package org.voltdb.stream.plugin.mqtt.api;

import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.TrustManagerFactorySpi;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.voltdb.stream.api.Strings;

/* loaded from: input_file:org/voltdb/stream/plugin/mqtt/api/MqttSslFactory.class */
public class MqttSslFactory {
    private final TrustManagerFactory trustManagerFactory;
    private final KeyManagerFactory keystoreManagerFactory;
    private HostnameVerifier hostnameVerifier;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/voltdb/stream/plugin/mqtt/api/MqttSslFactory$InsecureTrustManagerFactory.class */
    public static class InsecureTrustManagerFactory extends TrustManagerFactory {
        private static final TrustManager[] INSECURE_TRUST_MANAGERS = {new X509TrustManager() { // from class: org.voltdb.stream.plugin.mqtt.api.MqttSslFactory.InsecureTrustManagerFactory.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};

        public InsecureTrustManagerFactory() {
            super(new TrustManagerFactorySpi() { // from class: org.voltdb.stream.plugin.mqtt.api.MqttSslFactory.InsecureTrustManagerFactory.2
                @Override // javax.net.ssl.TrustManagerFactorySpi
                protected void engineInit(KeyStore keyStore) {
                }

                @Override // javax.net.ssl.TrustManagerFactorySpi
                protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
                }

                @Override // javax.net.ssl.TrustManagerFactorySpi
                protected TrustManager[] engineGetTrustManagers() {
                    return InsecureTrustManagerFactory.INSECURE_TRUST_MANAGERS;
                }
            }, null, "Insecure");
        }
    }

    public MqttSslFactory(MqttSslConfig mqttSslConfig) {
        if (mqttSslConfig.insecure()) {
            this.trustManagerFactory = createInsecureTrustManagerFactory();
            this.hostnameVerifier = NoopHostnameVerifier.INSTANCE;
        } else if (mqttSslConfig.hasPemEncodedFile()) {
            this.trustManagerFactory = loadTrustStoreFromCaCrt(mqttSslConfig.pemEncodedFile());
        } else if (mqttSslConfig.hasTrustStoreConfigured()) {
            this.trustManagerFactory = createTrustManagerFactory(mqttSslConfig.truststoreFile(), mqttSslConfig.truststorePassword());
        } else {
            this.trustManagerFactory = null;
        }
        if (mqttSslConfig.hasKeyStoreConfigured()) {
            this.keystoreManagerFactory = createKeyManagerFactory(mqttSslConfig.keystoreFile(), mqttSslConfig.keystorePassword(), mqttSslConfig.keyPassword());
        } else {
            this.keystoreManagerFactory = null;
        }
        if (mqttSslConfig.ignoreHostnameValidation()) {
            this.hostnameVerifier = NoopHostnameVerifier.INSTANCE;
        }
    }

    public TrustManagerFactory getTrustManagerFactory() {
        return this.trustManagerFactory;
    }

    public KeyManagerFactory getKeystoreManagerFactory() {
        return this.keystoreManagerFactory;
    }

    public HostnameVerifier getHostnameVerifier() {
        return this.hostnameVerifier;
    }

    private TrustManagerFactory createTrustManagerFactory(Path path, String str) {
        try {
            FileInputStream fileInputStream = new FileInputStream(path.toFile());
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(fileInputStream, string2chars(str));
                trustManagerFactory.init(keyStore);
                fileInputStream.close();
                return trustManagerFactory;
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException("Failed to create TrustManagerFactory", e);
        }
    }

    private TrustManagerFactory loadTrustStoreFromCaCrt(Path path) {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            try {
                Certificate generateCertificate = certificateFactory.generateCertificate(newInputStream);
                if (newInputStream != null) {
                    newInputStream.close();
                }
                KeyStore keyStore = KeyStore.getInstance("pkcs12");
                keyStore.load(null, null);
                keyStore.setCertificateEntry("ca", generateCertificate);
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                return trustManagerFactory;
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    private TrustManagerFactory createInsecureTrustManagerFactory() {
        try {
            InsecureTrustManagerFactory insecureTrustManagerFactory = new InsecureTrustManagerFactory();
            insecureTrustManagerFactory.init((KeyStore) null);
            return insecureTrustManagerFactory;
        } catch (KeyStoreException e) {
            throw new RuntimeException("Failed to create insecure TrustManagerFactory", e);
        }
    }

    private KeyManagerFactory createKeyManagerFactory(Path path, String str, String str2) {
        try {
            FileInputStream fileInputStream = new FileInputStream(path.toFile());
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(fileInputStream, string2chars(str));
                keyManagerFactory.init(keyStore, string2chars(str2));
                fileInputStream.close();
                return keyManagerFactory;
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new RuntimeException("Failed to create KeyManagerFactory", e);
        }
    }

    private static char[] string2chars(String str) {
        if (Strings.isNullOrEmpty(str)) {
            return null;
        }
        return str.toCharArray();
    }
}
