package water.network;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.channels.ByteChannel;
import java.nio.channels.SocketChannel;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import water.H2O;
import water.util.Log;

/* loaded from: input_file:water/network/SSLSocketChannelFactory.class */
public class SSLSocketChannelFactory {
    private static final String DEFAULT_TLS_VERSION = "TLSv1.2";
    private SSLContext sslContext = null;
    private SSLProperties properties = null;

    public SSLSocketChannelFactory() throws SSLContextException {
        try {
            File file = new File(H2O.ARGS.internal_security_conf);
            SSLProperties sSLProperties = H2O.ARGS.internal_security_conf_rel_paths ? new SSLProperties(file.getParentFile()) : new SSLProperties();
            sSLProperties.load(new FileInputStream(file));
            init(sSLProperties);
        } catch (IOException e) {
            Log.err("Failed to initialized SSL context.", e);
            throw new SSLContextException("Failed to initialized SSL context.", e);
        }
    }

    public SSLSocketChannelFactory(SSLProperties sSLProperties) throws SSLContextException {
        init(sSLProperties);
    }

    private void init(SSLProperties sSLProperties) throws SSLContextException {
        this.properties = sSLProperties;
        try {
            if (requiredParamsPresent()) {
                this.sslContext = SSLContext.getInstance(this.properties.h2o_ssl_protocol(DEFAULT_TLS_VERSION));
                this.sslContext.init(keyManager(), trustManager(), null);
            } else {
                this.sslContext = SSLContext.getDefault();
            }
        } catch (IOException e) {
            Log.err("Failed to initialized SSL context.", e);
            throw new SSLContextException("Failed to initialized SSL context.", e);
        } catch (KeyManagementException e2) {
            Log.err("Failed to initialized SSL context.", e2);
            throw new SSLContextException("Failed to initialized SSL context.", e2);
        } catch (KeyStoreException e3) {
            Log.err("Failed to initialized SSL context.", e3);
            throw new SSLContextException("Failed to initialized SSL context.", e3);
        } catch (NoSuchAlgorithmException e4) {
            Log.err("Failed to initialized SSL context.", e4);
            throw new SSLContextException("Failed to initialized SSL context.", e4);
        } catch (UnrecoverableKeyException e5) {
            Log.err("Failed to initialized SSL context.", e5);
            throw new SSLContextException("Failed to initialized SSL context.", e5);
        } catch (CertificateException e6) {
            Log.err("Failed to initialized SSL context.", e6);
            throw new SSLContextException("Failed to initialized SSL context.", e6);
        }
    }

    private boolean requiredParamsPresent() {
        return (null == this.properties.h2o_ssl_jks_internal() || null == this.properties.h2o_ssl_jks_password()) ? false : true;
    }

    private TrustManager[] trustManager() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(new FileInputStream(this.properties.h2o_ssl_jts()), this.properties.h2o_ssl_jts_password().toCharArray());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    private KeyManager[] keyManager() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(new FileInputStream(this.properties.h2o_ssl_jks_internal()), this.properties.h2o_ssl_jks_password().toCharArray());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, this.properties.h2o_ssl_jks_password().toCharArray());
        return keyManagerFactory.getKeyManagers();
    }

    public ByteChannel wrapClientChannel(SocketChannel socketChannel, String str, int i) throws IOException {
        SSLEngine createSSLEngine = this.sslContext.createSSLEngine(str, i);
        createSSLEngine.setUseClientMode(false);
        if (null != this.properties.h2o_ssl_enabled_algorithms()) {
            createSSLEngine.setEnabledCipherSuites(this.properties.h2o_ssl_enabled_algorithms());
        }
        return new SSLSocketChannel(socketChannel, createSSLEngine);
    }

    public ByteChannel wrapServerChannel(SocketChannel socketChannel) throws IOException {
        SSLEngine createSSLEngine = this.sslContext.createSSLEngine();
        createSSLEngine.setUseClientMode(true);
        if (null != this.properties.h2o_ssl_enabled_algorithms()) {
            createSSLEngine.setEnabledCipherSuites(this.properties.h2o_ssl_enabled_algorithms());
        }
        return new SSLSocketChannel(socketChannel, createSSLEngine);
    }

    SSLProperties getProperties() {
        return this.properties;
    }
}
