package io.gitee.declear.dec.cloud.common.rpc.netty;

import io.gitee.declear.dec.cloud.common.constants.Constants;
import io.gitee.declear.dec.cloud.common.property.PropertiesManager;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import java.io.IOException;
import java.io.InputStream;
import java.security.Provider;
import java.security.Security;
import javax.net.ssl.SSLException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/gitee/declear/dec/cloud/common/rpc/netty/SslContextProvider.class */
public class SslContextProvider {
    private static final Logger log = LoggerFactory.getLogger(SslContextProvider.class);
    private static SslContext serverSslContext;
    private static SslContext clientSslContext;

    private SslContextProvider() {
    }

    public static SslContext getServerSslContext(PropertiesManager propertiesManager) {
        if (null == serverSslContext) {
            serverSslContext = buildServerSslContext(propertiesManager);
        }
        return serverSslContext;
    }

    public static SslContext getClientSslContext(PropertiesManager propertiesManager) {
        if (null == clientSslContext) {
            clientSslContext = buildClientSslContext(propertiesManager);
        }
        return clientSslContext;
    }

    private static SslContext buildServerSslContext(PropertiesManager propertiesManager) {
        InputStream inputStream = null;
        InputStream inputStream2 = null;
        InputStream inputStream3 = null;
        try {
            try {
                inputStream = propertiesManager.getFilePropertyInputStream(Constants.DEC_CLOUD_NETTY_SSL_SERVER_KEY_CERT_CHAIN_PATH);
                inputStream2 = propertiesManager.getFilePropertyInputStream(Constants.DEC_CLOUD_NETTY_SSL_SERVER_PRIVATE_KEY_PATH);
                inputStream3 = propertiesManager.getFilePropertyInputStream(Constants.DEC_CLOUD_NETTY_SSL_SERVER_TRUST_CERT_COLLECTION_PATH);
                String property = propertiesManager.getProperty(Constants.DEC_CLOUD_NETTY_SSL_SERVER_KEY_PASSWORD);
                SslContextBuilder forServer = property != null ? SslContextBuilder.forServer(inputStream, inputStream2, property) : SslContextBuilder.forServer(inputStream, inputStream2);
                if (inputStream3 != null) {
                    forServer.trustManager(inputStream3);
                    forServer.clientAuth(ClientAuth.REQUIRE);
                }
                safeCloseStream(inputStream);
                safeCloseStream(inputStream2);
                safeCloseStream(inputStream3);
                try {
                    return forServer.sslProvider(findSslProvider()).build();
                } catch (SSLException e) {
                    throw new IllegalStateException("Build SslSession failed.", e);
                }
            } catch (Exception e2) {
                throw new IllegalArgumentException("Could not find certificate file or the certificate is invalid.", e2);
            }
        } catch (Throwable th) {
            safeCloseStream(inputStream);
            safeCloseStream(inputStream2);
            safeCloseStream(inputStream3);
            throw th;
        }
    }

    private static SslContext buildClientSslContext(PropertiesManager propertiesManager) {
        SslContextBuilder forClient = SslContextBuilder.forClient();
        try {
            try {
                InputStream filePropertyInputStream = propertiesManager.getFilePropertyInputStream(Constants.DEC_CLOUD_NETTY_SSL_CLIENT_KEY_CERT_CHAIN_PATH);
                InputStream filePropertyInputStream2 = propertiesManager.getFilePropertyInputStream(Constants.DEC_CLOUD_NETTY_SSL_CLIENT_PRIVATE_KEY_PATH);
                InputStream filePropertyInputStream3 = propertiesManager.getFilePropertyInputStream(Constants.DEC_CLOUD_NETTY_SSL_CLIENT_TRUST_CERT_COLLECTION_PATH);
                if (filePropertyInputStream3 != null) {
                    forClient.trustManager(filePropertyInputStream3);
                }
                if (filePropertyInputStream != null && filePropertyInputStream != null) {
                    String property = propertiesManager.getProperty(Constants.DEC_CLOUD_NETTY_SSL_CLIENT_KEY_PASSWORD);
                    if (property != null) {
                        forClient.keyManager(filePropertyInputStream, filePropertyInputStream2, property);
                    } else {
                        forClient.keyManager(filePropertyInputStream, filePropertyInputStream2);
                    }
                }
                safeCloseStream(filePropertyInputStream);
                safeCloseStream(filePropertyInputStream2);
                safeCloseStream(filePropertyInputStream3);
                try {
                    return forClient.sslProvider(findSslProvider()).build();
                } catch (SSLException e) {
                    throw new IllegalStateException("Build SslSession failed.", e);
                }
            } catch (Throwable th) {
                safeCloseStream(null);
                safeCloseStream(null);
                safeCloseStream(null);
                throw th;
            }
        } catch (Exception e2) {
            throw new IllegalArgumentException("Could not find certificate file or find invalid certificate.", e2);
        }
    }

    private static void safeCloseStream(InputStream inputStream) {
        if (inputStream == null) {
            return;
        }
        try {
            inputStream.close();
        } catch (IOException e) {
            log.warn("SslContextProvider failed to close a stream.", e);
        }
    }

    private static SslProvider findSslProvider() {
        if (OpenSsl.isAvailable()) {
            log.debug(" SslContextProvider using OPENSSL provider.");
            return SslProvider.OPENSSL;
        }
        if (!checkJdkProvider()) {
            throw new IllegalStateException("SslContextProvider could not find any valid TLS provider, please check your dependency or deployment environment, usually netty-tcnative, Conscrypt, or Jetty NPN/ALPN is needed.");
        }
        log.debug("SslContextProvider using JDK provider.");
        return SslProvider.JDK;
    }

    private static boolean checkJdkProvider() {
        Provider[] providers = Security.getProviders("SSLContext.TLS");
        return providers != null && providers.length > 0;
    }
}
