package org.nuxeo.runtime.aws;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.BasicSessionCredentials;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import javax.net.ssl.SSLContext;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.nuxeo.runtime.model.DefaultComponent;

/* loaded from: input_file:org/nuxeo/runtime/aws/AWSConfigurationServiceImpl.class */
public class AWSConfigurationServiceImpl extends DefaultComponent implements AWSConfigurationService {
    public static final String XP_CONFIGURATION = "configuration";

    @Override // org.nuxeo.runtime.aws.AWSConfigurationService
    public AWSCredentials getAWSCredentials(String str) {
        AWSConfigurationDescriptor aWSConfigurationDescriptor = (AWSConfigurationDescriptor) getDescriptor(XP_CONFIGURATION, (String) StringUtils.defaultIfBlank(str, AWSConfigurationDescriptor.DEFAULT_CONFIG_ID));
        if (aWSConfigurationDescriptor == null) {
            return null;
        }
        String accessKeyId = aWSConfigurationDescriptor.getAccessKeyId();
        String secretKey = aWSConfigurationDescriptor.getSecretKey();
        String sessionToken = aWSConfigurationDescriptor.getSessionToken();
        if (StringUtils.isNotBlank(accessKeyId) && StringUtils.isNotBlank(secretKey)) {
            return StringUtils.isNotBlank(sessionToken) ? new BasicSessionCredentials(accessKeyId, secretKey, sessionToken) : new BasicAWSCredentials(accessKeyId, secretKey);
        }
        return null;
    }

    @Override // org.nuxeo.runtime.aws.AWSConfigurationService
    public String getAWSRegion(String str) {
        AWSConfigurationDescriptor aWSConfigurationDescriptor = (AWSConfigurationDescriptor) getDescriptor(XP_CONFIGURATION, (String) StringUtils.defaultIfBlank(str, AWSConfigurationDescriptor.DEFAULT_CONFIG_ID));
        if (aWSConfigurationDescriptor == null) {
            return null;
        }
        String region = aWSConfigurationDescriptor.getRegion();
        if (StringUtils.isNotBlank(region)) {
            return region;
        }
        return null;
    }

    @Override // org.nuxeo.runtime.aws.AWSConfigurationService
    public void configureSSL(String str, ClientConfiguration clientConfiguration) {
        SSLContext sSLContext = getSSLContext((AWSConfigurationDescriptor) getDescriptor(XP_CONFIGURATION, (String) StringUtils.defaultIfBlank(str, AWSConfigurationDescriptor.DEFAULT_CONFIG_ID)));
        if (sSLContext != null) {
            clientConfiguration.getApacheHttpClientConfig().setSslSocketFactory(new SSLConnectionSocketFactory(sSLContext));
        }
    }

    protected SSLContext getSSLContext(AWSConfigurationDescriptor aWSConfigurationDescriptor) {
        if (aWSConfigurationDescriptor == null) {
            return null;
        }
        try {
            KeyStore loadKeyStore = loadKeyStore(aWSConfigurationDescriptor.trustStorePath, aWSConfigurationDescriptor.trustStorePassword, aWSConfigurationDescriptor.trustStoreType);
            KeyStore loadKeyStore2 = loadKeyStore(aWSConfigurationDescriptor.keyStorePath, aWSConfigurationDescriptor.keyStorePassword, aWSConfigurationDescriptor.keyStoreType);
            if (loadKeyStore == null && loadKeyStore2 == null) {
                return null;
            }
            SSLContextBuilder custom = SSLContexts.custom();
            if (loadKeyStore != null) {
                custom.loadTrustMaterial(loadKeyStore, (TrustStrategy) null);
            }
            if (loadKeyStore2 != null) {
                custom.loadKeyMaterial(loadKeyStore2, StringUtils.isBlank(aWSConfigurationDescriptor.keyStorePassword) ? null : aWSConfigurationDescriptor.keyStorePassword.toCharArray());
            }
            return custom.build();
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException("Cannot setup SSL context", e);
        }
    }

    protected KeyStore loadKeyStore(String str, String str2, String str3) throws GeneralSecurityException, IOException {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance((String) StringUtils.defaultIfBlank(str3, KeyStore.getDefaultType()));
        char[] charArray = StringUtils.isBlank(str2) ? null : str2.toCharArray();
        InputStream newInputStream = Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                keyStore.load(newInputStream, charArray);
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                return keyStore;
            } finally {
            }
        } catch (Throwable th3) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th3;
        }
    }
}
