package io.vertx.ext.mongo.impl.config;

import com.mongodb.ConnectionString;
import com.mongodb.connection.SslSettings;
import io.vertx.core.Vertx;
import io.vertx.core.json.JsonObject;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import io.vertx.core.net.PemKeyCertOptions;
import io.vertx.core.net.PemTrustOptions;
import io.vertx.core.net.impl.TrustAllTrustManager;
import java.security.SecureRandom;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;

/* loaded from: input_file:io/vertx/ext/mongo/impl/config/SSLSettingsParser.class */
class SSLSettingsParser {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SSLSettingsParser.class);
    private final ConnectionString connectionString;
    private final JsonObject config;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLSettingsParser(ConnectionString connectionString, JsonObject jsonObject) {
        this.connectionString = connectionString;
        this.config = jsonObject;
    }

    public SslSettings settings(Vertx vertx) {
        TrustManager[] trustManagers;
        SslSettings.Builder builder = SslSettings.builder();
        fromConnectionString(builder);
        fromConfiguration(builder);
        SslSettings build = builder.build();
        if (!build.isEnabled()) {
            return build;
        }
        PemKeyCertOptions pemKeyCertOptions = new PemKeyCertOptions();
        PemTrustOptions pemTrustOptions = new PemTrustOptions();
        if (this.config.containsKey("caPath")) {
            pemTrustOptions.addCertPath(this.config.getString("caPath"));
        }
        if (this.config.containsKey("keyPath") && this.config.containsKey("certPath")) {
            pemKeyCertOptions.addKeyPath(this.config.getString("keyPath"));
            pemKeyCertOptions.addCertPath(this.config.getString("certPath"));
        }
        try {
            if (this.config.getBoolean("trustAll", false).booleanValue()) {
                log.warn("Mongo client has been set to trust ALL certificates, this can open you up to security issues. Make sure you know the risks.");
                trustManagers = new TrustManager[]{TrustAllTrustManager.INSTANCE};
            } else {
                trustManagers = !pemTrustOptions.getCertPaths().isEmpty() ? pemTrustOptions.getTrustManagerFactory(vertx).getTrustManagers() : null;
            }
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(pemKeyCertOptions.getKeyManagerFactory(vertx).getKeyManagers(), trustManagers, new SecureRandom());
            builder.context(sSLContext);
            return builder.build();
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    private void fromConnectionString(SslSettings.Builder builder) {
        if (this.connectionString != null) {
            builder.applyConnectionString(this.connectionString);
        }
    }

    private void fromConfiguration(SslSettings.Builder builder) {
        if (this.config.containsKey("ssl")) {
            builder.enabled(this.config.getBoolean("ssl", false).booleanValue());
        }
        if (this.config.containsKey("sslInvalidHostNameAllowed")) {
            builder.invalidHostNameAllowed(this.config.getBoolean("sslInvalidHostNameAllowed", false).booleanValue());
        }
    }
}
