package com.floragunn.codova.config.net;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.Document;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.codova.validation.ValidatingDocNode;
import com.floragunn.codova.validation.ValidationErrors;
import com.floragunn.codova.validation.VariableResolvers;
import com.floragunn.codova.validation.errors.FileDoesNotExist;
import com.floragunn.codova.validation.errors.ValidationError;
import com.google.common.base.Charsets;
import com.google.common.base.Joiner;
import com.google.common.io.Files;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.StringReader;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy;
import org.apache.http.ssl.PrivateKeyDetails;
import org.apache.http.ssl.PrivateKeyStrategy;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.bc.BcPEMDecryptorProvider;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/floragunn/codova/config/net/TLSConfig.class */
public class TLSConfig implements Document<TLSConfig> {
    private static final Logger log = LoggerFactory.getLogger(TLSConfig.class);
    private SSLContext sslContext;
    private List<String> supportedProtocols;
    private List<String> supportedCipherSuites;
    private HostnameVerifier hostnameVerifier;
    private boolean hostnameVerificationEnabled;
    private boolean trustAll;
    private KeyStore truststore;
    private List<String> trustedCas;
    private ClientCertAuthConfig clientCertAuthConfig;
    private boolean startTlsEnabled;

    /* loaded from: input_file:com/floragunn/codova/config/net/TLSConfig$Builder.class */
    public static class Builder {
        private TLSConfig tlsConfig = new TLSConfig();
        private ValidationErrors validationErrors = new ValidationErrors();

        public Builder trust(File file) throws ConfigValidationException {
            if (file != null) {
                try {
                    this.tlsConfig.truststore = TLSConfig.toTruststore(file);
                } catch (ConfigValidationException e) {
                    this.validationErrors.add("trusted_cas", e);
                } catch (FileNotFoundException e2) {
                    this.validationErrors.add(new FileDoesNotExist("trusted_cas", file));
                }
                this.tlsConfig.trustedCas = Collections.singletonList("#{file:" + file.getAbsolutePath() + "}");
            } else {
                this.tlsConfig.truststore = null;
                this.tlsConfig.trustedCas = null;
            }
            return this;
        }

        public Builder clientCert(File file, File file2, String str) {
            try {
                this.tlsConfig.clientCertAuthConfig = ClientCertAuthConfig.create(file, file2, str);
            } catch (ConfigValidationException e) {
                this.validationErrors.add("client_auth", e);
            }
            return this;
        }

        public Builder enabledProtocols(List<String> list) {
            this.tlsConfig.supportedProtocols = list;
            return this;
        }

        public Builder enabledProtocols(String... strArr) {
            this.tlsConfig.supportedProtocols = Arrays.asList(strArr);
            return this;
        }

        public Builder enabledCiphers(List<String> list) {
            this.tlsConfig.supportedCipherSuites = list;
            return this;
        }

        public Builder enabledCiphers(String... strArr) {
            this.tlsConfig.supportedCipherSuites = Arrays.asList(strArr);
            return this;
        }

        public Builder trustAll(boolean z) {
            this.tlsConfig.trustAll = z;
            return this;
        }

        public Builder verifyHostnames(boolean z) {
            this.tlsConfig.hostnameVerificationEnabled = z;
            return this;
        }

        public Builder trustJks(File file, String str) throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(file), str.toCharArray());
            this.tlsConfig.truststore = keyStore;
            return this;
        }

        public Builder clientCertJks(File file, String str, String str2) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(file), str.toCharArray());
            ClientCertAuthConfig clientCertAuthConfig = new ClientCertAuthConfig();
            clientCertAuthConfig.alias = str2;
            clientCertAuthConfig.keyStore = keyStore;
            clientCertAuthConfig.keyStorePassword = str;
            this.tlsConfig.clientCertAuthConfig = clientCertAuthConfig;
            return this;
        }

        public TLSConfig build() throws ConfigValidationException {
            this.validationErrors.throwExceptionForPresentErrors();
            this.tlsConfig.sslContext = this.tlsConfig.buildSSLContext();
            if (this.tlsConfig.hostnameVerificationEnabled) {
                this.tlsConfig.hostnameVerifier = new DefaultHostnameVerifier();
            } else {
                this.tlsConfig.hostnameVerifier = NoopHostnameVerifier.INSTANCE;
            }
            return this.tlsConfig;
        }
    }

    /* loaded from: input_file:com/floragunn/codova/config/net/TLSConfig$ClientCertAuthConfig.class */
    public static class ClientCertAuthConfig implements Document<ClientCertAuthConfig> {
        private String certficate;
        private String privateKey;
        private KeyStore keyStore;
        private Collection<? extends Certificate> certificateChain;
        private String password;
        private String keyStorePassword;
        private String alias;

        public static ClientCertAuthConfig parse(Map<String, Object> map) throws ConfigValidationException {
            ValidationErrors validationErrors = new ValidationErrors();
            ValidatingDocNode expandVariables = new ValidatingDocNode(map, validationErrors).expandVariables("file", VariableResolvers.FILE);
            ClientCertAuthConfig clientCertAuthConfig = new ClientCertAuthConfig();
            Collection collection = (Collection) expandVariables.get("certificate").required().byString(ClientCertAuthConfig::toCertificateChain);
            clientCertAuthConfig.certficate = expandVariables.get("certificate").asString();
            clientCertAuthConfig.password = expandVariables.get("private_key_password").asString();
            clientCertAuthConfig.privateKey = expandVariables.get("private_key").asString();
            PrivateKey privateKey = (PrivateKey) expandVariables.get("private_key").required().byString(str -> {
                return TLSConfig.toPrivateKey(str, clientCertAuthConfig.password);
            });
            validationErrors.throwExceptionForPresentErrors();
            clientCertAuthConfig.alias = "key";
            clientCertAuthConfig.keyStorePassword = clientCertAuthConfig.password != null ? clientCertAuthConfig.password : "keyStorePassword";
            clientCertAuthConfig.keyStore = createKeyStore(collection, privateKey, clientCertAuthConfig.alias, clientCertAuthConfig.keyStorePassword);
            clientCertAuthConfig.certificateChain = collection != null ? Collections.unmodifiableList(new ArrayList(collection)) : null;
            return clientCertAuthConfig;
        }

        @Override // com.floragunn.codova.documents.Document
        public Map<String, Object> toBasicObject() {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put("certificate", this.certficate);
            linkedHashMap.put("private_key", this.privateKey);
            linkedHashMap.put("private_key_password", this.password);
            return linkedHashMap;
        }

        public static ClientCertAuthConfig create(File file, File file2, String str) throws ConfigValidationException {
            ValidationErrors validationErrors = new ValidationErrors();
            ClientCertAuthConfig clientCertAuthConfig = new ClientCertAuthConfig();
            clientCertAuthConfig.certficate = "#{file:" + file.getAbsolutePath() + "}";
            clientCertAuthConfig.privateKey = "#{file:" + file2.getAbsolutePath() + "}";
            clientCertAuthConfig.password = str;
            Collection<? extends Certificate> collection = null;
            try {
                collection = toCertificateChain(Files.asCharSource(file, Charsets.UTF_8).read());
            } catch (ConfigValidationException e) {
                validationErrors.add("certificate", e);
            } catch (FileNotFoundException e2) {
                validationErrors.add(new FileDoesNotExist("certificate", file).cause(e2));
            } catch (IOException e3) {
                validationErrors.add(new ValidationError("certificate", "Error while reading file").cause(e3));
            }
            PrivateKey privateKey = null;
            try {
                privateKey = TLSConfig.toPrivateKey(Files.asCharSource(file2, Charsets.UTF_8).read(), clientCertAuthConfig.password);
            } catch (ConfigValidationException e4) {
                validationErrors.add("private_key", e4);
            } catch (FileNotFoundException e5) {
                validationErrors.add(new FileDoesNotExist("private_key", file).cause(e5));
            } catch (IOException e6) {
                validationErrors.add(new ValidationError("private_key", "Error while reading file").cause(e6));
            }
            validationErrors.throwExceptionForPresentErrors();
            clientCertAuthConfig.alias = "key";
            clientCertAuthConfig.keyStorePassword = clientCertAuthConfig.password != null ? clientCertAuthConfig.password : "keyStorePassword";
            clientCertAuthConfig.keyStore = createKeyStore(collection, privateKey, clientCertAuthConfig.alias, clientCertAuthConfig.keyStorePassword);
            clientCertAuthConfig.certificateChain = collection != null ? Collections.unmodifiableList(new ArrayList(collection)) : null;
            return clientCertAuthConfig;
        }

        private static KeyStore createKeyStore(Collection<? extends Certificate> collection, PrivateKey privateKey, String str, String str2) {
            try {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(null, null);
                keyStore.setKeyEntry(str, privateKey, str2 != null ? str2.toCharArray() : null, (Certificate[]) collection.toArray(new Certificate[collection.size()]));
                return keyStore;
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new RuntimeException(e);
            }
        }

        private static Collection<? extends Certificate> toCertificateChain(String str) throws ConfigValidationException {
            try {
                try {
                    return CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(str.getBytes(StandardCharsets.US_ASCII)));
                } catch (CertificateException e) {
                    TLSConfig.log.info("Error parsing certificates", e);
                    throw new ConfigValidationException(new ValidationError(null, e.getMessage(), null).cause(e));
                }
            } catch (CertificateException e2) {
                throw new RuntimeException("Could not find CertificateFactory X.509", e2);
            }
        }

        public Collection<? extends Certificate> getCertificateChain() {
            return this.certificateChain;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/floragunn/codova/config/net/TLSConfig$OverlyTrustfulSSLContextBuilder.class */
    public static class OverlyTrustfulSSLContextBuilder extends SSLContextBuilder {
        private OverlyTrustfulSSLContextBuilder() {
        }

        protected void initSSLContext(SSLContext sSLContext, Collection<KeyManager> collection, Collection<TrustManager> collection2, SecureRandom secureRandom) throws KeyManagementException {
            sSLContext.init(!collection.isEmpty() ? (KeyManager[]) collection.toArray(new KeyManager[collection.size()]) : null, new TrustManager[]{new OverlyTrustfulTrustManager()}, secureRandom);
        }
    }

    /* loaded from: input_file:com/floragunn/codova/config/net/TLSConfig$OverlyTrustfulTrustManager.class */
    private static class OverlyTrustfulTrustManager implements X509TrustManager {
        private OverlyTrustfulTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* loaded from: input_file:com/floragunn/codova/config/net/TLSConfig$RestrictingSSLSocketFactory.class */
    static class RestrictingSSLSocketFactory extends SSLSocketFactory {
        private final SSLSocketFactory delegate;
        private final String[] enabledProtocols;
        private final String[] enabledCipherSuites;

        public RestrictingSSLSocketFactory(SSLSocketFactory sSLSocketFactory, String[] strArr, String[] strArr2) {
            this.delegate = sSLSocketFactory;
            this.enabledProtocols = strArr;
            this.enabledCipherSuites = strArr2;
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getDefaultCipherSuites() {
            return this.enabledCipherSuites == null ? this.delegate.getDefaultCipherSuites() : this.enabledCipherSuites;
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getSupportedCipherSuites() {
            return this.enabledCipherSuites == null ? this.delegate.getSupportedCipherSuites() : this.enabledCipherSuites;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket() throws IOException {
            return enforce(this.delegate.createSocket());
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
            return enforce(this.delegate.createSocket(socket, str, i, z));
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
            return enforce(this.delegate.createSocket(str, i));
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
            return enforce(this.delegate.createSocket(str, i, inetAddress, i2));
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
            return enforce(this.delegate.createSocket(inetAddress, i));
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
            return enforce(this.delegate.createSocket(inetAddress, i, inetAddress2, i2));
        }

        private Socket enforce(Socket socket) {
            if (socket != null && (socket instanceof SSLSocket)) {
                if (this.enabledProtocols != null) {
                    ((SSLSocket) socket).setEnabledProtocols(this.enabledProtocols);
                }
                if (this.enabledCipherSuites != null) {
                    ((SSLSocket) socket).setEnabledCipherSuites(this.enabledCipherSuites);
                }
            }
            return socket;
        }
    }

    public static TLSConfig parse(Map<String, Object> map) throws ConfigValidationException {
        return parse(map, false);
    }

    public static TLSConfig parseInclStartTlsSupport(Map<String, Object> map) throws ConfigValidationException {
        return parse(map, true);
    }

    private static TLSConfig parse(Map<String, Object> map, boolean z) throws ConfigValidationException {
        ValidationErrors validationErrors = new ValidationErrors();
        ValidatingDocNode expandVariables = new ValidatingDocNode(map, validationErrors).expandVariables("file", VariableResolvers.FILE);
        TLSConfig tLSConfig = new TLSConfig();
        tLSConfig.supportedProtocols = expandVariables.get("enabled_protocols").asList().withDefault("TLSv1.2", "TLSv1.1").ofStrings();
        tLSConfig.supportedCipherSuites = expandVariables.get("enabled_ciphers").asList().ofStrings();
        tLSConfig.hostnameVerificationEnabled = expandVariables.get("verify_hostnames").withDefault(true).asBoolean();
        tLSConfig.trustAll = expandVariables.get("trust_all").withDefault(false).asBoolean();
        tLSConfig.truststore = (KeyStore) expandVariables.get("trusted_cas").by(TLSConfig::toTruststore);
        if (tLSConfig.truststore != null) {
            tLSConfig.trustedCas = expandVariables.get("trusted_cas").asListOfStrings();
        }
        tLSConfig.clientCertAuthConfig = (ClientCertAuthConfig) expandVariables.get("client_auth").by((v0) -> {
            return ClientCertAuthConfig.parse(v0);
        });
        if (z) {
            tLSConfig.startTlsEnabled = expandVariables.get("start_tls").withDefault(false).asBoolean();
        }
        expandVariables.checkForUnusedAttributes();
        validationErrors.throwExceptionForPresentErrors();
        tLSConfig.sslContext = tLSConfig.buildSSLContext();
        if (tLSConfig.hostnameVerificationEnabled) {
            tLSConfig.hostnameVerifier = new DefaultHostnameVerifier();
        } else {
            tLSConfig.hostnameVerifier = NoopHostnameVerifier.INSTANCE;
        }
        return tLSConfig;
    }

    @Override // com.floragunn.codova.documents.Document
    public Map<String, Object> toBasicObject() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (this.trustedCas != null && !this.trustedCas.isEmpty()) {
            linkedHashMap.put("trusted_cas", this.trustedCas);
        }
        if (this.clientCertAuthConfig != null) {
            linkedHashMap.put("client_auth", this.clientCertAuthConfig.toBasicObject());
        }
        linkedHashMap.put("trust_all", Boolean.valueOf(this.trustAll));
        linkedHashMap.put("verify_hostnames", Boolean.valueOf(this.hostnameVerificationEnabled));
        if (this.supportedProtocols != null) {
            linkedHashMap.put("enabled_protocols", this.supportedProtocols);
        }
        if (this.supportedCipherSuites != null) {
            linkedHashMap.put("enabled_ciphers", this.supportedCipherSuites);
        }
        return linkedHashMap;
    }

    private static KeyStore toTruststore(DocNode docNode) throws ConfigValidationException {
        return docNode.isList() ? toTruststore(Joiner.on('\n').join(docNode.toListOfStrings())) : toTruststore(docNode.getAsString(null));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static KeyStore toTruststore(File file) throws ConfigValidationException, FileNotFoundException {
        try {
            return toTruststore(Files.asCharSource(file, Charsets.UTF_8).read());
        } catch (FileNotFoundException e) {
            throw e;
        } catch (IOException e2) {
            throw new ConfigValidationException(new ValidationError(null, "Error while reading file").cause(e2));
        }
    }

    private static KeyStore toTruststore(String str) throws ConfigValidationException {
        if (str == null) {
            return null;
        }
        try {
            try {
                Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(str.getBytes(StandardCharsets.US_ASCII)));
                try {
                    KeyStore keyStore = KeyStore.getInstance("JKS");
                    keyStore.load(null);
                    int i = 1;
                    Iterator<? extends Certificate> it = generateCertificates.iterator();
                    while (it.hasNext()) {
                        keyStore.setCertificateEntry("certificate_" + i, it.next());
                        i++;
                    }
                    if (i == 0) {
                        throw new ConfigValidationException(new ValidationError(null, "Contains no certificates"));
                    }
                    return keyStore;
                } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                    throw new RuntimeException("Error while initializing key store", e);
                }
            } catch (CertificateException e2) {
                log.warn("Error parsing certificates", e2);
                throw new ConfigValidationException(new ValidationError(null, e2.getMessage(), null).cause(e2));
            }
        } catch (CertificateException e3) {
            throw new RuntimeException("Could not find CertificateFactory X.509", e3);
        }
    }

    private TLSConfig() {
        this.supportedProtocols = Arrays.asList("TLSv1.2", "TLSv1.1");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SSLContext buildSSLContext() {
        SSLContextBuilder overlyTrustfulSSLContextBuilder = this.trustAll ? new OverlyTrustfulSSLContextBuilder() : SSLContexts.custom();
        if (this.truststore != null) {
            try {
                overlyTrustfulSSLContextBuilder.loadTrustMaterial(this.truststore, (TrustStrategy) null);
            } catch (KeyStoreException | NoSuchAlgorithmException e) {
                throw new RuntimeException("Error while initializing trust material for SSLContext", e);
            }
        }
        if (this.clientCertAuthConfig != null) {
            try {
                overlyTrustfulSSLContextBuilder.loadKeyMaterial(this.clientCertAuthConfig.keyStore, this.clientCertAuthConfig.keyStorePassword.toCharArray(), new PrivateKeyStrategy() { // from class: com.floragunn.codova.config.net.TLSConfig.1
                    public String chooseAlias(Map<String, PrivateKeyDetails> map, Socket socket) {
                        return TLSConfig.this.clientCertAuthConfig.alias;
                    }
                });
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e2) {
                throw new RuntimeException("Error while initializing key material for SSLContext", e2);
            }
        }
        try {
            return overlyTrustfulSSLContextBuilder.build();
        } catch (KeyManagementException | NoSuchAlgorithmException e3) {
            throw new RuntimeException("Error SSLContext for " + this, e3);
        }
    }

    public SSLContext getUnrestrictedSslContext() {
        return this.sslContext;
    }

    public SSLSocketFactory getRestrictedSSLSocketFactory() {
        return new RestrictingSSLSocketFactory(this.sslContext.getSocketFactory(), getSupportedProtocols(), getSupportedCipherSuites());
    }

    public String[] getSupportedProtocols() {
        if (this.supportedProtocols != null) {
            return (String[]) this.supportedProtocols.toArray(new String[this.supportedProtocols.size()]);
        }
        return null;
    }

    public String[] getSupportedCipherSuites() {
        if (this.supportedCipherSuites != null) {
            return (String[]) this.supportedCipherSuites.toArray(new String[this.supportedCipherSuites.size()]);
        }
        return null;
    }

    public HostnameVerifier getHostnameVerifier() {
        return this.hostnameVerifier;
    }

    public SSLIOSessionStrategy toSSLIOSessionStrategy() {
        return new SSLIOSessionStrategy(this.sslContext, getSupportedProtocols(), getSupportedCipherSuites(), this.hostnameVerifier);
    }

    public SSLConnectionSocketFactory toSSLConnectionSocketFactory() {
        return new SSLConnectionSocketFactory(this.sslContext, getSupportedProtocols(), getSupportedCipherSuites(), this.hostnameVerifier);
    }

    public boolean isHostnameVerificationEnabled() {
        return this.hostnameVerificationEnabled;
    }

    public boolean isTrustAllEnabled() {
        return this.trustAll;
    }

    public ClientCertAuthConfig getClientCertAuthConfig() {
        return this.clientCertAuthConfig;
    }

    public static PrivateKey toPrivateKey(String str, String str2) throws ConfigValidationException {
        JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
        try {
            PEMParser pEMParser = new PEMParser(new StringReader(str));
            try {
                Object readObject = pEMParser.readObject();
                if (readObject == null) {
                    pEMParser.close();
                    return null;
                }
                if (readObject instanceof PEMKeyPair) {
                    PrivateKey privateKey = jcaPEMKeyConverter.getKeyPair((PEMKeyPair) readObject).getPrivate();
                    pEMParser.close();
                    return privateKey;
                }
                if (readObject instanceof PEMEncryptedKeyPair) {
                    PrivateKey privateKey2 = jcaPEMKeyConverter.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new BcPEMDecryptorProvider(str2 == null ? null : str2.toCharArray()))).getPrivate();
                    pEMParser.close();
                    return privateKey2;
                }
                if (readObject instanceof PrivateKeyInfo) {
                    PrivateKey privateKey3 = jcaPEMKeyConverter.getPrivateKey((PrivateKeyInfo) readObject);
                    pEMParser.close();
                    return privateKey3;
                }
                if (!(readObject instanceof PKCS8EncryptedPrivateKeyInfo)) {
                    throw new ConfigValidationException(new ValidationError(null, "Unknown object type: " + readObject.getClass()));
                }
                PrivateKey privateKey4 = jcaPEMKeyConverter.getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) readObject).decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().build(str2 == null ? null : str2.toCharArray())));
                pEMParser.close();
                return privateKey4;
            } finally {
            }
        } catch (IOException | OperatorCreationException | PKCSException e) {
            log.info("Error while parsing private key", e);
            throw new ConfigValidationException(new ValidationError(null, e.getMessage()).cause(e));
        }
    }

    public boolean isStartTlsEnabled() {
        return this.startTlsEnabled;
    }
}
