package ch.nolix.core.net.endpoint;

import ch.nolix.core.environment.filesystem.FileSystemAccessor;
import ch.nolix.core.errorcontrol.exception.WrapperException;
import ch.nolix.core.net.ssl.SslCertificateKeyReader;
import ch.nolix.coreapi.netapi.sslapi.ISslCertificate;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;

/* loaded from: input_file:ch/nolix/core/net/endpoint/SslServerSslContextCreator.class */
final class SslServerSslContextCreator {
    private static final String PASSWORD = "my_password";
    private static final char[] PASSWORD_AS_CHAR_ARRAY = PASSWORD.toCharArray();
    private static final SslCertificateKeyReader SSL_CERTIFICATE_KEY_READER = new SslCertificateKeyReader();

    public SslContext createSSLContext(ISslCertificate iSslCertificate) {
        try {
            X509Certificate cert = getCert(iSslCertificate);
            PrivateKey privateKey = getPrivateKey(iSslCertificate);
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null, PASSWORD_AS_CHAR_ARRAY);
            keyStore.setCertificateEntry("cert-alias", cert);
            keyStore.setKeyEntry("key-alias", privateKey, PASSWORD_AS_CHAR_ARRAY, new Certificate[]{cert});
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, PASSWORD_AS_CHAR_ARRAY);
            SSLContext.getInstance("TLS").init(keyManagerFactory.getKeyManagers(), null, null);
            return SslContextBuilder.forServer(keyManagerFactory).build();
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | InvalidKeySpecException e) {
            throw WrapperException.forError(e);
        }
    }

    private X509Certificate getCert(ISslCertificate iSslCertificate) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(FileSystemAccessor.readFileToBytes(iSslCertificate.getPublicKeyPemFilePath())));
    }

    private PrivateKey getPrivateKey(ISslCertificate iSslCertificate) throws InvalidKeySpecException, NoSuchAlgorithmException {
        return KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(SSL_CERTIFICATE_KEY_READER.readKeyFromPemFile(iSslCertificate.getPrivateKeyPemFilePath()))));
    }
}
