package com.datastax.oss.dsbulk.workflow.commons.ssl;

import ch.qos.logback.core.net.ssl.SSL;
import com.datastax.oss.driver.api.core.ssl.ProgrammaticSslEngineFactory;
import com.datastax.oss.driver.internal.core.ssl.JdkSslHandlerFactory;
import com.datastax.oss.driver.internal.core.ssl.SslHandlerFactory;
import com.datastax.oss.dsbulk.config.ConfigUtils;
import com.datastax.oss.dsbulk.io.IOUtils;
import com.typesafe.config.Config;
import edu.umd.cs.findbugs.annotations.Nullable;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.List;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:com/datastax/oss/dsbulk/workflow/commons/ssl/SslHandlerFactoryFactory.class */
public class SslHandlerFactoryFactory {
    @Nullable
    public static SslHandlerFactory createSslHandlerFactory(Config config) throws GeneralSecurityException, IOException {
        String string = config.getString("provider");
        String lowerCase = string.toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case -1263174782:
                if (lowerCase.equals("openssl")) {
                    z = 2;
                    break;
                }
                break;
            case 105073:
                if (lowerCase.equals("jdk")) {
                    z = true;
                    break;
                }
                break;
            case 3387192:
                if (lowerCase.equals("none")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return null;
            case true:
                return createJdkSslHandlerFactory(config);
            case true:
                return createNettySslHandlerFactory(config);
            default:
                throw new IllegalArgumentException(String.format("Invalid value for dsbulk.driver.ssl.provider, expecting None, JDK, or OpenSSL, got: '%s'", string));
        }
    }

    private static SslHandlerFactory createJdkSslHandlerFactory(Config config) throws GeneralSecurityException, IOException {
        KeyManagerFactory createKeyManagerFactory = createKeyManagerFactory(config);
        TrustManagerFactory createTrustManagerFactory = createTrustManagerFactory(config);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(createKeyManagerFactory != null ? createKeyManagerFactory.getKeyManagers() : null, createTrustManagerFactory != null ? createTrustManagerFactory.getTrustManagers() : null, new SecureRandom());
        List<String> stringList = config.getStringList("cipherSuites");
        return new JdkSslHandlerFactory(new ProgrammaticSslEngineFactory(sSLContext, stringList.isEmpty() ? null : (String[]) stringList.toArray(new String[0]), true));
    }

    private static SslHandlerFactory createNettySslHandlerFactory(Config config) throws GeneralSecurityException, IOException {
        if (config.hasPath("openssl.keyCertChain") != config.hasPath("openssl.privateKey")) {
            throw new IllegalArgumentException("Settings dsbulk.driver.ssl.openssl.keyCertChain and dsbulk.driver.ssl.openssl.privateKey must be provided together or not at all when using the OpenSSL provider");
        }
        SslContextBuilder trustManager = SslContextBuilder.forClient().sslProvider(SslProvider.OPENSSL).trustManager(createTrustManagerFactory(config));
        if (config.hasPath("openssl.keyCertChain")) {
            Path path = ConfigUtils.getPath(config, "openssl.keyCertChain");
            Path path2 = ConfigUtils.getPath(config, "openssl.privateKey");
            IOUtils.assertAccessibleFile(path, "OpenSSL key certificate chain file");
            IOUtils.assertAccessibleFile(path2, "OpenSSL private key file");
            trustManager.keyManager(new BufferedInputStream(new FileInputStream(path.toFile())), new BufferedInputStream(new FileInputStream(path2.toFile())));
        }
        List<String> stringList = config.getStringList("cipherSuites");
        if (!stringList.isEmpty()) {
            trustManager.ciphers(stringList);
        }
        return new NettySslHandlerFactory(trustManager.build());
    }

    private static TrustManagerFactory createTrustManagerFactory(Config config) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        if (config.hasPath("truststore.path") != config.hasPath("truststore.password")) {
            throw new IllegalArgumentException("Settings dsbulk.driver.ssl.truststore.path, dsbulk.driver.ssl.truststore.password and dsbulk.driver.ssl.truststore.algorithm must be provided together or not at all");
        }
        TrustManagerFactory trustManagerFactory = null;
        if (config.hasPath("truststore.path")) {
            Path path = ConfigUtils.getPath(config, "truststore.path");
            IOUtils.assertAccessibleFile(path, "SSL truststore file");
            String string = config.getString("truststore.password");
            String string2 = config.getString("truststore.algorithm");
            KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
            keyStore.load(new BufferedInputStream(new FileInputStream(path.toFile())), string.toCharArray());
            trustManagerFactory = TrustManagerFactory.getInstance(string2);
            trustManagerFactory.init(keyStore);
        }
        return trustManagerFactory;
    }

    private static KeyManagerFactory createKeyManagerFactory(Config config) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        if (config.hasPath("keystore.path") != config.hasPath("keystore.password")) {
            throw new IllegalArgumentException("Settings dsbulk.driver.ssl.keystore.path, dsbulk.driver.ssl.keystore.password and dsbulk.driver.ssl.keystore.algorithm must be provided together or not at all when using the JDK SSL provider");
        }
        KeyManagerFactory keyManagerFactory = null;
        if (config.hasPath("keystore.path")) {
            Path path = ConfigUtils.getPath(config, "keystore.path");
            IOUtils.assertAccessibleFile(path, "SSL keystore file");
            String string = config.getString("keystore.password");
            String string2 = config.getString("keystore.algorithm");
            KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
            keyStore.load(new BufferedInputStream(new FileInputStream(path.toFile())), string.toCharArray());
            keyManagerFactory = KeyManagerFactory.getInstance(string2);
            keyManagerFactory.init(keyStore, string.toCharArray());
        }
        return keyManagerFactory;
    }
}
