package com.elastisys.scale.commons.net.ssl;

import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.common.base.Throwables;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:com/elastisys/scale/commons/net/ssl/SslContextBuilder.class */
public class SslContextBuilder {
    private Optional<KeyManagerFactory> keyManagerFactory = Optional.absent();
    private boolean verifyHostCert = false;
    private Optional<KeyStore> trustStore = Optional.absent();

    private SslContextBuilder() {
    }

    public static SslContextBuilder newBuilder() {
        return new SslContextBuilder();
    }

    public SSLContext build() throws RuntimeException {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            KeyManager[] keyManagerArr = new KeyManager[0];
            if (this.keyManagerFactory.isPresent()) {
                keyManagerArr = ((KeyManagerFactory) this.keyManagerFactory.get()).getKeyManagers();
            }
            sSLContext.init(keyManagerArr, !this.verifyHostCert ? new TrustManager[]{SslUtils.insecureTrustManager()} : this.trustStore.isPresent() ? trustManagerFromTrustStore((KeyStore) this.trustStore.get()) : null, new SecureRandom());
            return sSLContext;
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }

    public SslContextBuilder noClientAuthentication() {
        this.keyManagerFactory = Optional.absent();
        return this;
    }

    public SslContextBuilder clientAuthentication(KeyStore keyStore, String str) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException {
        Preconditions.checkArgument(keyStore != null, "null keystore given");
        Preconditions.checkArgument(str != null, "null keyPassword given (keystore keys cannot be recovered without a password)");
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, str.toCharArray());
        this.keyManagerFactory = Optional.of(keyManagerFactory);
        return this;
    }

    public SslContextBuilder setVerifyHostCert(boolean z) {
        this.verifyHostCert = z;
        return this;
    }

    public SslContextBuilder serverAuthTrustStore(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        this.trustStore = Optional.fromNullable(keyStore);
        return this;
    }

    private static TrustManager[] trustManagerFromTrustStore(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }
}
