package org.springframework.cloud.gateway.config;

import cn.hutool.crypto.KeyUtil;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.cloud.gateway.config.HttpClientProperties;
import org.springframework.util.ResourceUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-cloud-gateway-server-4.1.5.jar:org/springframework/cloud/gateway/config/AbstractSslConfigurer.class */
public abstract class AbstractSslConfigurer<T, S> {
    protected final Log logger = LogFactory.getLog(getClass());
    private final HttpClientProperties.Ssl ssl;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractSslConfigurer(HttpClientProperties.Ssl ssl) {
        this.ssl = ssl;
    }

    public abstract S configureSsl(T t) throws SSLException;

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpClientProperties.Ssl getSslProperties() {
        return this.ssl;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public X509Certificate[] getTrustedX509CertificatesForTrustManager() {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance(KeyUtil.CERT_TYPE_X509);
            ArrayList arrayList = new ArrayList();
            for (String str : this.ssl.getTrustedX509Certificates()) {
                try {
                    arrayList.addAll(certificateFactory.generateCertificates(ResourceUtils.getURL(str).openStream()));
                } catch (IOException e) {
                    throw new RuntimeException("Could not load certificate '" + str + "'", e);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (CertificateException e2) {
            throw new RuntimeException("Could not load CertificateFactory X.509", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyManagerFactory getKeyManagerFactory() {
        try {
            if (this.ssl.getKeyStore() == null || this.ssl.getKeyStore().length() <= 0) {
                return null;
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            char[] charArray = this.ssl.getKeyPassword() != null ? this.ssl.getKeyPassword().toCharArray() : null;
            if (charArray == null && this.ssl.getKeyStorePassword() != null) {
                charArray = this.ssl.getKeyStorePassword().toCharArray();
            }
            keyManagerFactory.init(createKeyStore(), charArray);
            return keyManagerFactory;
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    protected KeyStore createKeyStore() {
        try {
            KeyStore keyStore = this.ssl.getKeyStoreProvider() != null ? KeyStore.getInstance(this.ssl.getKeyStoreType(), this.ssl.getKeyStoreProvider()) : KeyStore.getInstance(this.ssl.getKeyStoreType());
            try {
                keyStore.load(ResourceUtils.getURL(this.ssl.getKeyStore()).openStream(), this.ssl.getKeyStorePassword() != null ? this.ssl.getKeyStorePassword().toCharArray() : null);
                return keyStore;
            } catch (Exception e) {
                throw new RuntimeException("Could not load key store '" + this.ssl.getKeyStore() + "'", e);
            }
        } catch (KeyStoreException | NoSuchProviderException e2) {
            throw new RuntimeException("Could not load KeyStore for given type and provider", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setTrustManager(SslContextBuilder sslContextBuilder, X509Certificate... x509CertificateArr) {
        sslContextBuilder.trustManager(x509CertificateArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setTrustManager(SslContextBuilder sslContextBuilder, TrustManagerFactory trustManagerFactory) {
        sslContextBuilder.trustManager(trustManagerFactory);
    }
}
