package io.lettuce.core;

import io.lettuce.core.internal.LettuceAssert;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.time.Duration;
import java.util.Arrays;
import java.util.function.Supplier;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:BOOT-INF/lib/lettuce-core-5.3.4.RELEASE.jar:io/lettuce/core/SslOptions.class */
public class SslOptions {
    public static final SslProvider DEFAULT_SSL_PROVIDER = SslProvider.JDK;
    private final String keyStoreType;
    private final SslProvider sslProvider;
    private final URL keystore;
    private final char[] keystorePassword;
    private final URL truststore;
    private final char[] truststorePassword;
    private final String[] protocols;
    private final String[] cipherSuites;
    private final java.util.function.Consumer<SslContextBuilder> sslContextBuilderCustomizer;
    private final Supplier<SSLParameters> sslParametersSupplier;
    private final KeystoreAction keymanager;
    private final KeystoreAction trustmanager;
    private final Duration handshakeTimeout;

    /* loaded from: input_file:BOOT-INF/lib/lettuce-core-5.3.4.RELEASE.jar:io/lettuce/core/SslOptions$Builder.class */
    public static class Builder {
        private SslProvider sslProvider;
        private String keyStoreType;
        private URL keystore;
        private char[] keystorePassword;
        private URL truststore;
        private char[] truststorePassword;
        private String[] protocols;
        private String[] cipherSuites;
        private java.util.function.Consumer<SslContextBuilder> sslContextBuilderCustomizer;
        private Supplier<SSLParameters> sslParametersSupplier;
        private KeystoreAction keymanager;
        private KeystoreAction trustmanager;
        private Duration sslHandshakeTimeout;

        private Builder() {
            this.sslProvider = SslOptions.DEFAULT_SSL_PROVIDER;
            this.keystorePassword = new char[0];
            this.truststorePassword = new char[0];
            this.protocols = null;
            this.cipherSuites = null;
            this.sslContextBuilderCustomizer = sslContextBuilder -> {
            };
            this.sslParametersSupplier = SSLParameters::new;
            this.keymanager = KeystoreAction.NO_OP;
            this.trustmanager = KeystoreAction.NO_OP;
            this.sslHandshakeTimeout = Duration.ofSeconds(10L);
        }

        public Builder cipherSuites(String... strArr) {
            LettuceAssert.notNull(strArr, "Cipher suites must not be null");
            this.cipherSuites = strArr;
            return this;
        }

        public Builder jdkSslProvider() {
            return sslProvider(SslProvider.JDK);
        }

        public Builder openSslProvider() {
            return sslProvider(SslProvider.OPENSSL);
        }

        private Builder sslProvider(SslProvider sslProvider) {
            if (sslProvider == SslProvider.OPENSSL && !OpenSsl.isAvailable()) {
                throw new IllegalStateException("OpenSSL SSL Provider is not available");
            }
            this.sslProvider = sslProvider;
            return this;
        }

        public Builder handshakeTimeout(Duration duration) {
            LettuceAssert.notNull(duration, "SSL Handshake Timeout must not be null");
            this.sslHandshakeTimeout = duration;
            return this;
        }

        public Builder keyStoreType(String str) {
            LettuceAssert.notNull(str, "KeyStoreType must not be null");
            this.keyStoreType = str;
            return this;
        }

        public Builder keystore(File file) {
            return keystore(file, new char[0]);
        }

        public Builder keystore(File file, char[] cArr) {
            LettuceAssert.notNull(file, "Keystore must not be null");
            LettuceAssert.isTrue(file.exists(), (Supplier<String>) () -> {
                return String.format("Keystore file %s does not exist", this.truststore);
            });
            LettuceAssert.isTrue(file.isFile(), (Supplier<String>) () -> {
                return String.format("Keystore %s is not a file", this.truststore);
            });
            return keystore(Resource.from(file), cArr);
        }

        public Builder keystore(URL url) {
            return keystore(url, (char[]) null);
        }

        public Builder keystore(URL url, char[] cArr) {
            LettuceAssert.notNull(url, "Keystore must not be null");
            this.keystore = url;
            return keystore(Resource.from(url), cArr);
        }

        public Builder keyManager(File file, File file2, char[] cArr) {
            LettuceAssert.notNull(file, "Key certificate file must not be null");
            LettuceAssert.notNull(file2, "Key file must not be null");
            LettuceAssert.isTrue(file.exists(), (Supplier<String>) () -> {
                return String.format("Key certificate file %s does not exist", file);
            });
            LettuceAssert.isTrue(file.isFile(), (Supplier<String>) () -> {
                return String.format("Key certificate %s is not a file", file);
            });
            LettuceAssert.isTrue(file2.exists(), (Supplier<String>) () -> {
                return String.format("Key file %s does not exist", file2);
            });
            LettuceAssert.isTrue(file2.isFile(), (Supplier<String>) () -> {
                return String.format("Key %s is not a file", file2);
            });
            return keyManager(Resource.from(file), Resource.from(file2), cArr);
        }

        public Builder keyManager(Resource resource, Resource resource2, char[] cArr) {
            LettuceAssert.notNull(resource, "KeyChain InputStreamProvider must not be null");
            LettuceAssert.notNull(resource2, "Key InputStreamProvider must not be null");
            char[] password = SslOptions.getPassword(cArr);
            this.keymanager = (sslContextBuilder, str) -> {
                String str;
                InputStream inputStream = resource.get();
                Throwable th = null;
                try {
                    InputStream inputStream2 = resource2.get();
                    Throwable th2 = null;
                    if (password != null) {
                        try {
                            try {
                                if (password.length != 0) {
                                    str = new String(password);
                                    sslContextBuilder.keyManager(inputStream, inputStream2, str);
                                    if (inputStream2 != null) {
                                        if (0 != 0) {
                                            try {
                                                inputStream2.close();
                                            } catch (Throwable th3) {
                                                th2.addSuppressed(th3);
                                            }
                                        } else {
                                            inputStream2.close();
                                        }
                                    }
                                    if (inputStream == null) {
                                        if (0 == 0) {
                                            inputStream.close();
                                            return;
                                        }
                                        try {
                                            inputStream.close();
                                            return;
                                        } catch (Throwable th4) {
                                            th.addSuppressed(th4);
                                            return;
                                        }
                                    }
                                    return;
                                }
                            } catch (Throwable th5) {
                                th2 = th5;
                                throw th5;
                            }
                        } catch (Throwable th6) {
                            if (inputStream2 != null) {
                                if (th2 != null) {
                                    try {
                                        inputStream2.close();
                                    } catch (Throwable th7) {
                                        th2.addSuppressed(th7);
                                    }
                                } else {
                                    inputStream2.close();
                                }
                            }
                            throw th6;
                        }
                    }
                    str = null;
                    sslContextBuilder.keyManager(inputStream, inputStream2, str);
                    if (inputStream2 != null) {
                    }
                    if (inputStream == null) {
                    }
                } catch (Throwable th8) {
                    if (inputStream != null) {
                        if (0 != 0) {
                            try {
                                inputStream.close();
                            } catch (Throwable th9) {
                                th.addSuppressed(th9);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                    throw th8;
                }
            };
            return this;
        }

        public Builder keyManager(KeyManagerFactory keyManagerFactory) {
            LettuceAssert.notNull(keyManagerFactory, "KeyManagerFactory must not be null");
            this.keymanager = (sslContextBuilder, str) -> {
                sslContextBuilder.keyManager(keyManagerFactory);
            };
            return this;
        }

        public Builder keystore(Resource resource, char[] cArr) {
            LettuceAssert.notNull(resource, "Keystore InputStreamProvider must not be null");
            char[] password = SslOptions.getPassword(cArr);
            this.keystorePassword = password;
            this.keymanager = (sslContextBuilder, str) -> {
                InputStream inputStream = resource.get();
                Throwable th = null;
                try {
                    try {
                        sslContextBuilder.keyManager(SslOptions.createKeyManagerFactory(inputStream, password, str));
                        if (inputStream != null) {
                            if (0 == 0) {
                                inputStream.close();
                                return;
                            }
                            try {
                                inputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                    } catch (Throwable th3) {
                        th = th3;
                        throw th3;
                    }
                } catch (Throwable th4) {
                    if (inputStream != null) {
                        if (th != null) {
                            try {
                                inputStream.close();
                            } catch (Throwable th5) {
                                th.addSuppressed(th5);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                    throw th4;
                }
            };
            return this;
        }

        public Builder protocols(String... strArr) {
            LettuceAssert.notNull(strArr, "Protocols  must not be null");
            this.protocols = strArr;
            return this;
        }

        public Builder truststore(File file) {
            return truststore(file, (String) null);
        }

        public Builder truststore(File file, String str) {
            LettuceAssert.notNull(file, "Truststore must not be null");
            LettuceAssert.isTrue(file.exists(), (Supplier<String>) () -> {
                return String.format("Truststore file %s does not exist", file);
            });
            LettuceAssert.isTrue(file.isFile(), (Supplier<String>) () -> {
                return String.format("Truststore file %s is not a file", file);
            });
            return truststore(Resource.from(file), SslOptions.getPassword(str));
        }

        public Builder truststore(URL url) {
            return truststore(url, (String) null);
        }

        public Builder truststore(URL url, String str) {
            LettuceAssert.notNull(url, "Truststore must not be null");
            this.truststore = url;
            return truststore(Resource.from(url), SslOptions.getPassword(str));
        }

        public Builder trustManager(File file) {
            LettuceAssert.notNull(file, "Certificate collection must not be null");
            LettuceAssert.isTrue(file.exists(), (Supplier<String>) () -> {
                return String.format("Certificate collection file %s does not exist", file);
            });
            LettuceAssert.isTrue(file.isFile(), (Supplier<String>) () -> {
                return String.format("Certificate collection %s is not a file", file);
            });
            return trustManager(Resource.from(file));
        }

        public Builder trustManager(Resource resource) {
            LettuceAssert.notNull(resource, "Truststore must not be null");
            this.trustmanager = (sslContextBuilder, str) -> {
                InputStream inputStream = resource.get();
                Throwable th = null;
                try {
                    try {
                        sslContextBuilder.trustManager(inputStream);
                        if (inputStream != null) {
                            if (0 == 0) {
                                inputStream.close();
                                return;
                            }
                            try {
                                inputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                    } catch (Throwable th3) {
                        th = th3;
                        throw th3;
                    }
                } catch (Throwable th4) {
                    if (inputStream != null) {
                        if (th != null) {
                            try {
                                inputStream.close();
                            } catch (Throwable th5) {
                                th.addSuppressed(th5);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                    throw th4;
                }
            };
            return this;
        }

        public Builder trustManager(TrustManagerFactory trustManagerFactory) {
            LettuceAssert.notNull(trustManagerFactory, "TrustManagerFactory must not be null");
            this.trustmanager = (sslContextBuilder, str) -> {
                sslContextBuilder.trustManager(trustManagerFactory);
            };
            return this;
        }

        public Builder truststore(Resource resource, char[] cArr) {
            LettuceAssert.notNull(resource, "Truststore InputStreamProvider must not be null");
            char[] password = SslOptions.getPassword(cArr);
            this.truststorePassword = password;
            this.trustmanager = (sslContextBuilder, str) -> {
                InputStream inputStream = resource.get();
                Throwable th = null;
                try {
                    try {
                        sslContextBuilder.trustManager(SslOptions.createTrustManagerFactory(inputStream, password, str));
                        if (inputStream != null) {
                            if (0 == 0) {
                                inputStream.close();
                                return;
                            }
                            try {
                                inputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                    } catch (Throwable th3) {
                        th = th3;
                        throw th3;
                    }
                } catch (Throwable th4) {
                    if (inputStream != null) {
                        if (th != null) {
                            try {
                                inputStream.close();
                            } catch (Throwable th5) {
                                th.addSuppressed(th5);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                    throw th4;
                }
            };
            return this;
        }

        public Builder sslContext(java.util.function.Consumer<SslContextBuilder> consumer) {
            LettuceAssert.notNull(consumer, "SslContextBuilder customizer must not be null");
            this.sslContextBuilderCustomizer = consumer;
            return this;
        }

        public Builder sslParameters(Supplier<SSLParameters> supplier) {
            LettuceAssert.notNull(supplier, "SSLParameters supplier must not be null");
            this.sslParametersSupplier = supplier;
            return this;
        }

        public SslOptions build() {
            return new SslOptions(this);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @FunctionalInterface
    /* loaded from: input_file:BOOT-INF/lib/lettuce-core-5.3.4.RELEASE.jar:io/lettuce/core/SslOptions$KeystoreAction.class */
    public interface KeystoreAction {
        public static final KeystoreAction NO_OP = (sslContextBuilder, str) -> {
        };

        void accept(SslContextBuilder sslContextBuilder, String str) throws IOException, GeneralSecurityException;
    }

    @FunctionalInterface
    /* loaded from: input_file:BOOT-INF/lib/lettuce-core-5.3.4.RELEASE.jar:io/lettuce/core/SslOptions$Resource.class */
    public interface Resource {
        static Resource from(URL url) {
            LettuceAssert.notNull(url, "URL must not be null");
            return () -> {
                return url.openConnection().getInputStream();
            };
        }

        static Resource from(File file) {
            LettuceAssert.notNull(file, "File must not be null");
            return () -> {
                return new FileInputStream(file);
            };
        }

        InputStream get() throws IOException;
    }

    protected SslOptions(Builder builder) {
        this.keyStoreType = builder.keyStoreType;
        this.sslProvider = builder.sslProvider;
        this.handshakeTimeout = builder.sslHandshakeTimeout;
        this.keystore = builder.keystore;
        this.keystorePassword = builder.keystorePassword;
        this.truststore = builder.truststore;
        this.truststorePassword = builder.truststorePassword;
        this.protocols = builder.protocols;
        this.cipherSuites = builder.cipherSuites;
        this.sslContextBuilderCustomizer = builder.sslContextBuilderCustomizer;
        this.sslParametersSupplier = builder.sslParametersSupplier;
        this.keymanager = builder.keymanager;
        this.trustmanager = builder.trustmanager;
    }

    protected SslOptions(SslOptions sslOptions) {
        this.keyStoreType = sslOptions.keyStoreType;
        this.sslProvider = sslOptions.getSslProvider();
        this.handshakeTimeout = sslOptions.handshakeTimeout;
        this.keystore = sslOptions.keystore;
        this.keystorePassword = sslOptions.keystorePassword;
        this.truststore = sslOptions.getTruststore();
        this.truststorePassword = sslOptions.getTruststorePassword();
        this.protocols = sslOptions.protocols;
        this.cipherSuites = sslOptions.cipherSuites;
        this.sslContextBuilderCustomizer = sslOptions.sslContextBuilderCustomizer;
        this.sslParametersSupplier = sslOptions.sslParametersSupplier;
        this.keymanager = sslOptions.keymanager;
        this.trustmanager = sslOptions.trustmanager;
    }

    public static SslOptions copyOf(SslOptions sslOptions) {
        return new SslOptions(sslOptions);
    }

    public static Builder builder() {
        return new Builder();
    }

    public static SslOptions create() {
        return builder().build();
    }

    public SslContextBuilder createSslContextBuilder() throws IOException, GeneralSecurityException {
        SslContextBuilder keyStoreType = SslContextBuilder.forClient().sslProvider(this.sslProvider).keyStoreType(this.keyStoreType);
        if (this.protocols != null && this.protocols.length > 0) {
            keyStoreType.protocols(this.protocols);
        }
        if (this.cipherSuites != null && this.cipherSuites.length > 0) {
            keyStoreType.ciphers(Arrays.asList(this.cipherSuites));
        }
        this.keymanager.accept(keyStoreType, this.keyStoreType);
        this.trustmanager.accept(keyStoreType, this.keyStoreType);
        this.sslContextBuilderCustomizer.accept(keyStoreType);
        return keyStoreType;
    }

    public SSLParameters createSSLParameters() {
        SSLParameters sSLParameters = this.sslParametersSupplier.get();
        if (this.protocols != null && this.protocols.length > 0) {
            sSLParameters.setProtocols(this.protocols);
        }
        if (this.cipherSuites != null && this.cipherSuites.length > 0) {
            sSLParameters.setCipherSuites(this.cipherSuites);
        }
        return sSLParameters;
    }

    public Builder mutate() {
        Builder builder = builder();
        builder.keyStoreType = this.keyStoreType;
        builder.sslProvider = getSslProvider();
        builder.keystore = this.keystore;
        builder.keystorePassword = this.keystorePassword;
        builder.truststore = getTruststore();
        builder.truststorePassword = getTruststorePassword();
        builder.protocols = this.protocols;
        builder.cipherSuites = this.cipherSuites;
        builder.sslContextBuilderCustomizer = this.sslContextBuilderCustomizer;
        builder.sslParametersSupplier = this.sslParametersSupplier;
        builder.keymanager = this.keymanager;
        builder.trustmanager = this.trustmanager;
        builder.sslHandshakeTimeout = this.handshakeTimeout;
        return builder;
    }

    @Deprecated
    public SslProvider getSslProvider() {
        return this.sslProvider;
    }

    @Deprecated
    public URL getKeystore() {
        return this.keystore;
    }

    public String[] getProtocols() {
        return this.protocols;
    }

    public String[] getCipherSuites() {
        return this.cipherSuites;
    }

    public Duration getHandshakeTimeout() {
        return this.handshakeTimeout;
    }

    @Deprecated
    public char[] getKeystorePassword() {
        return Arrays.copyOf(this.keystorePassword, this.keystorePassword.length);
    }

    @Deprecated
    public URL getTruststore() {
        return this.truststore;
    }

    @Deprecated
    public char[] getTruststorePassword() {
        return Arrays.copyOf(this.truststorePassword, this.truststorePassword.length);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static KeyManagerFactory createKeyManagerFactory(InputStream inputStream, char[] cArr, String str) throws GeneralSecurityException, IOException {
        KeyStore keyStore = getKeyStore(inputStream, cArr, str);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, cArr == null ? new char[0] : cArr);
        return keyManagerFactory;
    }

    private static KeyStore getKeyStore(InputStream inputStream, char[] cArr, String str) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(LettuceStrings.isEmpty(str) ? KeyStore.getDefaultType() : str);
        try {
            keyStore.load(inputStream, cArr);
            inputStream.close();
            return keyStore;
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static TrustManagerFactory createTrustManagerFactory(InputStream inputStream, char[] cArr, String str) throws GeneralSecurityException, IOException {
        KeyStore keyStore = getKeyStore(inputStream, cArr, str);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static char[] getPassword(String str) {
        if (LettuceStrings.isNotEmpty(str)) {
            return str.toCharArray();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static char[] getPassword(char[] cArr) {
        if (cArr != null) {
            return Arrays.copyOf(cArr, cArr.length);
        }
        return null;
    }
}
