package io.muserver;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.CipherSuiteFilter;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.IdentityCipherSuiteFilter;
import io.netty.handler.ssl.JdkSslContext;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Deprecated
/* loaded from: input_file:io/muserver/SSLContextBuilder.class */
public class SSLContextBuilder {
    private static final Logger log = LoggerFactory.getLogger(SSLContextBuilder.class);
    private String[] protocols = null;
    private String keystoreType = "JKS";
    private char[] keystorePassword = new char[0];
    private char[] keyPassword = new char[0];
    private byte[] keystoreBytes;
    private SSLContext sslContext;
    private CipherSuiteFilter nettyCipherSuiteFilter;
    private KeyManagerFactory keyManagerFactory;

    public SSLContextBuilder withKeystoreType(String str) {
        this.keystoreType = str;
        return this;
    }

    public SSLContextBuilder withKeyPassword(String str) {
        return withKeyPassword(str.toCharArray());
    }

    public SSLContextBuilder withKeystorePassword(String str) {
        return withKeystorePassword(str.toCharArray());
    }

    public SSLContextBuilder withKeyPassword(char[] cArr) {
        this.keyPassword = cArr;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLContextBuilder withSSLContext(SSLContext sSLContext) {
        this.keyManagerFactory = null;
        this.sslContext = sSLContext;
        return this;
    }

    public SSLContextBuilder withKeystorePassword(char[] cArr) {
        this.keystorePassword = cArr;
        return this;
    }

    protected void setKeystoreBytes(InputStream inputStream, boolean z) {
        this.sslContext = null;
        this.keyManagerFactory = null;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            try {
                Mutils.copy(inputStream, byteArrayOutputStream, 8192);
                this.keystoreBytes = byteArrayOutputStream.toByteArray();
                if (z) {
                    try {
                        inputStream.close();
                    } catch (IOException e) {
                        log.warn("Error while closing stream after reading SSL input stream", e);
                    }
                }
            } catch (IOException e2) {
                throw new MuException("Error while loading keystore", e2);
            }
        } catch (Throwable th) {
            if (z) {
                try {
                    inputStream.close();
                } catch (IOException e3) {
                    log.warn("Error while closing stream after reading SSL input stream", e3);
                }
            }
            throw th;
        }
    }

    public SSLContextBuilder withKeystore(InputStream inputStream) {
        setKeystoreBytes(inputStream, false);
        return this;
    }

    public SSLContextBuilder withKeystore(File file) {
        if (!file.isFile()) {
            throw new IllegalArgumentException(Mutils.fullPath(file) + " does not exist");
        }
        try {
            setKeystoreBytes(new FileInputStream(file), true);
            return this;
        } catch (FileNotFoundException e) {
            throw new IllegalArgumentException("Could not open file", e);
        }
    }

    public SSLContextBuilder withKeystoreFromClasspath(String str) {
        InputStream resourceAsStream = SSLContextBuilder.class.getResourceAsStream(str);
        if (resourceAsStream == null) {
            throw new IllegalArgumentException("Could not find " + str);
        }
        setKeystoreBytes(resourceAsStream, true);
        return this;
    }

    public SSLContextBuilder withKeyManagerFactory(KeyManagerFactory keyManagerFactory) {
        this.keystoreBytes = null;
        this.sslContext = null;
        this.keyManagerFactory = keyManagerFactory;
        return this;
    }

    public SSLContextBuilder withCipherFilter(SSLCipherFilter sSLCipherFilter) {
        if (sSLCipherFilter == null) {
            this.nettyCipherSuiteFilter = null;
        } else {
            this.nettyCipherSuiteFilter = (iterable, list, set) -> {
                List selectCiphers = sSLCipherFilter.selectCiphers(set, list);
                if (selectCiphers == null) {
                    selectCiphers = list;
                }
                return (String[]) selectCiphers.toArray(new String[0]);
            };
        }
        return this;
    }

    public SSLContextBuilder withProtocols(String... strArr) {
        this.protocols = strArr;
        return this;
    }

    @Deprecated
    public SSLContext build() {
        if (this.keystoreBytes == null) {
            throw new MuException("No keystore has been set");
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.keystoreBytes);
        try {
            try {
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                KeyStore keyStore = KeyStore.getInstance(this.keystoreType);
                keyStore.load(byteArrayInputStream, this.keystorePassword);
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, this.keyPassword);
                sSLContext.init(keyManagerFactory.getKeyManagers(), null, null);
                return sSLContext;
            } catch (Exception e) {
                throw new MuException("Error while setting up SSLContext", e);
            }
        } finally {
            try {
                byteArrayInputStream.close();
            } catch (IOException e2) {
                log.info("Error while closing keystore stream: " + e2.getMessage());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public SslContext toNettySslContext(boolean z) throws Exception {
        SslContextBuilder forServer;
        if (this.sslContext != null) {
            return new JdkSslContext(this.sslContext, false, ClientAuth.NONE);
        }
        if (this.keystoreBytes != null) {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.keystoreBytes);
            try {
                KeyStore keyStore = KeyStore.getInstance(this.keystoreType);
                keyStore.load(byteArrayInputStream, this.keystorePassword);
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, this.keyPassword);
                forServer = SslContextBuilder.forServer(keyManagerFactory);
            } finally {
                try {
                    byteArrayInputStream.close();
                } catch (IOException e) {
                    log.info("Error while closing keystore stream: " + e.getMessage());
                }
            }
        } else {
            if (this.keyManagerFactory == null) {
                throw new IllegalStateException("No SSL info");
            }
            forServer = SslContextBuilder.forServer(this.keyManagerFactory);
        }
        if (z) {
            forServer.applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, new String[]{"h2", "http/1.1"}));
        }
        CipherSuiteFilter cipherSuiteFilter = this.nettyCipherSuiteFilter != null ? this.nettyCipherSuiteFilter : IdentityCipherSuiteFilter.INSTANCE;
        List asList = Arrays.asList(SSLContext.getDefault().getSupportedSSLParameters().getProtocols());
        ArrayList arrayList = new ArrayList();
        for (String str : (String[]) Mutils.coalesce(this.protocols, new String[]{"TLSv1.2", "TLSv1.3"})) {
            if (asList.contains(str)) {
                arrayList.add(str);
            } else {
                log.warn("Will not use " + str + " as it is not supported by the current JDK");
            }
        }
        if (arrayList.isEmpty()) {
            throw new MuException("Cannot start up as none of the requested SSL protocols " + Arrays.toString(this.protocols) + " are supported by the current JDK " + asList);
        }
        return forServer.clientAuth(ClientAuth.NONE).protocols((String[]) arrayList.toArray(new String[0])).ciphers((Iterable) null, cipherSuiteFilter).build();
    }

    @Deprecated
    public static SSLContextBuilder sslContext() {
        return new SSLContextBuilder();
    }

    @Deprecated
    public static SSLContext defaultSSLContext() {
        try {
            return SSLContext.getDefault();
        } catch (NoSuchAlgorithmException e) {
            throw new MuException("Error while setting up SSLContext", e);
        }
    }

    @Deprecated
    public static SSLContext unsignedLocalhostCert() {
        return unsignedLocalhostCertBuilder().build();
    }

    @Deprecated
    public static SSLContextBuilder unsignedLocalhostCertBuilder() {
        return HttpsConfigBuilder.unsignedLocalhost();
    }
}
