package com.atlassian.elasticsearch.buckler.config;

import io.netty.handler.ssl.SslHandler;
import java.io.FileInputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import org.elasticsearch.common.settings.Settings;

/* loaded from: input_file:com/atlassian/elasticsearch/buckler/config/TlsConfig.class */
public class TlsConfig {
    private final boolean enabledForHttp;
    private final boolean enabledForTcp;
    private final boolean server;
    private final String keyStorePath;
    private final char[] keyStorePassword;

    /* JADX INFO: Access modifiers changed from: package-private */
    public TlsConfig(Settings settings, boolean z) {
        this.enabledForHttp = BucklerConfig.loadEnabled(settings, "tls.http.enabled", "TLS for HTTP transport");
        this.enabledForTcp = BucklerConfig.loadEnabled(settings, "tls.tcp.enabled", "TLS for TCP transport");
        this.server = z;
        if (z && (this.enabledForHttp || this.enabledForTcp)) {
            this.keyStorePath = BucklerConfig.getRequiredSetting(settings, "tls.keystore.path", "Keystore path must be configured for TLS");
            this.keyStorePassword = BucklerConfig.getRequiredSetting(settings, "tls.keystore.password", "Keystore password must be configured for TLS").toCharArray();
        } else {
            this.keyStorePath = null;
            this.keyStorePassword = new char[0];
        }
    }

    public boolean isEnabledForHttp() {
        return this.enabledForHttp;
    }

    public boolean isEnabledForTcp() {
        return this.enabledForTcp;
    }

    public SslHandler createHandler(boolean z) throws Exception {
        SSLEngine createSSLEngine = createContext().createSSLEngine();
        createSSLEngine.setUseClientMode(z);
        return new SslHandler(createSSLEngine);
    }

    private SSLContext createContext() throws Exception {
        KeyManager[] keyManagerArr;
        if (this.server) {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            FileInputStream fileInputStream = new FileInputStream(this.keyStorePath);
            Throwable th = null;
            try {
                try {
                    keyStore.load(fileInputStream, this.keyStorePassword);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    keyManagerFactory.init(keyStore, this.keyStorePassword);
                    keyManagerArr = keyManagerFactory.getKeyManagers();
                } finally {
                }
            } catch (Throwable th3) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th3;
            }
        } else {
            keyManagerArr = null;
        }
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(keyManagerArr, null, null);
        return sSLContext;
    }
}
