package io.confluent.controlcenter.ssl;

import io.confluent.controlcenter.ControlCenterConfig;
import io.confluent.rest.RestConfig;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/controlcenter/ssl/SslHolder.class */
public class SslHolder {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SslHolder.class);
    private final RestConfig restConfig;
    private final KeyManagerFactory keyManagerFactory;
    private final TrustManagerFactory trustManagerFactory;
    private final Map<String, List<String>> clientAliasesToHosts;

    public SslHolder(String str, ControlCenterConfig controlCenterConfig, Map<String, List<String>> map) {
        this(getRestConfig(str, controlCenterConfig), map);
    }

    public SslHolder(RestConfig restConfig, Map<String, List<String>> map) {
        this.restConfig = restConfig;
        this.clientAliasesToHosts = map;
        this.keyManagerFactory = getKeyManagerFactory(restConfig);
        this.trustManagerFactory = getTrustManagerFactory(restConfig);
    }

    public Map<String, List<String>> getClientAliasesToHosts() {
        return this.clientAliasesToHosts;
    }

    public RestConfig getRestConfig() {
        return this.restConfig;
    }

    private static RestConfig getRestConfig(String str, ControlCenterConfig controlCenterConfig) {
        return new RestConfig(RestConfig.baseConfigDef(), controlCenterConfig.originalsWithPrefix(str));
    }

    public KeyManagerFactory getKeyManagerFactory() {
        return this.keyManagerFactory;
    }

    private KeyManagerFactory getKeyManagerFactory(RestConfig restConfig) {
        try {
            if (restConfig.getString("ssl.keystore.location").isEmpty()) {
                return null;
            }
            KeyManagerFactory keyManagerFactory = !restConfig.getString("ssl.keymanager.algorithm").isEmpty() ? KeyManagerFactory.getInstance(restConfig.getString("ssl.keymanager.algorithm")) : KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance(restConfig.getString("ssl.keystore.type"));
            keyStore.load(new FileInputStream(restConfig.getString("ssl.keystore.location")), restConfig.getPassword("ssl.keystore.password").value().isEmpty() ? null : restConfig.getPassword("ssl.keystore.password").value().toCharArray());
            keyManagerFactory.init(keyStore, restConfig.getPassword("ssl.key.password").value().toCharArray());
            return keyManagerFactory;
        } catch (Exception e) {
            log.error("Error initializing client keystore", (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    public TrustManagerFactory getTrustManagerFactory() {
        return this.trustManagerFactory;
    }

    private TrustManagerFactory getTrustManagerFactory(RestConfig restConfig) {
        try {
            if (restConfig.getString("ssl.truststore.location").isEmpty()) {
                return null;
            }
            TrustManagerFactory trustManagerFactory = !restConfig.getString("ssl.trustmanager.algorithm").isEmpty() ? TrustManagerFactory.getInstance(restConfig.getString("ssl.trustmanager.algorithm")) : TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance(restConfig.getString("ssl.truststore.type"));
            keyStore.load(new FileInputStream(restConfig.getString("ssl.truststore.location")), restConfig.getPassword("ssl.truststore.password").value().isEmpty() ? null : restConfig.getPassword("ssl.truststore.password").value().toCharArray());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory;
        } catch (Exception e) {
            log.error("Error initializing client truststore", (Throwable) e);
            throw new RuntimeException(e);
        }
    }
}
