package com.betfair.cougar.netutil.nio;

import com.betfair.cougar.netutil.SslContextFactory;
import com.betfair.cougar.netutil.nio.monitoring.SessionWriteQueueMonitoring;
import com.betfair.cougar.util.KeyStoreManagement;
import java.io.IOException;
import javax.management.InstanceAlreadyExistsException;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import org.apache.mina.common.ByteBuffer;
import org.apache.mina.common.ThreadModel;
import org.apache.mina.common.support.BaseIoServiceConfig;
import org.apache.mina.filter.SSLFilter;
import org.apache.mina.filter.codec.ProtocolCodecFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanNameAware;
import org.springframework.core.io.Resource;
import org.springframework.jmx.export.annotation.ManagedAttribute;
import org.springframework.jmx.export.annotation.ManagedResource;

@ManagedResource
/* loaded from: input_file:com/betfair/cougar/netutil/nio/TlsNioConfig.class */
public class TlsNioConfig extends NioConfig implements BeanNameAware {
    private static Logger logger = LoggerFactory.getLogger(TlsNioConfig.class);
    private boolean supportsTls;
    private boolean requiresTls;
    private boolean needClientAuth;
    private boolean wantClientAuth;
    private Resource keystore;
    private String keystoreType;
    private String keystorePassword;
    private Resource truststore;
    private String truststoreType;
    private String truststorePassword;
    private MBeanServer mbeanServer;
    private KeyStoreManagement keystoreChains;
    private KeyStoreManagement truststoreChains;
    private String allowedCipherSuites;
    private String beanName;

    public void setBeanName(String str) {
        this.beanName = str;
    }

    private KeyStoreManagement getKeystoreCertificateChains() throws Exception {
        if (this.keystoreChains == null) {
            this.keystoreChains = KeyStoreManagement.getKeyStoreManagement(this.keystoreType, this.keystore, this.keystorePassword);
            if (this.keystoreChains != null) {
                try {
                    this.mbeanServer.registerMBean(this.keystoreChains, new ObjectName("CoUGAR.socket.ssl:name=keyStore,nioConfig=" + this.beanName));
                } catch (InstanceAlreadyExistsException e) {
                    logger.warn("You appear to have loaded the same TlsNioConfig more than once in the same JVM", e);
                }
            }
        }
        return this.keystoreChains;
    }

    private KeyStoreManagement getTruststoreCertificateChains() throws Exception {
        if (this.truststoreChains == null) {
            this.truststoreChains = KeyStoreManagement.getKeyStoreManagement(this.truststoreType, this.truststore, this.truststorePassword);
            if (this.truststoreChains != null) {
                try {
                    this.mbeanServer.registerMBean(this.truststoreChains, new ObjectName("CoUGAR.socket.ssl:name=trustStore,nioConfig=" + this.beanName));
                } catch (InstanceAlreadyExistsException e) {
                    logger.warn("You appear to have loaded the same TlsNioConfig more than once in the same JVM", e);
                }
            }
        }
        return this.truststoreChains;
    }

    @Override // com.betfair.cougar.netutil.nio.NioConfig
    protected void configureProtocol(BaseIoServiceConfig baseIoServiceConfig, boolean z) throws IOException {
        try {
            ByteBuffer.setUseDirectBuffers(isUseDirectBuffersInMina());
            SslContextFactory sslContextFactory = new SslContextFactory();
            if (z) {
                if (this.supportsTls) {
                    KeyStoreManagement keystoreCertificateChains = getKeystoreCertificateChains();
                    if (keystoreCertificateChains == null) {
                        throw new IllegalStateException("This configuration ostensibly supports TLS, yet doesn't provide valid keystore configuration");
                    }
                    sslContextFactory.setKeyManagerFactoryKeyStore(keystoreCertificateChains.getKeyStore());
                    sslContextFactory.setKeyManagerFactoryKeyStorePassword(this.keystorePassword);
                    if (this.wantClientAuth) {
                        KeyStoreManagement truststoreCertificateChains = getTruststoreCertificateChains();
                        if (truststoreCertificateChains == null) {
                            throw new IllegalStateException("This configuration ostensibly supports client auth, yet doesn't provide valid truststore configuration");
                        }
                        sslContextFactory.setTrustManagerFactoryKeyStore(truststoreCertificateChains.getKeyStore());
                    }
                }
            } else if (this.supportsTls) {
                KeyStoreManagement truststoreCertificateChains2 = getTruststoreCertificateChains();
                if (truststoreCertificateChains2 == null) {
                    throw new IllegalStateException("This configuration ostensibly supports TLS, yet doesn't provide valid truststore configuration");
                }
                sslContextFactory.setTrustManagerFactoryKeyStore(truststoreCertificateChains2.getKeyStore());
                if (this.wantClientAuth) {
                    KeyStoreManagement keystoreCertificateChains2 = getKeystoreCertificateChains();
                    if (keystoreCertificateChains2 == null) {
                        throw new IllegalStateException("This configuration ostensibly supports client auth, yet doesn't provide valid keystore configuration");
                    }
                    sslContextFactory.setKeyManagerFactoryKeyStore(keystoreCertificateChains2.getKeyStore());
                    sslContextFactory.setKeyManagerFactoryKeyStorePassword(this.keystorePassword);
                }
            }
            SSLFilter sSLFilter = null;
            if (this.supportsTls) {
                sSLFilter = new SSLFilter(sslContextFactory.newInstance());
                sSLFilter.setWantClientAuth(this.wantClientAuth);
                sSLFilter.setNeedClientAuth(this.needClientAuth);
                sSLFilter.setUseClientMode(!z);
                String[] split = (this.allowedCipherSuites == null || "".equals(this.allowedCipherSuites.trim())) ? null : this.allowedCipherSuites.split(",");
                if (split != null) {
                    sSLFilter.setEnabledCipherSuites(split);
                }
            }
            CougarProtocol serverInstance = z ? CougarProtocol.getServerInstance(getNioLogger(), getKeepAliveInterval(), getKeepAliveTimeout(), sSLFilter, this.supportsTls, this.requiresTls) : CougarProtocol.getClientInstance(getNioLogger(), getKeepAliveInterval(), getKeepAliveTimeout(), sSLFilter, this.supportsTls, this.requiresTls, getRpcTimeoutMillis());
            baseIoServiceConfig.getFilterChain().addLast("slowHandling", new SessionWriteQueueMonitoring(getNioLogger(), getMaxWriteQueueSize()));
            baseIoServiceConfig.getFilterChain().addLast("codec", new ProtocolCodecFilter(new CougarProtocolEncoder(getNioLogger()), new CougarProtocolDecoder(getNioLogger())));
            baseIoServiceConfig.getFilterChain().addLast("protocol", serverInstance);
            baseIoServiceConfig.setThreadModel(ThreadModel.MANUAL);
        } catch (Exception e) {
            throw new IOException("Unable to initialise MINA", e);
        }
    }

    public void setNeedClientAuth(boolean z) {
        this.needClientAuth = z;
    }

    @ManagedAttribute
    public boolean isNeedClientAuth() {
        return this.needClientAuth;
    }

    public void setWantClientAuth(boolean z) {
        this.wantClientAuth = z;
    }

    @ManagedAttribute
    public boolean isWantClientAuth() {
        return this.wantClientAuth;
    }

    public void setKeystore(Resource resource) {
        this.keystore = resource;
    }

    @ManagedAttribute
    public Resource getKeystore() {
        return this.keystore;
    }

    public void setKeystoreType(String str) {
        this.keystoreType = str;
    }

    @ManagedAttribute
    public String getKeystoreType() {
        return this.keystoreType;
    }

    public void setKeystorePassword(String str) {
        this.keystorePassword = str;
    }

    @ManagedAttribute
    public String getKeystorePassword() {
        return this.keystorePassword;
    }

    public void setTruststore(Resource resource) {
        this.truststore = resource;
    }

    @ManagedAttribute
    public Resource getTruststore() {
        return this.truststore;
    }

    public void setTruststoreType(String str) {
        this.truststoreType = str;
    }

    @ManagedAttribute
    public String getTruststoreType() {
        return this.truststoreType;
    }

    public void setTruststorePassword(String str) {
        this.truststorePassword = str;
    }

    @ManagedAttribute
    public String getTruststorePassword() {
        return this.truststorePassword;
    }

    @ManagedAttribute
    public boolean isSupportsTls() {
        return this.supportsTls;
    }

    public void setSupportsTls(boolean z) {
        this.supportsTls = z;
    }

    @ManagedAttribute
    public boolean isRequiresTls() {
        return this.requiresTls;
    }

    public void setRequiresTls(boolean z) {
        this.requiresTls = z;
    }

    public void setMbeanServer(MBeanServer mBeanServer) {
        this.mbeanServer = mBeanServer;
    }

    @ManagedAttribute
    public String getAllowedCipherSuites() {
        return this.allowedCipherSuites;
    }

    public void setAllowedCipherSuites(String str) {
        this.allowedCipherSuites = str;
    }
}
