package org.apache.nifi.security.ssl;

import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.util.Objects;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;

/* loaded from: input_file:org/apache/nifi/security/ssl/StandardSslContextBuilder.class */
public class StandardSslContextBuilder implements SslContextBuilder {
    private static final String DEFAULT_PROTOCOL = "TLS";
    private String protocol = DEFAULT_PROTOCOL;
    private KeyStore keyStore;
    private char[] keyPassword;
    private KeyStore trustStore;

    @Override // org.apache.nifi.security.ssl.SslContextBuilder
    public SSLContext build() {
        SSLContext sslContext = getSslContext();
        try {
            sslContext.init(getKeyManagers(), getTrustManagers(), new SecureRandom());
            return sslContext;
        } catch (KeyManagementException e) {
            throw new BuilderConfigurationException("SSLContext initialization failed", e);
        }
    }

    public StandardSslContextBuilder protocol(String str) {
        this.protocol = (String) Objects.requireNonNull(str, "Protocol required");
        return this;
    }

    public StandardSslContextBuilder keyStore(KeyStore keyStore) {
        this.keyStore = (KeyStore) Objects.requireNonNull(keyStore, "Key Store required");
        return this;
    }

    public StandardSslContextBuilder keyPassword(char[] cArr) {
        this.keyPassword = (char[]) Objects.requireNonNull(cArr, "Key Password required");
        return this;
    }

    public StandardSslContextBuilder trustStore(KeyStore keyStore) {
        this.trustStore = (KeyStore) Objects.requireNonNull(keyStore, "Trust Store required");
        return this;
    }

    private KeyManager[] getKeyManagers() {
        KeyManager[] keyManagers;
        if (this.keyStore == null) {
            keyManagers = null;
        } else {
            KeyManagerFactory keyManagerFactory = getKeyManagerFactory();
            try {
                keyManagerFactory.init(this.keyStore, this.keyPassword);
                keyManagers = keyManagerFactory.getKeyManagers();
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                throw new BuilderConfigurationException("Key Manager initialization failed", e);
            }
        }
        return keyManagers;
    }

    private TrustManager[] getTrustManagers() {
        return this.trustStore == null ? null : new TrustManager[]{new StandardTrustManagerBuilder().trustStore(this.trustStore).build()};
    }

    private KeyManagerFactory getKeyManagerFactory() {
        String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
        try {
            return KeyManagerFactory.getInstance(defaultAlgorithm);
        } catch (NoSuchAlgorithmException e) {
            throw new BuilderConfigurationException(String.format("KeyManagerFactory creation failed with algorithm [%s]", defaultAlgorithm), e);
        }
    }

    private SSLContext getSslContext() {
        try {
            return SSLContext.getInstance(this.protocol);
        } catch (NoSuchAlgorithmException e) {
            throw new BuilderConfigurationException(String.format("SSLContext creation failed with protocol [%s]", this.protocol), e);
        }
    }
}
