package org.infinispan.rest.client;

import io.netty.handler.codec.http2.Http2SecurityUtil;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.JdkSslContext;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import org.infinispan.client.rest.configuration.Protocol;
import org.infinispan.client.rest.configuration.RestClientConfiguration;
import org.infinispan.client.rest.configuration.SslConfiguration;
import org.infinispan.commons.CacheConfigurationException;
import org.infinispan.commons.util.SslContextFactory;

/* loaded from: input_file:org/infinispan/rest/client/NettyTruststoreUtil.class */
public class NettyTruststoreUtil {
    public static SslContext createTruststoreContext(String str, char[] cArr, String... strArr) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(new FileInputStream(str), cArr);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, cArr);
        return SslContextBuilder.forClient().sslProvider(OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK).keyManager(keyManagerFactory).ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE).trustManager(InsecureTrustManagerFactory.INSTANCE).applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, strArr)).build();
    }

    public static SslContext createSslContext(RestClientConfiguration restClientConfiguration) {
        SslConfiguration ssl = restClientConfiguration.security().ssl();
        if (!ssl.enabled()) {
            return null;
        }
        if (ssl.sslContext() != null) {
            return new JdkSslContext(ssl.sslContext(), true, ClientAuth.NONE);
        }
        SslContextBuilder forClient = SslContextBuilder.forClient();
        try {
            if (ssl.keyStoreFileName() != null) {
                forClient.keyManager(SslContextFactory.getKeyManagerFactory(ssl.keyStoreFileName(), ssl.keyStoreType(), ssl.keyStorePassword(), ssl.keyStoreCertificatePassword(), ssl.keyAlias(), NettyTruststoreUtil.class.getClassLoader()));
            }
            if (ssl.trustStoreFileName() != null) {
                forClient.trustManager(SslContextFactory.getTrustManagerFactory(ssl.trustStoreFileName(), ssl.trustStoreType(), ssl.trustStorePassword(), NettyTruststoreUtil.class.getClassLoader()));
            }
            if (ssl.trustStorePath() != null) {
                forClient.trustManager(new File(ssl.trustStorePath()));
            }
            if (ssl.protocol() != null) {
                forClient.protocols(new String[]{ssl.protocol()});
            }
            if (restClientConfiguration.protocol() == Protocol.HTTP_20) {
                forClient.applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, new String[]{"h2"}));
            }
            return forClient.build();
        } catch (Exception e) {
            throw new CacheConfigurationException(e);
        }
    }
}
