package org.springframework.boot.web.embedded.netty;

import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContextBuilder;
import java.security.KeyStore;
import java.util.Arrays;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import org.apache.logging.log4j.core.net.ssl.SslConfigurationDefaults;
import org.springframework.boot.web.server.Ssl;
import org.springframework.boot.web.server.SslStoreProvider;
import org.springframework.util.ResourceUtils;
import reactor.ipc.netty.http.server.HttpServerOptions;

/* loaded from: input_file:BOOT-INF/lib/spring-boot-2.0.2.RELEASE.jar:org/springframework/boot/web/embedded/netty/SslServerCustomizer.class */
public class SslServerCustomizer implements NettyServerCustomizer {
    private final Ssl ssl;
    private final SslStoreProvider sslStoreProvider;

    public SslServerCustomizer(Ssl ssl, SslStoreProvider sslStoreProvider) {
        this.ssl = ssl;
        this.sslStoreProvider = sslStoreProvider;
    }

    @Override // org.springframework.boot.web.embedded.netty.NettyServerCustomizer
    public void customize(HttpServerOptions.Builder builder) {
        SslContextBuilder trustManager = SslContextBuilder.forServer(getKeyManagerFactory(this.ssl, this.sslStoreProvider)).trustManager(getTrustManagerFactory(this.ssl, this.sslStoreProvider));
        if (this.ssl.getEnabledProtocols() != null) {
            trustManager.protocols(this.ssl.getEnabledProtocols());
        }
        if (this.ssl.getCiphers() != null) {
            trustManager = trustManager.ciphers(Arrays.asList(this.ssl.getCiphers()));
        }
        if (this.ssl.getClientAuth() == Ssl.ClientAuth.NEED) {
            trustManager = trustManager.clientAuth(ClientAuth.REQUIRE);
        } else if (this.ssl.getClientAuth() == Ssl.ClientAuth.WANT) {
            trustManager = trustManager.clientAuth(ClientAuth.OPTIONAL);
        }
        try {
            builder.sslContext(trustManager.build());
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    protected KeyManagerFactory getKeyManagerFactory(Ssl ssl, SslStoreProvider sslStoreProvider) {
        try {
            KeyStore keyStore = getKeyStore(ssl, sslStoreProvider);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            char[] charArray = ssl.getKeyPassword() != null ? ssl.getKeyPassword().toCharArray() : null;
            if (charArray == null && ssl.getKeyStorePassword() != null) {
                charArray = ssl.getKeyStorePassword().toCharArray();
            }
            keyManagerFactory.init(keyStore, charArray);
            return keyManagerFactory;
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    private KeyStore getKeyStore(Ssl ssl, SslStoreProvider sslStoreProvider) throws Exception {
        return sslStoreProvider != null ? sslStoreProvider.getKeyStore() : loadKeyStore(ssl.getKeyStoreType(), ssl.getKeyStore(), ssl.getKeyStorePassword());
    }

    protected TrustManagerFactory getTrustManagerFactory(Ssl ssl, SslStoreProvider sslStoreProvider) {
        try {
            KeyStore trustStore = getTrustStore(ssl, sslStoreProvider);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(trustStore);
            return trustManagerFactory;
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    private KeyStore getTrustStore(Ssl ssl, SslStoreProvider sslStoreProvider) throws Exception {
        return sslStoreProvider != null ? sslStoreProvider.getTrustStore() : loadKeyStore(ssl.getTrustStoreType(), ssl.getTrustStore(), ssl.getTrustStorePassword());
    }

    private KeyStore loadKeyStore(String str, String str2, String str3) throws Exception {
        String str4 = str != null ? str : SslConfigurationDefaults.KEYSTORE_TYPE;
        if (str2 == null) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance(str4);
        keyStore.load(ResourceUtils.getURL(str2).openStream(), str3 != null ? str3.toCharArray() : null);
        return keyStore;
    }
}
