package org.springframework.boot.web.embedded.undertow;

import io.undertow.Undertow;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import net.sf.json.util.JSONUtils;
import org.springframework.boot.web.server.Ssl;
import org.springframework.boot.web.server.SslConfigurationValidator;
import org.springframework.boot.web.server.SslStoreProvider;
import org.springframework.boot.web.server.WebServerException;
import org.springframework.util.ResourceUtils;
import org.xnio.Options;
import org.xnio.Sequence;
import org.xnio.SslClientAuthMode;

/* loaded from: input_file:ingrid-iplug-opensearch-7.1.0/lib/spring-boot-2.7.17.jar:org/springframework/boot/web/embedded/undertow/SslBuilderCustomizer.class */
class SslBuilderCustomizer implements UndertowBuilderCustomizer {
    private final int port;
    private final InetAddress address;
    private final Ssl ssl;
    private final SslStoreProvider sslStoreProvider;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ingrid-iplug-opensearch-7.1.0/lib/spring-boot-2.7.17.jar:org/springframework/boot/web/embedded/undertow/SslBuilderCustomizer$ConfigurableAliasKeyManager.class */
    public static class ConfigurableAliasKeyManager extends X509ExtendedKeyManager {
        private final X509ExtendedKeyManager keyManager;
        private final String alias;

        ConfigurableAliasKeyManager(X509ExtendedKeyManager x509ExtendedKeyManager, String str) {
            this.keyManager = x509ExtendedKeyManager;
            this.alias = str;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
            return this.keyManager.chooseEngineClientAlias(strArr, principalArr, sSLEngine);
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
            return this.alias == null ? this.keyManager.chooseEngineServerAlias(str, principalArr, sSLEngine) : this.alias;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return this.keyManager.chooseClientAlias(strArr, principalArr, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return this.keyManager.chooseServerAlias(str, principalArr, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.keyManager.getCertificateChain(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return this.keyManager.getClientAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.keyManager.getPrivateKey(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return this.keyManager.getServerAliases(str, principalArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SslBuilderCustomizer(int i, InetAddress inetAddress, Ssl ssl, SslStoreProvider sslStoreProvider) {
        this.port = i;
        this.address = inetAddress;
        this.ssl = ssl;
        this.sslStoreProvider = sslStoreProvider;
    }

    @Override // org.springframework.boot.web.embedded.undertow.UndertowBuilderCustomizer
    public void customize(Undertow.Builder builder) {
        try {
            SSLContext sSLContext = SSLContext.getInstance(this.ssl.getProtocol());
            sSLContext.init(getKeyManagers(this.ssl, this.sslStoreProvider), getTrustManagers(this.ssl, this.sslStoreProvider), null);
            builder.addHttpsListener(this.port, getListenAddress(), sSLContext);
            builder.setSocketOption(Options.SSL_CLIENT_AUTH_MODE, getSslClientAuthMode(this.ssl));
            if (this.ssl.getEnabledProtocols() != null) {
                builder.setSocketOption(Options.SSL_ENABLED_PROTOCOLS, Sequence.of(this.ssl.getEnabledProtocols()));
            }
            if (this.ssl.getCiphers() != null) {
                builder.setSocketOption(Options.SSL_ENABLED_CIPHER_SUITES, Sequence.of(this.ssl.getCiphers()));
            }
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        }
    }

    private String getListenAddress() {
        return this.address == null ? "0.0.0.0" : this.address.getHostAddress();
    }

    private SslClientAuthMode getSslClientAuthMode(Ssl ssl) {
        return ssl.getClientAuth() == Ssl.ClientAuth.NEED ? SslClientAuthMode.REQUIRED : ssl.getClientAuth() == Ssl.ClientAuth.WANT ? SslClientAuthMode.REQUESTED : SslClientAuthMode.NOT_REQUESTED;
    }

    private KeyManager[] getKeyManagers(Ssl ssl, SslStoreProvider sslStoreProvider) {
        try {
            KeyStore keyStore = getKeyStore(ssl, sslStoreProvider);
            SslConfigurationValidator.validateKeyAlias(keyStore, ssl.getKeyAlias());
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            String keyPassword = sslStoreProvider != null ? sslStoreProvider.getKeyPassword() : null;
            if (keyPassword == null) {
                keyPassword = ssl.getKeyPassword() != null ? ssl.getKeyPassword() : ssl.getKeyStorePassword();
            }
            keyManagerFactory.init(keyStore, keyPassword != null ? keyPassword.toCharArray() : null);
            return ssl.getKeyAlias() != null ? getConfigurableAliasKeyManagers(ssl, keyManagerFactory.getKeyManagers()) : keyManagerFactory.getKeyManagers();
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    private KeyManager[] getConfigurableAliasKeyManagers(Ssl ssl, KeyManager[] keyManagerArr) {
        for (int i = 0; i < keyManagerArr.length; i++) {
            if (keyManagerArr[i] instanceof X509ExtendedKeyManager) {
                keyManagerArr[i] = new ConfigurableAliasKeyManager((X509ExtendedKeyManager) keyManagerArr[i], ssl.getKeyAlias());
            }
        }
        return keyManagerArr;
    }

    private KeyStore getKeyStore(Ssl ssl, SslStoreProvider sslStoreProvider) throws Exception {
        return sslStoreProvider != null ? sslStoreProvider.getKeyStore() : loadKeyStore(ssl.getKeyStoreType(), ssl.getKeyStoreProvider(), ssl.getKeyStore(), ssl.getKeyStorePassword());
    }

    private TrustManager[] getTrustManagers(Ssl ssl, SslStoreProvider sslStoreProvider) {
        try {
            KeyStore trustStore = getTrustStore(ssl, sslStoreProvider);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(trustStore);
            return trustManagerFactory.getTrustManagers();
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    private KeyStore getTrustStore(Ssl ssl, SslStoreProvider sslStoreProvider) throws Exception {
        return sslStoreProvider != null ? sslStoreProvider.getTrustStore() : loadTrustStore(ssl.getTrustStoreType(), ssl.getTrustStoreProvider(), ssl.getTrustStore(), ssl.getTrustStorePassword());
    }

    private KeyStore loadKeyStore(String str, String str2, String str3, String str4) throws Exception {
        return loadStore(str, str2, str3, str4);
    }

    private KeyStore loadTrustStore(String str, String str2, String str3, String str4) throws Exception {
        if (str3 == null) {
            return null;
        }
        return loadStore(str, str2, str3, str4);
    }

    private KeyStore loadStore(String str, String str2, String str3, String str4) throws Exception {
        char[] charArray;
        String str5 = str != null ? str : "JKS";
        KeyStore keyStore = str2 != null ? KeyStore.getInstance(str5, str2) : KeyStore.getInstance(str5);
        if (!str5.equalsIgnoreCase("PKCS11")) {
            try {
                InputStream openStream = ResourceUtils.getURL(str3).openStream();
                Throwable th = null;
                if (str4 != null) {
                    try {
                        try {
                            charArray = str4.toCharArray();
                        } finally {
                        }
                    } finally {
                    }
                } else {
                    charArray = null;
                }
                keyStore.load(openStream, charArray);
                if (openStream != null) {
                    if (0 != 0) {
                        try {
                            openStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        openStream.close();
                    }
                }
            } catch (Exception e) {
                throw new WebServerException("Could not load key store '" + str3 + JSONUtils.SINGLE_QUOTE, e);
            }
        } else {
            if (str3 != null && !str3.isEmpty()) {
                throw new IllegalArgumentException("Input keystore location is not valid for keystore type 'PKCS11': '" + str3 + "'. Must be undefined / null.");
            }
            keyStore.load(null, str4 != null ? str4.toCharArray() : null);
        }
        return keyStore;
    }
}
