package de.codecentric.reedelk.rest.internal.server.configurer;

import de.codecentric.reedelk.rest.component.RESTListenerConfiguration;
import de.codecentric.reedelk.rest.component.listener.CertificateAndPrivateKeyConfiguration;
import de.codecentric.reedelk.rest.component.listener.KeyStoreConfiguration;
import de.codecentric.reedelk.rest.component.listener.SecurityConfiguration;
import de.codecentric.reedelk.rest.component.listener.ServerSecurityType;
import de.codecentric.reedelk.rest.component.listener.TrustStoreConfiguration;
import de.codecentric.reedelk.rest.internal.commons.HttpProtocol;
import de.codecentric.reedelk.runtime.api.commons.ComponentPrecondition;
import de.codecentric.reedelk.runtime.api.component.Implementor;
import de.codecentric.reedelk.runtime.api.exception.PlatformException;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.Objects;
import java.util.Optional;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import reactor.netty.tcp.TcpServer;

/* loaded from: input_file:de/codecentric/reedelk/rest/internal/server/configurer/ServerSecurityConfigurer.class */
public class ServerSecurityConfigurer {
    public static TcpServer configure(Class<? extends Implementor> cls, TcpServer tcpServer, RESTListenerConfiguration rESTListenerConfiguration) {
        if (HttpProtocol.HTTPS.equals(rESTListenerConfiguration.getProtocol()) && rESTListenerConfiguration.getSecurityConfiguration() != null) {
            SecurityConfiguration securityConfiguration = rESTListenerConfiguration.getSecurityConfiguration();
            return tcpServer.secure(sslContextSpec -> {
                SslContextBuilder forServer;
                ServerSecurityType type = securityConfiguration.getType();
                if (ServerSecurityType.KEY_STORE.equals(type)) {
                    forServer = SslContextBuilder.forServer(getKeyManagerFactory(cls, (KeyStoreConfiguration) Objects.requireNonNull(securityConfiguration.getKeyStore(), "key store config")));
                } else {
                    if (!ServerSecurityType.CERTIFICATE_AND_PRIVATE_KEY.equals(type)) {
                        throw new PlatformException("Wrong config");
                    }
                    CertificateAndPrivateKeyConfiguration certificateAndPrivateKeyConfiguration = (CertificateAndPrivateKeyConfiguration) Objects.requireNonNull(securityConfiguration.getCertificateAndPrivateKey(), "certificate and private key configuration");
                    forServer = SslContextBuilder.forServer(new File(certificateAndPrivateKeyConfiguration.getCertificateFile()), new File(certificateAndPrivateKeyConfiguration.getPrivateKeyFile()));
                }
                if (securityConfiguration.getUseTrustStore() != null && securityConfiguration.getUseTrustStore().booleanValue()) {
                    forServer.trustManager(getTrustManagerFactory(cls, (TrustStoreConfiguration) Objects.requireNonNull(securityConfiguration.getTrustStoreConfiguration(), "trust store config")));
                }
                try {
                    sslContextSpec.sslContext(forServer.build());
                } catch (SSLException e) {
                    throw new PlatformException(e);
                }
            });
        }
        return tcpServer;
    }

    private static TrustManagerFactory getTrustManagerFactory(Class<? extends Implementor> cls, TrustStoreConfiguration trustStoreConfiguration) {
        String type = trustStoreConfiguration.getType();
        String algorithm = trustStoreConfiguration.getAlgorithm();
        String requireNotBlank = ComponentPrecondition.Configuration.requireNotBlank(cls, trustStoreConfiguration.getPath(), "Trust store location must not be empty");
        String requireNotBlank2 = ComponentPrecondition.Configuration.requireNotBlank(cls, trustStoreConfiguration.getPassword(), "Trust store password must not be empty");
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance((String) Optional.ofNullable(algorithm).orElse(TrustManagerFactory.getDefaultAlgorithm()));
            KeyStore keyStore = type == null ? KeyStore.getInstance(KeyStore.getDefaultType()) : KeyStore.getInstance(type);
            FileInputStream fileInputStream = new FileInputStream(requireNotBlank);
            try {
                keyStore.load(fileInputStream, requireNotBlank2.toCharArray());
                fileInputStream.close();
                trustManagerFactory.init(keyStore);
                return trustManagerFactory;
            } finally {
            }
        } catch (Exception e) {
            throw new PlatformException(e);
        }
    }

    private static KeyManagerFactory getKeyManagerFactory(Class<? extends Implementor> cls, KeyStoreConfiguration keyStoreConfiguration) {
        String type = keyStoreConfiguration.getType();
        String algorithm = keyStoreConfiguration.getAlgorithm();
        String requireNotBlank = ComponentPrecondition.Configuration.requireNotBlank(cls, keyStoreConfiguration.getPath(), "Key store location must not be empty");
        String requireNotBlank2 = ComponentPrecondition.Configuration.requireNotBlank(cls, keyStoreConfiguration.getPassword(), "Key store password must not be empty");
        try {
            String str = (String) Optional.ofNullable(algorithm).orElse(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = type == null ? KeyStore.getInstance(KeyStore.getDefaultType()) : KeyStore.getInstance(type);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
            FileInputStream fileInputStream = new FileInputStream(requireNotBlank);
            try {
                keyStore.load(fileInputStream, requireNotBlank2.toCharArray());
                fileInputStream.close();
                keyManagerFactory.init(keyStore, requireNotBlank2.toCharArray());
                return keyManagerFactory;
            } finally {
            }
        } catch (Exception e) {
            throw new PlatformException(e);
        }
    }
}
