package io.dropwizard.kubernetes.http.security;

import com.fasterxml.jackson.annotation.JsonProperty;
import io.fabric8.kubernetes.client.Config;
import io.fabric8.kubernetes.client.internal.SSLUtils;
import java.io.File;
import java.security.GeneralSecurityException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
import okhttp3.OkHttpClient;
import okhttp3.TlsVersion;

/* loaded from: input_file:io/dropwizard/kubernetes/http/security/SecurityFactory.class */
public class SecurityFactory {

    @JsonProperty
    @Valid
    private CertAuthorityFactory caCert;

    @JsonProperty
    @Valid
    private ClientCertFactory clientCert;

    @JsonProperty
    @Valid
    private ClientKeyFactory clientKey;

    @JsonProperty
    private File trustStore;

    @JsonProperty
    private String trustStorePassword;

    @JsonProperty
    private boolean trustCerts = false;

    @NotNull
    @JsonProperty
    private TlsVersion tlsVersion = TlsVersion.TLS_1_2;

    public boolean isTrustCerts() {
        return this.trustCerts;
    }

    public void setTrustCerts(boolean z) {
        this.trustCerts = z;
    }

    public CertAuthorityFactory getCaCert() {
        return this.caCert;
    }

    public void setCaCert(CertAuthorityFactory certAuthorityFactory) {
        this.caCert = certAuthorityFactory;
    }

    public ClientCertFactory getClientCert() {
        return this.clientCert;
    }

    public void setClientCert(ClientCertFactory clientCertFactory) {
        this.clientCert = clientCertFactory;
    }

    public ClientKeyFactory getClientKey() {
        return this.clientKey;
    }

    public void setClientKey(ClientKeyFactory clientKeyFactory) {
        this.clientKey = clientKeyFactory;
    }

    public File getTrustStore() {
        return this.trustStore;
    }

    public void setTrustStore(File file) {
        this.trustStore = file;
    }

    public String getTrustStorePassword() {
        return this.trustStorePassword;
    }

    public void setTrustStorePassword(String str) {
        this.trustStorePassword = str;
    }

    public TlsVersion getTlsVersion() {
        return this.tlsVersion;
    }

    public void setTlsVersion(TlsVersion tlsVersion) {
        this.tlsVersion = tlsVersion;
    }

    public void addSecurityConfigs(OkHttpClient.Builder builder, Config config) throws Exception {
        config.setTrustCerts(this.trustCerts);
        if (this.caCert != null) {
            this.caCert.addCertAuthorityConfigs(config);
        }
        if (this.clientCert != null) {
            this.clientCert.addClientCertConfig(config);
        }
        if (this.clientKey != null) {
            this.clientKey.addClientKeyConfigs(config);
        }
        if (this.trustStore != null) {
            config.setTrustStoreFile(this.trustStore.getAbsolutePath());
        }
        if (this.trustStorePassword != null) {
            config.setTrustStorePassphrase(this.trustStorePassword);
        }
        addTlsConfigs(builder, config);
    }

    protected void addTlsConfigs(OkHttpClient.Builder builder, Config config) throws Exception {
        TrustManager[] trustManagers = SSLUtils.trustManagers(config);
        KeyManager[] keyManagers = SSLUtils.keyManagers(config);
        if (keyManagers == null && trustManagers == null && !config.isTrustCerts()) {
            SSLContext sSLContext = SSLContext.getInstance(this.tlsVersion.javaName());
            sSLContext.init(keyManagers, trustManagers, null);
            builder.sslSocketFactory(sSLContext.getSocketFactory(), (X509TrustManager) trustManagers[0]);
        } else {
            X509TrustManager x509TrustManager = null;
            if (trustManagers != null && trustManagers.length == 1) {
                x509TrustManager = (X509TrustManager) trustManagers[0];
            }
            try {
                builder.sslSocketFactory(SSLUtils.sslContext(keyManagers, trustManagers).getSocketFactory(), x509TrustManager);
            } catch (GeneralSecurityException e) {
                throw new AssertionError();
            }
        }
    }
}
