package org.voltdb.client;

import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.Properties;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import org.voltcore.network.util.ssl.SSLConfiguration;
import org.voltdb.client.PemTruststore;
import org.voltdb.common.Constants;

/* loaded from: input_file:org/voltdb/client/ClientSslSetup.class */
public class ClientSslSetup {
    public static final String KEYSTORE_CONFIG_PROP = "keyStore";
    public static final String KEYSTORE_PASSWORD_CONFIG_PROP = "keyStorePassword";
    public static final String TRUSTSTORE_CONFIG_PROP = "trustStore";
    public static final String TRUSTSTORE_PASSWORD_CONFIG_PROP = "trustStorePassword";
    private static final String STORE_TYPE = "JKS";
    private static final String USER_HOME = System.getProperty("user.home");

    /* loaded from: input_file:org/voltdb/client/ClientSslSetup$SslConfig.class */
    public static class SslConfig {
        public final String keyStorePath;
        public final String keyStorePassword;
        public final String trustStorePath;
        public final String trustStorePassword;
        public final boolean trustStoreIsPem;

        private SslConfig(boolean z, String str, String str2, boolean z2, String str3, String str4, boolean z3) {
            String str5 = null;
            String str6 = null;
            if (z) {
                str5 = normalize(str, null);
                str6 = normalize(str2, "");
                if (str5 == null) {
                    str5 = normalize(System.getProperty("javax.net.ssl.keyStore"), null);
                    str6 = normalize(System.getProperty("javax.net.ssl.keyStorePassword"), "");
                }
                if (str5 == null) {
                    str5 = Constants.DEFAULT_KEYSTORE_RESOURCE;
                    str6 = "password";
                }
            }
            String str7 = null;
            String str8 = null;
            if (z2) {
                str7 = normalize(str3, null);
                str8 = normalize(str4, "");
                if (str7 == null) {
                    str7 = normalize(System.getProperty("javax.net.ssl.trustStore"), null);
                    str8 = normalize(System.getProperty("javax.net.ssl.trustStorePassword"), "");
                    z3 = false;
                }
                if (str7 == null) {
                    str7 = Constants.DEFAULT_TRUSTSTORE_RESOURCE;
                    str8 = Constants.DEFAULT_TRUSTSTORE_PASSWD;
                    z3 = false;
                }
            }
            this.keyStorePath = str5;
            this.keyStorePassword = str6;
            this.trustStorePath = str7;
            this.trustStorePassword = str8;
            this.trustStoreIsPem = z3;
        }

        private static String normalize(String str, String str2) {
            String str3 = str2;
            if (str != null) {
                str3 = str.trim();
                if (str3.isEmpty()) {
                    str3 = str2;
                }
            }
            return str3;
        }

        static SslConfig createWithTrustStoreOnly(String str, String str2, boolean z) {
            return new SslConfig(false, null, null, true, str, str2, z);
        }

        static SslConfig createWithKeyStoreAndTrustStore(String str, String str2, String str3, String str4) {
            return new SslConfig(true, str, str2, true, str3, str4, false);
        }

        static SslConfig createWithDefaultTrustStoreOnly() {
            return new SslConfig(false, null, null, true, null, null, false);
        }

        static SslConfig createWithDefaultKeyStoreAndTrustStore() {
            return new SslConfig(true, null, null, true, null, null, false);
        }

        public String toString() {
            return this.keyStorePath == null ? String.format("SslConfig [trustStorePath=%s]", this.trustStorePath) : String.format("SslConfig [keyStorePath=%s, trustStorePath=%s]", this.keyStorePath, this.trustStorePath);
        }
    }

    /* loaded from: input_file:org/voltdb/client/ClientSslSetup$SslConfigException.class */
    public static class SslConfigException extends RuntimeException {
        SslConfigException(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:org/voltdb/client/ClientSslSetup$SslSetupException.class */
    public static class SslSetupException extends RuntimeException {
        SslSetupException(String str) {
            super(String.format("TLS/SSL setup failed: %s", str));
        }
    }

    public static SslContext createClientSslContext(SslConfig sslConfig) {
        if (sslConfig == null) {
            throw new IllegalArgumentException("sslConfig is null");
        }
        try {
            SslContextBuilder ciphers = SslContextBuilder.forClient().clientAuth(ClientAuth.NONE).protocols(SSLConfiguration.ENABLED_PROTOCOLS).ciphers(SSLConfiguration.PREFERRED_CIPHERS, SSLConfiguration.CIPHER_FILTER);
            if (sslConfig.keyStorePath != null) {
                if (sslConfig.keyStorePassword == null || sslConfig.keyStorePassword.isEmpty()) {
                    throw new SslSetupException(String.format("No password was provided for keystore '%s', but is required", sslConfig.keyStorePath));
                }
                ciphers.keyManager(keyManagerFactory(sslConfig.keyStorePath, sslConfig.keyStorePassword, sslConfig.keyStorePassword));
            }
            if (sslConfig.trustStorePath != null) {
                ciphers.trustManager(sslConfig.trustStoreIsPem ? trustManagerFactory(PemTruststore.loadPemTruststore(sslConfig.trustStorePath, STORE_TYPE)) : trustManagerFactory(sslConfig.trustStorePath, sslConfig.trustStorePassword));
            }
            return ciphers.build();
        } catch (IOException | GeneralSecurityException | PemTruststore.PemException e) {
            String message = e.getMessage();
            if (message == null || !message.startsWith("Invalid keystore")) {
                throw new SslSetupException(String.format("Failed to initialize TLS/SSL using %s: %s", sslConfig, message));
            }
            throw new SslSetupException(String.format("%s using %s", message, sslConfig));
        }
    }

    private static KeyManagerFactory keyManagerFactory(String str, String str2, String str3) throws IOException, GeneralSecurityException {
        checkAccess("key", str);
        char[] cArr = null;
        if (str2 != null && !str2.isEmpty()) {
            cArr = str2.toCharArray();
        }
        char[] cArr2 = null;
        if (str3 != null && !str3.isEmpty()) {
            cArr2 = str3.toCharArray();
        }
        KeyStore keyStore = KeyStore.getInstance(STORE_TYPE);
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            keyStore.load(fileInputStream, cArr);
            fileInputStream.close();
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, cArr2);
            return keyManagerFactory;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static TrustManagerFactory trustManagerFactory(String str, String str2) throws IOException, GeneralSecurityException {
        checkAccess("trust", str);
        char[] cArr = null;
        if (str2 != null && !str2.isEmpty()) {
            cArr = str2.toCharArray();
        }
        KeyStore keyStore = KeyStore.getInstance(STORE_TYPE);
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            keyStore.load(fileInputStream, cArr);
            fileInputStream.close();
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static TrustManagerFactory trustManagerFactory(KeyStore keyStore) throws GeneralSecurityException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    private static void checkAccess(String str, String str2) {
        File file = new File(str2);
        if (!file.exists()) {
            throw new SslSetupException(String.format("The %sstore file '%s' does not exist", str, str2));
        }
        if (!file.canRead() || !file.isFile()) {
            throw new SslSetupException(String.format("The %sstore file '%s' cannot be read", str, str2));
        }
    }

    public static SslConfig createSslConfig(String str, String str2) {
        return SslConfig.createWithTrustStoreOnly(str, str2, PemTruststore.looksLikePem(str));
    }

    public static SslConfig createSslConfig(String str, String str2, String str3, String str4) {
        return SslConfig.createWithKeyStoreAndTrustStore(str, str2, str3, str4);
    }

    public static SslConfig sslConfigFromPropertyFile(String str) {
        return sslConfigFromPropertyFile(str, false);
    }

    public static SslConfig sslConfigFromPropertyFile(String str, boolean z) {
        String trim = str != null ? str.trim() : "";
        if (trim.isEmpty()) {
            throw new IllegalArgumentException("TLS/SSL properties file name required");
        }
        String expandTilde = expandTilde(trim);
        File file = new File(expandTilde);
        if (!file.exists()) {
            throw new SslConfigException(String.format("Properties file '%s' does not exist", expandTilde));
        }
        if (!file.canRead() || !file.isFile()) {
            throw new SslConfigException(String.format("Properties file '%s' cannot be read", expandTilde));
        }
        Properties properties = new Properties();
        try {
            FileReader fileReader = new FileReader(file);
            try {
                properties.load(fileReader);
                fileReader.close();
                String property = properties.getProperty(KEYSTORE_CONFIG_PROP);
                String property2 = properties.getProperty(KEYSTORE_PASSWORD_CONFIG_PROP);
                String property3 = properties.getProperty(TRUSTSTORE_CONFIG_PROP);
                String property4 = properties.getProperty(TRUSTSTORE_PASSWORD_CONFIG_PROP);
                if (!z) {
                    requireProperty(property3, TRUSTSTORE_CONFIG_PROP, expandTilde);
                    return SslConfig.createWithTrustStoreOnly(property3, property4, false);
                }
                requireProperty(property, KEYSTORE_CONFIG_PROP, expandTilde);
                requireProperty(property3, TRUSTSTORE_CONFIG_PROP, expandTilde);
                return SslConfig.createWithKeyStoreAndTrustStore(property, property2, property3, property4);
            } finally {
            }
        } catch (IOException e) {
            throw new SslConfigException(String.format("I/O error on properties file '%s': %s", expandTilde, e.getMessage()));
        }
    }

    private static void requireProperty(String str, String str2, String str3) {
        if (str == null || str.isEmpty()) {
            throw new SslConfigException(String.format("Required property '%s' not present in property file '%s'", str2, str3));
        }
    }

    public static SslConfig sslConfigFromDefaults() {
        return SslConfig.createWithDefaultTrustStoreOnly();
    }

    public static SslConfig sslConfigFromDefaults(boolean z) {
        return z ? SslConfig.createWithDefaultKeyStoreAndTrustStore() : SslConfig.createWithDefaultTrustStoreOnly();
    }

    public static SslConfig sslConfigTrustStoreGeneric(String str) {
        String trim = str != null ? str.trim() : "";
        if (trim.isEmpty()) {
            throw new IllegalArgumentException("TLS/SSL file name required");
        }
        String expandTilde = expandTilde(trim);
        return looksLikeJavaKeystore(expandTilde) ? SslConfig.createWithTrustStoreOnly(expandTilde, null, false) : PemTruststore.looksLikePem(expandTilde) ? SslConfig.createWithTrustStoreOnly(expandTilde, null, true) : sslConfigFromPropertyFile(expandTilde, false);
    }

    private static boolean looksLikeJavaKeystore(String str) {
        byte[] bArr = {-2, -19, -2, -19};
        boolean z = false;
        try {
            InputStream newInputStream = Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]);
            try {
                byte[] bArr2 = new byte[64];
                int read = newInputStream.read(bArr2);
                if (read == 64) {
                    z = true;
                    for (int i = 0; i < bArr.length; i++) {
                        z &= bArr2[i] == bArr[i];
                    }
                    for (int i2 = 0; !z && i2 < read; i2++) {
                        byte b = bArr2[i2];
                        z |= ((b & Byte.MAX_VALUE) >= 32 || b == 13 || b == 10 || b == 9) ? false : true;
                    }
                }
                if (newInputStream != null) {
                    newInputStream.close();
                }
                return z;
            } catch (Throwable th) {
                if (newInputStream != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (FileNotFoundException e) {
            throw new SslConfigException(String.format("TLS/SSL file '%s' does not exist", str));
        } catch (Exception e2) {
            throw new SslConfigException(String.format("TLS/SSL file '%s' cannot be read", str));
        }
    }

    private static String expandTilde(String str) {
        return str.startsWith("~/") ? str.replace("~", USER_HOME) : str;
    }
}
