package org.apache.ignite.ssl;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.concurrent.atomic.AtomicReference;
import javax.cache.configuration.Factory;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.ignite.IgniteException;
import org.apache.ignite.internal.util.typedef.internal.A;

/* loaded from: input_file:org/apache/ignite/ssl/SslContextFactory.class */
public class SslContextFactory implements Factory<SSLContext> {
    private static final long serialVersionUID = 0;
    public static final String DFLT_STORE_TYPE;
    public static final String DFLT_SSL_PROTOCOL = "TLS";

    @Deprecated
    public static final String IGNITE_KEY_ALGORITHM_PROPERTY = "ssl.key.algorithm";
    public static final String DFLT_KEY_ALGORITHM;
    private String keyStoreFilePath;
    private char[] keyStorePwd;
    private String trustStoreFilePath;
    private char[] trustStorePwd;
    private TrustManager[] trustMgrs;
    private String[] cipherSuites;
    private String[] protocols;
    static final /* synthetic */ boolean $assertionsDisabled;
    private String proto = DFLT_SSL_PROTOCOL;
    private String keyAlgorithm = DFLT_KEY_ALGORITHM;
    private String keyStoreType = DFLT_STORE_TYPE;
    private String trustStoreType = DFLT_STORE_TYPE;
    private final AtomicReference<SSLContext> sslCtx = new AtomicReference<>();

    /* loaded from: input_file:org/apache/ignite/ssl/SslContextFactory$DisabledX509TrustManager.class */
    private static class DisabledX509TrustManager implements X509TrustManager {
        private static final X509Certificate[] CERTS = new X509Certificate[0];

        private DisabledX509TrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return CERTS;
        }
    }

    public String getKeyStoreType() {
        return this.keyStoreType;
    }

    public void setKeyStoreType(String str) {
        A.notNull(str, "keyStoreType");
        this.keyStoreType = str;
    }

    public String getTrustStoreType() {
        return this.trustStoreType;
    }

    public void setTrustStoreType(String str) {
        A.notNull(str, "trustStoreType");
        this.trustStoreType = str;
    }

    public String getProtocol() {
        return this.proto;
    }

    public void setProtocol(String str) {
        A.notNull(str, "proto");
        this.proto = str;
    }

    public String getKeyAlgorithm() {
        return this.keyAlgorithm;
    }

    public void setKeyAlgorithm(String str) {
        A.notNull(str, "keyAlgorithm");
        this.keyAlgorithm = str;
    }

    public String getKeyStoreFilePath() {
        return this.keyStoreFilePath;
    }

    public void setKeyStoreFilePath(String str) {
        A.notNull(str, "keyStoreFilePath");
        this.keyStoreFilePath = str;
    }

    public char[] getKeyStorePassword() {
        return this.keyStorePwd;
    }

    public void setKeyStorePassword(char[] cArr) {
        A.notNull(cArr, "keyStorePwd");
        this.keyStorePwd = cArr;
    }

    public String getTrustStoreFilePath() {
        return this.trustStoreFilePath;
    }

    public void setTrustStoreFilePath(String str) {
        this.trustStoreFilePath = str;
    }

    public char[] getTrustStorePassword() {
        return this.trustStorePwd;
    }

    public void setTrustStorePassword(char[] cArr) {
        this.trustStorePwd = cArr;
    }

    public TrustManager[] getTrustManagers() {
        return this.trustMgrs;
    }

    public void setTrustManagers(TrustManager... trustManagerArr) {
        this.trustMgrs = trustManagerArr;
    }

    public static TrustManager getDisabledTrustManager() {
        return new DisabledX509TrustManager();
    }

    public void setCipherSuites(String... strArr) {
        this.cipherSuites = strArr;
    }

    public String[] getCipherSuites() {
        return this.cipherSuites;
    }

    public String[] getProtocols() {
        return this.protocols;
    }

    public void setProtocols(String... strArr) {
        this.protocols = strArr;
    }

    private SSLContext createSslContext() throws SSLException {
        checkParameters();
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.keyAlgorithm);
            keyManagerFactory.init(loadKeyStore(this.keyStoreType, this.keyStoreFilePath, this.keyStorePwd), this.keyStorePwd);
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            TrustManager[] trustManagerArr = this.trustMgrs;
            if (trustManagerArr == null) {
                try {
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this.keyAlgorithm);
                    trustManagerFactory.init(loadKeyStore(this.trustStoreType, this.trustStoreFilePath, this.trustStorePwd));
                    trustManagerArr = trustManagerFactory.getTrustManagers();
                } catch (NoSuchAlgorithmException e) {
                    throw new SSLException("Unsupported keystore algorithm: " + this.keyAlgorithm, e);
                } catch (GeneralSecurityException e2) {
                    throw new SSLException("Failed to initialize key store (security exception occurred) [type=" + this.keyStoreType + ", keyStorePath=" + this.keyStoreFilePath + ']', e2);
                }
            }
            try {
                SSLContext sSLContext = SSLContext.getInstance(this.proto);
                if (this.cipherSuites != null || this.protocols != null) {
                    SSLParameters sSLParameters = new SSLParameters();
                    if (this.cipherSuites != null) {
                        sSLParameters.setCipherSuites(this.cipherSuites);
                    }
                    if (this.protocols != null) {
                        sSLParameters.setProtocols(this.protocols);
                    }
                    sSLContext = new SSLContextWrapper(sSLContext, sSLParameters);
                }
                sSLContext.init(keyManagers, trustManagerArr, null);
                return sSLContext;
            } catch (KeyManagementException e3) {
                throw new SSLException("Failed to initialized SSL context.", e3);
            } catch (NoSuchAlgorithmException e4) {
                throw new SSLException("Unsupported SSL protocol: " + this.proto, e4);
            }
        } catch (NoSuchAlgorithmException e5) {
            throw new SSLException("Unsupported keystore algorithm: " + this.keyAlgorithm, e5);
        } catch (GeneralSecurityException e6) {
            throw new SSLException("Failed to initialize key store (security exception occurred) [type=" + this.keyStoreType + ", keyStorePath=" + this.keyStoreFilePath + ']', e6);
        }
    }

    private String parameters() {
        StringBuilder append = new StringBuilder("[keyStoreType=").append(this.keyStoreType);
        append.append(", proto=").append(this.proto).append(", keyStoreFile=").append(this.keyStoreFilePath);
        if (this.trustMgrs != null) {
            append.append(", trustMgrs=").append(Arrays.toString(this.trustMgrs));
        } else {
            append.append(", trustStoreFile=").append(this.trustStoreFilePath);
        }
        append.append(']');
        return append.toString();
    }

    private void checkParameters() throws SSLException {
        if (!$assertionsDisabled && this.keyStoreType == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && this.proto == null) {
            throw new AssertionError();
        }
        checkNullParameter(this.keyStoreFilePath, "keyStoreFilePath");
        checkNullParameter(this.keyStorePwd, "keyStorePwd");
        if (this.trustMgrs == null) {
            if (this.trustStoreFilePath == null) {
                throw new SSLException("Failed to initialize SSL context (either trustStoreFilePath or trustManagers must be provided)");
            }
            checkNullParameter(this.trustStorePwd, "trustStorePwd");
        }
    }

    private void checkNullParameter(Object obj, String str) throws SSLException {
        if (obj == null) {
            throw new SSLException("Failed to initialize SSL context (parameter cannot be null): " + str);
        }
    }

    protected InputStream openFileInputStream(String str) throws IOException {
        return new FileInputStream(str);
    }

    private KeyStore loadKeyStore(String str, String str2, char[] cArr) throws SSLException {
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            InputStream openFileInputStream = openFileInputStream(str2);
            Throwable th = null;
            try {
                try {
                    keyStore.load(openFileInputStream, cArr);
                    if (openFileInputStream != null) {
                        if (0 != 0) {
                            try {
                                openFileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            openFileInputStream.close();
                        }
                    }
                    return keyStore;
                } finally {
                }
            } catch (Throwable th3) {
                if (openFileInputStream != null) {
                    if (th != null) {
                        try {
                            openFileInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        openFileInputStream.close();
                    }
                }
                throw th3;
            }
        } catch (FileNotFoundException e) {
            throw new SSLException("Failed to initialize key store (key store file was not found): [path=" + str2 + ", msg=" + e.getMessage() + ']');
        } catch (IOException e2) {
            throw new SSLException("Failed to initialize key store (I/O error occurred): " + str2, e2);
        } catch (GeneralSecurityException e3) {
            throw new SSLException("Failed to initialize key store (security exception occurred) [type=" + str + ", keyStorePath=" + this.keyStoreFilePath + ']', e3);
        }
    }

    public String toString() {
        return getClass().getSimpleName() + parameters();
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public SSLContext m2065create() {
        SSLContext sSLContext = this.sslCtx.get();
        if (sSLContext == null) {
            try {
                sSLContext = createSslContext();
                if (!this.sslCtx.compareAndSet(null, sSLContext)) {
                    sSLContext = this.sslCtx.get();
                }
            } catch (SSLException e) {
                throw new IgniteException(e);
            }
        }
        return sSLContext;
    }

    static {
        $assertionsDisabled = !SslContextFactory.class.desiredAssertionStatus();
        DFLT_STORE_TYPE = System.getProperty("javax.net.ssl.keyStoreType", "JKS");
        DFLT_KEY_ALGORITHM = System.getProperty("ssl.KeyManagerFactory.algorithm", System.getProperty(IGNITE_KEY_ALGORITHM_PROPERTY, "SunX509"));
    }
}
