package com.aliyun.openservices.shade.com.alibaba.rocketmq.remoting.netty;

import com.aliyun.openservices.shade.com.alibaba.rocketmq.remoting.common.RemotingHelper;
import com.aliyun.openservices.shade.io.netty.handler.ssl.ClientAuth;
import com.aliyun.openservices.shade.io.netty.handler.ssl.OpenSsl;
import com.aliyun.openservices.shade.io.netty.handler.ssl.SslContext;
import com.aliyun.openservices.shade.io.netty.handler.ssl.SslContextBuilder;
import com.aliyun.openservices.shade.io.netty.handler.ssl.SslProvider;
import com.aliyun.openservices.shade.io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import com.aliyun.openservices.shade.io.netty.handler.ssl.util.SelfSignedCertificate;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Properties;
import javax.net.ssl.SSLException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/aliyun/openservices/shade/com/alibaba/rocketmq/remoting/netty/SslHelper.class */
public class SslHelper {
    private static final Logger LOGGER = LoggerFactory.getLogger(RemotingHelper.ROCKETMQ_REMOTING);

    public static SslContext buildSslContext(boolean z) throws SSLException, CertificateException {
        SslProvider sslProvider;
        File file = new File(NettySystemConfig.sslConfigFile);
        boolean z2 = (file.exists() && file.isFile() && file.canRead()) ? false : true;
        Properties properties = null;
        if (!z2) {
            properties = new Properties();
            FileInputStream fileInputStream = null;
            try {
                fileInputStream = new FileInputStream(file);
                properties.load(fileInputStream);
                if (null != fileInputStream) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                    }
                }
            } catch (FileNotFoundException e2) {
                if (null != fileInputStream) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e3) {
                    }
                }
            } catch (IOException e4) {
                if (null != fileInputStream) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e5) {
                    }
                }
            } catch (Throwable th) {
                if (null != fileInputStream) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e6) {
                    }
                }
                throw th;
            }
        }
        if (OpenSsl.isAvailable()) {
            sslProvider = SslProvider.OPENSSL;
            LOGGER.info("Using OpenSSL provider");
        } else {
            sslProvider = SslProvider.JDK;
            LOGGER.info("Using JDK SSL provider");
        }
        if (!z) {
            if (!z2) {
                return SslContextBuilder.forServer(properties.containsKey("server.keyCertChainFile") ? new File(properties.getProperty("server.keyCertChainFile")) : null, properties.containsKey("server.keyFile") ? new File(properties.getProperty("server.keyFile")) : null, properties.containsKey("server.password") ? properties.getProperty("server.password") : null).sslProvider(sslProvider).trustManager(new File(properties.getProperty("server.trustManager"))).clientAuth(parseClientAuthMode(properties.getProperty("server.auth.client"))).build();
            }
            SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
            return SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(SslProvider.JDK).clientAuth(ClientAuth.OPTIONAL).build();
        }
        if (z2) {
            return SslContextBuilder.forClient().sslProvider(SslProvider.JDK).trustManager(InsecureTrustManagerFactory.INSTANCE).build();
        }
        SslContextBuilder sslProvider2 = SslContextBuilder.forClient().sslProvider(SslProvider.JDK);
        if ("false".equals(properties.getProperty("client.auth.server"))) {
            sslProvider2.trustManager(InsecureTrustManagerFactory.INSTANCE);
        } else if (properties.containsKey("client.trustManager")) {
            sslProvider2.trustManager(new File(properties.getProperty("client.trustManager")));
        }
        return sslProvider2.keyManager(properties.containsKey("client.keyCertChainFile") ? new File(properties.getProperty("client.keyCertChainFile")) : null, properties.containsKey("client.keyFile") ? new File(properties.getProperty("client.keyFile")) : null, properties.containsKey("client.password") ? properties.getProperty("client.password") : null).build();
    }

    private static ClientAuth parseClientAuthMode(String str) {
        return (null == str || str.trim().isEmpty()) ? ClientAuth.NONE : "optional".equalsIgnoreCase(str) ? ClientAuth.OPTIONAL : ClientAuth.REQUIRE;
    }
}
