package com.networknt.client.simplepool.undertow;

import com.networknt.client.ClientConfig;
import com.networknt.client.ssl.ClientX509ExtendedTrustManager;
import com.networknt.client.ssl.TLSConfig;
import com.networknt.common.SecretConstants;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.owasp.encoder.Encode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/client/simplepool/undertow/SimpleSSLContextMaker.class */
public class SimpleSSLContextMaker {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) SimpleSSLContextMaker.class);
    static final String TLS = "tls";
    static final String LOAD_TRUST_STORE = "loadTrustStore";
    static final String LOAD_KEY_STORE = "loadKeyStore";
    static final String TRUST_STORE = "trustStore";
    static final String KEY_STORE = "keyStore";
    static final String KEY_STORE_PROPERTY = "javax.net.ssl.keyStore";
    static final String KEY_STORE_PASSWORD_PROPERTY = "javax.net.ssl.keyStorePassword";
    static final String TRUST_STORE_PROPERTY = "javax.net.ssl.trustStore";
    static final String TRUST_STORE_PASSWORD_PROPERTY = "javax.net.ssl.trustStorePassword";

    public static SSLContext createSSLContext() throws IOException {
        Map map = (Map) ClientConfig.get().getMappedConfig().get(TLS);
        if (null == map) {
            return null;
        }
        return createSSLContext((String) map.get(TLSConfig.DEFAULT_GROUP_KEY));
    }

    public static SSLContext createSSLContext(String str) throws IOException {
        SSLContext sSLContext = null;
        KeyManager[] keyManagerArr = null;
        Map map = (Map) ClientConfig.get().getMappedConfig().get(TLS);
        if (map != null) {
            try {
                Boolean bool = (Boolean) map.get(LOAD_KEY_STORE);
                if (bool != null && bool.booleanValue()) {
                    String property = System.getProperty(KEY_STORE_PROPERTY);
                    String property2 = System.getProperty(KEY_STORE_PASSWORD_PROPERTY);
                    if (property == null || property2 == null) {
                        property = (String) map.get(KEY_STORE);
                        property2 = (String) ClientConfig.get().getSecretConfig().get(SecretConstants.CLIENT_KEYSTORE_PASS);
                        if (logger.isInfoEnabled()) {
                            logger.info("Loading key store from config at " + Encode.forJava(property));
                        }
                    } else if (logger.isInfoEnabled()) {
                        logger.info("Loading key store from system property at " + Encode.forJava(property));
                    }
                    if (property != null && property2 != null) {
                        String str2 = (String) ClientConfig.get().getSecretConfig().get(SecretConstants.CLIENT_KEY_PASS);
                        KeyStore loadKeyStore = SimpleKeystoreLoader.loadKeyStore(property, property2.toCharArray());
                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                        keyManagerFactory.init(loadKeyStore, str2.toCharArray());
                        keyManagerArr = keyManagerFactory.getKeyManagers();
                    }
                }
                TrustManager[] trustManagerArr = null;
                try {
                    Boolean bool2 = (Boolean) map.get(LOAD_TRUST_STORE);
                    if (bool2 != null && bool2.booleanValue()) {
                        String property3 = System.getProperty(TRUST_STORE_PROPERTY);
                        String property4 = System.getProperty(TRUST_STORE_PASSWORD_PROPERTY);
                        if (property3 == null || property4 == null) {
                            property3 = (String) map.get(TRUST_STORE);
                            property4 = (String) ClientConfig.get().getSecretConfig().get(SecretConstants.CLIENT_TRUSTSTORE_PASS);
                            if (logger.isInfoEnabled()) {
                                logger.info("Loading trust store from config at " + Encode.forJava(property3));
                            }
                        } else if (logger.isInfoEnabled()) {
                            logger.info("Loading trust store from system property at " + Encode.forJava(property3));
                        }
                        if (property3 != null && property4 != null) {
                            KeyStore loadTrustStore = SimpleKeystoreLoader.loadTrustStore(property3, property4.toCharArray());
                            TLSConfig create = TLSConfig.create(map, str);
                            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                            trustManagerFactory.init(loadTrustStore);
                            trustManagerArr = ClientX509ExtendedTrustManager.decorate(trustManagerFactory.getTrustManagers(), create);
                        }
                    }
                    try {
                        sSLContext = SSLContext.getInstance("TLS");
                        sSLContext.init(keyManagerArr, trustManagerArr, null);
                    } catch (KeyManagementException | NoSuchAlgorithmException e) {
                        throw new IOException("Unable to create and initialise the SSLContext", e);
                    }
                } catch (KeyStoreException | NoSuchAlgorithmException e2) {
                    throw new IOException("Unable to initialise TrustManager[]", e2);
                }
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e3) {
                throw new IOException("Unable to initialise KeyManager[]", e3);
            }
        } else {
            logger.error("TLS configuration section is missing in client.yml");
        }
        return sSLContext;
    }
}
