package io.confluent.controlcenter.ssl;

import io.confluent.controlcenter.ControlCenterConfig;
import io.confluent.rest.RestConfig;
import io.confluent.rest.SslConfig;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/controlcenter/ssl/SslHolder.class */
public class SslHolder {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SslHolder.class);
    private final KeyManagerFactory keyManagerFactory;
    private final TrustManagerFactory trustManagerFactory;
    private final Map<String, List<String>> clientAliasesToHosts;

    public SslHolder(String str, ControlCenterConfig controlCenterConfig, Map<String, List<String>> map) {
        this(getSslConfig(str, controlCenterConfig), map);
    }

    public SslHolder(SslConfig sslConfig, Map<String, List<String>> map) {
        this.keyManagerFactory = createKeyManagerFactory(sslConfig);
        this.trustManagerFactory = createTrustManagerFactory(sslConfig);
        this.clientAliasesToHosts = map;
    }

    private static SslConfig getSslConfig(String str, ControlCenterConfig controlCenterConfig) {
        return new RestConfig(RestConfig.baseConfigDef(), controlCenterConfig.originalsWithPrefix(str)).getBaseSslConfig();
    }

    public KeyManagerFactory getKeyManagerFactory() {
        return this.keyManagerFactory;
    }

    private static KeyManagerFactory createKeyManagerFactory(SslConfig sslConfig) {
        try {
            if (sslConfig.getKeyStorePath().isEmpty()) {
                return null;
            }
            KeyManagerFactory keyManagerFactory = !sslConfig.getKeyManagerFactoryAlgorithm().isEmpty() ? KeyManagerFactory.getInstance(sslConfig.getKeyManagerFactoryAlgorithm()) : KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance(sslConfig.getKeyStoreType());
            keyStore.load(Files.newInputStream(Paths.get(sslConfig.getKeyStorePath(), new String[0]), new OpenOption[0]), sslConfig.getKeyStorePassword().isEmpty() ? null : sslConfig.getKeyStorePassword().toCharArray());
            keyManagerFactory.init(keyStore, sslConfig.getKeyManagerPassword().toCharArray());
            return keyManagerFactory;
        } catch (Exception e) {
            log.error("Error initializing client keystore", (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    public TrustManagerFactory getTrustManagerFactory() {
        return this.trustManagerFactory;
    }

    private static TrustManagerFactory createTrustManagerFactory(SslConfig sslConfig) {
        try {
            if (sslConfig.getTrustStorePath().isEmpty()) {
                return null;
            }
            TrustManagerFactory trustManagerFactory = !sslConfig.getTrustManagerFactoryAlgorithm().isEmpty() ? TrustManagerFactory.getInstance(sslConfig.getTrustManagerFactoryAlgorithm()) : TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance(sslConfig.getTrustStoreType());
            keyStore.load(Files.newInputStream(Paths.get(sslConfig.getTrustStorePath(), new String[0]), new OpenOption[0]), sslConfig.getTrustStorePassword().isEmpty() ? null : sslConfig.getTrustStorePassword().toCharArray());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory;
        } catch (Exception e) {
            log.error("Error initializing client truststore", (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    public Map<String, List<String>> getClientAliasesToHosts() {
        return this.clientAliasesToHosts;
    }
}
