package com.vesoft.nebula.util;

import com.vesoft.nebula.client.graph.data.CASignedSSLParam;
import com.vesoft.nebula.client.graph.data.SelfSignedSSLParam;
import java.io.FileReader;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMDecryptorProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/vesoft/nebula/util/SslUtil.class */
public class SslUtil {
    private static final Logger LOGGER = LoggerFactory.getLogger(SslUtil.class);
    private static TrustManager[] trustManagers;

    public static SSLSocketFactory getSSLSocketFactoryWithCA(CASignedSSLParam cASignedSSLParam) {
        String caCrtFilePath = cASignedSSLParam.getCaCrtFilePath();
        String crtFilePath = cASignedSSLParam.getCrtFilePath();
        String keyFilePath = cASignedSSLParam.getKeyFilePath();
        try {
            Security.addProvider(new BouncyCastleProvider());
            PEMParser pEMParser = null;
            try {
                pEMParser = new PEMParser(new FileReader(keyFilePath));
                Object readObject = pEMParser.readObject();
                if (pEMParser != null) {
                    pEMParser.close();
                }
                PEMDecryptorProvider build = new JcePEMDecryptorProviderBuilder().build("".toCharArray());
                JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
                KeyPair keyPair = readObject instanceof PEMEncryptedKeyPair ? provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(build)) : provider.getKeyPair((PEMKeyPair) readObject);
                try {
                    pEMParser = new PEMParser(new FileReader(caCrtFilePath));
                    X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) pEMParser.readObject();
                    if (pEMParser != null) {
                        pEMParser.close();
                    }
                    JcaX509CertificateConverter provider2 = new JcaX509CertificateConverter().setProvider("BC");
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    X509Certificate certificate = provider2.getCertificate(x509CertificateHolder);
                    keyStore.load(null, null);
                    keyStore.setCertificateEntry("ca-certificate", certificate);
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(keyStore);
                    try {
                        pEMParser = new PEMParser(new FileReader(crtFilePath));
                        X509CertificateHolder x509CertificateHolder2 = (X509CertificateHolder) pEMParser.readObject();
                        if (pEMParser != null) {
                            pEMParser.close();
                        }
                        KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
                        X509Certificate certificate2 = provider2.getCertificate(x509CertificateHolder2);
                        keyStore2.load(null, null);
                        keyStore2.setCertificateEntry("certificate", certificate2);
                        keyStore2.setKeyEntry("private-key", keyPair.getPrivate(), "".toCharArray(), new Certificate[]{certificate2});
                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                        keyManagerFactory.init(keyStore2, "".toCharArray());
                        SSLContext sSLContext = SSLContext.getInstance("TLSv1.3");
                        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
                        trustManagers = trustManagerFactory.getTrustManagers();
                        return sSLContext.getSocketFactory();
                    } finally {
                        if (pEMParser != null) {
                            pEMParser.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            LOGGER.error(e.getMessage());
            return null;
        }
    }

    public static SSLSocketFactory getSSLSocketFactoryWithoutCA(SelfSignedSSLParam selfSignedSSLParam) {
        String crtFilePath = selfSignedSSLParam.getCrtFilePath();
        String keyFilePath = selfSignedSSLParam.getKeyFilePath();
        String password = selfSignedSSLParam.getPassword();
        try {
            Security.addProvider(new BouncyCastleProvider());
            PEMParser pEMParser = null;
            try {
                pEMParser = new PEMParser(new FileReader(keyFilePath));
                Object readObject = pEMParser.readObject();
                if (pEMParser != null) {
                    pEMParser.close();
                }
                PEMDecryptorProvider build = new JcePEMDecryptorProviderBuilder().build(password.toCharArray());
                JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
                KeyPair keyPair = readObject instanceof PEMEncryptedKeyPair ? provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(build)) : provider.getKeyPair((PEMKeyPair) readObject);
                JcaX509CertificateConverter provider2 = new JcaX509CertificateConverter().setProvider("BC");
                try {
                    pEMParser = new PEMParser(new FileReader(crtFilePath));
                    X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) pEMParser.readObject();
                    if (pEMParser != null) {
                        pEMParser.close();
                    }
                    X509Certificate certificate = provider2.getCertificate(x509CertificateHolder);
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    System.out.println(keyStore);
                    keyStore.load(null, null);
                    keyStore.setCertificateEntry("certificate", certificate);
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(keyStore);
                    KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore2.load(null, null);
                    keyStore2.setCertificateEntry("certificate", certificate);
                    keyStore2.setKeyEntry("private-key", keyPair.getPrivate(), password.toCharArray(), new Certificate[]{certificate});
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore2, password.toCharArray());
                    SSLContext sSLContext = SSLContext.getInstance("TLSv1.3");
                    sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
                    trustManagers = trustManagerFactory.getTrustManagers();
                    return sSLContext.getSocketFactory();
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            LOGGER.error(e.getMessage());
            throw new RuntimeException(e);
        }
    }

    public static TrustManager[] getTrustManagers() {
        return trustManagers;
    }
}
