package org.apache.servicecomb.foundation.vertx;

import com.netflix.config.ConcurrentCompositeConfiguration;
import io.vertx.core.http.ClientAuth;
import io.vertx.core.http.HttpClientOptions;
import io.vertx.core.net.ClientOptionsBase;
import io.vertx.core.net.JksOptions;
import io.vertx.core.net.NetServerOptions;
import io.vertx.core.net.OpenSSLEngineOptions;
import io.vertx.core.net.PfxOptions;
import io.vertx.core.net.TCPSSLOptions;
import java.io.File;
import java.util.Arrays;
import java.util.HashSet;
import org.apache.servicecomb.foundation.ssl.SSLCustom;
import org.apache.servicecomb.foundation.ssl.SSLManager;
import org.apache.servicecomb.foundation.ssl.SSLOption;
import org.apache.servicecomb.foundation.ssl.SSLOptionFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/servicecomb/foundation/vertx/VertxTLSBuilder.class */
public final class VertxTLSBuilder {
    private static final Logger LOGGER = LoggerFactory.getLogger(VertxTLSBuilder.class);
    private static final String STORE_PKCS12 = "PKCS12";
    private static final String STORE_JKS = "JKS";

    private VertxTLSBuilder() {
    }

    public static NetServerOptions buildNetServerOptions(SSLOption sSLOption, SSLCustom sSLCustom, NetServerOptions netServerOptions) {
        buildTCPSSLOptions(sSLOption, sSLCustom, netServerOptions);
        if (sSLOption.isAuthPeer()) {
            netServerOptions.setClientAuth(ClientAuth.REQUIRED);
        } else {
            netServerOptions.setClientAuth(ClientAuth.REQUEST);
        }
        return netServerOptions;
    }

    public static void buildHttpClientOptions(String str, HttpClientOptions httpClientOptions) {
        SSLOptionFactory createSSLOptionFactory = SSLOptionFactory.createSSLOptionFactory(str, (ConcurrentCompositeConfiguration) null);
        SSLOption buildFromYaml = createSSLOptionFactory == null ? SSLOption.buildFromYaml(str) : createSSLOptionFactory.createSSLOption();
        buildHttpClientOptions(buildFromYaml, SSLCustom.createSSLCustom(buildFromYaml.getSslCustomClass()), httpClientOptions);
    }

    public static HttpClientOptions buildHttpClientOptions(SSLOption sSLOption, SSLCustom sSLCustom, HttpClientOptions httpClientOptions) {
        buildClientOptionsBase(sSLOption, sSLCustom, httpClientOptions);
        httpClientOptions.setVerifyHost(sSLOption.isCheckCNHost());
        return httpClientOptions;
    }

    public static ClientOptionsBase buildClientOptionsBase(SSLOption sSLOption, SSLCustom sSLCustom, ClientOptionsBase clientOptionsBase) {
        buildTCPSSLOptions(sSLOption, sSLCustom, clientOptionsBase);
        if (sSLOption.isAuthPeer()) {
            clientOptionsBase.setTrustAll(false);
        } else {
            clientOptionsBase.setTrustAll(true);
        }
        return clientOptionsBase;
    }

    private static TCPSSLOptions buildTCPSSLOptions(SSLOption sSLOption, SSLCustom sSLCustom, TCPSSLOptions tCPSSLOptions) {
        tCPSSLOptions.setSsl(true);
        if (sSLOption.getEngine().equalsIgnoreCase("openssl")) {
            new OpenSSLEngineOptions().setSessionCacheEnabled(true);
            tCPSSLOptions.setOpenSslEngineOptions(new OpenSSLEngineOptions());
        }
        String fullPath = sSLCustom.getFullPath(sSLOption.getKeyStore());
        if (!isFileExists(fullPath)) {
            LOGGER.warn("keyStore [" + fullPath + "] file not exist, please check!");
        } else if (STORE_PKCS12.equalsIgnoreCase(sSLOption.getKeyStoreType())) {
            PfxOptions pfxOptions = new PfxOptions();
            pfxOptions.setPath(sSLCustom.getFullPath(sSLOption.getKeyStore()));
            pfxOptions.setPassword(new String(sSLCustom.decode(sSLOption.getKeyStoreValue().toCharArray())));
            tCPSSLOptions.setPfxKeyCertOptions(pfxOptions);
        } else {
            if (!STORE_JKS.equalsIgnoreCase(sSLOption.getKeyStoreType())) {
                throw new IllegalArgumentException("invalid key store type.");
            }
            JksOptions jksOptions = new JksOptions();
            jksOptions.setPath(sSLCustom.getFullPath(sSLOption.getKeyStore()));
            jksOptions.setPassword(new String(sSLCustom.decode(sSLOption.getKeyStoreValue().toCharArray())));
            tCPSSLOptions.setKeyStoreOptions(jksOptions);
        }
        String fullPath2 = sSLCustom.getFullPath(sSLOption.getTrustStore());
        if (!isFileExists(fullPath2)) {
            LOGGER.warn("trustStore [" + fullPath2 + "] file not exist, please check!");
        } else if (STORE_PKCS12.equalsIgnoreCase(sSLOption.getTrustStoreType())) {
            PfxOptions pfxOptions2 = new PfxOptions();
            pfxOptions2.setPath(sSLCustom.getFullPath(sSLOption.getTrustStore()));
            pfxOptions2.setPassword(new String(sSLCustom.decode(sSLOption.getTrustStoreValue().toCharArray())));
            tCPSSLOptions.setPfxTrustOptions(pfxOptions2);
        } else {
            if (!STORE_JKS.equalsIgnoreCase(sSLOption.getTrustStoreType())) {
                throw new IllegalArgumentException("invalid trust store type.");
            }
            JksOptions jksOptions2 = new JksOptions();
            jksOptions2.setPath(sSLCustom.getFullPath(sSLOption.getTrustStore()));
            jksOptions2.setPassword(new String(sSLCustom.decode(sSLOption.getTrustStoreValue().toCharArray())));
            tCPSSLOptions.setTrustStoreOptions(jksOptions2);
        }
        tCPSSLOptions.setEnabledSecureTransportProtocols(new HashSet(Arrays.asList(sSLOption.getProtocols().split(","))));
        for (String str : SSLManager.getEnabledCiphers(sSLOption.getCiphers())) {
            tCPSSLOptions.addEnabledCipherSuite(str);
        }
        if (isFileExists(sSLCustom.getFullPath(sSLOption.getCrl()))) {
            tCPSSLOptions.addCrlPath(sSLCustom.getFullPath(sSLOption.getCrl()));
        }
        return tCPSSLOptions;
    }

    private static boolean isFileExists(String str) {
        if (str == null || str.isEmpty()) {
            return false;
        }
        return new File(str).exists();
    }
}
