package io.quarkus.vertx.http.runtime.options;

import io.quarkus.vertx.http.runtime.CertificateConfig;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.net.KeyCertOptions;
import io.vertx.core.net.KeyStoreOptions;
import io.vertx.core.net.PemKeyCertOptions;
import io.vertx.core.net.PemTrustOptions;
import io.vertx.core.net.TrustOptions;
import java.io.IOException;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;

/* loaded from: input_file:io/quarkus/vertx/http/runtime/options/TlsUtils.class */
public class TlsUtils {
    private TlsUtils() {
    }

    public static KeyCertOptions computeKeyStoreOptions(CertificateConfig certificateConfig, Optional<String> optional, Optional<String> optional2) throws IOException {
        if (!certificateConfig.keyFiles.isPresent() && !certificateConfig.files.isPresent()) {
            if (!certificateConfig.keyStoreFile.isPresent()) {
                return null;
            }
            return createKeyStoreOptions(certificateConfig.keyStoreFile.get(), optional, getKeyStoreType(certificateConfig.keyStoreFile.get(), certificateConfig.keyStoreFileType), certificateConfig.keyStoreProvider, HttpServerOptionsUtils.or(certificateConfig.keyStoreAlias, certificateConfig.keyStoreKeyAlias), optional2);
        }
        if (certificateConfig.keyFiles.isEmpty()) {
            throw new IllegalArgumentException("You must specify the key files when specifying the certificate files");
        }
        if (certificateConfig.files.isEmpty()) {
            throw new IllegalArgumentException("You must specify the certificate files when specifying the key files");
        }
        if (certificateConfig.files.get().size() != certificateConfig.keyFiles.get().size()) {
            throw new IllegalArgumentException("The number of certificate files and key files must be the same, and be given in the same order");
        }
        return createPemKeyCertOptions(certificateConfig.files.get(), certificateConfig.keyFiles.get());
    }

    public static TrustOptions computeTrustOptions(CertificateConfig certificateConfig, Optional<String> optional) throws IOException {
        Path singleTrustStoreFile = getSingleTrustStoreFile(certificateConfig);
        if (singleTrustStoreFile == null) {
            if (!certificateConfig.trustStoreFiles.isPresent() || certificateConfig.trustStoreFiles.get().isEmpty()) {
                return null;
            }
            PemTrustOptions pemTrustOptions = new PemTrustOptions();
            Iterator<Path> it = certificateConfig.trustStoreFiles.get().iterator();
            while (it.hasNext()) {
                pemTrustOptions.addCertValue(Buffer.buffer(HttpServerOptionsUtils.getFileContent(it.next())));
            }
            return pemTrustOptions;
        }
        String truststoreType = getTruststoreType(singleTrustStoreFile, certificateConfig.trustStoreFileType);
        if (truststoreType.equalsIgnoreCase("pem")) {
            return new PemTrustOptions().addCertValue(Buffer.buffer(HttpServerOptionsUtils.getFileContent(singleTrustStoreFile)));
        }
        if ((truststoreType.equalsIgnoreCase("pkcs12") || truststoreType.equalsIgnoreCase("jks")) && certificateConfig.trustStorePassword.isEmpty() && optional.isEmpty()) {
            throw new IllegalArgumentException("No trust store password provided");
        }
        return createKeyStoreOptions(singleTrustStoreFile, optional, truststoreType, certificateConfig.trustStoreProvider, certificateConfig.trustStoreCertAlias, Optional.empty());
    }

    private static Path getSingleTrustStoreFile(CertificateConfig certificateConfig) {
        Path path = null;
        if (certificateConfig.trustStoreFile.isPresent()) {
            path = certificateConfig.trustStoreFile.get();
        }
        if (certificateConfig.trustStoreFiles.isPresent()) {
            if (path != null) {
                throw new IllegalArgumentException("You cannot specify both `trustStoreFile` and `trustStoreFiles`");
            }
            if (certificateConfig.trustStoreFiles.get().size() == 1) {
                path = certificateConfig.trustStoreFiles.get().get(0);
            }
        }
        return path;
    }

    static String getTruststoreType(Path path, Optional<String> optional) {
        return optional.isPresent() ? optional.get().toLowerCase() : getTruststoreTypeFromFileName(path);
    }

    private static String getKeystoreTypeFromFileName(Path path) {
        String lowerCase = path.getFileName().toString().toLowerCase();
        if (lowerCase.endsWith(".p12") || lowerCase.endsWith(".pkcs12") || lowerCase.endsWith(".pfx")) {
            return "pkcs12";
        }
        if (lowerCase.endsWith(".jks") || lowerCase.endsWith(".keystore")) {
            return "jks";
        }
        if (lowerCase.endsWith(".key") || lowerCase.endsWith(".crt") || lowerCase.endsWith(".pem")) {
            return "pem";
        }
        throw new IllegalArgumentException("Could not determine the keystore type from the file name: " + String.valueOf(path) + ". Configure the `quarkus.http.ssl.certificate.key-store-file-type` property.");
    }

    private static String getTruststoreTypeFromFileName(Path path) {
        String lowerCase = path.getFileName().toString().toLowerCase();
        if (lowerCase.endsWith(".p12") || lowerCase.endsWith(".pkcs12") || lowerCase.endsWith(".pfx")) {
            return "pkcs12";
        }
        if (lowerCase.endsWith(".jks") || lowerCase.endsWith(".truststore")) {
            return "jks";
        }
        if (lowerCase.endsWith(".ca") || lowerCase.endsWith(".crt") || lowerCase.endsWith(".pem")) {
            return "pem";
        }
        throw new IllegalArgumentException("Could not determine the truststore type from the file name: " + String.valueOf(path) + ". Configure the `quarkus.http.ssl.certificate.trust-store-file-type` property.");
    }

    private static KeyStoreOptions createKeyStoreOptions(Path path, Optional<String> optional, String str, Optional<String> optional2, Optional<String> optional3, Optional<String> optional4) throws IOException {
        return new KeyStoreOptions().setPassword(optional.orElse(null)).setValue(Buffer.buffer(HttpServerOptionsUtils.getFileContent(path))).setType(str.toUpperCase()).setProvider(optional2.orElse(null)).setAlias(optional3.orElse(null)).setAliasPassword(optional4.orElse(null));
    }

    static String getKeyStoreType(Path path, Optional<String> optional) {
        return optional.isPresent() ? optional.get().toLowerCase() : getKeystoreTypeFromFileName(path);
    }

    private static PemKeyCertOptions createPemKeyCertOptions(List<Path> list, List<Path> list2) throws IOException {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        Iterator<Path> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(Buffer.buffer(HttpServerOptionsUtils.getFileContent(it.next())));
        }
        Iterator<Path> it2 = list2.iterator();
        while (it2.hasNext()) {
            arrayList2.add(Buffer.buffer(HttpServerOptionsUtils.getFileContent(it2.next())));
        }
        return new PemKeyCertOptions().setCertValues(arrayList).setKeyValues(arrayList2);
    }
}
