package org.apache.qpid.jms.transports;

import io.netty.handler.ssl.SslHandler;
import java.io.File;
import java.io.FileInputStream;
import java.net.URI;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/qpid/jms/transports/TransportSupport.class */
public class TransportSupport {
    private static final Logger LOG = LoggerFactory.getLogger(TransportSupport.class);

    public static SslHandler createSslHandler(URI uri, TransportSslOptions transportSslOptions) throws Exception {
        return new SslHandler(createSslEngine(uri, createSslContext(transportSslOptions), transportSslOptions));
    }

    public static SSLContext createSslContext(TransportSslOptions transportSslOptions) throws Exception {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(loadKeyManagers(transportSslOptions), transportSslOptions.isTrustAll() ? new TrustManager[]{createTrustAllTrustManager()} : loadTrustManagers(transportSslOptions), new SecureRandom());
            return sSLContext;
        } catch (Exception e) {
            LOG.error("Failed to create SSLContext: {}", e, e);
            throw e;
        }
    }

    public static SSLEngine createSslEngine(SSLContext sSLContext, TransportSslOptions transportSslOptions) throws Exception {
        SSLEngine createSSLEngine = sSLContext.createSSLEngine();
        createSSLEngine.setEnabledProtocols(transportSslOptions.getEnabledProtocols());
        createSSLEngine.setUseClientMode(true);
        if (transportSslOptions.isVerifyHost()) {
            SSLParameters sSLParameters = createSSLEngine.getSSLParameters();
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            createSSLEngine.setSSLParameters(sSLParameters);
        }
        return createSSLEngine;
    }

    public static SSLEngine createSslEngine(URI uri, SSLContext sSLContext, TransportSslOptions transportSslOptions) throws Exception {
        SSLEngine createSSLEngine = sSLContext.createSSLEngine(uri.getHost(), uri.getPort());
        createSSLEngine.setEnabledProtocols(transportSslOptions.getEnabledProtocols());
        createSSLEngine.setUseClientMode(true);
        if (transportSslOptions.isVerifyHost()) {
            SSLParameters sSLParameters = createSSLEngine.getSSLParameters();
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            createSSLEngine.setSSLParameters(sSLParameters);
        }
        return createSSLEngine;
    }

    private static TrustManager[] loadTrustManagers(TransportSslOptions transportSslOptions) throws Exception {
        if (transportSslOptions.getTrustStoreLocation() == null) {
            return null;
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        String trustStoreLocation = transportSslOptions.getTrustStoreLocation();
        String trustStorePassword = transportSslOptions.getTrustStorePassword();
        String storeType = transportSslOptions.getStoreType();
        LOG.trace("Attempt to load TrustStore from location {} of type {}", trustStoreLocation, storeType);
        trustManagerFactory.init(loadStore(trustStoreLocation, trustStorePassword, storeType));
        return trustManagerFactory.getTrustManagers();
    }

    private static KeyManager[] loadKeyManagers(TransportSslOptions transportSslOptions) throws Exception {
        if (transportSslOptions.getKeyStoreLocation() == null) {
            return null;
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        String keyStoreLocation = transportSslOptions.getKeyStoreLocation();
        String keyStorePassword = transportSslOptions.getKeyStorePassword();
        String storeType = transportSslOptions.getStoreType();
        LOG.trace("Attempt to load KeyStore from location {} of type {}", keyStoreLocation, storeType);
        keyManagerFactory.init(loadStore(keyStoreLocation, keyStorePassword, storeType), keyStorePassword != null ? keyStorePassword.toCharArray() : null);
        return keyManagerFactory.getKeyManagers();
    }

    private static KeyStore loadStore(String str, String str2, String str3) throws Exception {
        char[] charArray;
        KeyStore keyStore = KeyStore.getInstance(str3);
        FileInputStream fileInputStream = new FileInputStream(new File(str));
        Throwable th = null;
        if (str2 != null) {
            try {
                try {
                    charArray = str2.toCharArray();
                } finally {
                }
            } catch (Throwable th2) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th2;
            }
        } else {
            charArray = null;
        }
        keyStore.load(fileInputStream, charArray);
        if (fileInputStream != null) {
            if (0 != 0) {
                try {
                    fileInputStream.close();
                } catch (Throwable th4) {
                    th.addSuppressed(th4);
                }
            } else {
                fileInputStream.close();
            }
        }
        return keyStore;
    }

    private static TrustManager createTrustAllTrustManager() {
        return new X509TrustManager() { // from class: org.apache.qpid.jms.transports.TransportSupport.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        };
    }
}
