package org.reaktivity.nukleus.tls.internal;

import java.io.File;
import java.io.FileInputStream;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.agrona.LangUtil;
import org.reaktivity.nukleus.Configuration;
import org.reaktivity.nukleus.Nukleus;
import org.reaktivity.nukleus.NukleusBuilder;
import org.reaktivity.nukleus.NukleusFactorySpi;
import org.reaktivity.nukleus.route.RouteKind;
import org.reaktivity.nukleus.tls.internal.stream.ClientStreamFactoryBuilder;
import org.reaktivity.nukleus.tls.internal.stream.ServerStreamFactoryBuilder;

/* loaded from: input_file:org/reaktivity/nukleus/tls/internal/TlsNukleusFactorySpi.class */
public final class TlsNukleusFactorySpi implements NukleusFactorySpi {
    private static final String PROPERTY_TLS_KEYSTORE = "tls.keystore";
    private static final String PROPERTY_TLS_KEYSTORE_PASSWORD = "tls.keystore.password";
    private static final String PROPERTY_TLS_TRUSTSTORE = "tls.truststore";
    private static final String PROPERTY_TLS_TRUSTSTORE_PASSWORD = "tls.truststore.password";
    private static final String DEFAULT_TLS_KEYSTORE = "keys";
    private static final String DEFAULT_TLS_KEYSTORE_PASSWORD = "generated";
    private static final String DEFAULT_TLS_TRUSTSTORE = "trust";
    private static final String DEFAULT_TLS_TRUSTSTORE_PASSWORD = "generated";

    public String name() {
        return "tls";
    }

    public Nukleus create(Configuration configuration, NukleusBuilder nukleusBuilder) {
        TlsConfiguration tlsConfiguration = new TlsConfiguration(configuration);
        SSLContext initContext = initContext(configuration.directory());
        return nukleusBuilder.streamFactory(RouteKind.SERVER, new ServerStreamFactoryBuilder(tlsConfiguration, initContext)).streamFactory(RouteKind.CLIENT, new ClientStreamFactoryBuilder(tlsConfiguration, initContext)).build();
    }

    private SSLContext initContext(Path path) {
        SSLContext sSLContext = null;
        try {
            String property = System.getProperty(PROPERTY_TLS_KEYSTORE_PASSWORD, "generated");
            File file = path.resolve("tls").resolve(System.getProperty(PROPERTY_TLS_KEYSTORE, DEFAULT_TLS_KEYSTORE)).toFile();
            KeyManager[] keyManagerArr = null;
            if (file.exists()) {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(new FileInputStream(file), property.toCharArray());
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                keyManagerFactory.init(keyStore, property.toCharArray());
                keyManagerArr = keyManagerFactory.getKeyManagers();
            }
            String property2 = System.getProperty(PROPERTY_TLS_TRUSTSTORE_PASSWORD, "generated");
            File file2 = path.resolve("tls").resolve(System.getProperty(PROPERTY_TLS_TRUSTSTORE, DEFAULT_TLS_TRUSTSTORE)).toFile();
            TrustManager[] trustManagerArr = null;
            if (file2.exists()) {
                KeyStore keyStore2 = KeyStore.getInstance("JKS");
                keyStore2.load(new FileInputStream(file2), property2.toCharArray());
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
                trustManagerFactory.init(keyStore2);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            }
            sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerArr, trustManagerArr, new SecureRandom());
        } catch (Exception e) {
            LangUtil.rethrowUnchecked(e);
        }
        return sSLContext;
    }
}
