package co.cask.http;

import com.google.common.io.Closeables;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.Security;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.jboss.netty.handler.ssl.SslHandler;

/* loaded from: input_file:lib/netty-http-0.15.0.jar:co/cask/http/SSLHandlerFactory.class */
public class SSLHandlerFactory {
    private static final String protocol = "TLS";
    private final SSLContext serverContext;
    private boolean needClientAuth;

    public SSLHandlerFactory(SSLConfig sSLConfig) {
        String property = Security.getProperty("ssl.KeyManagerFactory.algorithm");
        property = property == null ? "SunX509" : property;
        try {
            KeyStore keyStore = getKeyStore(sSLConfig.getKeyStore(), sSLConfig.getKeyStorePassword());
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(property);
            keyManagerFactory.init(keyStore, sSLConfig.getCertificatePassword() != null ? sSLConfig.getCertificatePassword().toCharArray() : sSLConfig.getKeyStorePassword().toCharArray());
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            TrustManager[] trustManagerArr = null;
            if (sSLConfig.getTrustKeyStore() != null) {
                this.needClientAuth = true;
                KeyStore keyStore2 = getKeyStore(sSLConfig.getTrustKeyStore(), sSLConfig.getTrustKeyStorePassword());
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(property);
                trustManagerFactory.init(keyStore2);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            }
            this.serverContext = SSLContext.getInstance(protocol);
            this.serverContext.init(keyManagers, trustManagerArr, null);
        } catch (Exception e) {
            throw new IllegalArgumentException("Failed to initialize the server-side SSLContext", e);
        }
    }

    private static KeyStore getKeyStore(File file, String str) throws IOException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(fileInputStream, str.toCharArray());
                Closeables.closeQuietly(fileInputStream);
                return keyStore;
            } catch (Exception e) {
                if (e instanceof RuntimeException) {
                    throw ((RuntimeException) e);
                }
                throw new IOException(e);
            }
        } catch (Throwable th) {
            Closeables.closeQuietly(fileInputStream);
            throw th;
        }
    }

    public SslHandler create() {
        SSLEngine createSSLEngine = this.serverContext.createSSLEngine();
        createSSLEngine.setNeedClientAuth(this.needClientAuth);
        createSSLEngine.setUseClientMode(false);
        return new SslHandler(createSSLEngine);
    }
}
