package io.nosqlbench.engine.api.util;

import io.nosqlbench.engine.api.activityimpl.ActivityDef;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import java.util.Optional;
import java.util.regex.Pattern;
import javax.net.ServerSocketFactory;
import javax.net.SocketFactory;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:io/nosqlbench/engine/api/util/SSLKsFactory.class */
public class SSLKsFactory {
    private static final Logger logger = LogManager.getLogger(SSLKsFactory.class);
    private static final SSLKsFactory instance = new SSLKsFactory();
    private static final Pattern CERT_PATTERN = Pattern.compile("-+BEGIN\\s+.*CERTIFICATE[^-]*-+(?:\\s|\\r|\\n)+([a-z0-9+/=\\r\\n]+)-+END\\s+.*CERTIFICATE[^-]*-+", 2);
    private static final Pattern KEY_PATTERN = Pattern.compile("-+BEGIN\\s+.*PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+([a-z0-9+/=\\r\\n]+)-+END\\s+.*PRIVATE\\s+KEY[^-]*-+", 2);

    private SSLKsFactory() {
    }

    public static SSLKsFactory get() {
        return instance;
    }

    public ServerSocketFactory createSSLServerSocketFactory(ActivityDef activityDef) {
        SSLContext context = getContext(activityDef);
        if (context == null) {
            throw new IllegalArgumentException("SSL is not enabled.");
        }
        return context.getServerSocketFactory();
    }

    public SocketFactory createSocketFactory(ActivityDef activityDef) {
        SSLContext context = getContext(activityDef);
        if (context == null) {
            throw new IllegalArgumentException("SSL is not enabled.");
        }
        return context.getSocketFactory();
    }

    public SSLContext getContext(ActivityDef activityDef) {
        KeyStore keyStore;
        KeyStore keyStore2;
        Optional<String> optionalString = activityDef.getParams().getOptionalString("ssl");
        if (!optionalString.isPresent()) {
            return null;
        }
        String orElse = activityDef.getParams().getOptionalString("tlsversion").orElse("TLSv1.2");
        char[] cArr = null;
        if (optionalString.get().equals("jdk") || optionalString.get().equals("true")) {
            if (optionalString.get().equals("true")) {
                logger.warn("Please update your 'ssl=true' parameter to 'ssl=jdk'");
            }
            char[] cArr2 = (char[]) activityDef.getParams().getOptionalString("kspass").map((v0) -> {
                return v0.toCharArray();
            }).orElse(null);
            cArr = (char[]) activityDef.getParams().getOptionalString("keyPassword").map((v0) -> {
                return v0.toCharArray();
            }).orElse(cArr2);
            keyStore = (KeyStore) activityDef.getParams().getOptionalString("keystore").map(str -> {
                try {
                    return KeyStore.getInstance(new File(str), cArr2);
                } catch (Exception e) {
                    throw new RuntimeException("Unable to load the keystore. Please check.", e);
                }
            }).orElse(null);
            keyStore2 = (KeyStore) activityDef.getParams().getOptionalString("truststore").map(str2 -> {
                try {
                    return KeyStore.getInstance(new File(str2), (char[]) activityDef.getParams().getOptionalString("tspass").map((v0) -> {
                        return v0.toCharArray();
                    }).orElse(null));
                } catch (Exception e) {
                    throw new RuntimeException("Unable to load the truststore. Please check.", e);
                }
            }).orElse(null);
        } else {
            if (!optionalString.get().equals("openssl")) {
                throw new RuntimeException("The 'ssl' parameter must have one of jdk, or openssl");
            }
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                keyStore = KeyStore.getInstance("JKS");
                keyStore.load(null, null);
                Certificate certificate = (Certificate) activityDef.getParams().getOptionalString("certFilePath").map(str3 -> {
                    try {
                        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(loadCertFromPem(new File(str3)));
                        try {
                            Certificate generateCertificate = certificateFactory.generateCertificate(byteArrayInputStream);
                            byteArrayInputStream.close();
                            return generateCertificate;
                        } finally {
                        }
                    } catch (Exception e) {
                        throw new RuntimeException(String.format("Unable to load cert from %s. Please check.", str3), e);
                    }
                }).orElse(null);
                if (certificate != null) {
                    keyStore.setCertificateEntry("certFile", certificate);
                }
                File file = (File) activityDef.getParams().getOptionalString("keyFilePath").map(File::new).orElse(null);
                if (file != null) {
                    try {
                        cArr = (char[]) activityDef.getParams().getOptionalString("keyPassword").map((v0) -> {
                            return v0.toCharArray();
                        }).orElse("temp_key_password".toCharArray());
                        keyStore.setKeyEntry("key", KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(loadKeyFromPem(file))), cArr, certificate != null ? new Certificate[]{certificate} : null);
                    } catch (Exception e) {
                        throw new RuntimeException(String.format("Unable to load key from %s. Please check.", file), e);
                    }
                }
                keyStore2 = (KeyStore) activityDef.getParams().getOptionalString("caCertFilePath").map(str4 -> {
                    try {
                        FileInputStream fileInputStream = new FileInputStream(new File(str4));
                        try {
                            KeyStore keyStore3 = KeyStore.getInstance("JKS");
                            keyStore3.load(null, null);
                            keyStore3.setCertificateEntry("caCertFile", certificateFactory.generateCertificate(fileInputStream));
                            fileInputStream.close();
                            return keyStore3;
                        } finally {
                        }
                    } catch (Exception e2) {
                        throw new RuntimeException(String.format("Unable to load caCert from %s. Please check.", str4), e2);
                    }
                }).orElse(null);
            } catch (RuntimeException e2) {
                throw e2;
            } catch (Exception e3) {
                throw new RuntimeException(e3);
            }
        }
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, cArr);
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore2 != null ? keyStore2 : keyStore);
                try {
                    SSLContext sSLContext = SSLContext.getInstance(orElse);
                    sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
                    return sSLContext;
                } catch (Exception e4) {
                    throw new RuntimeException(e4);
                }
            } catch (Exception e5) {
                throw new RuntimeException("Unable to init TrustManagerFactory. Please check.", e5);
            }
        } catch (Exception e6) {
            throw new RuntimeException("Unable to init KeyManagerFactory. Please check password and location.", e6);
        }
    }

    private static byte[] loadPem(Pattern pattern, File file) throws IOException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            byte[] decode = Base64.getMimeDecoder().decode(pattern.matcher(new String(fileInputStream.readAllBytes(), StandardCharsets.ISO_8859_1)).replaceFirst("$1"));
            fileInputStream.close();
            return decode;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static byte[] loadKeyFromPem(File file) throws IOException {
        return loadPem(KEY_PATTERN, file);
    }

    private static byte[] loadCertFromPem(File file) throws IOException {
        return loadPem(CERT_PATTERN, file);
    }
}
