package org.apache.kafka.connect.runtime.rest.util;

import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import org.apache.kafka.common.config.SslConfigs;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.connect.runtime.WorkerConfig;
import org.eclipse.jetty.util.ssl.SslContextFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:META-INF/bundled-dependencies/connect-runtime-2.3.0.jar:org/apache/kafka/connect/runtime/rest/util/SSLUtils.class
 */
/* loaded from: input_file:META-INF/bundled-dependencies/pulsar-io-kafka-connect-adaptor-2.7.0.jar:META-INF/bundled-dependencies/connect-runtime-2.3.0.jar:org/apache/kafka/connect/runtime/rest/util/SSLUtils.class */
public class SSLUtils {
    private static final Pattern COMMA_WITH_WHITESPACE = Pattern.compile("\\s*,\\s*");

    public static SslContextFactory createSslContextFactory(WorkerConfig workerConfig) {
        return createSslContextFactory(workerConfig, false);
    }

    public static SslContextFactory createSslContextFactory(WorkerConfig workerConfig, boolean z) {
        Map<String, Object> valuesWithPrefixAllOrNothing = workerConfig.valuesWithPrefixAllOrNothing("listeners.https.");
        SslContextFactory sslContextFactory = new SslContextFactory();
        configureSslContextFactoryKeyStore(sslContextFactory, valuesWithPrefixAllOrNothing);
        configureSslContextFactoryTrustStore(sslContextFactory, valuesWithPrefixAllOrNothing);
        configureSslContextFactoryAlgorithms(sslContextFactory, valuesWithPrefixAllOrNothing);
        configureSslContextFactoryAuthentication(sslContextFactory, valuesWithPrefixAllOrNothing);
        if (z) {
            configureSslContextFactoryEndpointIdentification(sslContextFactory, valuesWithPrefixAllOrNothing);
        }
        return sslContextFactory;
    }

    protected static void configureSslContextFactoryKeyStore(SslContextFactory sslContextFactory, Map<String, Object> map) {
        sslContextFactory.setKeyStoreType((String) getOrDefault(map, SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, "JKS"));
        String str = (String) map.get(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG);
        if (str != null) {
            sslContextFactory.setKeyStorePath(str);
        }
        Password password = (Password) map.get(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG);
        if (password != null) {
            sslContextFactory.setKeyStorePassword(password.value());
        }
        Password password2 = (Password) map.get(SslConfigs.SSL_KEY_PASSWORD_CONFIG);
        if (password2 != null) {
            sslContextFactory.setKeyManagerPassword(password2.value());
        }
    }

    protected static Object getOrDefault(Map<String, Object> map, String str, Object obj) {
        return map.containsKey(str) ? map.get(str) : obj;
    }

    protected static void configureSslContextFactoryTrustStore(SslContextFactory sslContextFactory, Map<String, Object> map) {
        sslContextFactory.setTrustStoreType((String) getOrDefault(map, SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, "JKS"));
        String str = (String) map.get(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG);
        if (str != null) {
            sslContextFactory.setTrustStorePath(str);
        }
        Password password = (Password) map.get(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG);
        if (password != null) {
            sslContextFactory.setTrustStorePassword(password.value());
        }
    }

    protected static void configureSslContextFactoryAlgorithms(SslContextFactory sslContextFactory, Map<String, Object> map) {
        List list = (List) getOrDefault(map, SslConfigs.SSL_ENABLED_PROTOCOLS_CONFIG, Arrays.asList(COMMA_WITH_WHITESPACE.split("TLSv1.2,TLSv1.1,TLSv1")));
        sslContextFactory.setIncludeProtocols((String[]) list.toArray(new String[list.size()]));
        String str = (String) map.get(SslConfigs.SSL_PROVIDER_CONFIG);
        if (str != null) {
            sslContextFactory.setProvider(str);
        }
        sslContextFactory.setProtocol((String) getOrDefault(map, SslConfigs.SSL_PROTOCOL_CONFIG, "TLS"));
        List list2 = (List) map.get(SslConfigs.SSL_CIPHER_SUITES_CONFIG);
        if (list2 != null) {
            sslContextFactory.setIncludeCipherSuites((String[]) list2.toArray(new String[list2.size()]));
        }
        sslContextFactory.setKeyManagerFactoryAlgorithm((String) getOrDefault(map, SslConfigs.SSL_KEYMANAGER_ALGORITHM_CONFIG, SslConfigs.DEFAULT_SSL_KEYMANGER_ALGORITHM));
        String str2 = (String) map.get(SslConfigs.SSL_SECURE_RANDOM_IMPLEMENTATION_CONFIG);
        if (str2 != null) {
            sslContextFactory.setSecureRandomAlgorithm(str2);
        }
        sslContextFactory.setTrustManagerFactoryAlgorithm((String) getOrDefault(map, SslConfigs.SSL_TRUSTMANAGER_ALGORITHM_CONFIG, SslConfigs.DEFAULT_SSL_TRUSTMANAGER_ALGORITHM));
    }

    protected static void configureSslContextFactoryEndpointIdentification(SslContextFactory sslContextFactory, Map<String, Object> map) {
        String str = (String) map.get(SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG);
        if (str != null) {
            sslContextFactory.setEndpointIdentificationAlgorithm(str);
        }
    }

    protected static void configureSslContextFactoryAuthentication(SslContextFactory sslContextFactory, Map<String, Object> map) {
        String str = (String) getOrDefault(map, "ssl.client.auth", "none");
        boolean z = -1;
        switch (str.hashCode()) {
            case -393139297:
                if (str.equals("required")) {
                    z = true;
                    break;
                }
                break;
            case 693933934:
                if (str.equals("requested")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                sslContextFactory.setWantClientAuth(true);
                return;
            case true:
                sslContextFactory.setNeedClientAuth(true);
                return;
            default:
                sslContextFactory.setNeedClientAuth(false);
                sslContextFactory.setWantClientAuth(false);
                return;
        }
    }
}
