package io.quarkus.tls.runtime;

import io.quarkus.tls.TlsConfiguration;
import io.quarkus.tls.runtime.config.TlsBucketConfig;
import io.quarkus.tls.runtime.config.TlsConfigUtils;
import io.vertx.core.Vertx;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.net.KeyCertOptions;
import io.vertx.core.net.SSLOptions;
import io.vertx.core.net.TrustOptions;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;

/* loaded from: input_file:io/quarkus/tls/runtime/VertxCertificateHolder.class */
public class VertxCertificateHolder implements TlsConfiguration {
    private final TlsBucketConfig config;
    private final List<Buffer> crls;
    private TrustOptions trustOptions;
    private KeyStore trustStore;
    private KeyCertOptions keyStoreOptions;
    private KeyStore keyStore;
    private final Vertx vertx;
    private final String name;

    /* JADX INFO: Access modifiers changed from: package-private */
    public VertxCertificateHolder(Vertx vertx, String str, TlsBucketConfig tlsBucketConfig, KeyStoreAndKeyCertOptions keyStoreAndKeyCertOptions, TrustStoreAndTrustOptions trustStoreAndTrustOptions) {
        this.config = tlsBucketConfig;
        this.vertx = vertx;
        this.name = str;
        if (keyStoreAndKeyCertOptions != null) {
            this.keyStoreOptions = keyStoreAndKeyCertOptions.options;
            this.keyStore = keyStoreAndKeyCertOptions.keyStore;
        } else {
            this.keyStoreOptions = null;
            this.keyStore = null;
        }
        if (trustStoreAndTrustOptions != null) {
            this.trustOptions = trustStoreAndTrustOptions.options;
            this.trustStore = trustStoreAndTrustOptions.trustStore;
        } else {
            this.trustOptions = null;
            this.trustStore = null;
        }
        this.crls = new ArrayList();
        if (config().certificateRevocationList().isPresent()) {
            Iterator<Path> it = config().certificateRevocationList().get().iterator();
            while (it.hasNext()) {
                this.crls.add(Buffer.buffer(TlsConfigUtils.read(it.next())));
            }
        }
    }

    public synchronized KeyCertOptions getKeyStoreOptions() {
        return this.keyStoreOptions;
    }

    public synchronized KeyStore getKeyStore() {
        return this.keyStore;
    }

    public synchronized TrustOptions getTrustStoreOptions() {
        return this.trustOptions;
    }

    public synchronized KeyStore getTrustStore() {
        return this.trustStore;
    }

    public synchronized SSLContext createSSLContext() throws Exception {
        KeyManager[] keyManagerArr = null;
        if (this.keyStoreOptions != null) {
            keyManagerArr = this.keyStoreOptions.getKeyManagerFactory(this.vertx).getKeyManagers();
        }
        TrustManager[] trustManagerArr = null;
        if (this.trustOptions != null) {
            trustManagerArr = this.trustOptions.getTrustManagerFactory(this.vertx).getTrustManagers();
        }
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerArr, trustManagerArr, new SecureRandom());
        return sSLContext;
    }

    public synchronized SSLOptions getSSLOptions() {
        SSLOptions sSLOptions = new SSLOptions();
        sSLOptions.setKeyCertOptions(getKeyStoreOptions());
        sSLOptions.setTrustOptions(getTrustStoreOptions());
        sSLOptions.setUseAlpn(config().alpn());
        sSLOptions.setSslHandshakeTimeoutUnit(TimeUnit.SECONDS);
        sSLOptions.setSslHandshakeTimeout(config().handshakeTimeout().toSeconds());
        sSLOptions.setEnabledSecureTransportProtocols(config().protocols());
        Iterator<Buffer> it = this.crls.iterator();
        while (it.hasNext()) {
            sSLOptions.addCrlValue(it.next());
        }
        Iterator<String> it2 = config().cipherSuites().orElse(Collections.emptyList()).iterator();
        while (it2.hasNext()) {
            sSLOptions.addEnabledCipherSuite(it2.next());
        }
        return sSLOptions;
    }

    public boolean isTrustAll() {
        return config().trustAll() || getTrustStoreOptions() == TrustAllOptions.INSTANCE;
    }

    public Optional<String> getHostnameVerificationAlgorithm() {
        return this.config.hostnameVerificationAlgorithm();
    }

    public boolean usesSni() {
        if (this.config.keyStore().isPresent()) {
            return this.config.keyStore().get().sni();
        }
        return false;
    }

    public boolean reload() {
        if (this.keyStore == null && this.trustStore == null) {
            return false;
        }
        KeyStoreAndKeyCertOptions keyStoreAndKeyCertOptions = null;
        TrustStoreAndTrustOptions trustStoreAndTrustOptions = null;
        if (this.keyStore != null) {
            try {
                keyStoreAndKeyCertOptions = CertificateRecorder.getKeyStore(this.config, this.vertx, this.name);
            } catch (Exception e) {
                return false;
            }
        }
        if (this.trustStore != null) {
            try {
                trustStoreAndTrustOptions = CertificateRecorder.getTrustStore(this.config, this.vertx, this.name);
            } catch (Exception e2) {
                return false;
            }
        } else if (this.config.trustAll()) {
            trustStoreAndTrustOptions = new TrustStoreAndTrustOptions(null, TrustAllOptions.INSTANCE);
        }
        if (keyStoreAndKeyCertOptions == null && trustStoreAndTrustOptions == null) {
            return false;
        }
        ArrayList arrayList = new ArrayList();
        if (config().certificateRevocationList().isPresent()) {
            Iterator<Path> it = config().certificateRevocationList().get().iterator();
            while (it.hasNext()) {
                arrayList.add(Buffer.buffer(TlsConfigUtils.read(it.next())));
            }
        }
        synchronized (this) {
            this.keyStoreOptions = keyStoreAndKeyCertOptions != null ? keyStoreAndKeyCertOptions.options : null;
            this.keyStore = keyStoreAndKeyCertOptions != null ? keyStoreAndKeyCertOptions.keyStore : null;
            this.trustOptions = trustStoreAndTrustOptions != null ? trustStoreAndTrustOptions.options : null;
            this.trustStore = trustStoreAndTrustOptions != null ? trustStoreAndTrustOptions.trustStore : null;
            this.crls.clear();
            this.crls.addAll(arrayList);
        }
        return true;
    }

    public String getName() {
        return this.name;
    }

    public TlsBucketConfig config() {
        return this.config;
    }
}
