package io.confluent.controlcenter.ssl;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import io.confluent.controlcenter.ControlCenterConfig;
import io.confluent.rest.RestConfig;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContextBuilder;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import javax.annotation.Nullable;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import nl.altindag.ssl.SSLFactory;
import org.apache.commons.collections.MapUtils;
import org.eclipse.jetty.util.ssl.SslContextFactory;

/* loaded from: input_file:io/confluent/controlcenter/ssl/SslUtils.class */
public class SslUtils {

    /* loaded from: input_file:io/confluent/controlcenter/ssl/SslUtils$JettySslUtils.class */
    public static class JettySslUtils {
        public static void buildJettySslContext(SslContextFactory sslContextFactory, SslHolder sslHolder, List<SslHolder> list, ControlCenterConfig controlCenterConfig) {
            SSLFactory buildJettySslFactory = buildJettySslFactory(sslContextFactory, sslHolder, list, controlCenterConfig);
            if (buildJettySslFactory != null) {
                sslContextFactory.setSslContext(buildJettySslFactory.getSslContext());
            }
        }

        private static SSLFactory buildJettySslFactory(SslContextFactory sslContextFactory, SslHolder sslHolder, List<SslHolder> list, ControlCenterConfig controlCenterConfig) {
            return SslUtils.buildSslFactory(sslContextFactory.getProtocol(), sslContextFactory.getSecureRandomAlgorithm(), sslContextFactory.getProvider(), sslHolder, list, controlCenterConfig);
        }
    }

    /* loaded from: input_file:io/confluent/controlcenter/ssl/SslUtils$NettySslUtils.class */
    public static class NettySslUtils {
        public static void buildNettySslContext(SslContextBuilder sslContextBuilder, RestConfig restConfig, SslHolder sslHolder, List<SslHolder> list, ControlCenterConfig controlCenterConfig) {
            setSslParameters(sslContextBuilder, restConfig);
            SSLFactory buildNettySslFactory = buildNettySslFactory(restConfig, sslHolder, list, controlCenterConfig);
            if (buildNettySslFactory != null) {
                Optional<X509ExtendedKeyManager> keyManager = buildNettySslFactory.getKeyManager();
                sslContextBuilder.getClass();
                keyManager.ifPresent((v1) -> {
                    r1.keyManager(v1);
                });
                Optional<X509ExtendedTrustManager> trustManager = buildNettySslFactory.getTrustManager();
                sslContextBuilder.getClass();
                trustManager.ifPresent((v1) -> {
                    r1.trustManager(v1);
                });
                return;
            }
            KeyManagerFactory keyManagerFactory = sslHolder.getKeyManagerFactory();
            sslContextBuilder.getClass();
            SslUtils.setIfNotNull(keyManagerFactory, sslContextBuilder::keyManager);
            TrustManagerFactory trustManagerFactory = sslHolder.getTrustManagerFactory();
            sslContextBuilder.getClass();
            SslUtils.setIfNotNull(trustManagerFactory, sslContextBuilder::trustManager);
        }

        private static void setSslParameters(SslContextBuilder sslContextBuilder, RestConfig restConfig) {
            List<String> list = restConfig.getList("ssl.enabled.protocols");
            if (!list.isEmpty()) {
                sslContextBuilder.protocols(list);
            }
            ClientAuth clientAuth = ClientAuth.NONE;
            String string = restConfig.getString(RestConfig.SSL_CLIENT_AUTHENTICATION_CONFIG);
            if (string.equals(RestConfig.SSL_CLIENT_AUTHENTICATION_REQUESTED)) {
                clientAuth = ClientAuth.OPTIONAL;
            } else if (string.equals(RestConfig.SSL_CLIENT_AUTHENTICATION_REQUIRED)) {
                clientAuth = ClientAuth.REQUIRE;
            }
            sslContextBuilder.clientAuth(clientAuth);
            List<String> list2 = restConfig.getList("ssl.cipher.suites");
            if (list2.isEmpty()) {
                return;
            }
            sslContextBuilder.ciphers(list2);
        }

        private static SSLFactory buildNettySslFactory(RestConfig restConfig, SslHolder sslHolder, List<SslHolder> list, ControlCenterConfig controlCenterConfig) {
            return SslUtils.buildSslFactory(restConfig.getString("ssl.protocol"), (String) null, restConfig.getString("ssl.provider"), sslHolder, list, controlCenterConfig);
        }
    }

    @VisibleForTesting
    public static SSLFactory buildSslFactory(String str, @Nullable String str2, @Nullable String str3, SslHolder sslHolder, List<SslHolder> list, ControlCenterConfig controlCenterConfig) {
        Preconditions.checkNotNull(str);
        Preconditions.checkNotNull(sslHolder);
        Preconditions.checkNotNull(list);
        Preconditions.checkNotNull(controlCenterConfig);
        return buildSslFactory(str, getSecureRandomInstance(str2, str3), sslHolder, list, controlCenterConfig.getBoolean(ControlCenterConfig.CONTROL_CENTER_USE_DEFAULT_JVM_TRUSTSTORE).booleanValue(), controlCenterConfig.getBoolean(ControlCenterConfig.CONTROL_CENTER_USE_DEFAULT_OS_TRUSTSTORE).booleanValue());
    }

    private static SSLFactory buildSslFactory(String str, @Nullable SecureRandom secureRandom, SslHolder sslHolder, List<SslHolder> list, boolean z, boolean z2) {
        List list2 = (List) list.stream().map((v0) -> {
            return v0.getKeyManagerFactory();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
        List list3 = (List) list.stream().map((v0) -> {
            return v0.getTrustManagerFactory();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
        if (list2.isEmpty() && list3.isEmpty() && !z && !z2) {
            return null;
        }
        SSLFactory.Builder withSslContextAlgorithm = SSLFactory.builder().withSslContextAlgorithm(str);
        KeyManagerFactory keyManagerFactory = sslHolder.getKeyManagerFactory();
        withSslContextAlgorithm.getClass();
        setIfNotNull(keyManagerFactory, withSslContextAlgorithm::withIdentityMaterial);
        for (SslHolder sslHolder2 : list) {
            KeyManagerFactory keyManagerFactory2 = sslHolder2.getKeyManagerFactory();
            withSslContextAlgorithm.getClass();
            setIfNotNull(keyManagerFactory2, withSslContextAlgorithm::withIdentityMaterial);
            Map<String, List<String>> clientAliasesToHosts = sslHolder2.getClientAliasesToHosts();
            if (MapUtils.isEmpty(clientAliasesToHosts)) {
                withSslContextAlgorithm.withClientIdentityRoute(clientAliasesToHosts);
            }
        }
        TrustManagerFactory trustManagerFactory = sslHolder.getTrustManagerFactory();
        withSslContextAlgorithm.getClass();
        setIfNotNull(trustManagerFactory, withSslContextAlgorithm::withTrustMaterial);
        withSslContextAlgorithm.getClass();
        list3.forEach(withSslContextAlgorithm::withTrustMaterial);
        withSslContextAlgorithm.getClass();
        setIfNotNull(secureRandom, withSslContextAlgorithm::withSecureRandom);
        if (z) {
            withSslContextAlgorithm.withDefaultTrustMaterial();
        }
        if (z2) {
            withSslContextAlgorithm.withSystemTrustMaterial();
        }
        return withSslContextAlgorithm.build();
    }

    @Nullable
    private static SecureRandom getSecureRandomInstance(String str, String str2) {
        if (str == null) {
            return null;
        }
        if (str2 != null) {
            try {
                return SecureRandom.getInstance(str, str2);
            } catch (Throwable th) {
            }
        }
        try {
            return SecureRandom.getInstance(str);
        } catch (NoSuchAlgorithmException e) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static <T> void setIfNotNull(T t, Consumer<T> consumer) {
        if (t != null) {
            consumer.accept(t);
        }
    }
}
