package co.cask.cdap.security.tools;

import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.Security;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import org.jboss.netty.handler.ssl.SslHandler;

/* loaded from: input_file:co/cask/cdap/security/tools/SSLHandlerFactory.class */
public class SSLHandlerFactory {
    private static final String protocol = "TLS";
    private final SSLContext serverContext;

    public SSLHandlerFactory(File file, String str, String str2, String str3) {
        if (file == null) {
            throw new IllegalArgumentException("Key Store Path Not Configured");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("KeyStore Password Not Configured");
        }
        String property = Security.getProperty("ssl.KeyManagerFactory.algorithm");
        property = property == null ? "SunX509" : property;
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                keyStore.load(fileInputStream, str2.toCharArray());
                fileInputStream.close();
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(property);
                keyManagerFactory.init(keyStore, str3 != null ? str3.toCharArray() : str2.toCharArray());
                this.serverContext = SSLContext.getInstance(protocol);
                this.serverContext.init(keyManagerFactory.getKeyManagers(), null, null);
            } catch (Throwable th) {
                fileInputStream.close();
                throw th;
            }
        } catch (Exception e) {
            throw new IllegalArgumentException("Failed to initialize the server-side SSLContext", e);
        }
    }

    public SslHandler create() {
        SSLEngine createSSLEngine = this.serverContext.createSSLEngine();
        createSSLEngine.setUseClientMode(false);
        SslHandler sslHandler = new SslHandler(createSSLEngine);
        sslHandler.setEnableRenegotiation(false);
        return sslHandler;
    }
}
