package org.neo4j.ssl;

import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslProvider;
import java.io.File;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.HashMap;
import org.neo4j.kernel.configuration.Config;
import org.neo4j.kernel.configuration.ssl.SslPolicyConfig;
import org.neo4j.kernel.configuration.ssl.SslPolicyLoader;
import org.neo4j.kernel.configuration.ssl.SslSystemSettings;
import org.neo4j.logging.NullLogProvider;

/* loaded from: input_file:org/neo4j/ssl/SslContextFactory.class */
public class SslContextFactory {

    /* loaded from: input_file:org/neo4j/ssl/SslContextFactory$Ciphers.class */
    public interface Ciphers {
        SslParameters ciphers(String... strArr);
    }

    /* loaded from: input_file:org/neo4j/ssl/SslContextFactory$SslParameters.class */
    public static class SslParameters implements Ciphers {
        private String protocols;
        private String ciphers;

        private SslParameters(String str, String str2) {
            this.protocols = str;
            this.ciphers = str2;
        }

        public static Ciphers protocols(String... strArr) {
            return new SslParameters(joinOrNull(strArr), null);
        }

        @Override // org.neo4j.ssl.SslContextFactory.Ciphers
        public SslParameters ciphers(String... strArr) {
            this.ciphers = joinOrNull(strArr);
            return this;
        }

        private static String joinOrNull(String[] strArr) {
            if (strArr.length > 0) {
                return String.join(",", strArr);
            }
            return null;
        }

        public String toString() {
            return "SslParameters{protocols='" + this.protocols + "', ciphers='" + this.ciphers + "'}";
        }
    }

    public static SslContext makeSslContext(SslResource sslResource, boolean z, SslParameters sslParameters) throws CertificateException, IOException {
        return makeSslContext(sslResource, z, SslProvider.JDK.name(), sslParameters.protocols, sslParameters.ciphers);
    }

    public static SslContext makeSslContext(SslResource sslResource, boolean z, String str) throws CertificateException, IOException {
        return makeSslContext(sslResource, z, str, null, null);
    }

    public static SslContext makeSslContext(SslResource sslResource, boolean z) throws CertificateException, IOException {
        return makeSslContext(sslResource, z, SslProvider.JDK.name(), null, null);
    }

    public static SslContext makeSslContext(SslResource sslResource, boolean z, String str, String str2, String str3) throws CertificateException, IOException {
        HashMap hashMap = new HashMap();
        hashMap.put(SslSystemSettings.netty_ssl_provider.name(), str);
        SslPolicyConfig sslPolicyConfig = new SslPolicyConfig("default");
        File parentFile = sslResource.privateKey().getParentFile();
        new File(parentFile, "trusted").mkdirs();
        new File(parentFile, "revoked").mkdirs();
        hashMap.put(sslPolicyConfig.base_directory.name(), parentFile.getPath());
        hashMap.put(sslPolicyConfig.private_key.name(), sslResource.privateKey().getPath());
        hashMap.put(sslPolicyConfig.public_certificate.name(), sslResource.publicCertificate().getPath());
        hashMap.put(sslPolicyConfig.trusted_dir.name(), sslResource.trustedDirectory().getPath());
        hashMap.put(sslPolicyConfig.revoked_dir.name(), sslResource.revokedDirectory().getPath());
        if (str2 != null) {
            hashMap.put(sslPolicyConfig.tls_versions.name(), str2);
        }
        if (str3 != null) {
            hashMap.put(sslPolicyConfig.ciphers.name(), str3);
        }
        SslPolicy policy = SslPolicyLoader.create(Config.fromSettings(hashMap).build(), NullLogProvider.getInstance()).getPolicy("default");
        return z ? policy.nettyServerContext() : policy.nettyClientContext();
    }
}
