package org.apache.pulsar.kafka.shade.io.confluent.kafka.schemaregistry.client.security;

import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.kafka.common.config.SslConfigs;

/* loaded from: input_file:META-INF/bundled-dependencies/kafka-connect-avro-converter-shaded-2.10.0.6.jar:org/apache/pulsar/kafka/shade/io/confluent/kafka/schemaregistry/client/security/SslFactory.class */
public class SslFactory {
    private String protocol;
    private String provider;
    private String kmfAlgorithm;
    private String tmfAlgorithm;
    private SecurityStore keystore = null;
    private String keyPassword;
    private SecurityStore truststore;
    private SSLContext sslContext;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:META-INF/bundled-dependencies/kafka-connect-avro-converter-shaded-2.10.0.6.jar:org/apache/pulsar/kafka/shade/io/confluent/kafka/schemaregistry/client/security/SslFactory$SecurityStore.class */
    public static class SecurityStore {
        private final String type;
        private final String path;
        private final String password;

        private SecurityStore(String str, String str2, String str3) {
            this.type = str == null ? KeyStore.getDefaultType() : str;
            this.path = str2;
            this.password = str3;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public KeyStore load() throws GeneralSecurityException, IOException {
            FileInputStream fileInputStream = null;
            try {
                KeyStore keyStore = KeyStore.getInstance(this.type);
                fileInputStream = new FileInputStream(this.path);
                keyStore.load(fileInputStream, this.password != null ? this.password.toCharArray() : null);
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                return keyStore;
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        }
    }

    public SslFactory(Map<String, ?> map) {
        this.protocol = (String) map.get(SslConfigs.SSL_PROTOCOL_CONFIG);
        if (this.protocol == null) {
            this.protocol = SslConfigs.DEFAULT_SSL_PROTOCOL;
        }
        this.provider = (String) map.get(SslConfigs.SSL_PROVIDER_CONFIG);
        this.kmfAlgorithm = (String) map.get(SslConfigs.SSL_KEYMANAGER_ALGORITHM_CONFIG);
        this.tmfAlgorithm = (String) map.get(SslConfigs.SSL_TRUSTMANAGER_ALGORITHM_CONFIG);
        try {
            createKeystore((String) map.get(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG), (String) map.get(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG), (String) map.get(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG), (String) map.get(SslConfigs.SSL_KEY_PASSWORD_CONFIG));
            createTruststore((String) map.get(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG), (String) map.get(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG), (String) map.get(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG));
            this.sslContext = createSslContext();
        } catch (Exception e) {
            throw new RuntimeException("Error initializing the ssl context for RestService", e);
        }
    }

    private static boolean isNotBlank(String str) {
        return (str == null || str.trim().isEmpty()) ? false : true;
    }

    private SSLContext createSslContext() throws GeneralSecurityException, IOException {
        if (this.truststore == null && this.keystore == null) {
            return null;
        }
        SSLContext sSLContext = isNotBlank(this.provider) ? SSLContext.getInstance(this.protocol, this.provider) : SSLContext.getInstance(this.protocol);
        KeyManager[] keyManagerArr = null;
        if (this.keystore != null) {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(isNotBlank(this.kmfAlgorithm) ? this.kmfAlgorithm : KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(this.keystore.load(), (this.keyPassword != null ? this.keyPassword : this.keystore.password).toCharArray());
            keyManagerArr = keyManagerFactory.getKeyManagers();
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(isNotBlank(this.tmfAlgorithm) ? this.tmfAlgorithm : TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(this.truststore == null ? null : this.truststore.load());
        sSLContext.init(keyManagerArr, trustManagerFactory.getTrustManagers(), new SecureRandom());
        return sSLContext;
    }

    public SSLContext sslContext() {
        return this.sslContext;
    }

    private void createKeystore(String str, String str2, String str3, String str4) {
        if (str2 == null && str3 != null) {
            throw new RuntimeException("SSL key store is not specified, but key store password is specified.");
        }
        if (str2 != null && str3 == null) {
            throw new RuntimeException("SSL key store is specified, but key store password is not specified.");
        }
        if (isNotBlank(str2) && isNotBlank(str3)) {
            this.keystore = new SecurityStore(str, str2, str3);
            this.keyPassword = str4;
        }
    }

    private void createTruststore(String str, String str2, String str3) {
        if (str2 == null && str3 != null) {
            throw new RuntimeException("SSL trust store is not specified, but trust store password is specified.");
        }
        if (isNotBlank(str2)) {
            this.truststore = new SecurityStore(str, str2, str3);
        }
    }
}
