package redis.clients.jedis;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.Socket;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Objects;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:redis/clients/jedis/SslOptions.class */
public class SslOptions {
    private final String keyManagerAlgorithm;
    private final String trustManagerAlgorithm;
    private final String keyStoreType;
    private final String trustStoreType;
    private final Resource keystoreResource;
    private final char[] keystorePassword;
    private final Resource truststoreResource;
    private final char[] truststorePassword;
    private final SSLParameters sslParameters;
    private final SslVerifyMode sslVerifyMode;
    private final String sslProtocol;
    private static final Logger logger = LoggerFactory.getLogger(SslOptions.class);
    private static final X509Certificate[] EMPTY_X509_CERTIFICATES = new X509Certificate[0];
    private static final TrustManager INSECURE_TRUST_MANAGER = new X509ExtendedTrustManager() { // from class: redis.clients.jedis.SslOptions.1
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            if (SslOptions.logger.isDebugEnabled()) {
                SslOptions.logger.debug("Accepting a client certificate: " + x509CertificateArr[0].getSubjectDN());
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            if (SslOptions.logger.isDebugEnabled()) {
                SslOptions.logger.debug("Accepting a server certificate: " + x509CertificateArr[0].getSubjectDN());
            }
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            checkServerTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            checkServerTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return SslOptions.EMPTY_X509_CERTIFICATES;
        }
    };

    /* loaded from: input_file:redis/clients/jedis/SslOptions$Builder.class */
    public static class Builder {
        private String keyStoreType;
        private String trustStoreType;
        private Resource keystoreResource;
        private char[] keystorePassword;
        private Resource truststoreResource;
        private char[] truststorePassword;
        private SSLParameters sslParameters;
        private SslVerifyMode sslVerifyMode;
        private String sslProtocol;

        private Builder() {
            this.keystorePassword = null;
            this.truststorePassword = null;
            this.sslVerifyMode = SslVerifyMode.FULL;
            this.sslProtocol = "TLS";
        }

        public Builder keyStoreType(String str) {
            this.keyStoreType = (String) Objects.requireNonNull(str, "KeyStoreType must not be null");
            return this;
        }

        public Builder trustStoreType(String str) {
            this.trustStoreType = (String) Objects.requireNonNull(str, "TrustStoreType must not be null");
            return this;
        }

        public Builder keystore(File file) {
            return keystore(file, (char[]) null);
        }

        public Builder keystore(File file, char[] cArr) {
            Objects.requireNonNull(file, "Keystore must not be null");
            SslOptions.assertFile("Keystore", file);
            return keystore(Resource.from(file), cArr);
        }

        public Builder keystore(URL url) {
            return keystore(url, (char[]) null);
        }

        public Builder keystore(URL url, char[] cArr) {
            Objects.requireNonNull(url, "Keystore must not be null");
            return keystore(Resource.from(url), cArr);
        }

        public Builder keystore(Resource resource, char[] cArr) {
            this.keystoreResource = (Resource) Objects.requireNonNull(resource, "Keystore InputStreamProvider must not be null");
            this.keystorePassword = SslOptions.getPassword(cArr);
            return this;
        }

        public Builder truststore(File file) {
            return truststore(file, (char[]) null);
        }

        public Builder truststore(File file, char[] cArr) {
            Objects.requireNonNull(file, "Truststore must not be null");
            SslOptions.assertFile("Truststore", file);
            return truststore(Resource.from(file), cArr);
        }

        public Builder truststore(URL url) {
            return truststore(url, (char[]) null);
        }

        public Builder truststore(URL url, char[] cArr) {
            Objects.requireNonNull(url, "Truststore must not be null");
            return truststore(Resource.from(url), cArr);
        }

        public Builder truststore(Resource resource, char[] cArr) {
            this.truststoreResource = (Resource) Objects.requireNonNull(resource, "Truststore InputStreamProvider must not be null");
            this.truststorePassword = SslOptions.getPassword(cArr);
            return this;
        }

        public Builder sslParameters(SSLParameters sSLParameters) {
            this.sslParameters = sSLParameters;
            return this;
        }

        public Builder sslVerifyMode(SslVerifyMode sslVerifyMode) {
            this.sslVerifyMode = sslVerifyMode;
            return this;
        }

        public Builder sslProtocol(String str) {
            this.sslProtocol = str;
            return this;
        }

        public SslOptions build() {
            if (this.sslParameters == null) {
                this.sslParameters = new SSLParameters();
            }
            return new SslOptions(this);
        }
    }

    @FunctionalInterface
    /* loaded from: input_file:redis/clients/jedis/SslOptions$Resource.class */
    public interface Resource {
        static Resource from(URL url) {
            Objects.requireNonNull(url, "URL must not be null");
            return () -> {
                return url.openConnection().getInputStream();
            };
        }

        static Resource from(File file) {
            Objects.requireNonNull(file, "File must not be null");
            return () -> {
                return new FileInputStream(file);
            };
        }

        InputStream get() throws IOException;
    }

    private SslOptions(Builder builder) {
        this.keyManagerAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
        this.trustManagerAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        this.keyStoreType = builder.keyStoreType;
        this.trustStoreType = builder.trustStoreType;
        this.keystoreResource = builder.keystoreResource;
        this.keystorePassword = builder.keystorePassword;
        this.truststoreResource = builder.truststoreResource;
        this.truststorePassword = builder.truststorePassword;
        this.sslParameters = builder.sslParameters;
        this.sslVerifyMode = builder.sslVerifyMode;
        this.sslProtocol = builder.sslProtocol;
    }

    public static Builder builder() {
        return new Builder();
    }

    public SSLContext createSslContext() throws IOException, GeneralSecurityException {
        InputStream inputStream;
        KeyManager[] keyManagerArr = null;
        TrustManager[] trustManagerArr = null;
        if (this.sslVerifyMode == SslVerifyMode.FULL) {
            this.sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
        } else if (this.sslVerifyMode == SslVerifyMode.CA) {
            this.sslParameters.setEndpointIdentificationAlgorithm("");
        } else if (this.sslVerifyMode == SslVerifyMode.INSECURE) {
            trustManagerArr = new TrustManager[]{INSECURE_TRUST_MANAGER};
        }
        if (this.keystoreResource != null) {
            KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
            inputStream = this.keystoreResource.get();
            Throwable th = null;
            try {
                try {
                    keyStore.load(inputStream, this.keystorePassword);
                    if (inputStream != null) {
                        if (0 != 0) {
                            try {
                                inputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.keyManagerAlgorithm);
                    keyManagerFactory.init(keyStore, this.keystorePassword);
                    keyManagerArr = keyManagerFactory.getKeyManagers();
                } finally {
                }
            } finally {
            }
        }
        if (trustManagerArr == null && this.truststoreResource != null) {
            KeyStore keyStore2 = KeyStore.getInstance(this.trustStoreType);
            inputStream = this.truststoreResource.get();
            Throwable th3 = null;
            try {
                try {
                    keyStore2.load(inputStream, this.truststorePassword);
                    if (inputStream != null) {
                        if (0 != 0) {
                            try {
                                inputStream.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this.trustManagerAlgorithm);
                    trustManagerFactory.init(keyStore2);
                    trustManagerArr = trustManagerFactory.getTrustManagers();
                } finally {
                }
            } finally {
            }
        }
        SSLContext sSLContext = SSLContext.getInstance(this.sslProtocol);
        sSLContext.init(keyManagerArr, trustManagerArr, null);
        return sSLContext;
    }

    public SSLParameters getSslParameters() {
        return this.sslParameters;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static char[] getPassword(char[] cArr) {
        if (cArr != null) {
            return Arrays.copyOf(cArr, cArr.length);
        }
        return null;
    }

    public static void assertFile(String str, File file) {
        if (!file.exists()) {
            throw new IllegalArgumentException(String.format("%s file %s does not exist", str, file));
        }
        if (!file.isFile()) {
            throw new IllegalArgumentException(String.format("%s file %s is not a file", str, file));
        }
    }
}
