package org.apache.qpid.ssl;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.qpid.transport.network.security.ssl.QpidClientX509KeyManager;
import org.apache.qpid.transport.network.security.ssl.QpidMultipleTrustManager;
import org.apache.qpid.transport.network.security.ssl.QpidPeersOnlyTrustManager;
import org.apache.qpid.transport.network.security.ssl.SSLUtil;

/* loaded from: input_file:org/apache/qpid/ssl/SSLContextFactory.class */
public class SSLContextFactory {
    public static final String TRANSPORT_LAYER_SECURITY_CODE = "TLS";

    /* loaded from: input_file:org/apache/qpid/ssl/SSLContextFactory$TrustStoreWrapper.class */
    public static class TrustStoreWrapper {
        private final String trustStorePath;
        private final String trustStorePassword;
        private final String trustStoreType;
        private final Boolean trustStorePeersOnly;
        private String trustManagerFactoryAlgorithm;

        public TrustStoreWrapper(String str, String str2, String str3, Boolean bool, String str4) {
            this.trustStorePath = str;
            this.trustStorePassword = str2;
            this.trustStoreType = str3;
            this.trustStorePeersOnly = bool;
            this.trustManagerFactoryAlgorithm = str4;
        }
    }

    private SSLContextFactory() {
    }

    public static SSLContext buildServerContext(String str, String str2, String str3, String str4) throws GeneralSecurityException, IOException {
        return buildContext(Collections.emptyList(), str, str2, str3, str4, null);
    }

    public static SSLContext buildClientContext(Collection<TrustStoreWrapper> collection, String str, String str2, String str3, String str4, String str5) throws GeneralSecurityException, IOException {
        return buildContext(collection, str, str2, str3, str4, str5);
    }

    public static SSLContext buildClientContext(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9) throws GeneralSecurityException, IOException {
        return buildContext(Collections.singletonList(new TrustStoreWrapper(str, str2, str3, Boolean.FALSE, str4)), str5, str6, str7, str8, str9);
    }

    private static SSLContext buildContext(Collection<TrustStoreWrapper> collection, String str, String str2, String str3, String str4, String str5) throws GeneralSecurityException, IOException {
        KeyManager[] keyManagerArr;
        SSLContext sSLContext = SSLContext.getInstance(TRANSPORT_LAYER_SECURITY_CODE);
        ArrayList arrayList = new ArrayList();
        QpidMultipleTrustManager qpidMultipleTrustManager = new QpidMultipleTrustManager();
        for (TrustStoreWrapper trustStoreWrapper : collection) {
            if (trustStoreWrapper.trustStorePath != null) {
                KeyStore initializedKeyStore = SSLUtil.getInitializedKeyStore(trustStoreWrapper.trustStorePath, trustStoreWrapper.trustStorePassword, trustStoreWrapper.trustStoreType);
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(trustStoreWrapper.trustManagerFactoryAlgorithm);
                trustManagerFactory.init(initializedKeyStore);
                for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                    if (!(trustManager instanceof X509TrustManager)) {
                        arrayList.add(trustManager);
                    } else if (Boolean.TRUE.equals(trustStoreWrapper.trustStorePeersOnly)) {
                        qpidMultipleTrustManager.addTrustManager(new QpidPeersOnlyTrustManager(initializedKeyStore, (X509TrustManager) trustManager));
                    } else {
                        qpidMultipleTrustManager.addTrustManager((X509TrustManager) trustManager);
                    }
                }
            }
        }
        if (!qpidMultipleTrustManager.isEmpty()) {
            arrayList.add(qpidMultipleTrustManager);
        }
        TrustManager[] trustManagerArr = arrayList.isEmpty() ? null : (TrustManager[]) arrayList.toArray(new TrustManager[arrayList.size()]);
        if (str == null) {
            keyManagerArr = null;
        } else if (str5 != null) {
            keyManagerArr = new KeyManager[]{new QpidClientX509KeyManager(str5, str, str3, str2, str4)};
        } else {
            KeyStore initializedKeyStore2 = SSLUtil.getInitializedKeyStore(str, str2, str3);
            char[] charArray = str2 == null ? null : str2.toCharArray();
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str4);
            keyManagerFactory.init(initializedKeyStore2, charArray);
            keyManagerArr = keyManagerFactory.getKeyManagers();
        }
        sSLContext.init(keyManagerArr, trustManagerArr, null);
        return sSLContext;
    }
}
