package org.jboss.errai.bus.server.io.websockets.ssl;

import io.netty.handler.ssl.SslHandler;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import org.apache.commons.lang3.StringUtils;
import org.jboss.errai.bus.server.service.ErraiConfigAttribs;
import org.jboss.errai.bus.server.service.ErraiServiceConfigurator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/errai-bus-4.1.2-SNAPSHOT.jar:org/jboss/errai/bus/server/io/websockets/ssl/SslHandlerFactory.class */
public class SslHandlerFactory {
    private static KeyStore keyStore = null;
    private static SSLEngine sslEngine = null;
    private static String keyPassword = null;
    private static final Logger log = LoggerFactory.getLogger(SslHandlerFactory.class.getName());

    public static SslHandler buildSslHandler(ErraiServiceConfigurator erraiServiceConfigurator) {
        keyPassword = StringUtils.isEmpty(keyPassword) ? ErraiConfigAttribs.WEB_SOCKET_KEY_PASSWORD.get(erraiServiceConfigurator) : keyPassword;
        if (keyStore == null) {
            String str = ErraiConfigAttribs.WEB_SOCKET_KEYSTORE.get(erraiServiceConfigurator);
            String str2 = ErraiConfigAttribs.WEB_SOCKET_KEYSTORE_TYPE.get(erraiServiceConfigurator);
            if (StringUtils.isEmpty(str)) {
                throw new IllegalStateException("when ssl is activated for the sideband server, key store information is necessary");
            }
            String str3 = ErraiConfigAttribs.WEB_SOCKET_KEYSTORE_PASSWORD.get(erraiServiceConfigurator);
            if (StringUtils.isEmpty(str3)) {
                throw new IllegalStateException("keystore configured for sideband websocket server, but missing keystore password");
            }
            if (StringUtils.isEmpty(keyPassword)) {
                keyPassword = str3;
            }
            keyStore = KeystoreFactory.getKeyStore(str, str3, str2);
        }
        return new SslHandler(getSslEngine(keyStore, keyPassword));
    }

    public static SSLEngine getSslEngine(KeyStore keyStore2, String str) {
        if (sslEngine == null || sslEngine.isInboundDone() || sslEngine.isOutboundDone()) {
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                keyManagerFactory.init(keyStore2, str.toCharArray());
                SSLContext sSLContext = SSLContext.getInstance("TLSv1");
                sSLContext.init(keyManagerFactory.getKeyManagers(), null, null);
                SSLEngine createSSLEngine = sSLContext.createSSLEngine();
                createSSLEngine.setUseClientMode(false);
                createSSLEngine.setNeedClientAuth(false);
                sslEngine = createSSLEngine;
            } catch (Exception e) {
                throw new RuntimeException("could not build SSL Engine", e);
            }
        }
        return sslEngine;
    }
}
