package kikaha.core.modules.http.ssl;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.HashSet;
import java.util.Iterator;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import kikaha.config.Config;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xnio.IoUtils;

@Singleton
/* loaded from: input_file:kikaha/core/modules/http/ssl/SSLContextFactory.class */
public class SSLContextFactory {
    private static final Logger log = LoggerFactory.getLogger(SSLContextFactory.class);

    @Inject
    Config configuration;
    Config httpsConfig;

    @PostConstruct
    public void loadHttpsConfiguration() {
        this.httpsConfig = this.configuration.getConfig("server.https");
    }

    public SSLContext createSSLContext() throws IOException {
        if (this.httpsConfig.getBoolean("enabled")) {
            return createSSLContext(this.httpsConfig.getString("keystore"), this.httpsConfig.getString("truststore"), this.httpsConfig.getString("password"));
        }
        return null;
    }

    public SSLContext createSSLContext(String str, String str2, String str3) throws IOException {
        KeyStore loadKeyStore = loadKeyStore(str, str3);
        KeyStore loadKeyStore2 = loadKeyStore(str2, str3);
        log.debug("Keystore and Truststore loaded. Creating SSLContext...");
        return createSSLContext(loadKeyStore, loadKeyStore2, str3);
    }

    public KeyStore loadKeyStore(String str, String str2) throws IOException {
        if (str == null || str.isEmpty()) {
            return null;
        }
        InputStream openFile = openFile(str);
        if (openFile == null) {
            throw new IOException("Could not open " + str + " certificate.");
        }
        log.info("Loading key store " + str);
        return loadKeyStore(openFile, str2);
    }

    InputStream openFile(String str) {
        try {
            log.debug("Opening certificate from the ClassPath: " + str);
            InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream(str);
            if (resourceAsStream == null) {
                log.debug("Opening certificate from the file system: " + str);
                resourceAsStream = new FileInputStream(str);
            }
            return resourceAsStream;
        } catch (FileNotFoundException e) {
            return null;
        }
    }

    public KeyStore loadKeyStore(InputStream inputStream, String str) throws IOException {
        try {
            try {
                try {
                    KeyStore keyStore = KeyStore.getInstance(this.httpsConfig.getString("keystore-security-provider"));
                    keyStore.load(inputStream, str.toCharArray());
                    IoUtils.safeClose(inputStream);
                    return keyStore;
                } catch (IOException e) {
                    showAvailableSecurityProviders();
                    throw e;
                }
            } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
                showAvailableSecurityProviders();
                throw new IOException("Unable to load KeyStore", e2);
            }
        } catch (Throwable th) {
            IoUtils.safeClose(inputStream);
            throw th;
        }
    }

    private void showAvailableSecurityProviders() {
        HashSet hashSet = new HashSet();
        for (Provider provider : Security.getProviders()) {
            Iterator<Provider.Service> it = provider.getServices().iterator();
            while (it.hasNext()) {
                hashSet.add(it.next().getAlgorithm());
            }
        }
        log.debug("Available security provides: " + String.join(" ", hashSet));
    }

    public SSLContext createSSLContext(KeyStore keyStore, KeyStore keyStore2, String str) throws IOException {
        return createSSLContext(createKeyManagers(keyStore, str), createTrustManagers(keyStore2));
    }

    SSLContext createSSLContext(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) throws IOException {
        try {
            SSLContext sSLContext = SSLContext.getInstance(this.httpsConfig.getString("cert-security-provider"));
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            return sSLContext;
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new IOException("Unable to create and initialise the SSLContext", e);
        }
    }

    TrustManager[] createTrustManagers(KeyStore keyStore) throws IOException {
        if (keyStore == null) {
            return null;
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory.getTrustManagers();
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new IOException("Unable to initialise TrustManager[]", e);
        }
    }

    KeyManager[] createKeyManagers(KeyStore keyStore, String str) throws IOException {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, str.toCharArray());
            return keyManagerFactory.getKeyManagers();
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new IOException("Unable to initialise KeyManager[]", e);
        }
    }
}
