package software.amazon.awssdk.crt.io;

import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.List;
import software.amazon.awssdk.crt.CrtResource;
import software.amazon.awssdk.crt.CrtRuntimeException;
import software.amazon.awssdk.crt.utils.PemUtils;
import software.amazon.awssdk.crt.utils.StringUtils;

/* loaded from: classes3.dex */
public final class TlsContextOptions extends CrtResource {
    private String caDir;
    private String caFile;
    private String caRoot;
    private String certificate;
    private String certificatePath;
    private TlsContextCustomKeyOperationOptions customKeyOperations;
    private TlsContextPkcs11Options pkcs11Options;
    private String pkcs12Password;
    private String pkcs12Path;
    private String privateKey;
    private String privateKeyPath;
    private String windowsCertStorePath;
    public TlsVersions minTlsVersion = TlsVersions.TLS_VER_SYS_DEFAULTS;
    public TlsCipherPreference tlsCipherPreference = TlsCipherPreference.TLS_CIPHER_SYSTEM_DEFAULT;
    public List<String> alpnList = new ArrayList();
    public boolean verifyPeer = false;

    /* loaded from: classes3.dex */
    public enum TlsVersions {
        SSLv3(0),
        TLSv1(1),
        TLSv1_1(2),
        TLSv1_2(3),
        TLSv1_3(4),
        TLS_VER_SYS_DEFAULTS(128);

        private int version;

        TlsVersions(int i) {
            this.version = i;
        }

        int getValue() {
            return this.version;
        }
    }

    private TlsContextOptions() {
    }

    public static TlsContextOptions createDefaultClient() {
        TlsContextOptions tlsContextOptions = new TlsContextOptions();
        tlsContextOptions.verifyPeer = true;
        return tlsContextOptions;
    }

    public static TlsContextOptions createDefaultServer() {
        TlsContextOptions tlsContextOptions = new TlsContextOptions();
        tlsContextOptions.verifyPeer = false;
        return tlsContextOptions;
    }

    public static TlsContextOptions createWithMtls(String str, String str2) throws IllegalArgumentException {
        TlsContextOptions tlsContextOptions = new TlsContextOptions();
        tlsContextOptions.initMtls(str, str2);
        tlsContextOptions.verifyPeer = true;
        return tlsContextOptions;
    }

    public static TlsContextOptions createWithMtlsCustomKeyOperations(TlsContextCustomKeyOperationOptions tlsContextCustomKeyOperationOptions) {
        TlsContextOptions tlsContextOptions = new TlsContextOptions();
        tlsContextOptions.withMtlsCustomKeyOperations(tlsContextCustomKeyOperationOptions);
        tlsContextOptions.verifyPeer = true;
        return tlsContextOptions;
    }

    public static TlsContextOptions createWithMtlsFromPath(String str, String str2) {
        TlsContextOptions tlsContextOptions = new TlsContextOptions();
        tlsContextOptions.initMtlsFromPath(str, str2);
        tlsContextOptions.verifyPeer = true;
        return tlsContextOptions;
    }

    public static TlsContextOptions createWithMtlsJavaKeystore(KeyStore keyStore, String str, String str2) {
        TlsContextOptions tlsContextOptions = new TlsContextOptions();
        try {
            Certificate certificate = keyStore.getCertificate(str);
            if (certificate == null) {
                throw new CrtRuntimeException("Certificate at given certificate alias does not exist or does not contain a certificate");
            }
            String str3 = "-----BEGIN CERTIFICATE-----\n" + new String(StringUtils.base64Encode(certificate.getEncoded())) + "-----END CERTIFICATE-----\n";
            try {
                Key key = keyStore.getKey(str, str2.toCharArray());
                if (key == null) {
                    throw new CrtRuntimeException("Private key at given certificate alias does not exist or does not identify a key-related entity");
                }
                tlsContextOptions.initMtls(str3, "-----BEGIN RSA PRIVATE KEY-----\n" + new String(StringUtils.base64Encode(key.getEncoded())) + "-----END RSA PRIVATE KEY-----\n");
                tlsContextOptions.verifyPeer = true;
                return tlsContextOptions;
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                throw new RuntimeException("Failed to get private key from Java keystore", e);
            }
        } catch (KeyStoreException | CertificateEncodingException e2) {
            throw new RuntimeException("Failed to get certificate from Java keystore", e2);
        }
    }

    public static TlsContextOptions createWithMtlsPkcs11(TlsContextPkcs11Options tlsContextPkcs11Options) {
        TlsContextOptions tlsContextOptions = new TlsContextOptions();
        tlsContextOptions.withMtlsPkcs11(tlsContextPkcs11Options);
        tlsContextOptions.verifyPeer = true;
        return tlsContextOptions;
    }

    public static TlsContextOptions createWithMtlsPkcs12(String str, String str2) {
        TlsContextOptions tlsContextOptions = new TlsContextOptions();
        tlsContextOptions.initMtlsPkcs12(str, str2);
        tlsContextOptions.verifyPeer = true;
        return tlsContextOptions;
    }

    public static TlsContextOptions createWithMtlsWindowsCertStorePath(String str) {
        TlsContextOptions tlsContextOptions = new TlsContextOptions();
        tlsContextOptions.withMtlsWindowsCertStorePath(str);
        tlsContextOptions.verifyPeer = true;
        return tlsContextOptions;
    }

    public static boolean isAlpnSupported() {
        return tlsContextOptionsIsAlpnAvailable();
    }

    public static boolean isCipherPreferenceSupported(TlsCipherPreference tlsCipherPreference) {
        return tlsContextOptionsIsCipherPreferenceSupported(tlsCipherPreference.getValue());
    }

    private static native void tlsContextOptionsDestroy(long j);

    private static native boolean tlsContextOptionsIsAlpnAvailable();

    private static native boolean tlsContextOptionsIsCipherPreferenceSupported(int i);

    private static native long tlsContextOptionsNew(int i, int i2, String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, boolean z, String str9, String str10, TlsContextPkcs11Options tlsContextPkcs11Options, TlsContextCustomKeyOperationOptions tlsContextCustomKeyOperationOptions, String str11);

    @Override // software.amazon.awssdk.crt.CrtResource
    protected boolean canReleaseReferencesImmediately() {
        return true;
    }

    @Override // software.amazon.awssdk.crt.CrtResource
    public long getNativeHandle() {
        if (super.getNativeHandle() == 0) {
            if (this.tlsCipherPreference != TlsCipherPreference.TLS_CIPHER_SYSTEM_DEFAULT && this.minTlsVersion != TlsVersions.TLS_VER_SYS_DEFAULTS) {
                throw new IllegalStateException("tlsCipherPreference and minTlsVersion are mutually exclusive");
            }
            acquireNativeHandle(tlsContextOptionsNew(this.minTlsVersion.getValue(), this.tlsCipherPreference.getValue(), this.alpnList.size() > 0 ? StringUtils.join(";", this.alpnList) : null, this.certificate, this.privateKey, this.certificatePath, this.privateKeyPath, this.caRoot, this.caFile, this.caDir, this.verifyPeer, this.pkcs12Path, this.pkcs12Password, this.pkcs11Options, this.customKeyOperations, this.windowsCertStorePath));
        }
        return super.getNativeHandle();
    }

    public void initMtls(String str, String str2) throws IllegalArgumentException {
        this.certificate = PemUtils.cleanUpPem(str);
        PemUtils.sanityCheck(str, 1, "CERTIFICATE");
        this.privateKey = PemUtils.cleanUpPem(str2);
        PemUtils.sanityCheck(str2, 1, "PRIVATE KEY");
    }

    public void initMtlsFromPath(String str, String str2) {
        this.certificatePath = str;
        this.privateKeyPath = str2;
    }

    public void initMtlsPkcs12(String str, String str2) {
        if (this.certificate != null || this.privateKey != null || this.certificatePath != null || this.privateKeyPath != null) {
            throw new IllegalArgumentException("PKCS#12 and mTLS via certificate/private key pair are mutually exclusive");
        }
        this.pkcs12Path = str;
        this.pkcs12Password = str2;
    }

    public void overrideDefaultTrustStore(String str) throws IllegalArgumentException {
        if (this.caFile != null || this.caDir != null) {
            throw new IllegalArgumentException("Certificate authority is already specified via path(s)");
        }
        String cleanUpPem = PemUtils.cleanUpPem(str);
        this.caRoot = cleanUpPem;
        PemUtils.sanityCheck(cleanUpPem, 1024, "CERTIFICATE");
    }

    public void overrideDefaultTrustStoreFromPath(String str, String str2) {
        if (this.caRoot != null) {
            throw new IllegalArgumentException("Certificate authority is already specified via PEM buffer");
        }
        this.caDir = str;
        this.caFile = str2;
    }

    @Override // software.amazon.awssdk.crt.CrtResource
    protected void releaseNativeHandle() {
        if (isNull()) {
            return;
        }
        tlsContextOptionsDestroy(getNativeHandle());
    }

    public void setCipherPreference(TlsCipherPreference tlsCipherPreference) {
        if (!isCipherPreferenceSupported(tlsCipherPreference)) {
            throw new IllegalArgumentException("TlsCipherPreference is not supported on this platform: " + tlsCipherPreference.name());
        }
        if (this.minTlsVersion != TlsVersions.TLS_VER_SYS_DEFAULTS && tlsCipherPreference != TlsCipherPreference.TLS_CIPHER_SYSTEM_DEFAULT) {
            throw new IllegalArgumentException("Currently only setMinimumTlsVersion() or setCipherPreference() may be used, not both.");
        }
        this.tlsCipherPreference = tlsCipherPreference;
    }

    public TlsContextOptions withAlpnList(String str) {
        for (String str2 : str.split(";")) {
            this.alpnList.add(str2);
        }
        return this;
    }

    public TlsContextOptions withCertificateAuthority(String str) {
        overrideDefaultTrustStore(str);
        return this;
    }

    public TlsContextOptions withCertificateAuthorityFromPath(String str, String str2) {
        overrideDefaultTrustStoreFromPath(str, str2);
        return this;
    }

    public TlsContextOptions withCipherPreference(TlsCipherPreference tlsCipherPreference) {
        setCipherPreference(tlsCipherPreference);
        return this;
    }

    public TlsContextOptions withMinimumTlsVersion(TlsVersions tlsVersions) {
        this.minTlsVersion = tlsVersions;
        return this;
    }

    public TlsContextOptions withMtls(String str, String str2) {
        initMtls(str, str2);
        return this;
    }

    public TlsContextOptions withMtlsCustomKeyOperations(TlsContextCustomKeyOperationOptions tlsContextCustomKeyOperationOptions) {
        this.customKeyOperations = tlsContextCustomKeyOperationOptions;
        return this;
    }

    public TlsContextOptions withMtlsFromPath(String str, String str2) {
        initMtlsFromPath(str, str2);
        return this;
    }

    public TlsContextOptions withMtlsPkcs11(TlsContextPkcs11Options tlsContextPkcs11Options) {
        swapReferenceTo(this.pkcs11Options, tlsContextPkcs11Options);
        this.pkcs11Options = tlsContextPkcs11Options;
        return this;
    }

    public TlsContextOptions withMtlsPkcs12(String str, String str2) {
        initMtlsPkcs12(str, str2);
        return this;
    }

    public TlsContextOptions withMtlsWindowsCertStorePath(String str) {
        this.windowsCertStorePath = str;
        return this;
    }

    public TlsContextOptions withVerifyPeer() {
        return withVerifyPeer(true);
    }

    public TlsContextOptions withVerifyPeer(boolean z) {
        this.verifyPeer = z;
        return this;
    }
}
