package com.mapr.web.security;

import com.mapr.security.FipsLoader;
import com.mapr.web.security.SslConfig;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.security.KeyStore;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Collections;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mapr/web/security/SslFactory.class */
public class SslFactory {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SslFactory.class);

    private SslFactory() {
    }

    public static SSLContext getSslContext() throws Exception {
        return getSslContext(SslConfig.SslConfigScope.SCOPE_ALL);
    }

    public static SSLContext getSslContext(SslConfig.SslConfigScope sslConfigScope) throws Exception {
        SslConfig sslConfig = WebSecurityConfig.CONFIG.getSslConfig(sslConfigScope);
        try {
            TrustManagerFactory trustManagerFactoryImpl = getTrustManagerFactoryImpl(sslConfig);
            Provider provider = trustManagerFactoryImpl.getProvider();
            TrustManager[] trustManagers = trustManagerFactoryImpl.getTrustManagers();
            SecureRandom secureRandom = SecureRandom.getInstance("DEFAULT", provider);
            KeyManager[] keyManagers = sslConfigScope == SslConfig.SslConfigScope.SCOPE_ALL ? getKeyManagerFactoryImpl(sslConfig).getKeyManagers() : null;
            SSLContext sSLContext = SSLContext.getInstance("TLS", provider);
            sSLContext.init(keyManagers, trustManagers, secureRandom);
            if (Collections.singletonList(sslConfig).get(0) != null) {
                sslConfig.close();
            }
            return sSLContext;
        } catch (Throwable th) {
            if (Collections.singletonList(sslConfig).get(0) != null) {
                sslConfig.close();
            }
            throw th;
        }
    }

    public static KeyManagerFactory getKeyManagerFactory() throws Exception {
        SslConfig sslConfig = WebSecurityConfig.CONFIG.getSslConfig(SslConfig.SslConfigScope.SCOPE_ALL);
        try {
            return getKeyManagerFactoryImpl(sslConfig);
        } finally {
            if (Collections.singletonList(sslConfig).get(0) != null) {
                sslConfig.close();
            }
        }
    }

    public static TrustManagerFactory getTrustManagerFactory() throws Exception {
        SslConfig sslConfig = WebSecurityConfig.CONFIG.getSslConfig(SslConfig.SslConfigScope.SCOPE_CLIENT_ONLY);
        try {
            return getTrustManagerFactoryImpl(sslConfig);
        } finally {
            if (Collections.singletonList(sslConfig).get(0) != null) {
                sslConfig.close();
            }
        }
    }

    private static KeyManagerFactory getKeyManagerFactoryImpl(SslConfig sslConfig) throws Exception {
        String serverKeystoreType = sslConfig.getServerKeystoreType();
        File file = new File(sslConfig.getServerKeystoreLocation());
        if (!file.exists()) {
            throw new FileNotFoundException("Unable to find or load the server keystore file" + file);
        }
        log.debug("Initializing Java KeyManagerFactory with keystore '{}', type '{}', algorithm '{}'.", file, serverKeystoreType, "PKIX");
        String provider = getProvider(sslConfig.getServerKeystoreFileType());
        KeyStore keyStore = KeyStore.getInstance(serverKeystoreType);
        keyStore.load(new FileInputStream(file), sslConfig.getServerKeystorePassword());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("PKIX", provider);
        keyManagerFactory.init(keyStore, sslConfig.getServerKeyPassword());
        return keyManagerFactory;
    }

    private static TrustManagerFactory getTrustManagerFactoryImpl(SslConfig sslConfig) throws Exception {
        String clientTruststoreType = sslConfig.getClientTruststoreType();
        File file = new File(sslConfig.getClientTruststoreLocation());
        if (!file.exists()) {
            throw new FileNotFoundException("Unable to find or load the client trust store file" + file);
        }
        log.debug("Initializing Java TrustManagerFactory with trust store '{}', type '{}', algorithm '{}'.", file, clientTruststoreType, "PKIX");
        String provider = getProvider(sslConfig.getClientTruststoreFileType());
        KeyStore keyStore = KeyStore.getInstance(clientTruststoreType);
        keyStore.load(new FileInputStream(file), sslConfig.getClientTruststorePassword());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX", provider);
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    private static String getProvider(KeystoreFileType keystoreFileType) {
        switch (keystoreFileType) {
            case JKS:
                return SslConfig.JDK_JSEE_PROVIDER;
            case BCFKS:
                FipsLoader.loadFipsProviders();
                return "BCJSSE";
            default:
                throw new IllegalArgumentException("Unsupported Java Keystore type: " + keystoreFileType);
        }
    }
}
