package io.vertx.ext.mongo.impl.config;

import com.mongodb.ConnectionString;
import com.mongodb.connection.SslSettings;
import io.vertx.core.json.JsonObject;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import io.vertx.core.net.impl.TrustAllTrustManager;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Optional;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:io/vertx/ext/mongo/impl/config/SSLSettingsParser.class */
class SSLSettingsParser {
    private static final Logger log = LoggerFactory.getLogger(SSLSettingsParser.class);
    private final ConnectionString connectionString;
    private final JsonObject config;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLSettingsParser(ConnectionString connectionString, JsonObject jsonObject) {
        this.connectionString = connectionString;
        this.config = jsonObject;
    }

    public SslSettings settings() {
        SslSettings.Builder orElseGet = fromConnectionString().orElseGet(this::fromConfiguration);
        if (this.config.getBoolean("trustAll", false).booleanValue()) {
            log.warn("Mongo client has been set to trust ALL certificates, this can open you up to security issues. Make sure you know the risks.");
            try {
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(null, new TrustManager[]{TrustAllTrustManager.INSTANCE}, new SecureRandom());
                orElseGet.context(sSLContext);
            } catch (KeyManagementException | NoSuchAlgorithmException e) {
            }
        }
        if (this.config.containsKey("caPath")) {
            String string = this.config.getString("caPath");
            try {
                TrustManagerFactory buildTrustManagerFactory = buildTrustManagerFactory(string);
                SSLContext sSLContext2 = SSLContext.getInstance("TLS");
                sSLContext2.init(null, buildTrustManagerFactory.getTrustManagers(), new SecureRandom());
                orElseGet.context(sSLContext2);
            } catch (FileNotFoundException e2) {
                throw new IllegalArgumentException("Invalid caPath " + e2.getMessage());
            } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException e3) {
                throw new IllegalArgumentException("Unable to load certificate from caPath '" + string + "' " + e3.getMessage());
            }
        }
        return orElseGet.build();
    }

    private Optional<SslSettings.Builder> fromConnectionString() {
        return Optional.ofNullable(this.connectionString).map(connectionString -> {
            return SslSettings.builder().applyConnectionString(connectionString);
        });
    }

    private SslSettings.Builder fromConfiguration() {
        return SslSettings.builder().enabled(this.config.getBoolean("ssl", false).booleanValue()).invalidHostNameAllowed(this.config.getBoolean("sslInvalidHostNameAllowed", false).booleanValue());
    }

    private static TrustManagerFactory buildTrustManagerFactory(String str) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(str));
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry("1", x509Certificate);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }
}
