package org.jenkinsci.plugins.docker.swarm;

import com.github.dockerjava.core.SSLConfig;
import com.github.dockerjava.core.util.CertificateUtils;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.jenkinsci.plugins.docker.commons.credentials.DockerServerCredentials;

/* loaded from: input_file:WEB-INF/lib/docker-swarm.jar:org/jenkinsci/plugins/docker/swarm/DockerServerCredentialsSSLConfig.class */
public class DockerServerCredentialsSSLConfig implements SSLConfig {
    private final DockerServerCredentials credentials;

    public DockerServerCredentialsSSLConfig(DockerServerCredentials dockerServerCredentials) {
        this.credentials = dockerServerCredentials;
    }

    public SSLContext getSSLContext() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
        try {
            KeyStore createKeyStore = CertificateUtils.createKeyStore(this.credentials.getClientKey(), this.credentials.getClientCertificate());
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(createKeyStore, "docker".toCharArray());
            KeyStore createTrustStore = CertificateUtils.createTrustStore(this.credentials.getServerCaCertificate());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(createTrustStore);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
            return sSLContext;
        } catch (IOException | CertificateException | InvalidKeySpecException e) {
            throw new KeyStoreException("Can't build keystore from provided client key/certificate", e);
        }
    }
}
