package org.apache.kafka.common.security.ssl;

import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManagerFactory;
import org.apache.kafka.common.Configurable;
import org.apache.kafka.common.KafkaException;
import org.apache.kafka.common.config.SslConfigs;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.network.Mode;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-439.zip:modules/system/layers/fuse/org/apache/kafka/clients/main/kafka-clients-0.11.0.1.jar:org/apache/kafka/common/security/ssl/SslFactory.class */
public class SslFactory implements Configurable {
    private final Mode mode;
    private final String clientAuthConfigOverride;
    private String protocol;
    private String provider;
    private String kmfAlgorithm;
    private String tmfAlgorithm;
    private SecurityStore keystore;
    private Password keyPassword;
    private SecurityStore truststore;
    private String[] cipherSuites;
    private String[] enabledProtocols;
    private String endpointIdentification;
    private SecureRandom secureRandomImplementation;
    private SSLContext sslContext;
    private boolean needClientAuth;
    private boolean wantClientAuth;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-439.zip:modules/system/layers/fuse/org/apache/kafka/clients/main/kafka-clients-0.11.0.1.jar:org/apache/kafka/common/security/ssl/SslFactory$SecurityStore.class */
    public static class SecurityStore {
        private final String type;
        private final String path;
        private final Password password;

        private SecurityStore(String str, String str2, Password password) {
            this.type = str == null ? KeyStore.getDefaultType() : str;
            this.path = str2;
            this.password = password;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public KeyStore load() throws GeneralSecurityException, IOException {
            FileInputStream fileInputStream = null;
            try {
                KeyStore keyStore = KeyStore.getInstance(this.type);
                fileInputStream = new FileInputStream(this.path);
                keyStore.load(fileInputStream, this.password != null ? this.password.value().toCharArray() : null);
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                return keyStore;
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        }
    }

    public SslFactory(Mode mode) {
        this(mode, null);
    }

    public SslFactory(Mode mode, String str) {
        this.keystore = null;
        this.mode = mode;
        this.clientAuthConfigOverride = str;
    }

    @Override // org.apache.kafka.common.Configurable
    public void configure(Map<String, ?> map) throws KafkaException {
        this.protocol = (String) map.get(SslConfigs.SSL_PROTOCOL_CONFIG);
        this.provider = (String) map.get(SslConfigs.SSL_PROVIDER_CONFIG);
        List list = (List) map.get(SslConfigs.SSL_CIPHER_SUITES_CONFIG);
        if (list != null) {
            this.cipherSuites = (String[]) list.toArray(new String[list.size()]);
        }
        List list2 = (List) map.get(SslConfigs.SSL_ENABLED_PROTOCOLS_CONFIG);
        if (list2 != null) {
            this.enabledProtocols = (String[]) list2.toArray(new String[list2.size()]);
        }
        String str = (String) map.get(SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG);
        if (str != null) {
            this.endpointIdentification = str;
        }
        String str2 = (String) map.get(SslConfigs.SSL_SECURE_RANDOM_IMPLEMENTATION_CONFIG);
        if (str2 != null) {
            try {
                this.secureRandomImplementation = SecureRandom.getInstance(str2);
            } catch (GeneralSecurityException e) {
                throw new KafkaException(e);
            }
        }
        String str3 = this.clientAuthConfigOverride;
        if (str3 == null) {
            str3 = (String) map.get(SslConfigs.SSL_CLIENT_AUTH_CONFIG);
        }
        if (str3 != null) {
            if (str3.equals("required")) {
                this.needClientAuth = true;
            } else if (str3.equals("requested")) {
                this.wantClientAuth = true;
            }
        }
        this.kmfAlgorithm = (String) map.get(SslConfigs.SSL_KEYMANAGER_ALGORITHM_CONFIG);
        this.tmfAlgorithm = (String) map.get(SslConfigs.SSL_TRUSTMANAGER_ALGORITHM_CONFIG);
        createKeystore((String) map.get(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG), (String) map.get(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG), (Password) map.get(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG), (Password) map.get(SslConfigs.SSL_KEY_PASSWORD_CONFIG));
        createTruststore((String) map.get(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG), (String) map.get(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG), (Password) map.get(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG));
        try {
            this.sslContext = createSSLContext();
        } catch (Exception e2) {
            throw new KafkaException(e2);
        }
    }

    private SSLContext createSSLContext() throws GeneralSecurityException, IOException {
        SSLContext sSLContext = this.provider != null ? SSLContext.getInstance(this.protocol, this.provider) : SSLContext.getInstance(this.protocol);
        KeyManager[] keyManagerArr = null;
        if (this.keystore != null) {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.kmfAlgorithm != null ? this.kmfAlgorithm : KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(this.keystore.load(), (this.keyPassword != null ? this.keyPassword : this.keystore.password).value().toCharArray());
            keyManagerArr = keyManagerFactory.getKeyManagers();
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this.tmfAlgorithm != null ? this.tmfAlgorithm : TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(this.truststore == null ? null : this.truststore.load());
        sSLContext.init(keyManagerArr, trustManagerFactory.getTrustManagers(), this.secureRandomImplementation);
        return sSLContext;
    }

    public SSLEngine createSslEngine(String str, int i) {
        SSLEngine createSSLEngine = this.sslContext.createSSLEngine(str, i);
        if (this.cipherSuites != null) {
            createSSLEngine.setEnabledCipherSuites(this.cipherSuites);
        }
        if (this.enabledProtocols != null) {
            createSSLEngine.setEnabledProtocols(this.enabledProtocols);
        }
        if (this.mode == Mode.SERVER) {
            createSSLEngine.setUseClientMode(false);
            if (this.needClientAuth) {
                createSSLEngine.setNeedClientAuth(this.needClientAuth);
            } else {
                createSSLEngine.setWantClientAuth(this.wantClientAuth);
            }
        } else {
            createSSLEngine.setUseClientMode(true);
            SSLParameters sSLParameters = createSSLEngine.getSSLParameters();
            sSLParameters.setEndpointIdentificationAlgorithm(this.endpointIdentification);
            createSSLEngine.setSSLParameters(sSLParameters);
        }
        return createSSLEngine;
    }

    public SSLContext sslContext() {
        return this.sslContext;
    }

    private void createKeystore(String str, String str2, Password password, Password password2) {
        if (str2 == null && password != null) {
            throw new KafkaException("SSL key store is not specified, but key store password is specified.");
        }
        if (str2 != null && password == null) {
            throw new KafkaException("SSL key store is specified, but key store password is not specified.");
        }
        if (str2 == null || password == null) {
            return;
        }
        this.keystore = new SecurityStore(str, str2, password);
        this.keyPassword = password2;
    }

    private void createTruststore(String str, String str2, Password password) {
        if (str2 == null && password != null) {
            throw new KafkaException("SSL trust store is not specified, but trust store password is specified.");
        }
        if (str2 != null) {
            this.truststore = new SecurityStore(str, str2, password);
        }
    }
}
