package com.terracotta.management.security.impl;

import com.terracotta.management.keychain.URIKeyName;
import com.terracotta.management.security.KeyChainAccessor;
import com.terracotta.management.security.SSLContextFactory;
import com.terracotta.management.security.SecretUtils;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.terracotta.management.resource.services.Utils;

/* loaded from: input_file:com/terracotta/management/security/impl/TMCStoresSSLContextFactory.class */
public final class TMCStoresSSLContextFactory implements SSLContextFactory {
    private static final String JVM_ID_LOCATION_PROP = "javax.net.ssl.keyStore";
    private static final String JVM_ID_PASSWD_PROP = "javax.net.ssl.keyStorePassword";
    private static final String JVM_TRUST_LOCATION_PROP = "javax.net.ssl.trustStore";
    private static final String JVM_TRUST_PASSWD_PROP = "javax.net.ssl.trustStorePassword";
    private static final String SS_PROTOCOL = "TLS";
    private static final String FILE_URI_PREFIX = "file://";
    private static final String SECURE_RNDM_ALG = "SHA1PRNG";
    private final KeyChainAccessor keyChainAccessor;
    private final String idStoreLocation;
    private final String trustStoreLocation;
    private final boolean usingClientAuth;

    public TMCStoresSSLContextFactory(KeyChainAccessor keyChainAccessor, String str, String str2) {
        this(keyChainAccessor, str, str2, false);
    }

    public TMCStoresSSLContextFactory(KeyChainAccessor keyChainAccessor, String str, String str2, boolean z) {
        this.keyChainAccessor = keyChainAccessor;
        this.idStoreLocation = System.getProperty(JVM_ID_LOCATION_PROP) == null ? str : System.getProperty(JVM_ID_LOCATION_PROP);
        this.trustStoreLocation = System.getProperty(JVM_TRUST_LOCATION_PROP) == null ? str2 : System.getProperty(JVM_TRUST_LOCATION_PROP);
        this.usingClientAuth = z;
    }

    @Override // com.terracotta.management.security.SSLContextFactory
    public SSLContext create() throws NoSuchAlgorithmException, IOException, KeyStoreException, CertificateException, UnrecoverableKeyException, KeyManagementException, URISyntaxException {
        TrustManager[] trustManagers;
        KeyManagerFactory prepareKeyManagerFactory = prepareKeyManagerFactory();
        TrustManagerFactory prepareTrustManagerFactory = prepareTrustManagerFactory();
        if (Boolean.getBoolean("tc.ssl.trustAllCerts")) {
            trustManagers = new TrustManager[]{new X509TrustManager() { // from class: com.terracotta.management.security.impl.TMCStoresSSLContextFactory.1
                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                }
            }};
        } else {
            trustManagers = prepareTrustManagerFactory == null ? null : prepareTrustManagerFactory.getTrustManagers();
        }
        SSLContext sSLContext = SSLContext.getInstance(SS_PROTOCOL);
        sSLContext.init(prepareKeyManagerFactory == null ? null : prepareKeyManagerFactory.getKeyManagers(), trustManagers, SecureRandom.getInstance(SECURE_RNDM_ALG));
        return sSLContext;
    }

    @Override // com.terracotta.management.security.SSLContextFactory
    public boolean isUsingClientAuth() {
        return this.usingClientAuth;
    }

    private KeyManagerFactory prepareKeyManagerFactory() throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException, UnrecoverableKeyException, URISyntaxException {
        KeyManagerFactory keyManagerFactory = null;
        if (this.idStoreLocation != null) {
            File file = new File(this.idStoreLocation);
            if (file.exists()) {
                char[] locateKeyStorePassword = locateKeyStorePassword(JVM_ID_PASSWD_PROP, this.idStoreLocation);
                keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(new FileInputStream(file), locateKeyStorePassword);
                keyManagerFactory.init(keyStore, locateKeyStorePassword);
            }
        }
        return keyManagerFactory;
    }

    private TrustManagerFactory prepareTrustManagerFactory() throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException, UnrecoverableKeyException, URISyntaxException {
        TrustManagerFactory trustManagerFactory = null;
        if (this.trustStoreLocation != null) {
            File file = new File(this.trustStoreLocation);
            if (file.exists()) {
                char[] locateKeyStorePassword = locateKeyStorePassword(JVM_TRUST_PASSWD_PROP, this.trustStoreLocation);
                trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(new FileInputStream(file), locateKeyStorePassword);
                trustManagerFactory.init(keyStore);
            }
        }
        return trustManagerFactory;
    }

    private char[] locateKeyStorePassword(String str, String str2) throws URISyntaxException {
        char[] charArray;
        String property = System.getProperty(str);
        if (Utils.trimToNull(property) == null) {
            byte[] retrieveSecret = this.keyChainAccessor.retrieveSecret(new URIKeyName(new URI(FILE_URI_PREFIX + str2)));
            if (retrieveSecret == null) {
                throw new RuntimeException(String.format("Failure creating SSLContext because the store password could not be located for %s.", str2));
            }
            charArray = SecretUtils.toCharsAndWipe(retrieveSecret);
        } else {
            charArray = property.toCharArray();
        }
        return charArray;
    }
}
