package io.mapsmessaging.security.ssl;

import io.mapsmessaging.configuration.ConfigurationProperties;
import io.mapsmessaging.logging.Logger;
import io.mapsmessaging.security.certificates.CertificateManagerFactory;
import io.mapsmessaging.security.logging.AuthLogMessages;
import java.io.IOException;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;

/* loaded from: input_file:io/mapsmessaging/security/ssl/SslHelper.class */
public class SslHelper {
    private SslHelper() {
    }

    public static SSLContext createContext(String str, ConfigurationProperties configurationProperties, Logger logger) throws IOException {
        ConfigurationProperties configurationProperties2 = (ConfigurationProperties) configurationProperties.get("keyStore");
        ConfigurationProperties configurationProperties3 = (ConfigurationProperties) configurationProperties.get("trustStore");
        String property = configurationProperties2.getProperty("alias");
        try {
            KeyStore loadKeyStore = loadKeyStore(configurationProperties2);
            String property2 = configurationProperties2.getProperty("managerFactory");
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(property2);
            keyManagerFactory.init(loadKeyStore, configurationProperties2.getProperty("passphrase").toCharArray());
            logger.log(AuthLogMessages.SSL_SERVER_INITIALISE, new Object[]{property2});
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            if (property != null && !property.isEmpty()) {
                for (int i = 0; i < keyManagers.length; i++) {
                    if (keyManagers[i] instanceof X509ExtendedKeyManager) {
                        keyManagers[i] = new CustomKeyManager((X509ExtendedKeyManager) keyManagers[i], property);
                    }
                }
            }
            KeyStore loadKeyStore2 = loadKeyStore(configurationProperties3);
            String property3 = configurationProperties3.getProperty("managerFactory");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(property3);
            trustManagerFactory.init(loadKeyStore2);
            logger.log(AuthLogMessages.SSL_SERVER_TRUST_MANAGER, new Object[]{property3});
            logger.log(AuthLogMessages.SSL_SERVER_CONTEXT_CONSTRUCT, new Object[0]);
            SSLContext sSLContext = SSLContext.getInstance(str);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (configurationProperties.containsKey("crlUrl")) {
                String property4 = configurationProperties.getProperty("crlUrl");
                List asList = Arrays.asList(trustManagers);
                asList.add(new CrlTrustManager(new CertificateRevocationManager(new URL(property4), configurationProperties.getLongProperty("crlInterval", 86400L))));
                trustManagers = (TrustManager[]) asList.toArray(trustManagers);
            }
            sSLContext.init(keyManagers, trustManagers, new SecureRandom());
            logger.log(AuthLogMessages.SSL_SERVER_SSL_CONTEXT_COMPLETE, new Object[0]);
            return sSLContext;
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new IOException(e);
        }
    }

    public static SSLEngine createSSLEngine(SSLContext sSLContext, ConfigurationProperties configurationProperties) {
        SSLEngine createSSLEngine = sSLContext.createSSLEngine();
        createSSLEngine.setNeedClientAuth(configurationProperties.getBooleanProperty("clientCertificateRequired", false));
        createSSLEngine.setWantClientAuth(configurationProperties.getBooleanProperty("clientCertificateWanted", false));
        return createSSLEngine;
    }

    private static KeyStore loadKeyStore(ConfigurationProperties configurationProperties) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        return CertificateManagerFactory.getInstance().getManager(configurationProperties).getKeyStore();
    }
}
