package io.jooby;

import ch.qos.logback.core.net.ssl.SSL;
import com.typesafe.config.Config;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import java.io.Closeable;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.InvalidPathException;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.SSLContext;

/* loaded from: input_file:io/jooby/SslOptions.class */
public final class SslOptions implements Closeable {
    public static final String TLS_V1_2 = "TLSv1.2";
    public static final String TLS_V1_3 = "TLSv1.3";
    public static final String X509 = "X509";
    public static final String PKCS12 = "PKCS12";
    private String password;
    private InputStream cert;
    private InputStream trustCert;
    private String trustPassword;
    private InputStream privateKey;
    private SSLContext sslContext;
    private String type = PKCS12;
    private ClientAuth clientAuth = ClientAuth.NONE;
    private List<String> protocol = Arrays.asList(TLS_V1_3, TLS_V1_2);

    /* loaded from: input_file:io/jooby/SslOptions$ClientAuth.class */
    public enum ClientAuth {
        NONE,
        REQUESTED,
        REQUIRED
    }

    public String getType() {
        return this.type;
    }

    @NonNull
    public SslOptions setType(@NonNull String str) {
        this.type = str;
        return this;
    }

    @NonNull
    public InputStream getCert() {
        return this.cert;
    }

    @NonNull
    public SslOptions setCert(@NonNull InputStream inputStream) {
        this.cert = inputStream;
        return this;
    }

    @Nullable
    public InputStream getTrustCert() {
        return this.trustCert;
    }

    @NonNull
    public SslOptions setTrustCert(@Nullable InputStream inputStream) {
        this.trustCert = inputStream;
        return this;
    }

    @Nullable
    public String getTrustPassword() {
        return this.trustPassword;
    }

    @NonNull
    public SslOptions setTrustPassword(@Nullable String str) {
        this.trustPassword = str;
        return this;
    }

    @Nullable
    public InputStream getPrivateKey() {
        return this.privateKey;
    }

    @NonNull
    public SslOptions setPrivateKey(@Nullable InputStream inputStream) {
        this.privateKey = inputStream;
        return this;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        List<InputStream> list = (List) Stream.of((Object[]) new InputStream[]{this.cert, this.trustCert, this.privateKey}).collect(Collectors.toList());
        for (InputStream inputStream : list) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e) {
                }
            }
        }
        list.clear();
        this.cert = null;
        this.trustCert = null;
        this.privateKey = null;
    }

    @NonNull
    public SslOptions setPassword(@Nullable String str) {
        this.password = str;
        return this;
    }

    @Nullable
    public String getPassword() {
        return this.password;
    }

    @NonNull
    public static InputStream getResource(@NonNull String str) {
        Stream empty;
        try {
            Path path = Paths.get(str, new String[0]);
            if (Files.exists(path, new LinkOption[0])) {
                empty = Stream.of(path);
            } else {
                try {
                    empty = Stream.of(Paths.get(System.getProperty("user.dir"), str));
                } catch (InvalidPathException e) {
                    empty = Stream.empty();
                }
            }
            InputStream inputStream = (InputStream) empty.map(path2 -> {
                return path2.normalize().toAbsolutePath();
            }).filter(path3 -> {
                return Files.exists(path3, new LinkOption[0]);
            }).findFirst().map(SneakyThrows.throwingFunction(path4 -> {
                return Files.newInputStream(path4, new OpenOption[0]);
            })).orElseGet(() -> {
                return SslOptions.class.getClassLoader().getResourceAsStream(str.startsWith("/") ? str.substring(1) : str);
            });
            if (inputStream == null) {
                throw new FileNotFoundException(str);
            }
            return inputStream;
        } catch (IOException e2) {
            throw SneakyThrows.propagate(e2);
        }
    }

    @NonNull
    public ClientAuth getClientAuth() {
        return this.clientAuth;
    }

    @NonNull
    public SslOptions setClientAuth(@NonNull ClientAuth clientAuth) {
        this.clientAuth = clientAuth;
        return this;
    }

    @NonNull
    public List<String> getProtocol() {
        return this.protocol;
    }

    @NonNull
    public SslOptions setProtocol(@NonNull String... strArr) {
        return setProtocol(Arrays.asList(strArr));
    }

    @NonNull
    public SslOptions setProtocol(@NonNull List<String> list) {
        this.protocol = list;
        return this;
    }

    @Nullable
    public SSLContext getSslContext() {
        return this.sslContext;
    }

    public void setSslContext(@Nullable SSLContext sSLContext) {
        this.sslContext = sSLContext;
    }

    public String toString() {
        return this.type;
    }

    @NonNull
    public static SslOptions x509(@NonNull String str, @NonNull String str2) {
        return x509(str, str2, null);
    }

    @NonNull
    public static SslOptions x509(@NonNull String str, @NonNull String str2, @Nullable String str3) {
        SslOptions sslOptions = new SslOptions();
        sslOptions.setType(X509);
        sslOptions.setPrivateKey(getResource(str2));
        sslOptions.setCert(getResource(str));
        sslOptions.setPassword(str3);
        return sslOptions;
    }

    public static SslOptions pkcs12(@NonNull String str, @NonNull String str2) {
        SslOptions sslOptions = new SslOptions();
        sslOptions.setType(PKCS12);
        sslOptions.setCert(getResource(str));
        sslOptions.setPassword(str2);
        return sslOptions;
    }

    public static SslOptions selfSigned() {
        return selfSigned(PKCS12);
    }

    public static SslOptions selfSigned(String str) {
        String upperCase = str.toUpperCase();
        boolean z = -1;
        switch (upperCase.hashCode()) {
            case -1933293812:
                if (upperCase.equals(PKCS12)) {
                    z = false;
                    break;
                }
                break;
            case 2674086:
                if (upperCase.equals(X509)) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return pkcs12("io/jooby/ssl/localhost.p12", SSL.DEFAULT_KEYSTORE_PASSWORD);
            case true:
                return x509("io/jooby/ssl/localhost.crt", "io/jooby/ssl/localhost.key");
            default:
                throw new UnsupportedOperationException("SSL type: " + str);
        }
    }

    @NonNull
    public static Optional<SslOptions> from(@NonNull Config config) {
        return from(config, "server.ssl", "ssl");
    }

    @NonNull
    public static Optional<SslOptions> from(@NonNull Config config, String... strArr) {
        Stream of = Stream.of((Object[]) strArr);
        Objects.requireNonNull(config);
        return of.filter(config::hasPath).findFirst().map(str -> {
            SslOptions sslOptions;
            String upperCase = config.hasPath(str + ".type") ? config.getString(str + ".type").toUpperCase() : PKCS12;
            if (upperCase.equalsIgnoreCase("self-signed")) {
                sslOptions = selfSigned();
            } else {
                sslOptions = new SslOptions();
                sslOptions.setType(upperCase);
                if (X509.equalsIgnoreCase(upperCase)) {
                    sslOptions.setCert(getResource(config.getString(str + ".cert")));
                    sslOptions.setPrivateKey(getResource(config.getString(str + ".key")));
                    if (config.hasPath(str + ".password")) {
                        sslOptions.setPassword(config.getString(str + ".password"));
                    }
                } else {
                    if (!upperCase.equalsIgnoreCase(PKCS12)) {
                        throw new UnsupportedOperationException("SSL type: " + upperCase);
                    }
                    sslOptions.setCert(getResource(config.getString(str + ".cert")));
                    sslOptions.setPassword(config.getString(str + ".password"));
                }
            }
            if (config.hasPath(str + ".clientAuth")) {
                sslOptions.setClientAuth(ClientAuth.valueOf(config.getString(str + ".clientAuth").toUpperCase()));
            }
            if (config.hasPath(str + ".trust.cert")) {
                sslOptions.setTrustCert(getResource(config.getString(str + ".trust.cert")));
            }
            if (config.hasPath(str + ".trust.password")) {
                sslOptions.setTrustPassword(config.getString(str + ".trust.password"));
            }
            if (config.hasPath(str + ".protocol")) {
                Object anyRef = config.getAnyRef(str + ".protocol");
                if (anyRef instanceof List) {
                    sslOptions.setProtocol((List<String>) anyRef);
                } else {
                    sslOptions.setProtocol(anyRef.toString());
                }
            }
            return sslOptions;
        });
    }
}
