package com.ghc.ssl;

import com.ghc.identity.AuthenticationManager;
import com.ghc.identity.IdentityStoreResource;
import com.ghc.security.nls.GHMessages;
import com.google.common.base.Throwables;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import javax.net.ssl.SSLContext;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:com/ghc/ssl/SslSettingsUtils.class */
public class SslSettingsUtils {
    private SslSettingsUtils() {
    }

    public static SSLContext createServerContext(AuthenticationManager authenticationManager, SslSettings sslSettings) {
        IdentityStoreResource generateCertificate;
        String str;
        if (sslSettings.getServerIdentityStoreId() == null) {
            try {
                generateCertificate = generateCertificate(authenticationManager.getCertificateGenerator());
                str = "pk";
            } catch (Exception e) {
                throw Throwables.propagate(e);
            }
        } else {
            generateCertificate = getStore(authenticationManager, sslSettings.getServerIdentityStoreId());
            if (generateCertificate == null) {
                throw new SSLConfigurationException(GHMessages.SslSettingsUtils_identityNotFound);
            }
            str = sslSettings.getServerKeyAlias();
            if (StringUtils.isBlank(str)) {
                throw new SSLConfigurationException(GHMessages.SslSettingsUtils_keyNotconfigured);
            }
        }
        IdentityStoreResource identityStoreResource = null;
        if (sslSettings.getServerTrustStoreId() != null) {
            identityStoreResource = getStore(authenticationManager, sslSettings.getServerTrustStoreId());
            if (identityStoreResource == null) {
                throw new SSLConfigurationException(GHMessages.SslSettingsUtils_trustStoreNotFound);
            }
        }
        return createContext(SSLUtils.splitProtocolList(sslSettings.getSslProtocolOverride(), ';'), null, generateCertificate, str, identityStoreResource);
    }

    public static SSLContext createClientContext(AuthenticationManager authenticationManager, SslSettings sslSettings, String str) {
        IdentityStoreResource identityStoreResource = null;
        IdentityStoreResource identityStoreResource2 = null;
        if (sslSettings.getClientIdentityStoreId() != null) {
            identityStoreResource = getStore(authenticationManager, sslSettings.getClientIdentityStoreId());
            if (identityStoreResource == null) {
                throw new SSLConfigurationException(GHMessages.SslSettingsUtils_clientIdentStoreNotFound);
            }
        }
        if (sslSettings.getClientTrustStoreId() != null) {
            identityStoreResource2 = getStore(authenticationManager, sslSettings.getClientTrustStoreId());
            if (identityStoreResource2 == null) {
                throw new SSLConfigurationException(GHMessages.SslSettingsUtils_clientTrustStoreNotFound);
            }
        }
        return createContext(SSLUtils.splitProtocolList(sslSettings.getSslProtocolOverride(), ';'), str, identityStoreResource, null, identityStoreResource2);
    }

    private static SSLContext createContext(Iterable<String> iterable, String str, IdentityStoreResource identityStoreResource, String str2, IdentityStoreResource identityStoreResource2) {
        return SSLUtils.createSecureContext(iterable, str, str2 != null, identityStoreResource, str2, identityStoreResource2 != null, identityStoreResource2, identityStoreResource2 != null, identityStoreResource2 != null);
    }

    public static IdentityStoreResource getStore(AuthenticationManager authenticationManager, String str) {
        if (str == null) {
            throw new NullPointerException(GHMessages.SslSettingsUtils_idNotNull);
        }
        return authenticationManager.getIdentityStore(str);
    }

    private static IdentityStoreResource generateCertificate(X509CertificateGenerator x509CertificateGenerator) throws GeneralSecurityException, IOException {
        KeyStore generate = CertificateKeyStoreGenerator.generate(x509CertificateGenerator, "passphrase".toCharArray());
        KeyIdStore keyIdStore = new KeyIdStore();
        keyIdStore.setKeyStore(generate);
        keyIdStore.initialiseIdentityObjects();
        keyIdStore.setPassword("passphrase");
        keyIdStore.getIdentityObject("pk").setPassword("passphrase");
        return keyIdStore;
    }
}
