package org.apache.ignite.internal.network.ssl;

import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.IOException;
import java.nio.file.NoSuchFileException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import org.apache.ignite.internal.network.configuration.SslView;
import org.apache.ignite.lang.ErrorGroups;
import org.apache.ignite.lang.IgniteException;

/* loaded from: input_file:org/apache/ignite/internal/network/ssl/SslContextProvider.class */
public final class SslContextProvider {
    private SslContextProvider() {
    }

    public static SslContext createClientSslContext(SslView sslView) {
        try {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(KeystoreLoader.load(sslView.trustStore()));
                SslContextBuilder trustManager = SslContextBuilder.forClient().trustManager(trustManagerFactory);
                setCiphers(trustManager, sslView);
                if (ClientAuth.NONE == ClientAuth.valueOf(sslView.clientAuth().toUpperCase())) {
                    return trustManager.build();
                }
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(KeystoreLoader.load(sslView.keyStore()), sslView.keyStore().password().toCharArray());
                trustManager.keyManager(keyManagerFactory);
                return trustManager.build();
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
                throw new IgniteException(ErrorGroups.Common.SSL_CONFIGURATION_ERR, e);
            }
        } catch (NoSuchFileException e2) {
            throw new IgniteException(ErrorGroups.Common.SSL_CONFIGURATION_ERR, String.format("File %s not found", e2.getMessage()), e2);
        }
    }

    public static SslContext createServerSslContext(SslView sslView) {
        try {
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(KeystoreLoader.load(sslView.keyStore()), sslView.keyStore().password().toCharArray());
                SslContextBuilder forServer = SslContextBuilder.forServer(keyManagerFactory);
                setCiphers(forServer, sslView);
                ClientAuth valueOf = ClientAuth.valueOf(sslView.clientAuth().toUpperCase());
                if (ClientAuth.NONE == valueOf) {
                    return forServer.build();
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(KeystoreLoader.load(sslView.trustStore()));
                forServer.clientAuth(valueOf).trustManager(trustManagerFactory);
                return forServer.build();
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
                throw new IgniteException(ErrorGroups.Common.SSL_CONFIGURATION_ERR, e);
            }
        } catch (NoSuchFileException e2) {
            throw new IgniteException(ErrorGroups.Common.SSL_CONFIGURATION_ERR, String.format("File %s not found", e2.getMessage()), e2);
        }
    }

    private static void setCiphers(SslContextBuilder sslContextBuilder, SslView sslView) {
        if (sslView.ciphers().isBlank()) {
            return;
        }
        sslContextBuilder.ciphers((List) Arrays.stream(sslView.ciphers().split(",")).map((v0) -> {
            return v0.strip();
        }).collect(Collectors.toList()));
    }
}
