package org.apache.ignite.internal.client.thin;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.function.BiFunction;
import java.util.function.Predicate;
import java.util.stream.Stream;
import javax.cache.configuration.Factory;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.ignite.client.SslMode;
import org.apache.ignite.client.SslProtocol;
import org.apache.ignite.configuration.ClientConfiguration;
import org.apache.ignite.ssl.SslContextFactory;

/* loaded from: input_file:org/apache/ignite/internal/client/thin/ClientSslUtils.class */
public class ClientSslUtils {
    public static final char[] EMPTY_CHARS = new char[0];
    private static final TrustManager ignoreErrorsTrustMgr = new X509TrustManager() { // from class: org.apache.ignite.internal.client.thin.ClientSslUtils.1
        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }
    };

    public static SSLContext getSslContext(ClientConfiguration clientConfiguration) {
        if (clientConfiguration.getSslMode() == SslMode.DISABLED) {
            return null;
        }
        Factory<SSLContext> sslContextFactory = clientConfiguration.getSslContextFactory();
        if (sslContextFactory != null) {
            try {
                return sslContextFactory.create();
            } catch (Exception e) {
                throw new ClientError("SSL Context Factory failed", e);
            }
        }
        BiFunction biFunction = (str, str2) -> {
            return (str == null || str.isEmpty()) ? str2 : str;
        };
        String str3 = (String) biFunction.apply(clientConfiguration.getSslClientCertificateKeyStorePath(), System.getProperty("javax.net.ssl.keyStore"));
        String str4 = (String) biFunction.apply(clientConfiguration.getSslClientCertificateKeyStoreType(), biFunction.apply(System.getProperty("javax.net.ssl.keyStoreType"), SslContextFactory.DFLT_STORE_TYPE));
        String str5 = (String) biFunction.apply(clientConfiguration.getSslClientCertificateKeyStorePassword(), System.getProperty("javax.net.ssl.keyStorePassword"));
        String str6 = (String) biFunction.apply(clientConfiguration.getSslTrustCertificateKeyStorePath(), System.getProperty("javax.net.ssl.trustStore"));
        String str7 = (String) biFunction.apply(clientConfiguration.getSslTrustCertificateKeyStoreType(), biFunction.apply(System.getProperty("javax.net.ssl.trustStoreType"), SslContextFactory.DFLT_STORE_TYPE));
        String str8 = (String) biFunction.apply(clientConfiguration.getSslTrustCertificateKeyStorePassword(), System.getProperty("javax.net.ssl.trustStorePassword"));
        String str9 = (String) biFunction.apply(clientConfiguration.getSslKeyAlgorithm(), SslContextFactory.DFLT_KEY_ALGORITHM);
        String clientSslUtils = toString(clientConfiguration.getSslProtocol());
        if (Stream.of((Object[]) new String[]{str3, str5, str6, str8}).allMatch(str10 -> {
            return str10 == null || str10.isEmpty();
        })) {
            try {
                return SSLContext.getDefault();
            } catch (NoSuchAlgorithmException e2) {
                throw new ClientError("Default SSL context cryptographic algorithm is not available", e2);
            }
        }
        KeyManager[] keyManagers = getKeyManagers(str9, str3, str4, str5);
        TrustManager[] trustManagers = clientConfiguration.isSslTrustAll() ? new TrustManager[]{ignoreErrorsTrustMgr} : getTrustManagers(str9, str6, str7, str8);
        try {
            SSLContext sSLContext = SSLContext.getInstance(clientSslUtils);
            sSLContext.init(keyManagers, trustManagers, null);
            return sSLContext;
        } catch (KeyManagementException e3) {
            throw new ClientError("Failed to create SSL Context", e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new ClientError("SSL context cryptographic algorithm is not available", e4);
        }
    }

    private static String toString(SslProtocol sslProtocol) {
        switch (sslProtocol) {
            case TLSv1_1:
                return "TLSv1.1";
            case TLSv1_2:
                return "TLSv1.2";
            default:
                return sslProtocol.toString();
        }
    }

    private static KeyManager[] getKeyManagers(String str, String str2, String str3, String str4) {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
            Predicate predicate = str5 -> {
                return str5 == null || str5.isEmpty();
            };
            if (!predicate.test(str2) && !predicate.test(str3)) {
                char[] charArray = str4 == null ? EMPTY_CHARS : str4.toCharArray();
                try {
                    keyManagerFactory.init(loadKeyStore("Client", str2, str3, charArray), charArray);
                } catch (KeyStoreException e) {
                    throw new ClientError(String.format("Client key store provider of type [%s] is not available", str3), e);
                } catch (NoSuchAlgorithmException e2) {
                    throw new ClientError("Client key store integrity check algorithm is not available", e2);
                } catch (UnrecoverableKeyException e3) {
                    throw new ClientError("Could not recover key store key", e3);
                }
            }
            return keyManagerFactory.getKeyManagers();
        } catch (NoSuchAlgorithmException e4) {
            throw new ClientError("Key manager cryptographic algorithm is not available", e4);
        }
    }

    private static TrustManager[] getTrustManagers(String str, String str2, String str3, String str4) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
            Predicate predicate = str5 -> {
                return str5 == null || str5.isEmpty();
            };
            if (!predicate.test(str2) && !predicate.test(str3)) {
                try {
                    trustManagerFactory.init(loadKeyStore("Trust", str2, str3, str4 == null ? EMPTY_CHARS : str4.toCharArray()));
                } catch (KeyStoreException e) {
                    throw new ClientError(String.format("Trust key store provider of type [%s] is not available", str3), e);
                }
            }
            return trustManagerFactory.getTrustManagers();
        } catch (NoSuchAlgorithmException e2) {
            throw new ClientError("Trust manager cryptographic algorithm is not available", e2);
        }
    }

    private static KeyStore loadKeyStore(String str, String str2, String str3, char[] cArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance(str3);
            try {
                FileInputStream fileInputStream = new FileInputStream(new File(str2));
                Throwable th = null;
                try {
                    try {
                        keyStore.load(fileInputStream, cArr);
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                        return keyStore;
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (fileInputStream != null) {
                        if (th != null) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    throw th3;
                }
            } catch (FileNotFoundException e) {
                throw new ClientError(String.format("%s key store file [%s] does not exist", str, str2), e);
            } catch (IOException e2) {
                throw new ClientError(String.format("Could not read %s key store", str), e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new ClientError(String.format("%s key store integrity check algorithm is not available", str), e3);
            } catch (CertificateException e4) {
                throw new ClientError(String.format("Could not load certificate from %s key store", str), e4);
            }
        } catch (KeyStoreException e5) {
            throw new ClientError(String.format("%s key store provider of type [%s] is not available", str, str3), e5);
        }
    }
}
