package com.addc.commons.acceptor.configuration;

import com.addc.commons.passwd.PasswordChecker;
import com.addc.commons.properties.BoundsFactory;
import com.addc.commons.properties.PropertiesParser;
import com.addc.commons.security.callbacks.SimplePasswordCallbackHandler;
import com.addc.commons.security.keys.KeyStoreLoader;
import com.addc.commons.ssl.X509FixedAliasKeyManager;
import com.addc.commons.ssl.configuration.SSLConfig;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import javax.management.MBeanAttributeInfo;
import javax.management.MBeanInfo;
import javax.management.StandardMBean;
import javax.net.ServerSocketFactory;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.callback.CallbackHandler;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/addc/commons/acceptor/configuration/AcceptorConfiguration.class */
public class AcceptorConfiguration extends StandardMBean implements IMbAcceptorConfig {
    public static final String QUEUE_SIZE_KEY = "acceptor.queue.size";
    public static final String SERVER_ADDRESS_KEY = "acceptor.address";
    public static final String SERVER_PORT_KEY = "acceptor.port";
    public static final String ACCEPTOR_PREFIX = "acceptor.";
    private static final int DEFAULT_Q_SIZE = 128000;
    private static final Logger LOGGER = LoggerFactory.getLogger(AcceptorConfiguration.class);
    private InetAddress address;
    private int port;
    private int sizeOfPreprocessingQueue;
    private SSLServerSocketFactory sslServerSocketFactory;
    private SSLConfig sslConfig;

    public AcceptorConfiguration(PropertiesParser propertiesParser, PasswordChecker passwordChecker) {
        super(IMbAcceptorConfig.class, false);
        checkProperties(propertiesParser, passwordChecker);
    }

    @Override // com.addc.commons.acceptor.configuration.IMbAcceptorConfig
    public int getServerPort() {
        return this.port;
    }

    @Override // com.addc.commons.acceptor.configuration.IMbAcceptorConfig
    public InetAddress getServerAddress() {
        return this.address;
    }

    @Override // com.addc.commons.acceptor.configuration.IMbAcceptorConfig
    public int getPreprocessingQueueSize() {
        return this.sizeOfPreprocessingQueue;
    }

    protected String getDescription(MBeanInfo mBeanInfo) {
        return "Configuration for TCP and TLS socket acceptors";
    }

    protected String getDescription(MBeanAttributeInfo mBeanAttributeInfo) {
        return mBeanAttributeInfo.getName().equals("ServerPort") ? "The port the server will listen on." : mBeanAttributeInfo.getName().equals("ServerAddress") ? "The address the server will listen on" : mBeanAttributeInfo.getName().equals("PreprocessingQueueSize") ? "The size of the queue between the socket and the processor" : super.getDescription(mBeanAttributeInfo);
    }

    public SSLConfig getSslConfig() {
        return this.sslConfig;
    }

    public ServerSocket getServerSocket() throws IOException {
        ServerSocket createServerSocket;
        if (this.sslConfig.isSslEnabled()) {
            createServerSocket = this.sslServerSocketFactory.createServerSocket(getServerPort(), 10, getServerAddress());
            ((SSLServerSocket) createServerSocket).setNeedClientAuth(this.sslConfig.isClientAuthRequired());
            ((SSLServerSocket) createServerSocket).setWantClientAuth(this.sslConfig.isClientAuthSupported());
            if (this.sslConfig.getCiphers().length > 0) {
                ((SSLServerSocket) createServerSocket).setEnabledCipherSuites(this.sslConfig.getCiphers());
                LOGGER.info("Restricted cipher suites to {}", Arrays.asList(((SSLServerSocket) createServerSocket).getEnabledCipherSuites()));
            }
            if (this.sslConfig.getProtocols().length > 0) {
                ((SSLServerSocket) createServerSocket).setEnabledProtocols(this.sslConfig.getProtocols());
                LOGGER.info("Restricted protocols to {}", Arrays.asList(((SSLServerSocket) createServerSocket).getEnabledProtocols()));
            }
        } else {
            createServerSocket = ServerSocketFactory.getDefault().createServerSocket(getServerPort(), 10, getServerAddress());
        }
        return createServerSocket;
    }

    private void initSslServerSocketFactory() throws GeneralSecurityException, IOException {
        KeyStoreLoader keyStoreLoader;
        SimplePasswordCallbackHandler simplePasswordCallbackHandler = new SimplePasswordCallbackHandler();
        simplePasswordCallbackHandler.setPassword(this.sslConfig.getKeyStorePass().getPasswd());
        KeyStoreLoader keyStoreLoader2 = new KeyStoreLoader(this.sslConfig.getKeyStoreFile(), this.sslConfig.getKeyStoreType(), this.sslConfig.getKeyStoreProvider(), simplePasswordCallbackHandler);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.sslConfig.getKeyManagerAlgoritm());
        KeyStore keyStore = keyStoreLoader2.getKeyStore();
        keyManagerFactory.init(keyStore, this.sslConfig.getKeyStorePass().getPasswd().toCharArray());
        ArrayList arrayList = new ArrayList();
        for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
            if (keyManager instanceof X509KeyManager) {
                arrayList.add(new X509FixedAliasKeyManager(keyStore, this.sslConfig.getKeyAlias(), this.sslConfig.getKeyPass(), (X509KeyManager) keyManager));
            }
        }
        KeyManager[] keyManagerArr = (KeyManager[]) arrayList.toArray(new KeyManager[0]);
        TrustManagerFactory trustManagerFactory = null;
        if (StringUtils.isNotBlank(this.sslConfig.getTrustStoreFile())) {
            trustManagerFactory = TrustManagerFactory.getInstance(this.sslConfig.getTrustManagerAlgoritm());
            if (null == this.sslConfig.getTrustStorePass().getPasswd()) {
                keyStoreLoader = new KeyStoreLoader(this.sslConfig.getTrustStoreFile(), this.sslConfig.getTrustStoreType(), this.sslConfig.getTrustStoreProvider(), (CallbackHandler) null);
            } else {
                simplePasswordCallbackHandler.setPassword(this.sslConfig.getTrustStorePass().getPasswd());
                keyStoreLoader = new KeyStoreLoader(this.sslConfig.getTrustStoreFile(), this.sslConfig.getTrustStoreType(), this.sslConfig.getTrustStoreProvider(), simplePasswordCallbackHandler);
            }
            trustManagerFactory.init(keyStoreLoader.getKeyStore());
        }
        TrustManager[] trustManagers = trustManagerFactory != null ? trustManagerFactory.getTrustManagers() : null;
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerArr, trustManagers, new SecureRandom());
        this.sslServerSocketFactory = sSLContext.getServerSocketFactory();
    }

    private void checkProperties(PropertiesParser propertiesParser, PasswordChecker passwordChecker) {
        this.port = propertiesParser.parsePort(SERVER_PORT_KEY);
        this.address = propertiesParser.parseInetAddress(SERVER_ADDRESS_KEY);
        this.sizeOfPreprocessingQueue = propertiesParser.parseInteger(QUEUE_SIZE_KEY, BoundsFactory.getIntBoundsGtLt(10, 200000), Integer.valueOf(DEFAULT_Q_SIZE));
        this.sslConfig = new SSLConfig(propertiesParser, passwordChecker, true, ACCEPTOR_PREFIX);
        if (this.sslConfig.isSslEnabled() && propertiesParser.getParserErrors().isEmpty()) {
            try {
                initSslServerSocketFactory();
            } catch (IOException | GeneralSecurityException e) {
                LOGGER.error("Failed to initialize SslServerSocketFactory", e);
                propertiesParser.getParserErrors().add(e.getLocalizedMessage());
            }
        }
    }
}
