package org.apache.qpid.protonj2.test.driver.netty;

import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.File;
import java.io.FileInputStream;
import java.net.URI;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import org.apache.qpid.protonj2.test.driver.ProtonTestClientOptions;
import org.apache.qpid.protonj2.test.driver.ProtonTestServerOptions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/qpid/protonj2/test/driver/netty/SslSupport.class */
public class SslSupport {
    private static final Logger LOG = LoggerFactory.getLogger(SslSupport.class);

    public static SslHandler createClientSslHandler(URI uri, ProtonTestClientOptions protonTestClientOptions) throws Exception {
        SSLContext sslContextOverride = protonTestClientOptions.getSslContextOverride();
        if (sslContextOverride == null) {
            sslContextOverride = createClientJdkSslContext(protonTestClientOptions);
        }
        return new SslHandler(createClientJdkSslEngine(uri, sslContextOverride, protonTestClientOptions));
    }

    public static SslHandler createServerSslHandler(URI uri, ProtonTestServerOptions protonTestServerOptions) throws Exception {
        SSLContext sslContextOverride = protonTestServerOptions.getSslContextOverride();
        if (sslContextOverride == null) {
            sslContextOverride = createServerJdkSslContext(protonTestServerOptions);
        }
        return new SslHandler(createServerJdkSslEngine(uri, sslContextOverride, protonTestServerOptions));
    }

    public static SSLContext createClientJdkSslContext(ProtonTestClientOptions protonTestClientOptions) throws Exception {
        try {
            String contextProtocol = protonTestClientOptions.getContextProtocol();
            LOG.trace("Getting SSLContext instance using protocol: {}", contextProtocol);
            SSLContext sSLContext = SSLContext.getInstance(contextProtocol);
            sSLContext.init(loadKeyManagers(protonTestClientOptions), loadTrustManagers(protonTestClientOptions), new SecureRandom());
            return sSLContext;
        } catch (Exception e) {
            LOG.error("Failed to create SSLContext: {}", e, e);
            throw e;
        }
    }

    public static SSLContext createServerJdkSslContext(ProtonTestServerOptions protonTestServerOptions) throws Exception {
        try {
            String contextProtocol = protonTestServerOptions.getContextProtocol();
            LOG.trace("Getting SSLContext instance using protocol: {}", contextProtocol);
            SSLContext sSLContext = SSLContext.getInstance(contextProtocol);
            sSLContext.init(loadKeyManagers(protonTestServerOptions), loadTrustManagers(protonTestServerOptions), new SecureRandom());
            return sSLContext;
        } catch (Exception e) {
            LOG.error("Failed to create SSLContext: {}", e, e);
            throw e;
        }
    }

    public static SSLEngine createClientJdkSslEngine(URI uri, SSLContext sSLContext, ProtonTestClientOptions protonTestClientOptions) throws Exception {
        SSLEngine createSSLEngine = uri == null ? sSLContext.createSSLEngine() : sSLContext.createSSLEngine(uri.getHost(), uri.getPort());
        createSSLEngine.setEnabledProtocols(buildEnabledProtocols(createSSLEngine, protonTestClientOptions));
        createSSLEngine.setEnabledCipherSuites(buildEnabledCipherSuites(createSSLEngine, protonTestClientOptions));
        createSSLEngine.setUseClientMode(true);
        createSSLEngine.setNeedClientAuth(protonTestClientOptions.isNeedClientAuth());
        if (protonTestClientOptions.isVerifyHost()) {
            SSLParameters sSLParameters = createSSLEngine.getSSLParameters();
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            createSSLEngine.setSSLParameters(sSLParameters);
        }
        return createSSLEngine;
    }

    public static SSLEngine createServerJdkSslEngine(URI uri, SSLContext sSLContext, ProtonTestServerOptions protonTestServerOptions) throws Exception {
        SSLEngine createSSLEngine = uri == null ? sSLContext.createSSLEngine() : sSLContext.createSSLEngine(uri.getHost(), uri.getPort());
        createSSLEngine.setEnabledProtocols(buildEnabledProtocols(createSSLEngine, protonTestServerOptions));
        createSSLEngine.setEnabledCipherSuites(buildEnabledCipherSuites(createSSLEngine, protonTestServerOptions));
        createSSLEngine.setUseClientMode(false);
        createSSLEngine.setNeedClientAuth(protonTestServerOptions.isNeedClientAuth());
        if (protonTestServerOptions.isVerifyHost()) {
            SSLParameters sSLParameters = createSSLEngine.getSSLParameters();
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            createSSLEngine.setSSLParameters(sSLParameters);
        }
        return createSSLEngine;
    }

    private static String[] buildEnabledProtocols(SSLEngine sSLEngine, ProtonTestClientOptions protonTestClientOptions) {
        ArrayList arrayList = new ArrayList();
        if (protonTestClientOptions.getEnabledProtocols() != null) {
            List asList = Arrays.asList(protonTestClientOptions.getEnabledProtocols());
            LOG.trace("Configured protocols from transport options: {}", asList);
            arrayList.addAll(asList);
        } else {
            List asList2 = Arrays.asList(sSLEngine.getEnabledProtocols());
            LOG.trace("Default protocols from the SSLEngine: {}", asList2);
            arrayList.addAll(asList2);
        }
        String[] disabledProtocols = protonTestClientOptions.getDisabledProtocols();
        if (disabledProtocols != null) {
            List asList3 = Arrays.asList(disabledProtocols);
            LOG.trace("Disabled protocols: {}", asList3);
            arrayList.removeAll(asList3);
        }
        LOG.trace("Enabled protocols: {}", arrayList);
        return (String[]) arrayList.toArray(new String[0]);
    }

    private static String[] buildEnabledProtocols(SSLEngine sSLEngine, ProtonTestServerOptions protonTestServerOptions) {
        ArrayList arrayList = new ArrayList();
        if (protonTestServerOptions.getEnabledProtocols() != null) {
            List asList = Arrays.asList(protonTestServerOptions.getEnabledProtocols());
            LOG.trace("Configured protocols from transport options: {}", asList);
            arrayList.addAll(asList);
        } else {
            List asList2 = Arrays.asList(sSLEngine.getEnabledProtocols());
            LOG.trace("Default protocols from the SSLEngine: {}", asList2);
            arrayList.addAll(asList2);
        }
        String[] disabledProtocols = protonTestServerOptions.getDisabledProtocols();
        if (disabledProtocols != null) {
            List asList3 = Arrays.asList(disabledProtocols);
            LOG.trace("Disabled protocols: {}", asList3);
            arrayList.removeAll(asList3);
        }
        LOG.trace("Enabled protocols: {}", arrayList);
        return (String[]) arrayList.toArray(new String[0]);
    }

    private static String[] buildEnabledCipherSuites(SSLEngine sSLEngine, ProtonTestServerOptions protonTestServerOptions) {
        ArrayList arrayList = new ArrayList();
        if (protonTestServerOptions.getEnabledCipherSuites() != null) {
            List asList = Arrays.asList(protonTestServerOptions.getEnabledCipherSuites());
            LOG.trace("Configured cipher suites from transport options: {}", asList);
            arrayList.addAll(asList);
        } else {
            List asList2 = Arrays.asList(sSLEngine.getEnabledCipherSuites());
            LOG.trace("Default cipher suites from the SSLEngine: {}", asList2);
            arrayList.addAll(asList2);
        }
        String[] disabledCipherSuites = protonTestServerOptions.getDisabledCipherSuites();
        if (disabledCipherSuites != null) {
            List asList3 = Arrays.asList(disabledCipherSuites);
            LOG.trace("Disabled cipher suites: {}", asList3);
            arrayList.removeAll(asList3);
        }
        LOG.trace("Enabled cipher suites: {}", arrayList);
        return (String[]) arrayList.toArray(new String[0]);
    }

    private static String[] buildEnabledCipherSuites(SSLEngine sSLEngine, ProtonTestClientOptions protonTestClientOptions) {
        ArrayList arrayList = new ArrayList();
        if (protonTestClientOptions.getEnabledCipherSuites() != null) {
            List asList = Arrays.asList(protonTestClientOptions.getEnabledCipherSuites());
            LOG.trace("Configured cipher suites from transport options: {}", asList);
            arrayList.addAll(asList);
        } else {
            List asList2 = Arrays.asList(sSLEngine.getEnabledCipherSuites());
            LOG.trace("Default cipher suites from the SSLEngine: {}", asList2);
            arrayList.addAll(asList2);
        }
        String[] disabledCipherSuites = protonTestClientOptions.getDisabledCipherSuites();
        if (disabledCipherSuites != null) {
            List asList3 = Arrays.asList(disabledCipherSuites);
            LOG.trace("Disabled cipher suites: {}", asList3);
            arrayList.removeAll(asList3);
        }
        LOG.trace("Enabled cipher suites: {}", arrayList);
        return (String[]) arrayList.toArray(new String[0]);
    }

    private static TrustManager[] loadTrustManagers(ProtonTestClientOptions protonTestClientOptions) throws Exception {
        TrustManagerFactory loadTrustManagerFactory = loadTrustManagerFactory(protonTestClientOptions);
        if (loadTrustManagerFactory != null) {
            return loadTrustManagerFactory.getTrustManagers();
        }
        return null;
    }

    private static TrustManager[] loadTrustManagers(ProtonTestServerOptions protonTestServerOptions) throws Exception {
        TrustManagerFactory loadTrustManagerFactory = loadTrustManagerFactory(protonTestServerOptions);
        if (loadTrustManagerFactory != null) {
            return loadTrustManagerFactory.getTrustManagers();
        }
        return null;
    }

    private static TrustManagerFactory loadTrustManagerFactory(ProtonTestClientOptions protonTestClientOptions) throws Exception {
        if (protonTestClientOptions.isTrustAll()) {
            return InsecureTrustManagerFactory.INSTANCE;
        }
        if (protonTestClientOptions.getTrustStoreLocation() == null) {
            return null;
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        String trustStoreLocation = protonTestClientOptions.getTrustStoreLocation();
        String trustStorePassword = protonTestClientOptions.getTrustStorePassword();
        String trustStoreType = protonTestClientOptions.getTrustStoreType();
        LOG.trace("Attempt to load TrustStore from location {} of type {}", trustStoreLocation, trustStoreType);
        trustManagerFactory.init(loadStore(trustStoreLocation, trustStorePassword, trustStoreType));
        return trustManagerFactory;
    }

    private static TrustManagerFactory loadTrustManagerFactory(ProtonTestServerOptions protonTestServerOptions) throws Exception {
        if (protonTestServerOptions.isTrustAll()) {
            return InsecureTrustManagerFactory.INSTANCE;
        }
        if (protonTestServerOptions.getTrustStoreLocation() == null) {
            return null;
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        String trustStoreLocation = protonTestServerOptions.getTrustStoreLocation();
        String trustStorePassword = protonTestServerOptions.getTrustStorePassword();
        String trustStoreType = protonTestServerOptions.getTrustStoreType();
        LOG.trace("Attempt to load TrustStore from location {} of type {}", trustStoreLocation, trustStoreType);
        trustManagerFactory.init(loadStore(trustStoreLocation, trustStorePassword, trustStoreType));
        return trustManagerFactory;
    }

    private static KeyManager[] loadKeyManagers(ProtonTestClientOptions protonTestClientOptions) throws Exception {
        if (protonTestClientOptions.getKeyStoreLocation() == null) {
            return null;
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        String keyStoreLocation = protonTestClientOptions.getKeyStoreLocation();
        String keyStorePassword = protonTestClientOptions.getKeyStorePassword();
        String keyStoreType = protonTestClientOptions.getKeyStoreType();
        String keyAlias = protonTestClientOptions.getKeyAlias();
        LOG.trace("Attempt to load KeyStore from location {} of type {}", keyStoreLocation, keyStoreType);
        KeyStore loadStore = loadStore(keyStoreLocation, keyStorePassword, keyStoreType);
        keyManagerFactory.init(loadStore, keyStorePassword != null ? keyStorePassword.toCharArray() : null);
        if (keyAlias == null) {
            return keyManagerFactory.getKeyManagers();
        }
        validateAlias(loadStore, keyAlias);
        return wrapKeyManagers(keyAlias, keyManagerFactory.getKeyManagers());
    }

    private static KeyManager[] loadKeyManagers(ProtonTestServerOptions protonTestServerOptions) throws Exception {
        if (protonTestServerOptions.getKeyStoreLocation() == null) {
            return null;
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        String keyStoreLocation = protonTestServerOptions.getKeyStoreLocation();
        String keyStorePassword = protonTestServerOptions.getKeyStorePassword();
        String keyStoreType = protonTestServerOptions.getKeyStoreType();
        String keyAlias = protonTestServerOptions.getKeyAlias();
        LOG.trace("Attempt to load KeyStore from location {} of type {}", keyStoreLocation, keyStoreType);
        KeyStore loadStore = loadStore(keyStoreLocation, keyStorePassword, keyStoreType);
        keyManagerFactory.init(loadStore, keyStorePassword != null ? keyStorePassword.toCharArray() : null);
        if (keyAlias == null) {
            return keyManagerFactory.getKeyManagers();
        }
        validateAlias(loadStore, keyAlias);
        return wrapKeyManagers(keyAlias, keyManagerFactory.getKeyManagers());
    }

    private static KeyManager[] wrapKeyManagers(String str, KeyManager[] keyManagerArr) {
        KeyManager[] keyManagerArr2 = new KeyManager[keyManagerArr.length];
        for (int i = 0; i < keyManagerArr.length; i++) {
            KeyManager keyManager = keyManagerArr[i];
            if (keyManager instanceof X509ExtendedKeyManager) {
                keyManager = new X509AliasKeyManager(str, (X509ExtendedKeyManager) keyManager);
            }
            keyManagerArr2[i] = keyManager;
        }
        return keyManagerArr2;
    }

    private static void validateAlias(KeyStore keyStore, String str) throws IllegalArgumentException, KeyStoreException {
        if (!keyStore.containsAlias(str)) {
            throw new IllegalArgumentException("The alias '" + str + "' doesn't exist in the key store");
        }
        if (!keyStore.isKeyEntry(str)) {
            throw new IllegalArgumentException("The alias '" + str + "' in the keystore doesn't represent a key entry");
        }
    }

    private static KeyStore loadStore(String str, String str2, String str3) throws Exception {
        char[] charArray;
        KeyStore keyStore = KeyStore.getInstance(str3);
        FileInputStream fileInputStream = new FileInputStream(new File(str));
        if (str2 != null) {
            try {
                charArray = str2.toCharArray();
            } catch (Throwable th) {
                try {
                    fileInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } else {
            charArray = null;
        }
        keyStore.load(fileInputStream, charArray);
        fileInputStream.close();
        return keyStore;
    }
}
