package org.neo4j.ssl;

import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SslProvider;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import org.neo4j.configuration.ssl.ClientAuth;
import org.neo4j.logging.Log;
import org.neo4j.logging.LogProvider;

/* loaded from: input_file:org/neo4j/ssl/SslPolicy.class */
public class SslPolicy {
    private final PrivateKey privateKey;
    private final X509Certificate[] keyCertChain;
    private final List<String> ciphers;
    private final String[] tlsVersions;
    private final ClientAuth clientAuth;
    private final TrustManagerFactory trustManagerFactory;
    private final SslProvider sslProvider;
    private final boolean verifyHostname;
    private final Log log;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.neo4j.ssl.SslPolicy$1, reason: invalid class name */
    /* loaded from: input_file:org/neo4j/ssl/SslPolicy$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$neo4j$configuration$ssl$ClientAuth = new int[ClientAuth.values().length];

        static {
            try {
                $SwitchMap$org$neo4j$configuration$ssl$ClientAuth[ClientAuth.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$neo4j$configuration$ssl$ClientAuth[ClientAuth.OPTIONAL.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$neo4j$configuration$ssl$ClientAuth[ClientAuth.REQUIRE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public SslPolicy(PrivateKey privateKey, X509Certificate[] x509CertificateArr, List<String> list, List<String> list2, ClientAuth clientAuth, TrustManagerFactory trustManagerFactory, SslProvider sslProvider, boolean z, LogProvider logProvider) {
        this.privateKey = privateKey;
        this.keyCertChain = x509CertificateArr;
        this.tlsVersions = list == null ? null : (String[]) list.toArray(new String[0]);
        this.ciphers = list2;
        this.clientAuth = clientAuth;
        this.trustManagerFactory = trustManagerFactory;
        this.sslProvider = sslProvider;
        this.verifyHostname = z;
        this.log = logProvider.getLog(SslPolicy.class);
    }

    public SslContext nettyServerContext() throws SSLException {
        return SslContextBuilder.forServer(this.privateKey, this.keyCertChain).sslProvider(this.sslProvider).clientAuth(forNetty(this.clientAuth)).protocols(this.tlsVersions).ciphers(this.ciphers).trustManager(this.trustManagerFactory).build();
    }

    public SslContext nettyClientContext() throws SSLException {
        return SslContextBuilder.forClient().sslProvider(this.sslProvider).keyManager(this.privateKey, this.keyCertChain).protocols(this.tlsVersions).ciphers(this.ciphers).trustManager(this.trustManagerFactory).build();
    }

    private io.netty.handler.ssl.ClientAuth forNetty(ClientAuth clientAuth) {
        switch (AnonymousClass1.$SwitchMap$org$neo4j$configuration$ssl$ClientAuth[clientAuth.ordinal()]) {
            case 1:
                return io.netty.handler.ssl.ClientAuth.NONE;
            case 2:
                return io.netty.handler.ssl.ClientAuth.OPTIONAL;
            case 3:
                return io.netty.handler.ssl.ClientAuth.REQUIRE;
            default:
                throw new IllegalArgumentException("Cannot translate to netty equivalent: " + clientAuth);
        }
    }

    public ChannelHandler nettyServerHandler(Channel channel) throws SSLException {
        return nettyServerHandler(channel, nettyServerContext());
    }

    private ChannelHandler nettyServerHandler(Channel channel, SslContext sslContext) {
        return new SslHandler(sslContext.newEngine(channel.alloc()));
    }

    public ChannelHandler nettyClientHandler(Channel channel) throws SSLException {
        return nettyClientHandler(channel, nettyClientContext());
    }

    public ChannelHandler nettyClientHandler(Channel channel, SslContext sslContext) {
        return new ClientSideOnConnectSslHandler(channel, sslContext, this.verifyHostname, this.tlsVersions);
    }

    public PrivateKey privateKey() {
        return this.privateKey;
    }

    public X509Certificate[] certificateChain() {
        return this.keyCertChain;
    }

    public KeyStore getKeyStore(char[] cArr, char[] cArr2) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            this.log.debug("Keystore loaded is of type " + keyStore.getClass().getName());
            keyStore.load(null, cArr);
            keyStore.setKeyEntry("key", this.privateKey, cArr2, this.keyCertChain);
            return keyStore;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public TrustManagerFactory getTrustManagerFactory() {
        return this.trustManagerFactory;
    }

    public List<String> getCipherSuites() {
        return this.ciphers;
    }

    public String[] getTlsVersions() {
        return this.tlsVersions;
    }

    public ClientAuth getClientAuth() {
        return this.clientAuth;
    }

    public boolean isVerifyHostname() {
        return this.verifyHostname;
    }

    public String toString() {
        return "SslPolicy{keyCertChain=" + describeCertChain() + ", ciphers=" + this.ciphers + ", tlsVersions=" + Arrays.toString(this.tlsVersions) + ", clientAuth=" + this.clientAuth + "}";
    }

    private String describeCertificate(X509Certificate x509Certificate) {
        return "Subject: " + x509Certificate.getSubjectDN() + ", Issuer: " + x509Certificate.getIssuerDN();
    }

    private String describeCertChain() {
        return String.join(", ", (List) Arrays.stream(this.keyCertChain).map(this::describeCertificate).collect(Collectors.toList()));
    }
}
