package com.palantir.conjure.java.config.ssl;

import com.google.common.base.Throwables;
import com.palantir.conjure.java.api.config.ssl.SslConfiguration;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import java.util.Optional;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/palantir/conjure/java/config/ssl/SslSocketFactories.class */
public final class SslSocketFactories {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.palantir.conjure.java.config.ssl.SslSocketFactories$1, reason: invalid class name */
    /* loaded from: input_file:com/palantir/conjure/java/config/ssl/SslSocketFactories$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$palantir$conjure$java$api$config$ssl$SslConfiguration$StoreType = new int[SslConfiguration.StoreType.values().length];

        static {
            try {
                $SwitchMap$com$palantir$conjure$java$api$config$ssl$SslConfiguration$StoreType[SslConfiguration.StoreType.JKS.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$palantir$conjure$java$api$config$ssl$SslConfiguration$StoreType[SslConfiguration.StoreType.PKCS12.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$palantir$conjure$java$api$config$ssl$SslConfiguration$StoreType[SslConfiguration.StoreType.PEM.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$palantir$conjure$java$api$config$ssl$SslConfiguration$StoreType[SslConfiguration.StoreType.PUPPET.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    private SslSocketFactories() {
    }

    public static SSLSocketFactory createSslSocketFactory(SslConfiguration sslConfiguration) {
        return createSslContext(sslConfiguration).getSocketFactory();
    }

    public static SSLSocketFactory createSslSocketFactory(Map<String, PemX509Certificate> map) {
        return createSslContext(map).getSocketFactory();
    }

    public static SSLContext createSslContext(SslConfiguration sslConfiguration) {
        TrustManager[] createTrustManagers = createTrustManagers(sslConfiguration);
        KeyManager[] keyManagerArr = null;
        if (sslConfiguration.keyStorePath().isPresent()) {
            keyManagerArr = createKeyManagerFactory((Path) sslConfiguration.keyStorePath().get(), (String) sslConfiguration.keyStorePassword().get(), sslConfiguration.keyStoreType(), sslConfiguration.keyStoreKeyAlias()).getKeyManagers();
        }
        return createSslContext(createTrustManagers, keyManagerArr);
    }

    public static SSLContext createSslContext(Map<String, PemX509Certificate> map) {
        return createSslContext(createTrustManagers(map), new KeyManager[0]);
    }

    private static SSLContext createSslContext(TrustManager[] trustManagerArr, KeyManager[] keyManagerArr) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            return sSLContext;
        } catch (GeneralSecurityException e) {
            throw Throwables.propagate(e);
        }
    }

    public static TrustManager[] createTrustManagers(SslConfiguration sslConfiguration) {
        return createTrustManagerFactory(sslConfiguration.trustStorePath(), sslConfiguration.trustStoreType()).getTrustManagers();
    }

    public static TrustManager[] createTrustManagers(Map<String, PemX509Certificate> map) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(KeyStores.createTrustStoreFromCertificates(map));
            return trustManagerFactory.getTrustManagers();
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw Throwables.propagate(e);
        }
    }

    public static TrustContext createTrustContext(SslConfiguration sslConfiguration) {
        return TrustContext.of(createSslSocketFactory(sslConfiguration), createX509TrustManager(sslConfiguration));
    }

    public static TrustContext createTrustContext(Map<String, PemX509Certificate> map) {
        return TrustContext.of(createSslSocketFactory(map), createX509TrustManager(map));
    }

    public static X509TrustManager createX509TrustManager(SslConfiguration sslConfiguration) {
        TrustManager trustManager = createTrustManagers(sslConfiguration)[0];
        if (trustManager instanceof X509TrustManager) {
            return (X509TrustManager) trustManager;
        }
        throw new RuntimeException(String.format("First TrustManager associated with SslConfiguration was expected to be a %s, but was a %s: %s", X509TrustManager.class.getSimpleName(), trustManager.getClass().getSimpleName(), sslConfiguration.trustStorePath()));
    }

    public static X509TrustManager createX509TrustManager(Map<String, PemX509Certificate> map) {
        TrustManager trustManager = createTrustManagers(map)[0];
        if (trustManager instanceof X509TrustManager) {
            return (X509TrustManager) trustManager;
        }
        throw new RuntimeException(String.format("First TrustManager associated with certificates was expected to be a %s, but was a %s", X509TrustManager.class.getSimpleName(), trustManager.getClass().getSimpleName()));
    }

    private static TrustManagerFactory createTrustManagerFactory(Path path, SslConfiguration.StoreType storeType) {
        KeyStore createTrustStoreFromCertificates;
        switch (AnonymousClass1.$SwitchMap$com$palantir$conjure$java$api$config$ssl$SslConfiguration$StoreType[storeType.ordinal()]) {
            case 1:
            case 2:
                createTrustStoreFromCertificates = KeyStores.loadKeyStore(storeType.name(), path, Optional.empty());
                break;
            case 3:
                createTrustStoreFromCertificates = KeyStores.createTrustStoreFromCertificates(path);
                break;
            case 4:
                Path resolve = path.resolve("certs");
                if (!resolve.toFile().isDirectory()) {
                    throw new IllegalStateException(String.format("Puppet certs directory did not exist at path \"%s\"", resolve));
                }
                createTrustStoreFromCertificates = KeyStores.createTrustStoreFromCertificates(resolve);
                break;
            default:
                throw new IllegalStateException("Unrecognized trust store type: " + storeType);
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(createTrustStoreFromCertificates);
            return trustManagerFactory;
        } catch (GeneralSecurityException e) {
            throw Throwables.propagate(e);
        }
    }

    private static KeyManagerFactory createKeyManagerFactory(Path path, String str, SslConfiguration.StoreType storeType, Optional<String> optional) {
        KeyStore createKeyStoreFromPemDirectories;
        switch (AnonymousClass1.$SwitchMap$com$palantir$conjure$java$api$config$ssl$SslConfiguration$StoreType[storeType.ordinal()]) {
            case 1:
            case 2:
                createKeyStoreFromPemDirectories = KeyStores.loadKeyStore(storeType.name(), path, Optional.of(str));
                break;
            case 3:
                createKeyStoreFromPemDirectories = KeyStores.createKeyStoreFromCombinedPems(path, str);
                break;
            case 4:
                createKeyStoreFromPemDirectories = KeyStores.createKeyStoreFromPemDirectories(path.resolve("private_keys"), ".pem", path.resolve("certs"), ".pem", str);
                break;
            default:
                throw new IllegalStateException("Unrecognized key store type: " + storeType);
        }
        if (optional.isPresent()) {
            createKeyStoreFromPemDirectories = KeyStores.newKeyStoreWithEntry(createKeyStoreFromPemDirectories, str, optional.get());
        }
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(createKeyStoreFromPemDirectories, str.toCharArray());
            return keyManagerFactory;
        } catch (GeneralSecurityException e) {
            throw Throwables.propagate(e);
        }
    }
}
