package io.atomix.catalyst.transport.netty;

import ch.qos.logback.core.net.ssl.SSL;
import io.atomix.catalyst.util.Assert;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/catalyst-netty-1.2.1.jar:io/atomix/catalyst/transport/netty/NettyTls.class */
final class NettyTls {
    private static final Logger LOGGER = LoggerFactory.getLogger(NettyTls.class);
    private NettyOptions properties;

    public NettyTls(NettyOptions nettyOptions) {
        this.properties = nettyOptions;
    }

    public SSLEngine initSslEngine(boolean z) throws Exception {
        KeyStore keyStore;
        KeyStore loadKeystore = loadKeystore(this.properties.sslKeyStorePath(), this.properties.sslKeyStorePassword());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(loadKeystore, keyStoreKeyPass(this.properties));
        if (this.properties.sslTrustStorePath() != null) {
            LOGGER.debug("Using separate trust store");
            keyStore = loadKeystore(this.properties.sslTrustStorePath(), this.properties.sslTrustStorePassword());
        } else {
            keyStore = loadKeystore;
            LOGGER.debug("Using key store as trust store");
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagers, trustManagers, null);
        SSLEngine createSSLEngine = sSLContext.createSSLEngine();
        createSSLEngine.setUseClientMode(z);
        createSSLEngine.setWantClientAuth(true);
        createSSLEngine.setEnabledProtocols(createSSLEngine.getSupportedProtocols());
        createSSLEngine.setEnabledCipherSuites(createSSLEngine.getSupportedCipherSuites());
        createSSLEngine.setEnableSessionCreation(true);
        return createSSLEngine;
    }

    private KeyStore loadKeystore(String str, String str2) throws Exception {
        Assert.notNull(str, "Path");
        File file = new File(str);
        LOGGER.debug("Using JKS at {}", file.getCanonicalPath());
        KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
        keyStore.load(new FileInputStream(file.getCanonicalPath()), str2.toCharArray());
        return keyStore;
    }

    private char[] keyStoreKeyPass(NettyOptions nettyOptions) throws Exception {
        return nettyOptions.sslKeyStoreKeyPassword() != null ? nettyOptions.sslKeyStoreKeyPassword().toCharArray() : nettyOptions.sslKeyStorePassword().toCharArray();
    }
}
