package com.yahoo.security;

import com.yahoo.security.tls.AutoReloadingX509KeyManager;
import com.yahoo.security.tls.KeyManagerUtils;
import com.yahoo.security.tls.TrustManagerUtils;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;

/* loaded from: input_file:com/yahoo/security/SslContextBuilder.class */
public class SslContextBuilder {
    private char[] keyStorePassword;
    private X509ExtendedKeyManager keyManager;
    private KeyStoreSupplier trustStoreSupplier = () -> {
        return null;
    };
    private KeyStoreSupplier keyStoreSupplier = () -> {
        return null;
    };
    private TrustManagerFactory trustManagerFactory = TrustManagerUtils::createDefaultX509TrustManager;
    private KeyManagerFactory keyManagerFactory = KeyManagerUtils::createDefaultX509KeyManager;

    @FunctionalInterface
    /* loaded from: input_file:com/yahoo/security/SslContextBuilder$KeyManagerFactory.class */
    public interface KeyManagerFactory {
        X509ExtendedKeyManager createKeyManager(KeyStore keyStore, char[] cArr) throws GeneralSecurityException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/yahoo/security/SslContextBuilder$KeyStoreSupplier.class */
    public interface KeyStoreSupplier {
        KeyStore get() throws IOException, GeneralSecurityException;
    }

    @FunctionalInterface
    /* loaded from: input_file:com/yahoo/security/SslContextBuilder$TrustManagerFactory.class */
    public interface TrustManagerFactory {
        X509ExtendedTrustManager createTrustManager(KeyStore keyStore) throws GeneralSecurityException;
    }

    public SslContextBuilder withTrustStore(Path path, KeyStoreType keyStoreType) {
        this.trustStoreSupplier = () -> {
            return KeyStoreBuilder.withType(keyStoreType).fromFile(path).build();
        };
        return this;
    }

    public SslContextBuilder withTrustStore(KeyStore keyStore) {
        this.trustStoreSupplier = () -> {
            return keyStore;
        };
        return this;
    }

    public SslContextBuilder withTrustStore(X509Certificate x509Certificate) {
        return withTrustStore(Collections.singletonList(x509Certificate));
    }

    public SslContextBuilder withTrustStore(List<X509Certificate> list) {
        this.trustStoreSupplier = () -> {
            return createTrustStore(list);
        };
        return this;
    }

    public SslContextBuilder withTrustStore(Path path) {
        this.trustStoreSupplier = () -> {
            return createTrustStore(X509CertificateUtils.certificateListFromPem(new String(Files.readAllBytes(path))));
        };
        return this;
    }

    public SslContextBuilder withKeyStore(PrivateKey privateKey, X509Certificate x509Certificate) {
        return withKeyStore(privateKey, Collections.singletonList(x509Certificate));
    }

    public SslContextBuilder withKeyStore(PrivateKey privateKey, List<X509Certificate> list) {
        this.keyStoreSupplier = () -> {
            return KeyStoreBuilder.withType(KeyStoreType.JKS).withKeyEntry(AutoReloadingX509KeyManager.CERTIFICATE_ALIAS, privateKey, (List<X509Certificate>) list).build();
        };
        this.keyStorePassword = new char[0];
        return this;
    }

    public SslContextBuilder withKeyStore(KeyStore keyStore, char[] cArr) {
        this.keyStoreSupplier = () -> {
            return keyStore;
        };
        this.keyStorePassword = cArr;
        return this;
    }

    public SslContextBuilder withKeyStore(Path path, char[] cArr, KeyStoreType keyStoreType) {
        this.keyStoreSupplier = () -> {
            return KeyStoreBuilder.withType(keyStoreType).fromFile(path, cArr).build();
        };
        this.keyStorePassword = cArr;
        return this;
    }

    public SslContextBuilder withKeyStore(Path path, Path path2) {
        this.keyStoreSupplier = () -> {
            return KeyStoreBuilder.withType(KeyStoreType.JKS).withKeyEntry(AutoReloadingX509KeyManager.CERTIFICATE_ALIAS, KeyUtils.fromPemEncodedPrivateKey(new String(Files.readAllBytes(path))), X509CertificateUtils.certificateListFromPem(new String(Files.readAllBytes(path2)))).build();
        };
        this.keyStorePassword = new char[0];
        return this;
    }

    public SslContextBuilder withTrustManagerFactory(TrustManagerFactory trustManagerFactory) {
        this.trustManagerFactory = trustManagerFactory;
        return this;
    }

    public SslContextBuilder withKeyManagerFactory(KeyManagerFactory keyManagerFactory) {
        this.keyManagerFactory = keyManagerFactory;
        return this;
    }

    public SslContextBuilder withKeyManager(X509ExtendedKeyManager x509ExtendedKeyManager) {
        this.keyManager = x509ExtendedKeyManager;
        return this;
    }

    public SSLContext build() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            sSLContext.init(new KeyManager[]{this.keyManager != null ? this.keyManager : this.keyManagerFactory.createKeyManager(this.keyStoreSupplier.get(), this.keyStorePassword)}, new TrustManager[]{this.trustManagerFactory.createTrustManager(this.trustStoreSupplier.get())}, null);
            return sSLContext;
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        } catch (GeneralSecurityException e2) {
            throw new RuntimeException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static KeyStore createTrustStore(List<X509Certificate> list) {
        return KeyStoreBuilder.withType(KeyStoreType.JKS).withCertificateEntries("cert", list).build();
    }
}
