package com.couchbase.client.core.endpoint;

import com.couchbase.client.core.env.SecureEnvironment;
import java.io.FileInputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:WEB-INF/lib/core-io-1.4.6.jar:com/couchbase/client/core/endpoint/SSLEngineFactory.class */
public class SSLEngineFactory {
    private final SecureEnvironment env;

    public SSLEngineFactory(SecureEnvironment secureEnvironment) {
        this.env = secureEnvironment;
    }

    public SSLEngine get() {
        try {
            String sslKeystorePassword = this.env.sslKeystorePassword();
            char[] charArray = (sslKeystorePassword == null || sslKeystorePassword.isEmpty()) ? null : sslKeystorePassword.toCharArray();
            KeyStore sslKeystore = this.env.sslKeystore();
            if (sslKeystore == null) {
                sslKeystore = KeyStore.getInstance(KeyStore.getDefaultType());
                String sslKeystoreFile = this.env.sslKeystoreFile();
                if (sslKeystoreFile == null || sslKeystoreFile.isEmpty()) {
                    throw new IllegalArgumentException("Path to Keystore File must not be null or empty.");
                }
                sslKeystore.load(new FileInputStream(sslKeystoreFile), charArray);
            }
            String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(defaultAlgorithm);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm);
            keyManagerFactory.init(sslKeystore, charArray);
            trustManagerFactory.init(sslKeystore);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            createSSLEngine.setUseClientMode(true);
            return createSSLEngine;
        } catch (Exception e) {
            throw new SSLException("Could not create SSLEngine.", e);
        }
    }
}
