package com.aliyun.openservices.shade.com.alibaba.rocketmq.remoting.netty;

import com.aliyun.openservices.shade.com.alibaba.rocketmq.remoting.common.RemotingHelper;
import com.aliyun.openservices.shade.io.netty.handler.ssl.ClientAuth;
import com.aliyun.openservices.shade.io.netty.handler.ssl.OpenSsl;
import com.aliyun.openservices.shade.io.netty.handler.ssl.SslContext;
import com.aliyun.openservices.shade.io.netty.handler.ssl.SslContextBuilder;
import com.aliyun.openservices.shade.io.netty.handler.ssl.SslProvider;
import com.aliyun.openservices.shade.io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import com.aliyun.openservices.shade.io.netty.handler.ssl.util.SelfSignedCertificate;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateException;
import java.util.Properties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/aliyun/openservices/shade/com/alibaba/rocketmq/remoting/netty/TlsHelper.class */
public class TlsHelper {
    private static final Logger LOGGER = LoggerFactory.getLogger(RemotingHelper.ROCKETMQ_REMOTING);
    private static DecryptionStrategy decryptionStrategy = new DecryptionStrategy() { // from class: com.aliyun.openservices.shade.com.alibaba.rocketmq.remoting.netty.TlsHelper.1
        @Override // com.aliyun.openservices.shade.com.alibaba.rocketmq.remoting.netty.TlsHelper.DecryptionStrategy
        public InputStream decryptPrivateKey(String str, boolean z) throws IOException {
            return new FileInputStream(str);
        }
    };

    /* loaded from: input_file:com/aliyun/openservices/shade/com/alibaba/rocketmq/remoting/netty/TlsHelper$DecryptionStrategy.class */
    public interface DecryptionStrategy {
        InputStream decryptPrivateKey(String str, boolean z) throws IOException;
    }

    public static void registerDecryptionStrategy(DecryptionStrategy decryptionStrategy2) {
        decryptionStrategy = decryptionStrategy2;
    }

    public static SslContext buildSslContext(boolean z) throws IOException, CertificateException {
        SslProvider sslProvider;
        extractTlsConfigFromFile(new File(TlsSystemConfig.tlsConfigFile));
        logTheFinalUsedTlsConfig();
        if (OpenSsl.isAvailable()) {
            sslProvider = SslProvider.OPENSSL;
            LOGGER.info("Using OpenSSL provider");
        } else {
            sslProvider = SslProvider.JDK;
            LOGGER.info("Using JDK SSL provider");
        }
        if (z) {
            if (TlsSystemConfig.tlsTestModeEnable) {
                return SslContextBuilder.forClient().sslProvider(SslProvider.JDK).trustManager(InsecureTrustManagerFactory.INSTANCE).build();
            }
            SslContextBuilder sslProvider2 = SslContextBuilder.forClient().sslProvider(SslProvider.JDK);
            if (!TlsSystemConfig.tlsClientAuthServer) {
                sslProvider2.trustManager(InsecureTrustManagerFactory.INSTANCE);
            } else if (!isNullOrEmpty(TlsSystemConfig.tlsClientTrustCertPath)) {
                sslProvider2.trustManager(new File(TlsSystemConfig.tlsClientTrustCertPath));
            }
            return sslProvider2.keyManager(!isNullOrEmpty(TlsSystemConfig.tlsClientCertPath) ? new FileInputStream(TlsSystemConfig.tlsClientCertPath) : null, !isNullOrEmpty(TlsSystemConfig.tlsClientKeyPath) ? decryptionStrategy.decryptPrivateKey(TlsSystemConfig.tlsClientKeyPath, true) : null, !isNullOrEmpty(TlsSystemConfig.tlsClientKeyPassword) ? TlsSystemConfig.tlsClientKeyPassword : null).build();
        }
        if (TlsSystemConfig.tlsTestModeEnable) {
            SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
            return SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(SslProvider.JDK).clientAuth(ClientAuth.OPTIONAL).build();
        }
        SslContextBuilder sslProvider3 = SslContextBuilder.forServer(!isNullOrEmpty(TlsSystemConfig.tlsServerCertPath) ? new FileInputStream(TlsSystemConfig.tlsServerCertPath) : null, !isNullOrEmpty(TlsSystemConfig.tlsServerKeyPath) ? decryptionStrategy.decryptPrivateKey(TlsSystemConfig.tlsServerKeyPath, false) : null, !isNullOrEmpty(TlsSystemConfig.tlsServerKeyPassword) ? TlsSystemConfig.tlsServerKeyPassword : null).sslProvider(sslProvider);
        if (!TlsSystemConfig.tlsServerAuthClient) {
            sslProvider3.trustManager(InsecureTrustManagerFactory.INSTANCE);
        } else if (!isNullOrEmpty(TlsSystemConfig.tlsServerTrustCertPath)) {
            sslProvider3.trustManager(new File(TlsSystemConfig.tlsServerTrustCertPath));
        }
        sslProvider3.clientAuth(parseClientAuthMode(TlsSystemConfig.tlsServerNeedClientAuth));
        return sslProvider3.build();
    }

    private static void extractTlsConfigFromFile(File file) {
        if (!file.exists() || !file.isFile() || !file.canRead()) {
            LOGGER.info("Tls config file doesn't exist, skip it");
            return;
        }
        Properties properties = new Properties();
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(file);
            properties.load(fileInputStream);
            if (null != fileInputStream) {
                try {
                    fileInputStream.close();
                } catch (IOException e) {
                }
            }
        } catch (IOException e2) {
            if (null != fileInputStream) {
                try {
                    fileInputStream.close();
                } catch (IOException e3) {
                }
            }
        } catch (Throwable th) {
            if (null != fileInputStream) {
                try {
                    fileInputStream.close();
                } catch (IOException e4) {
                }
            }
            throw th;
        }
        TlsSystemConfig.tlsTestModeEnable = Boolean.parseBoolean(properties.getProperty(TlsSystemConfig.TLS_TEST_MODE_ENABLE, String.valueOf(TlsSystemConfig.tlsTestModeEnable)));
        TlsSystemConfig.tlsServerNeedClientAuth = properties.getProperty(TlsSystemConfig.TLS_SERVER_NEED_CLIENT_AUTH, TlsSystemConfig.tlsServerNeedClientAuth);
        TlsSystemConfig.tlsServerKeyPath = properties.getProperty(TlsSystemConfig.TLS_SERVER_KEYPATH, TlsSystemConfig.tlsServerKeyPath);
        TlsSystemConfig.tlsServerKeyPassword = properties.getProperty(TlsSystemConfig.TLS_SERVER_KEYPASSWORD, TlsSystemConfig.tlsServerKeyPassword);
        TlsSystemConfig.tlsServerCertPath = properties.getProperty(TlsSystemConfig.TLS_SERVER_CERTPATH, TlsSystemConfig.tlsServerCertPath);
        TlsSystemConfig.tlsServerAuthClient = Boolean.parseBoolean(properties.getProperty(TlsSystemConfig.TLS_SERVER_AUTHCLIENT, String.valueOf(TlsSystemConfig.tlsServerAuthClient)));
        TlsSystemConfig.tlsServerTrustCertPath = properties.getProperty(TlsSystemConfig.TLS_SERVER_TRUSTCERTPATH, TlsSystemConfig.tlsServerTrustCertPath);
        TlsSystemConfig.tlsClientKeyPath = properties.getProperty(TlsSystemConfig.TLS_CLIENT_KEYPATH, TlsSystemConfig.tlsClientKeyPath);
        TlsSystemConfig.tlsClientKeyPassword = properties.getProperty(TlsSystemConfig.TLS_CLIENT_KEYPASSWORD, TlsSystemConfig.tlsClientKeyPassword);
        TlsSystemConfig.tlsClientCertPath = properties.getProperty(TlsSystemConfig.TLS_CLIENT_CERTPATH, TlsSystemConfig.tlsClientCertPath);
        TlsSystemConfig.tlsClientAuthServer = Boolean.parseBoolean(properties.getProperty(TlsSystemConfig.TLS_CLIENT_AUTHSERVER, String.valueOf(TlsSystemConfig.tlsClientAuthServer)));
        TlsSystemConfig.tlsClientTrustCertPath = properties.getProperty(TlsSystemConfig.TLS_CLIENT_TRUSTCERTPATH, TlsSystemConfig.tlsClientTrustCertPath);
    }

    private static void logTheFinalUsedTlsConfig() {
        LOGGER.info("Log the final used tls related configuration");
        LOGGER.info("{} = {}", TlsSystemConfig.TLS_TEST_MODE_ENABLE, Boolean.valueOf(TlsSystemConfig.tlsTestModeEnable));
        LOGGER.info("{} = {}", TlsSystemConfig.TLS_SERVER_NEED_CLIENT_AUTH, TlsSystemConfig.tlsServerNeedClientAuth);
        LOGGER.info("{} = {}", TlsSystemConfig.TLS_SERVER_KEYPATH, TlsSystemConfig.tlsServerKeyPath);
        LOGGER.info("{} = {}", TlsSystemConfig.TLS_SERVER_KEYPASSWORD, TlsSystemConfig.tlsServerKeyPassword);
        LOGGER.info("{} = {}", TlsSystemConfig.TLS_SERVER_CERTPATH, TlsSystemConfig.tlsServerCertPath);
        LOGGER.info("{} = {}", TlsSystemConfig.TLS_SERVER_AUTHCLIENT, Boolean.valueOf(TlsSystemConfig.tlsServerAuthClient));
        LOGGER.info("{} = {}", TlsSystemConfig.TLS_SERVER_TRUSTCERTPATH, TlsSystemConfig.tlsServerTrustCertPath);
        LOGGER.info("{} = {}", TlsSystemConfig.TLS_CLIENT_KEYPATH, TlsSystemConfig.tlsClientKeyPath);
        LOGGER.info("{} = {}", TlsSystemConfig.TLS_CLIENT_KEYPASSWORD, TlsSystemConfig.tlsClientKeyPassword);
        LOGGER.info("{} = {}", TlsSystemConfig.TLS_CLIENT_CERTPATH, TlsSystemConfig.tlsClientCertPath);
        LOGGER.info("{} = {}", TlsSystemConfig.TLS_CLIENT_AUTHSERVER, Boolean.valueOf(TlsSystemConfig.tlsClientAuthServer));
        LOGGER.info("{} = {}", TlsSystemConfig.TLS_CLIENT_TRUSTCERTPATH, TlsSystemConfig.tlsClientTrustCertPath);
    }

    private static ClientAuth parseClientAuthMode(String str) {
        if (null == str || str.trim().isEmpty()) {
            return ClientAuth.NONE;
        }
        for (ClientAuth clientAuth : ClientAuth.values()) {
            if (clientAuth.name().equals(str.toUpperCase())) {
                return clientAuth;
            }
        }
        return ClientAuth.NONE;
    }

    private static boolean isNullOrEmpty(String str) {
        return str == null || str.isEmpty();
    }
}
