package com.github.housepower.client.ssl;

import com.github.housepower.client.NativeClient;
import com.github.housepower.log.Logger;
import com.github.housepower.log.LoggerFactory;
import com.github.housepower.settings.ClickHouseConfig;
import com.github.housepower.settings.KeyStoreConfig;
import com.github.housepower.settings.SettingKey;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:com/github/housepower/client/ssl/SSLContextBuilder.class */
public class SSLContextBuilder {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) NativeClient.class);
    private ClickHouseConfig config;
    private KeyStoreConfig keyStoreConfig;

    public SSLContextBuilder(ClickHouseConfig clickHouseConfig) {
        this.config = clickHouseConfig;
        this.keyStoreConfig = new KeyStoreConfig((String) clickHouseConfig.settings().get(SettingKey.keyStoreType), (String) clickHouseConfig.settings().get(SettingKey.keyStorePath), (String) clickHouseConfig.settings().get(SettingKey.keyStorePassword));
    }

    public SSLContext getSSLContext() throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException, UnrecoverableKeyException, KeyManagementException {
        TrustManager[] trustManagers;
        KeyManager[] keyManagers;
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        SecureRandom secureRandom = new SecureRandom();
        String sslMode = this.config.sslMode();
        LOG.debug("Client SSL mode: '" + sslMode + "'", new Object[0]);
        boolean z = -1;
        switch (sslMode.hashCode()) {
            case -1695880732:
                if (sslMode.equals("verify_ca")) {
                    z = true;
                    break;
                }
                break;
            case 270940796:
                if (sslMode.equals("disabled")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                trustManagers = new TrustManager[]{new PermissiveTrustManager()};
                keyManagers = new KeyManager[0];
                break;
            case true:
                KeyStore keyStore = KeyStore.getInstance(this.keyStoreConfig.getKeyStoreType());
                keyStore.load(Files.newInputStream(Paths.get(this.keyStoreConfig.getKeyStorePath(), new String[0]).toFile().toPath(), new OpenOption[0]), this.keyStoreConfig.getKeyStorePassword().toCharArray());
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, this.keyStoreConfig.getKeyStorePassword().toCharArray());
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                trustManagers = trustManagerFactory.getTrustManagers();
                keyManagers = keyManagerFactory.getKeyManagers();
                break;
            default:
                throw new IllegalArgumentException("Unknown SSL mode: '" + sslMode + "'");
        }
        sSLContext.init(keyManagers, trustManagers, secureRandom);
        return sSLContext;
    }
}
