package io.kroxylicious.proxy.config.tls;

import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.Objects;
import java.util.Optional;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:io/kroxylicious/proxy/config/tls/NettyTrustProvider.class */
public class NettyTrustProvider {
    public static final String HTTPS_HOSTNAME_VERIFICATION = "HTTPS";
    private final TrustProvider trustProvider;

    /* renamed from: io.kroxylicious.proxy.config.tls.NettyTrustProvider$2, reason: invalid class name */
    /* loaded from: input_file:io/kroxylicious/proxy/config/tls/NettyTrustProvider$2.class */
    static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$io$kroxylicious$proxy$config$tls$TlsClientAuth = new int[TlsClientAuth.values().length];

        static {
            try {
                $SwitchMap$io$kroxylicious$proxy$config$tls$TlsClientAuth[TlsClientAuth.REQUIRED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$kroxylicious$proxy$config$tls$TlsClientAuth[TlsClientAuth.REQUESTED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$kroxylicious$proxy$config$tls$TlsClientAuth[TlsClientAuth.NONE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public NettyTrustProvider(TrustProvider trustProvider) {
        this.trustProvider = trustProvider;
    }

    public SslContextBuilder apply(final SslContextBuilder sslContextBuilder) {
        return (SslContextBuilder) this.trustProvider.accept(new TrustProviderVisitor<SslContextBuilder>() { // from class: io.kroxylicious.proxy.config.tls.NettyTrustProvider.1
            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public SslContextBuilder m8visit(TrustStore trustStore) {
                try {
                    enableHostnameVerification();
                    enableClientAuth(trustStore);
                    if (trustStore.isPemType()) {
                        return sslContextBuilder.trustManager(new File(trustStore.storeFile()));
                    }
                    FileInputStream fileInputStream = new FileInputStream(trustStore.storeFile());
                    try {
                        char[] cArr = (char[]) Optional.ofNullable(trustStore.storePasswordProvider()).map((v0) -> {
                            return v0.getProvidedPassword();
                        }).map((v0) -> {
                            return v0.toCharArray();
                        }).orElse(null);
                        KeyStore keyStore = KeyStore.getInstance(trustStore.getType());
                        keyStore.load(fileInputStream, cArr);
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory.init(keyStore);
                        SslContextBuilder trustManager = sslContextBuilder.trustManager(trustManagerFactory);
                        fileInputStream.close();
                        return trustManager;
                    } finally {
                    }
                } catch (Exception e) {
                    throw new SslContextBuildException("Error building SSLContext for TrustStore: " + String.valueOf(trustStore), e);
                }
            }

            private void enableClientAuth(TrustStore trustStore) {
                Optional ofNullable = Optional.ofNullable(trustStore.trustOptions());
                Class<ServerOptions> cls = ServerOptions.class;
                Objects.requireNonNull(ServerOptions.class);
                Optional filter = ofNullable.filter((v1) -> {
                    return r1.isInstance(v1);
                });
                Class<ServerOptions> cls2 = ServerOptions.class;
                Objects.requireNonNull(ServerOptions.class);
                Optional map = filter.map((v1) -> {
                    return r1.cast(v1);
                }).map((v0) -> {
                    return v0.clientAuth();
                }).map(NettyTrustProvider::toNettyClientAuth);
                SslContextBuilder sslContextBuilder2 = sslContextBuilder;
                Objects.requireNonNull(sslContextBuilder2);
                map.ifPresent(sslContextBuilder2::clientAuth);
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public SslContextBuilder m7visit(InsecureTls insecureTls) {
                try {
                    if (insecureTls.insecure()) {
                        disableHostnameVerification();
                        return sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
                    }
                    enableHostnameVerification();
                    return sslContextBuilder;
                } catch (Exception e) {
                    throw new SslContextBuildException("Error building SSLContext for InsecureTls: " + String.valueOf(insecureTls), e);
                }
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public SslContextBuilder m6visit(PlatformTrustProvider platformTrustProvider) {
                enableHostnameVerification();
                return sslContextBuilder;
            }

            private void enableHostnameVerification() {
                setEndpointAlgorithm(NettyTrustProvider.HTTPS_HOSTNAME_VERIFICATION);
            }

            private void disableHostnameVerification() {
                setEndpointAlgorithm(null);
            }

            private void setEndpointAlgorithm(@Nullable String str) {
                sslContextBuilder.endpointIdentificationAlgorithm(str);
            }
        });
    }

    @NonNull
    private static ClientAuth toNettyClientAuth(TlsClientAuth tlsClientAuth) {
        switch (AnonymousClass2.$SwitchMap$io$kroxylicious$proxy$config$tls$TlsClientAuth[tlsClientAuth.ordinal()]) {
            case 1:
                return ClientAuth.REQUIRE;
            case 2:
                return ClientAuth.OPTIONAL;
            case 3:
                return ClientAuth.NONE;
            default:
                throw new IncompatibleClassChangeError();
        }
    }
}
