str);
    }

    public static TrustManager[] getTrustManager(SslCertType sslCertType, InputStream inputStream, String str) {
        if (inputStream == null) {
            return null;
        }
        try {
            return getTrustManagers(sslCertType, inputStream, str == null ? null : str.toCharArray());
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    private static TrustManager[] getTrustManagers(SslCertType sslCertType, InputStream inputStream, char[] cArr) throws Exception {
        if (inputStream == null) {
            return new TrustManager[]{new X509TrustManager() { // from class: org.tio.core.ssl.SslConfig.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            }};
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance(sslCertType.getType());
        keyStore.load(inputStream, cArr);
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    private static TrustManager[] getCrtTrustManagers(InputStream inputStream) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setCertificateEntry("Certificate", (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream));
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory.getTrustManagers();
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }
}
