package io.quarkus.grpc.runtime;

import io.quarkus.grpc.auth.AuthExceptionHandlerProvider;
import io.quarkus.grpc.runtime.config.GrpcServerConfiguration;
import io.quarkus.grpc.runtime.config.SslServerConfig;
import io.quarkus.runtime.util.ClassPathUtils;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.http.HttpServerOptions;
import io.vertx.core.http.HttpVersion;
import io.vertx.core.net.JksOptions;
import io.vertx.core.net.PemKeyCertOptions;
import io.vertx.core.net.PfxOptions;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.Optional;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/grpc/runtime/GrpcSslUtils.class */
public class GrpcSslUtils {
    private static final Logger LOGGER = Logger.getLogger(GrpcSslUtils.class.getName());

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean applySslOptions(GrpcServerConfiguration grpcServerConfiguration, HttpServerOptions httpServerOptions) throws IOException {
        if ((grpcServerConfiguration.ssl.certificate.isPresent() || grpcServerConfiguration.ssl.keyStore.isPresent()) && grpcServerConfiguration.plainText) {
            LOGGER.info("Disabling gRPC plain-text as the SSL certificate is configured");
            grpcServerConfiguration.plainText = false;
        }
        if (grpcServerConfiguration.plainText) {
            httpServerOptions.setSsl(false);
            return true;
        }
        httpServerOptions.setSsl(true);
        SslServerConfig sslServerConfig = grpcServerConfiguration.ssl;
        Optional<Path> optional = sslServerConfig.certificate;
        Optional<Path> optional2 = sslServerConfig.key;
        Optional<Path> optional3 = sslServerConfig.keyStore;
        Optional<Path> optional4 = sslServerConfig.trustStore;
        Optional<String> optional5 = sslServerConfig.trustStorePassword;
        httpServerOptions.setUseAlpn(grpcServerConfiguration.alpn);
        if (grpcServerConfiguration.alpn) {
            httpServerOptions.setAlpnVersions(Arrays.asList(HttpVersion.HTTP_2, HttpVersion.HTTP_1_1));
        }
        if (optional.isPresent() && optional2.isPresent()) {
            createPemKeyCertOptions(optional.get(), optional2.get(), httpServerOptions);
        } else if (optional3.isPresent()) {
            Path path = optional3.get();
            Optional<String> optional6 = sslServerConfig.keyStoreType;
            String lowerCase = optional6.isPresent() ? optional6.get().toLowerCase() : findKeystoreFileType(path);
            byte[] fileContent = getFileContent(path);
            String str = lowerCase;
            boolean z = -1;
            switch (str.hashCode()) {
                case -986624244:
                    if (str.equals("pkcs12")) {
                        z = false;
                        break;
                    }
                    break;
                case 105298:
                    if (str.equals("jks")) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case AuthExceptionHandlerProvider.DEFAULT_PRIORITY /* 0 */:
                    PfxOptions value = new PfxOptions().setValue(Buffer.buffer(fileContent));
                    if (sslServerConfig.keyStorePassword.isPresent()) {
                        value.setPassword(sslServerConfig.keyStorePassword.get());
                    }
                    httpServerOptions.setPfxKeyCertOptions(value);
                    break;
                case true:
                    JksOptions value2 = new JksOptions().setValue(Buffer.buffer(fileContent));
                    if (sslServerConfig.keyStorePassword.isPresent()) {
                        value2.setPassword(sslServerConfig.keyStorePassword.get());
                    }
                    httpServerOptions.setKeyStoreOptions(value2);
                    break;
                default:
                    throw new IllegalArgumentException("Unknown keystore type: " + lowerCase + " valid types are jks or pkcs12");
            }
        }
        if (optional4.isPresent()) {
            if (optional5.isEmpty()) {
                throw new IllegalArgumentException("No trust store password provided");
            }
            Optional<String> optional7 = sslServerConfig.trustStoreType;
            Path path2 = optional4.get();
            createTrustStoreOptions(path2, optional5.get(), optional7.isPresent() ? optional7.get() : findKeystoreFileType(path2), httpServerOptions);
        }
        Iterator<String> it = sslServerConfig.cipherSuites.orElse(Collections.emptyList()).iterator();
        while (it.hasNext()) {
            httpServerOptions.addEnabledCipherSuite(it.next());
        }
        for (String str2 : sslServerConfig.protocols) {
            if (!str2.isEmpty()) {
                httpServerOptions.addEnabledSecureTransportProtocol(str2);
            }
        }
        httpServerOptions.setClientAuth(sslServerConfig.clientAuth);
        return false;
    }

    private static byte[] getFileContent(Path path) throws IOException {
        byte[] doRead;
        InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(ClassPathUtils.toResourceName(path));
        if (resourceAsStream != null) {
            try {
                doRead = doRead(resourceAsStream);
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
            } catch (Throwable th) {
                if (resourceAsStream != null) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } else {
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            try {
                doRead = doRead(newInputStream);
                if (newInputStream != null) {
                    newInputStream.close();
                }
            } catch (Throwable th3) {
                if (newInputStream != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                }
                throw th3;
            }
        }
        return doRead;
    }

    private static void createPemKeyCertOptions(Path path, Path path2, HttpServerOptions httpServerOptions) throws IOException {
        httpServerOptions.setPemKeyCertOptions(new PemKeyCertOptions().setCertValue(Buffer.buffer(getFileContent(path))).setKeyValue(Buffer.buffer(getFileContent(path2))));
    }

    private static void createTrustStoreOptions(Path path, String str, String str2, HttpServerOptions httpServerOptions) throws IOException {
        byte[] fileContent = getFileContent(path);
        boolean z = -1;
        switch (str2.hashCode()) {
            case -986624244:
                if (str2.equals("pkcs12")) {
                    z = false;
                    break;
                }
                break;
            case 105298:
                if (str2.equals("jks")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case AuthExceptionHandlerProvider.DEFAULT_PRIORITY /* 0 */:
                httpServerOptions.setPfxTrustOptions(new PfxOptions().setPassword(str).setValue(Buffer.buffer(fileContent)));
                return;
            case true:
                httpServerOptions.setTrustStoreOptions(new JksOptions().setPassword(str).setValue(Buffer.buffer(fileContent)));
                return;
            default:
                throw new IllegalArgumentException("Unknown truststore type: " + str2 + " valid types are jks or pkcs12");
        }
    }

    private static String findKeystoreFileType(Path path) {
        String path2 = path.toString();
        return (path2.endsWith(".p12") || path2.endsWith(".pkcs12") || path2.endsWith(".pfx")) ? "pkcs12" : "jks";
    }

    private static byte[] doRead(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr);
            if (read <= 0) {
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    private GrpcSslUtils() {
    }
}
