package io.debezium.connector.cassandra.network;

import io.debezium.connector.cassandra.exceptions.CassandraConnectorConfigException;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.Properties;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/debezium/connector/cassandra/network/SslContextFactory.class */
public class SslContextFactory {
    private static final Logger LOGGER = LoggerFactory.getLogger(SslContextFactory.class);

    private SslContextFactory() {
    }

    public static SslContext createSslContext(String str) throws GeneralSecurityException, IOException {
        if (str == null) {
            throw new CassandraConnectorConfigException("Please specify SSL config path in cdc.yml");
        }
        Properties properties = new Properties();
        FileInputStream fileInputStream = new FileInputStream(str);
        Throwable th = null;
        try {
            try {
                properties.load(fileInputStream);
                fileInputStream.close();
                SslContext createSslContext = createSslContext(new SslConfig(properties));
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return createSslContext;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    public static SslContext createSslContext(SslConfig sslConfig) throws GeneralSecurityException, IOException {
        SslContextBuilder keyManager;
        FileInputStream fileInputStream;
        try {
            SslContextBuilder forClient = SslContextBuilder.forClient();
            if (sslConfig.keyStoreLocation() != null) {
                KeyStore keyStore = KeyStore.getInstance(sslConfig.keyStoreType());
                try {
                    fileInputStream = new FileInputStream(sslConfig.keyStoreLocation());
                    Throwable th = null;
                    try {
                        try {
                            keyStore.load(fileInputStream, sslConfig.keyStorePassword().toCharArray());
                            if (fileInputStream != null) {
                                if (0 != 0) {
                                    try {
                                        fileInputStream.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    fileInputStream.close();
                                }
                            }
                            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(sslConfig.getKeyManagerAlgorithm());
                            keyManagerFactory.init(keyStore, sslConfig.keyStorePassword().toCharArray());
                            keyManager = SslContextBuilder.forClient();
                            keyManager.keyManager(keyManagerFactory);
                        } finally {
                        }
                    } finally {
                    }
                } catch (IOException e) {
                    throw new IOException("Failed to load the key store: location=" + sslConfig.keyStoreLocation() + " type=" + sslConfig.keyStoreType());
                }
            } else {
                LOGGER.warn("KeyStoreLocation was not specified. Building SslContext without certificate. This is not suitable for PRODUCTION");
                SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
                keyManager = forClient.keyManager(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey());
            }
            if (sslConfig.trustStoreLocation() != null) {
                KeyStore keyStore2 = KeyStore.getInstance(sslConfig.trustStoreType());
                try {
                    fileInputStream = new FileInputStream(sslConfig.trustStoreLocation());
                    Throwable th3 = null;
                    try {
                        try {
                            keyStore2.load(fileInputStream, sslConfig.trustStorePassword().toCharArray());
                            if (fileInputStream != null) {
                                if (0 != 0) {
                                    try {
                                        fileInputStream.close();
                                    } catch (Throwable th4) {
                                        th3.addSuppressed(th4);
                                    }
                                } else {
                                    fileInputStream.close();
                                }
                            }
                            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(sslConfig.trustManagerAlgorithm());
                            trustManagerFactory.init(keyStore2);
                            keyManager.trustManager(trustManagerFactory);
                        } finally {
                        }
                    } finally {
                    }
                } catch (IOException e2) {
                    throw new IOException("Failed to load the trust store: location=" + sslConfig.trustStoreLocation() + " type=" + sslConfig.trustStoreType());
                }
            } else {
                LOGGER.warn("TrustStoreLocation was not specified. Building SslContext using InsecureTrustManagerFactory. This is not suitable for PRODUCTION");
                keyManager.trustManager(InsecureTrustManagerFactory.INSTANCE);
            }
            if (sslConfig.cipherSuites() != null) {
                keyManager.ciphers(Arrays.asList(sslConfig.cipherSuites().toString().split(",")));
            }
            return keyManager.build();
        } catch (IOException | GeneralSecurityException e3) {
            LOGGER.error("Failed to create SslContext", e3);
            throw e3;
        }
    }
}
