package org.mariadb.r2dbc.util;

import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.r2dbc.spi.R2dbcTransientResourceException;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import java.util.function.UnaryOperator;
import javax.net.ssl.SSLException;
import org.mariadb.r2dbc.SslMode;

/* loaded from: input_file:org/mariadb/r2dbc/util/SslConfig.class */
public class SslConfig {
    public static final SslConfig DISABLE_INSTANCE = new SslConfig(SslMode.DISABLE);
    private final SslMode sslMode;
    private String serverSslCert;
    private String clientSslCert;
    private String clientSslKey;
    private CharSequence clientSslPassword;
    private List<String> tlsProtocol;
    private SslContextBuilder sslContextBuilder;
    private UnaryOperator<SslContextBuilder> sslContextBuilderCustomizer;

    public SslConfig(SslMode sslMode, String str, String str2, String str3, CharSequence charSequence, List<String> list, UnaryOperator<SslContextBuilder> unaryOperator) throws R2dbcTransientResourceException {
        this.sslMode = sslMode;
        this.serverSslCert = str;
        this.clientSslCert = str2;
        this.tlsProtocol = list;
        this.clientSslKey = str3;
        this.clientSslPassword = charSequence;
        this.sslContextBuilderCustomizer = unaryOperator;
        if (sslMode != SslMode.DISABLE) {
            this.sslContextBuilder = getSslContextBuilder();
        }
    }

    public SslConfig(SslMode sslMode) {
        this.sslMode = sslMode;
    }

    public SslMode getSslMode() {
        return this.sslMode;
    }

    private SslContextBuilder getSslContextBuilder() throws R2dbcTransientResourceException {
        SslContextBuilder forClient = SslContextBuilder.forClient();
        if (this.sslMode == SslMode.TRUST || this.sslMode == SslMode.TUNNEL) {
            forClient.trustManager(InsecureTrustManagerFactory.INSTANCE);
        } else {
            if (this.serverSslCert == null) {
                throw new R2dbcTransientResourceException("Server certificate needed (option `serverSslCert`) for ssl mode " + this.sslMode, "08000");
            }
            InputStream inputStream = null;
            try {
                try {
                    inputStream = loadCert(this.serverSslCert);
                    forClient.trustManager(inputStream);
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e) {
                        }
                    }
                } catch (FileNotFoundException e2) {
                    throw new R2dbcTransientResourceException("Failed to find serverSslCert file. serverSslCert=" + this.serverSslCert, "08000", e2);
                }
            } finally {
            }
        }
        if (this.clientSslCert != null && this.clientSslKey != null) {
            InputStream inputStream2 = null;
            try {
                inputStream2 = loadCert(this.clientSslCert);
                InputStream inputStream3 = null;
                try {
                    try {
                        inputStream3 = loadCert(this.clientSslKey);
                        forClient.keyManager(inputStream2, inputStream3, this.clientSslPassword == null ? null : this.clientSslPassword.toString());
                        if (inputStream3 != null) {
                            try {
                                inputStream3.close();
                            } catch (IOException e3) {
                            }
                        }
                    } catch (FileNotFoundException e4) {
                        throw new R2dbcTransientResourceException("Failed to find clientSslKey file. clientSslKey=" + this.clientSslKey, "08000", e4);
                    }
                } finally {
                    if (inputStream3 != null) {
                        try {
                            inputStream3.close();
                        } catch (IOException e5) {
                        }
                    }
                }
            } catch (FileNotFoundException e6) {
                throw new R2dbcTransientResourceException("Failed to find clientSslCert file. clientSslCert=" + this.clientSslCert, "08000", e6);
            }
        }
        if (this.tlsProtocol != null) {
            forClient.protocols((String[]) this.tlsProtocol.toArray(new String[this.tlsProtocol.size()]));
        }
        return this.sslContextBuilderCustomizer == null ? forClient : (SslContextBuilder) this.sslContextBuilderCustomizer.apply(forClient);
    }

    public SslContext getSslContext() throws R2dbcTransientResourceException, SSLException {
        return this.sslContextBuilder.build();
    }

    private InputStream loadCert(String str) throws FileNotFoundException {
        InputStream fileInputStream;
        if (str.startsWith("-----BEGIN CERTIFICATE-----")) {
            fileInputStream = new ByteArrayInputStream(str.getBytes());
        } else if (str.startsWith("classpath:")) {
            fileInputStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(str.substring("classpath:".length()));
        } else {
            fileInputStream = new FileInputStream(str);
        }
        return fileInputStream;
    }

    public String toString() {
        return "SslConfig{sslMode=" + this.sslMode + ", serverSslCert=" + this.serverSslCert + ", clientSslCert=" + this.clientSslCert + ", tlsProtocol=" + this.tlsProtocol + ", clientSslKey=" + this.clientSslKey + '}';
    }
}
