package io.quarkus.tls.runtime;

import io.quarkus.tls.runtime.config.JKSTrustStoreConfig;
import io.quarkus.tls.runtime.config.KeyStoreConfig;
import io.quarkus.tls.runtime.config.P12TrustStoreConfig;
import io.quarkus.tls.runtime.config.PemCertsConfig;
import io.quarkus.tls.runtime.config.TlsBucketConfig;
import io.quarkus.tls.runtime.config.TrustStoreConfig;
import io.quarkus.tls.runtime.config.TrustStoreCredentialProviderConfig;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.security.KeyStore;
import java.time.Duration;
import java.util.List;
import java.util.Locale;
import java.util.Optional;
import java.util.Set;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/tls/runtime/JavaNetSslTlsBucketConfig.class */
class JavaNetSslTlsBucketConfig implements TlsBucketConfig {
    private static final Logger log = Logger.getLogger(JavaNetSslTlsBucketConfig.class);

    /* loaded from: input_file:io/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslStoreConfig.class */
    static final class JavaNetSslStoreConfig extends Record implements P12TrustStoreConfig, JKSTrustStoreConfig {
        private final Path path;
        private final Optional<String> password;
        private final Optional<String> alias;
        private final Optional<String> provider;

        JavaNetSslStoreConfig(Path path, Optional<String> optional, Optional<String> optional2, Optional<String> optional3) {
            this.path = path;
            this.password = optional;
            this.alias = optional2;
            this.provider = optional3;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, JavaNetSslStoreConfig.class), JavaNetSslStoreConfig.class, "path;password;alias;provider", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslStoreConfig;->path:Ljava/nio/file/Path;", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslStoreConfig;->password:Ljava/util/Optional;", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslStoreConfig;->alias:Ljava/util/Optional;", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslStoreConfig;->provider:Ljava/util/Optional;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, JavaNetSslStoreConfig.class), JavaNetSslStoreConfig.class, "path;password;alias;provider", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslStoreConfig;->path:Ljava/nio/file/Path;", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslStoreConfig;->password:Ljava/util/Optional;", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslStoreConfig;->alias:Ljava/util/Optional;", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslStoreConfig;->provider:Ljava/util/Optional;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, JavaNetSslStoreConfig.class, Object.class), JavaNetSslStoreConfig.class, "path;password;alias;provider", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslStoreConfig;->path:Ljava/nio/file/Path;", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslStoreConfig;->password:Ljava/util/Optional;", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslStoreConfig;->alias:Ljava/util/Optional;", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslStoreConfig;->provider:Ljava/util/Optional;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        @Override // io.quarkus.tls.runtime.config.P12TrustStoreConfig, io.quarkus.tls.runtime.config.JKSTrustStoreConfig
        public Path path() {
            return this.path;
        }

        @Override // io.quarkus.tls.runtime.config.P12TrustStoreConfig, io.quarkus.tls.runtime.config.JKSTrustStoreConfig
        public Optional<String> password() {
            return this.password;
        }

        @Override // io.quarkus.tls.runtime.config.P12TrustStoreConfig, io.quarkus.tls.runtime.config.JKSTrustStoreConfig
        public Optional<String> alias() {
            return this.alias;
        }

        @Override // io.quarkus.tls.runtime.config.P12TrustStoreConfig, io.quarkus.tls.runtime.config.JKSTrustStoreConfig
        public Optional<String> provider() {
            return this.provider;
        }
    }

    /* loaded from: input_file:io/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslTrustStoreConfig.class */
    static final class JavaNetSslTrustStoreConfig extends Record implements TrustStoreConfig {
        private final Optional<P12TrustStoreConfig> p12;
        private final Optional<JKSTrustStoreConfig> jks;
        private final TrustStoreConfig.CertificateExpiryPolicy certificateExpirationPolicy;

        JavaNetSslTrustStoreConfig(Optional<P12TrustStoreConfig> optional, Optional<JKSTrustStoreConfig> optional2, TrustStoreConfig.CertificateExpiryPolicy certificateExpiryPolicy) {
            this.p12 = optional;
            this.jks = optional2;
            this.certificateExpirationPolicy = certificateExpiryPolicy;
        }

        @Override // io.quarkus.tls.runtime.config.TrustStoreConfig
        public Optional<PemCertsConfig> pem() {
            return Optional.empty();
        }

        @Override // io.quarkus.tls.runtime.config.TrustStoreConfig
        public TrustStoreCredentialProviderConfig credentialsProvider() {
            return null;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, JavaNetSslTrustStoreConfig.class), JavaNetSslTrustStoreConfig.class, "p12;jks;certificateExpirationPolicy", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslTrustStoreConfig;->p12:Ljava/util/Optional;", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslTrustStoreConfig;->jks:Ljava/util/Optional;", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslTrustStoreConfig;->certificateExpirationPolicy:Lio/quarkus/tls/runtime/config/TrustStoreConfig$CertificateExpiryPolicy;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, JavaNetSslTrustStoreConfig.class), JavaNetSslTrustStoreConfig.class, "p12;jks;certificateExpirationPolicy", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslTrustStoreConfig;->p12:Ljava/util/Optional;", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslTrustStoreConfig;->jks:Ljava/util/Optional;", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslTrustStoreConfig;->certificateExpirationPolicy:Lio/quarkus/tls/runtime/config/TrustStoreConfig$CertificateExpiryPolicy;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, JavaNetSslTrustStoreConfig.class, Object.class), JavaNetSslTrustStoreConfig.class, "p12;jks;certificateExpirationPolicy", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslTrustStoreConfig;->p12:Ljava/util/Optional;", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslTrustStoreConfig;->jks:Ljava/util/Optional;", "FIELD:Lio/quarkus/tls/runtime/JavaNetSslTlsBucketConfig$JavaNetSslTrustStoreConfig;->certificateExpirationPolicy:Lio/quarkus/tls/runtime/config/TrustStoreConfig$CertificateExpiryPolicy;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        @Override // io.quarkus.tls.runtime.config.TrustStoreConfig
        public Optional<P12TrustStoreConfig> p12() {
            return this.p12;
        }

        @Override // io.quarkus.tls.runtime.config.TrustStoreConfig
        public Optional<JKSTrustStoreConfig> jks() {
            return this.jks;
        }

        @Override // io.quarkus.tls.runtime.config.TrustStoreConfig
        public TrustStoreConfig.CertificateExpiryPolicy certificateExpirationPolicy() {
            return this.certificateExpirationPolicy;
        }
    }

    @Override // io.quarkus.tls.runtime.config.TlsBucketConfig
    public Optional<KeyStoreConfig> keyStore() {
        return Optional.empty();
    }

    @Override // io.quarkus.tls.runtime.config.TlsBucketConfig
    public Optional<TrustStoreConfig> trustStore() {
        Optional empty;
        Optional of;
        Path defaultTrustStorePath = defaultTrustStorePath();
        String lowerCase = System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType()).toLowerCase(Locale.US);
        Optional ofNullable = Optional.ofNullable(System.getProperty("javax.net.ssl.trustStorePassword", "changeit"));
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case -986624244:
                if (lowerCase.equals("pkcs12")) {
                    z = false;
                    break;
                }
                break;
            case 105298:
                if (lowerCase.equals("jks")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                empty = Optional.of(new JavaNetSslStoreConfig(defaultTrustStorePath, ofNullable, Optional.empty(), null));
                of = Optional.empty();
                break;
            case true:
                empty = Optional.empty();
                of = Optional.of(new JavaNetSslStoreConfig(defaultTrustStorePath, ofNullable, Optional.empty(), null));
                break;
            default:
                throw new IllegalArgumentException("Unexpected javax.net.ssl.trustStoreType: " + lowerCase);
        }
        return Optional.of(new JavaNetSslTrustStoreConfig(empty, of, TrustStoreConfig.CertificateExpiryPolicy.WARN));
    }

    static Path defaultTrustStorePath() {
        String property = System.getProperty("javax.net.ssl.trustStore");
        if (property != null && !property.isEmpty()) {
            log.debugf("Honoring javax.net.ssl.trustStore property value: %s", property);
            return Path.of(property, new String[0]);
        }
        String property2 = System.getProperty("java.home");
        if (property2 == null || property2.isEmpty()) {
            throw new IllegalStateException("Could not locate the default Java truststore because the 'java.home' property is not set");
        }
        Path of = Path.of(property2, new String[0]);
        if (!Files.isDirectory(of, new LinkOption[0])) {
            throw new IllegalStateException("Could not locate the default Java truststore because the 'java.home' path '" + property2 + "' is not a directory");
        }
        Path resolve = of.resolve("lib/security/jssecacerts");
        if (Files.isRegularFile(resolve, new LinkOption[0])) {
            log.debugf("Using %s as a truststore", resolve);
            return resolve;
        }
        Path resolve2 = of.resolve("lib/security/cacerts");
        if (!Files.isRegularFile(resolve2, new LinkOption[0])) {
            throw new IllegalStateException("Could not locate the default Java truststore. Tried javax.net.ssl.trustStore system property, " + String.valueOf(resolve) + " and " + String.valueOf(resolve2));
        }
        log.debugf("Using %s as a truststore", resolve2);
        return resolve2;
    }

    @Override // io.quarkus.tls.runtime.config.TlsBucketConfig
    public Optional<List<String>> cipherSuites() {
        return Optional.empty();
    }

    @Override // io.quarkus.tls.runtime.config.TlsBucketConfig
    public Set<String> protocols() {
        return Set.of("TLSv1.3", "TLSv1.2");
    }

    @Override // io.quarkus.tls.runtime.config.TlsBucketConfig
    public Duration handshakeTimeout() {
        return Duration.ofSeconds(10L);
    }

    @Override // io.quarkus.tls.runtime.config.TlsBucketConfig
    public boolean alpn() {
        return true;
    }

    @Override // io.quarkus.tls.runtime.config.TlsBucketConfig
    public Optional<List<Path>> certificateRevocationList() {
        return Optional.empty();
    }

    @Override // io.quarkus.tls.runtime.config.TlsBucketConfig
    public boolean trustAll() {
        return false;
    }

    @Override // io.quarkus.tls.runtime.config.TlsBucketConfig
    public Optional<String> hostnameVerificationAlgorithm() {
        return Optional.empty();
    }

    @Override // io.quarkus.tls.runtime.config.TlsBucketConfig
    public Optional<Duration> reloadPeriod() {
        return Optional.empty();
    }
}
