package io.vertx.core.net.impl;

import ch.qos.logback.core.net.ssl.SSL;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.file.FileSystem;
import io.vertx.core.impl.VertxInternal;
import io.vertx.core.net.JksOptions;
import io.vertx.core.net.KeyCertOptions;
import io.vertx.core.net.PemKeyCertOptions;
import io.vertx.core.net.PemTrustOptions;
import io.vertx.core.net.PfxOptions;
import io.vertx.core.net.TrustOptions;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import java.util.Iterator;
import java.util.function.Supplier;
import java.util.stream.Stream;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:io/vertx/core/net/impl/KeyStoreHelper.class */
public abstract class KeyStoreHelper {
    private static final String DUMMY_PASSWORD = "dummy";
    private String password;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/vertx/core/net/impl/KeyStoreHelper$CA.class */
    public static class CA extends KeyStoreHelper {
        private Stream<Buffer> certValues;

        CA(Stream<Buffer> stream) {
            super(null);
            this.certValues = stream;
        }

        @Override // io.vertx.core.net.impl.KeyStoreHelper
        protected KeyStore loadStore(VertxInternal vertxInternal, String str) throws Exception {
            KeyStore keyStore = KeyStore.getInstance("jks");
            keyStore.load(null, null);
            Stream<Buffer> stream = this.certValues;
            stream.getClass();
            Iterable iterable = stream::iterator;
            Iterator it = iterable.iterator();
            while (it.hasNext()) {
                for (Certificate certificate : KeyStoreHelper.loadCert((Buffer) it.next())) {
                    keyStore.setCertificateEntry("cert-0", certificate);
                }
            }
            return keyStore;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/vertx/core/net/impl/KeyStoreHelper$JKSOrPKCS12.class */
    public static class JKSOrPKCS12 extends KeyStoreHelper {
        private String type;
        private Supplier<Buffer> value;

        JKSOrPKCS12(String str, String str2, Supplier<Buffer> supplier) {
            super(str2);
            this.type = str;
            this.value = supplier;
        }

        @Override // io.vertx.core.net.impl.KeyStoreHelper
        protected KeyStore loadStore(VertxInternal vertxInternal, String str) throws Exception {
            KeyStore keyStore = KeyStore.getInstance(this.type);
            ByteArrayInputStream byteArrayInputStream = null;
            try {
                byteArrayInputStream = new ByteArrayInputStream(this.value.get().getBytes());
                keyStore.load(byteArrayInputStream, str != null ? str.toCharArray() : null);
                if (byteArrayInputStream != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (IOException e) {
                    }
                }
                return keyStore;
            } catch (Throwable th) {
                if (byteArrayInputStream != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (IOException e2) {
                    }
                }
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/vertx/core/net/impl/KeyStoreHelper$KeyCert.class */
    public static class KeyCert extends KeyStoreHelper {
        private Supplier<Buffer> keyValue;
        private Supplier<Buffer> certValue;

        KeyCert(String str, Supplier<Buffer> supplier, Supplier<Buffer> supplier2) {
            super(str);
            this.keyValue = supplier;
            this.certValue = supplier2;
        }

        @Override // io.vertx.core.net.impl.KeyStoreHelper
        protected KeyStore loadStore(VertxInternal vertxInternal, String str) throws Exception {
            KeyStore keyStore = KeyStore.getInstance("jks");
            keyStore.load(null, null);
            keyStore.setEntry("dummy-entry", new KeyStore.PrivateKeyEntry(KeyStoreHelper.loadPrivateKey(this.keyValue.get()), KeyStoreHelper.loadCert(this.certValue.get())), new KeyStore.PasswordProtection(KeyStoreHelper.DUMMY_PASSWORD.toCharArray()));
            return keyStore;
        }
    }

    public static KeyStoreHelper create(VertxInternal vertxInternal, KeyCertOptions keyCertOptions) {
        Supplier supplier;
        Supplier supplier2;
        if (keyCertOptions instanceof JksOptions) {
            JksOptions jksOptions = (JksOptions) keyCertOptions;
            if (jksOptions.getPath() != null) {
                supplier2 = () -> {
                    return vertxInternal.fileSystem().readFileBlocking(vertxInternal.resolveFile(jksOptions.getPath()).getAbsolutePath());
                };
            } else {
                if (jksOptions.getValue() == null) {
                    return null;
                }
                jksOptions.getClass();
                supplier2 = jksOptions::getValue;
            }
            return new JKSOrPKCS12(SSL.DEFAULT_KEYSTORE_TYPE, jksOptions.getPassword(), supplier2);
        }
        if (!(keyCertOptions instanceof PfxOptions)) {
            if (!(keyCertOptions instanceof PemKeyCertOptions)) {
                return null;
            }
            PemKeyCertOptions pemKeyCertOptions = (PemKeyCertOptions) keyCertOptions;
            return new KeyCert(DUMMY_PASSWORD, () -> {
                if (pemKeyCertOptions.getKeyPath() != null) {
                    return vertxInternal.fileSystem().readFileBlocking(vertxInternal.resolveFile(pemKeyCertOptions.getKeyPath()).getAbsolutePath());
                }
                if (pemKeyCertOptions.getKeyValue() != null) {
                    return pemKeyCertOptions.getKeyValue();
                }
                throw new RuntimeException("Missing private key");
            }, () -> {
                if (pemKeyCertOptions.getCertPath() != null) {
                    return vertxInternal.fileSystem().readFileBlocking(vertxInternal.resolveFile(pemKeyCertOptions.getCertPath()).getAbsolutePath());
                }
                if (pemKeyCertOptions.getCertValue() != null) {
                    return pemKeyCertOptions.getCertValue();
                }
                throw new RuntimeException("Missing X.509 certificate");
            });
        }
        PfxOptions pfxOptions = (PfxOptions) keyCertOptions;
        if (pfxOptions.getPath() != null) {
            supplier = () -> {
                return vertxInternal.fileSystem().readFileBlocking(vertxInternal.resolveFile(pfxOptions.getPath()).getAbsolutePath());
            };
        } else {
            if (pfxOptions.getValue() == null) {
                return null;
            }
            pfxOptions.getClass();
            supplier = pfxOptions::getValue;
        }
        return new JKSOrPKCS12("PKCS12", pfxOptions.getPassword(), supplier);
    }

    public static KeyStoreHelper create(VertxInternal vertxInternal, TrustOptions trustOptions) {
        if (trustOptions instanceof KeyCertOptions) {
            return create(vertxInternal, (KeyCertOptions) trustOptions);
        }
        if (!(trustOptions instanceof PemTrustOptions)) {
            return null;
        }
        PemTrustOptions pemTrustOptions = (PemTrustOptions) trustOptions;
        Stream<R> map = pemTrustOptions.getCertPaths().stream().map(str -> {
            return vertxInternal.resolveFile(str).getAbsolutePath();
        });
        FileSystem fileSystem = vertxInternal.fileSystem();
        fileSystem.getClass();
        return new CA(Stream.concat(map.map(fileSystem::readFileBlocking), pemTrustOptions.getCertValues().stream()));
    }

    public KeyStoreHelper(String str) {
        this.password = str;
    }

    public KeyManager[] getKeyMgrs(VertxInternal vertxInternal) throws Exception {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(loadStore(vertxInternal, this.password), this.password != null ? this.password.toCharArray() : null);
        return keyManagerFactory.getKeyManagers();
    }

    public TrustManager[] getTrustMgrs(VertxInternal vertxInternal) throws Exception {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(loadStore(vertxInternal, this.password));
        return trustManagerFactory.getTrustManagers();
    }

    protected abstract KeyStore loadStore(VertxInternal vertxInternal, String str) throws Exception;

    private static byte[] loadPem(Buffer buffer, String str) throws IOException {
        String obj = buffer.toString();
        String str2 = "-----BEGIN " + str + "-----";
        String str3 = "-----END " + str + "-----";
        int indexOf = obj.indexOf(str2);
        if (indexOf == -1) {
            throw new RuntimeException("Missing " + str2 + " delimiter");
        }
        int length = indexOf + str2.length();
        int indexOf2 = obj.indexOf(str3, length);
        if (indexOf2 == -1) {
            throw new RuntimeException("Missing " + str3 + " delimiter");
        }
        String replaceAll = obj.substring(length, indexOf2).replaceAll("\\s", "");
        if (replaceAll.length() == 0) {
            throw new RuntimeException("Empty pem file");
        }
        return Base64.getDecoder().decode(replaceAll);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static PrivateKey loadPrivateKey(Buffer buffer) throws Exception {
        if (buffer == null) {
            throw new RuntimeException("Missing private key path");
        }
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(loadPem(buffer, "PRIVATE KEY")));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Certificate[] loadCert(Buffer buffer) throws Exception {
        if (buffer == null) {
            throw new RuntimeException("Missing X.509 certificate path");
        }
        return (Certificate[]) CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(loadPem(buffer, "CERTIFICATE"))).toArray(new Certificate[0]);
    }
}
