package org.wisdom.framework.vertx.ssl;

import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wisdom.framework.vertx.ServiceAccessor;

/* loaded from: input_file:org/wisdom/framework/vertx/ssl/SSLServerContext.class */
public final class SSLServerContext {
    private static final Logger LOGGER = LoggerFactory.getLogger("wisdom-vertx-engine");
    private static final String PROTOCOL = "TLS";
    private static SSLServerContext INSTANCE;
    private final SSLContext serverContext;
    private final ServiceAccessor accessor;
    private static final String HTTPSWARN = "HTTPS configured with no client side CA verification. Requires http://webid.info/ for client certificate verification.";
    private static final String HTTPSFAIL = "Failure during HTTPS initialization";

    private SSLServerContext(ServiceAccessor serviceAccessor) {
        KeyManagerFactory keyManagerFactoryFromKeyStore;
        LOGGER.info("Configuring HTTPS support");
        this.accessor = serviceAccessor;
        File baseDir = serviceAccessor.getConfiguration().getBaseDir();
        String str = serviceAccessor.getConfiguration().get("https.keyStore");
        String str2 = serviceAccessor.getConfiguration().get("https.trustStore");
        TrustManager[] trustManagerArr = null;
        if (str == null) {
            keyManagerFactoryFromKeyStore = getFakeKeyManagerFactory(baseDir);
            LOGGER.warn(HTTPSWARN);
            trustManagerArr = new TrustManager[]{new AcceptAllTrustManager()};
        } else {
            try {
                keyManagerFactoryFromKeyStore = getKeyManagerFactoryFromKeyStore(baseDir, str);
            } catch (KeyStoreException e) {
                throw new RuntimeException("Cannot read the key store file", e);
            }
        }
        if (str2 == null) {
            LOGGER.info("Using default trust store for client side CA verification");
        } else if ("noCA".equalsIgnoreCase(str2)) {
            trustManagerArr = new TrustManager[]{new AcceptAllTrustManager()};
            LOGGER.warn(HTTPSWARN);
        } else {
            try {
                trustManagerArr = getTrustManagerFactoryFromKeyStore(baseDir, str2).getTrustManagers();
            } catch (KeyStoreException e2) {
                throw new RuntimeException("Cannot read the trust store file", e2);
            }
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance(PROTOCOL);
            sSLContext.init(keyManagerFactoryFromKeyStore.getKeyManagers(), trustManagerArr, null);
            this.serverContext = sSLContext;
        } catch (Exception e3) {
            throw new RuntimeException(HTTPSFAIL + e3.getMessage(), e3);
        }
    }

    public static synchronized SSLServerContext getInstance(ServiceAccessor serviceAccessor) {
        if (INSTANCE == null) {
            INSTANCE = new SSLServerContext(serviceAccessor);
        }
        return INSTANCE;
    }

    public SSLContext serverContext() {
        return this.serverContext;
    }

    /* JADX WARN: Finally extract failed */
    private KeyManagerFactory getKeyManagerFactoryFromKeyStore(File file, String str) throws KeyStoreException {
        File file2 = new File(str);
        if (!file2.isFile()) {
            file2 = new File(file, str);
        }
        LOGGER.info("\t key store: " + file2.getAbsolutePath());
        KeyStore keyStore = KeyStore.getInstance(this.accessor.getConfiguration().getWithDefault("https.keyStoreType", "JKS"));
        LOGGER.info("\t key store type: " + keyStore.getType());
        LOGGER.info("\t key store provider: " + keyStore.getProvider());
        char[] charArray = this.accessor.getConfiguration().getWithDefault("https.keyStorePassword", "").toCharArray();
        LOGGER.info("\t key store password length: " + charArray.length);
        String withDefault = this.accessor.getConfiguration().getWithDefault("https.keyStoreAlgorithm", KeyManagerFactory.getDefaultAlgorithm());
        LOGGER.info("\t key store algorithm: " + withDefault);
        if (!file2.isFile()) {
            throw new RuntimeException("Cannot load key store from '" + file2.getAbsolutePath() + "', the file does not exist");
        }
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(file2);
                keyStore.load(fileInputStream, charArray);
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(withDefault);
                keyManagerFactory.init(keyStore, charArray);
                IOUtils.closeQuietly(fileInputStream);
                return keyManagerFactory;
            } catch (Exception e) {
                throw new RuntimeException(HTTPSFAIL + e.getMessage(), e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(fileInputStream);
            throw th;
        }
    }

    private KeyManagerFactory getFakeKeyManagerFactory(File file) {
        LOGGER.warn("Using generated key with self signed certificate for HTTPS. This MUST not be used in production. To  set the key store use: `-Dhttps.keyStore=my-keystore`");
        return FakeKeyStore.keyManagerFactory(file);
    }

    /* JADX WARN: Finally extract failed */
    private TrustManagerFactory getTrustManagerFactoryFromKeyStore(File file, String str) throws KeyStoreException {
        File file2 = new File(str);
        if (!file2.isFile()) {
            file2 = new File(file, str);
        }
        LOGGER.info("\t trust store: " + file2.getAbsolutePath());
        KeyStore keyStore = KeyStore.getInstance(this.accessor.getConfiguration().getWithDefault("https.trustStoreType", "JKS"));
        LOGGER.info("\t trust store type: " + keyStore.getType());
        LOGGER.info("\t trust store provider: " + keyStore.getProvider());
        char[] charArray = this.accessor.getConfiguration().getWithDefault("https.trustStorePassword", "").toCharArray();
        LOGGER.info("\t trust store password length: " + charArray.length);
        String withDefault = this.accessor.getConfiguration().getWithDefault("https.trustStoreAlgorithm", KeyManagerFactory.getDefaultAlgorithm());
        LOGGER.info("\t trust store algorithm: " + withDefault);
        if (!file2.isFile()) {
            throw new RuntimeException("Cannot load trust store from '" + file2.getAbsolutePath() + "', the file does not exist");
        }
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(file2);
                keyStore.load(fileInputStream, charArray);
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(withDefault);
                trustManagerFactory.init(keyStore);
                IOUtils.closeQuietly(fileInputStream);
                return trustManagerFactory;
            } catch (Exception e) {
                throw new RuntimeException(HTTPSFAIL + e.getMessage(), e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(fileInputStream);
            throw th;
        }
    }
}
