package io.javalin.community.ssl.util;

import io.javalin.community.ssl.SSLConfig;
import io.javalin.community.ssl.SSLConfigException;
import io.javalin.community.ssl.TrustConfig;
import java.security.KeyStore;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.X509ExtendedKeyManager;
import nl.altindag.ssl.SSLFactory;
import nl.altindag.ssl.jetty.util.JettySslUtils;
import nl.altindag.ssl.pem.util.PemUtils;
import org.eclipse.jetty.util.ssl.SslContextFactory;

/* loaded from: input_file:io/javalin/community/ssl/util/SSLUtils.class */
public class SSLUtils {
    public static SslContextFactory.Server createSslContextFactory(SSLFactory sSLFactory, SSLConfig sSLConfig) {
        return JettySslUtils.forServer(sSLFactory);
    }

    public static SSLFactory getSslFactory(SSLConfig sSLConfig) {
        return getSslFactory(sSLConfig, false);
    }

    public static SSLFactory getSslFactory(SSLConfig sSLConfig, boolean z) {
        SSLFactory.Builder builder = SSLFactory.builder();
        parseIdentity(sSLConfig, builder);
        if (sSLConfig.getTrustConfig() != null) {
            parseTrust(sSLConfig.getTrustConfig(), builder);
            builder.withNeedClientAuthentication();
        }
        if (!z) {
            builder.withSwappableIdentityMaterial();
            builder.withSwappableTrustMaterial();
            if (sSLConfig.securityProvider != null) {
                builder.withSecurityProvider((SSLFactory.Builder) sSLConfig.securityProvider);
            }
            builder.withCiphers(sSLConfig.tlsConfig.getCipherSuites());
            builder.withProtocols(sSLConfig.tlsConfig.getProtocols());
        }
        return builder.build();
    }

    public static void parseIdentity(SSLConfig sSLConfig, SSLFactory.Builder builder) throws SSLConfigException {
        X509ExtendedKeyManager loadIdentityMaterial;
        SSLConfig.InnerConfig.IdentityLoadingType identityLoadingType = sSLConfig.inner.getIdentityLoadingType();
        boolean z = sSLConfig.inner.privateKeyPassword != null;
        switch (identityLoadingType) {
            case PEM_FILE_PATH:
                loadIdentityMaterial = z ? PemUtils.loadIdentityMaterial(sSLConfig.inner.pemCertificatesPath, sSLConfig.inner.pemPrivateKeyPath, sSLConfig.inner.privateKeyPassword.toCharArray()) : PemUtils.loadIdentityMaterial(sSLConfig.inner.pemCertificatesPath, sSLConfig.inner.pemPrivateKeyPath);
                break;
            case PEM_CLASS_PATH:
                loadIdentityMaterial = z ? PemUtils.loadIdentityMaterial(sSLConfig.inner.pemCertificatesFile, sSLConfig.inner.pemPrivateKeyFile, sSLConfig.inner.privateKeyPassword.toCharArray()) : PemUtils.loadIdentityMaterial(sSLConfig.inner.pemCertificatesFile, sSLConfig.inner.pemPrivateKeyFile);
                break;
            case PEM_STRING:
                loadIdentityMaterial = z ? PemUtils.parseIdentityMaterial(sSLConfig.inner.pemCertificatesString, sSLConfig.inner.pemPrivateKeyString, sSLConfig.inner.privateKeyPassword.toCharArray()) : PemUtils.parseIdentityMaterial(sSLConfig.inner.pemCertificatesString, sSLConfig.inner.pemPrivateKeyString, null);
                break;
            case PEM_INPUT_STREAM:
                loadIdentityMaterial = z ? PemUtils.loadIdentityMaterial(sSLConfig.inner.pemCertificatesInputStream, sSLConfig.inner.pemPrivateKeyInputStream, sSLConfig.inner.privateKeyPassword.toCharArray()) : PemUtils.loadIdentityMaterial(sSLConfig.inner.pemCertificatesInputStream, sSLConfig.inner.pemPrivateKeyInputStream);
                break;
            case KEY_STORE_CLASS_PATH:
                builder.withIdentityMaterial(sSLConfig.inner.keyStoreFile, sSLConfig.inner.keyStorePassword.toCharArray());
                return;
            case KEY_STORE_FILE_PATH:
                builder.withIdentityMaterial(sSLConfig.inner.keyStorePath, sSLConfig.inner.keyStorePassword.toCharArray());
                return;
            case KEY_STORE_INPUT_STREAM:
                builder.withIdentityMaterial(sSLConfig.inner.keyStoreInputStream, sSLConfig.inner.keyStorePassword.toCharArray());
                return;
            case NONE:
            default:
                throw new SSLConfigException(SSLConfigException.Types.MISSING_CERT_AND_KEY_FILE);
        }
        builder.withIdentityMaterial((SSLFactory.Builder) loadIdentityMaterial);
    }

    public static void parseTrust(TrustConfig trustConfig, SSLFactory.Builder builder) {
        if (!trustConfig.certificates.isEmpty()) {
            builder.withTrustMaterial(trustConfig.certificates);
        }
        if (trustConfig.keyStores.isEmpty()) {
            return;
        }
        List<KeyStore> list = trustConfig.keyStores;
        Objects.requireNonNull(builder);
        list.forEach(builder::withTrustMaterial);
    }
}
