package com.yahoo.jdisc.http.ssl.impl;

import com.yahoo.jdisc.http.ConnectorConfig;
import com.yahoo.jdisc.http.ssl.SslContextFactoryProvider;
import com.yahoo.security.KeyStoreBuilder;
import com.yahoo.security.KeyStoreType;
import com.yahoo.security.KeyUtils;
import com.yahoo.security.X509CertificateUtils;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyStore;
import org.eclipse.jetty.util.ssl.SslContextFactory;

/* loaded from: input_file:com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.class */
public class ConfiguredSslContextFactoryProvider implements SslContextFactoryProvider {
    private final ConnectorConfig connectorConfig;

    public ConfiguredSslContextFactoryProvider(ConnectorConfig connectorConfig) {
        validateConfig(connectorConfig.ssl());
        this.connectorConfig = connectorConfig;
    }

    @Override // com.yahoo.jdisc.http.ssl.SslContextFactoryProvider
    public SslContextFactory getInstance(String str, int i) {
        ConnectorConfig.Ssl ssl = this.connectorConfig.ssl();
        if (!ssl.enabled()) {
            throw new IllegalStateException();
        }
        JDiscSslContextFactory jDiscSslContextFactory = new JDiscSslContextFactory();
        switch (ssl.clientAuth()) {
            case NEED_AUTH:
                jDiscSslContextFactory.setNeedClientAuth(true);
                break;
            case WANT_AUTH:
                jDiscSslContextFactory.setWantClientAuth(true);
                break;
        }
        jDiscSslContextFactory.setKeyStore(createKeystore(ssl));
        jDiscSslContextFactory.setKeyStorePassword("");
        if (!ssl.caCertificateFile().isEmpty()) {
            jDiscSslContextFactory.setTrustStore(createTruststore(ssl));
        }
        jDiscSslContextFactory.setProtocol("TLS");
        return jDiscSslContextFactory;
    }

    private static void validateConfig(ConnectorConfig.Ssl ssl) {
        if (ssl.enabled()) {
            if (ssl.certificateFile().isEmpty()) {
                throw new IllegalArgumentException("Missing certificate file.");
            }
            if (ssl.privateKeyFile().isEmpty()) {
                throw new IllegalArgumentException("Missing private key file.");
            }
        }
    }

    private static KeyStore createTruststore(ConnectorConfig.Ssl ssl) {
        return KeyStoreBuilder.withType(KeyStoreType.JKS).withCertificateEntries("entry", X509CertificateUtils.certificateListFromPem(readToString(ssl.caCertificateFile()))).build();
    }

    private static KeyStore createKeystore(ConnectorConfig.Ssl ssl) {
        return KeyStoreBuilder.withType(KeyStoreType.JKS).withKeyEntry("default", KeyUtils.fromPemEncodedPrivateKey(readToString(ssl.privateKeyFile())), X509CertificateUtils.certificateListFromPem(readToString(ssl.certificateFile()))).build();
    }

    private static String readToString(String str) {
        try {
            return Files.readString(Paths.get(str, new String[0]), StandardCharsets.UTF_8);
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }
}
