package com.datarobot.mlops.common.spooler.rabbitmq;

import com.datarobot.mlops.common.exceptions.DRCommonException;
import java.io.FileReader;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMDecryptorProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;

/* loaded from: input_file:com/datarobot/mlops/common/spooler/rabbitmq/SSLContextBuilder.class */
public class SSLContextBuilder {
    private static final String PROVIDER = "BC";

    private static X509Certificate loadCertificate(String str) throws DRCommonException {
        JcaX509CertificateConverter provider = new JcaX509CertificateConverter().setProvider("BC");
        try {
            PEMParser pEMParser = new PEMParser(new FileReader(str));
            X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) pEMParser.readObject();
            pEMParser.close();
            return provider.getCertificate(x509CertificateHolder);
        } catch (IOException | CertificateException e) {
            throw new DRCommonException("Failed to load certificate '" + str + "' - " + e.getMessage());
        }
    }

    private static KeyPair loadKeyFile(String str, String str2) throws DRCommonException {
        try {
            PEMParser pEMParser = new PEMParser(new FileReader(str));
            Object readObject = pEMParser.readObject();
            pEMParser.close();
            PEMDecryptorProvider build = new JcePEMDecryptorProviderBuilder().build(str2.toCharArray());
            JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
            return readObject instanceof PEMEncryptedKeyPair ? provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(build)) : provider.getKeyPair((PEMKeyPair) readObject);
        } catch (IOException e) {
            throw new DRCommonException("Failed to load key file '" + str + "' - " + e.getMessage());
        }
    }

    private static KeyManagerFactory buildKeyManagerFromCert(X509Certificate x509Certificate, KeyPair keyPair, String str) throws DRCommonException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setCertificateEntry("certificate", x509Certificate);
            keyStore.setKeyEntry("private-key", keyPair.getPrivate(), str.toCharArray(), new Certificate[]{x509Certificate});
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, str.toCharArray());
            return keyManagerFactory;
        } catch (Exception e) {
            throw new DRCommonException("Failed to build ssl key manager - " + e.getMessage());
        }
    }

    private static TrustManagerFactory buildTrustManagerFromCertificate(X509Certificate x509Certificate) throws DRCommonException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setCertificateEntry("ca-certificate", x509Certificate);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory;
        } catch (Exception e) {
            throw new DRCommonException("Failed to build ssl trust manager - " + e.getMessage());
        }
    }

    public static SSLContext buildContextFromCertificates(String str, String str2, String str3, String str4, String str5) throws DRCommonException {
        Security.addProvider(new BouncyCastleProvider());
        X509Certificate loadCertificate = loadCertificate(str2);
        X509Certificate loadCertificate2 = loadCertificate(str3);
        KeyPair loadKeyFile = loadKeyFile(str4, str);
        TrustManagerFactory buildTrustManagerFromCertificate = buildTrustManagerFromCertificate(loadCertificate);
        KeyManagerFactory buildKeyManagerFromCert = buildKeyManagerFromCert(loadCertificate2, loadKeyFile, str);
        try {
            SSLContext sSLContext = SSLContext.getInstance(str5);
            sSLContext.init(buildKeyManagerFromCert.getKeyManagers(), buildTrustManagerFromCertificate.getTrustManagers(), null);
            return sSLContext;
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new DRCommonException("Failed to build ssl context - " + e.getMessage());
        }
    }
}
