package oracle.kv.impl.security.ssl;

import com.sleepycat.je.rep.net.SSLAuthenticator;
import java.util.Arrays;
import java.util.Properties;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManagerFactory;
import oracle.kv.KVSecurityConstants;
import oracle.kv.impl.admin.param.RMISocketPolicyBuilder;
import oracle.kv.impl.admin.param.RepNetConfigBuilder;
import oracle.kv.impl.admin.param.SecurityParams;
import oracle.kv.impl.param.ParameterMap;
import oracle.kv.impl.security.ssl.SSLConfig;
import oracle.kv.impl.util.registry.RMISocketPolicy;
import oracle.kv.impl.util.registry.ssl.SSLServerSocketPolicy;

/* loaded from: input_file:oracle/kv/impl/security/ssl/SSLTransport.class */
public class SSLTransport implements RMISocketPolicyBuilder, RepNetConfigBuilder {
    public RMISocketPolicy makeSocketPolicy(SecurityParams securityParams, ParameterMap parameterMap) throws Exception {
        KeyStorePasswordSource create = KeyStorePasswordSource.create(securityParams);
        char[] password = create == null ? null : create.getPassword();
        try {
            SSLServerSocketPolicy sSLServerSocketPolicy = new SSLServerSocketPolicy(makeSSLConfig(securityParams, parameterMap, password, true).makeSSLControl(true), makeSSLConfig(securityParams, parameterMap, password, false).makeSSLControl(false));
            if (password != null) {
                Arrays.fill(password, ' ');
            }
            return sSLServerSocketPolicy;
        } catch (Throwable th) {
            if (password != null) {
                Arrays.fill(password, ' ');
            }
            throw th;
        }
    }

    public Properties getClientAccessProperties(SecurityParams securityParams, ParameterMap parameterMap) {
        Properties sSLProperties = getSSLProperties(securityParams, parameterMap, false, false);
        if (sSLProperties.getProperty(SSLConfig.KEYSTORE_ALIAS) == null) {
            sSLProperties.remove(SSLConfig.KEYSTORE_FILE);
        }
        return sSLProperties;
    }

    public KeyManagerFactory createKeyManagerFactory(SecurityParams securityParams, ParameterMap parameterMap) throws Exception {
        KeyStorePasswordSource create = KeyStorePasswordSource.create(securityParams);
        return makeSSLConfig(securityParams, parameterMap, create == null ? null : create.getPassword(), true).makeSSLKeyManagerFactory();
    }

    public Properties makeChannelProperties(SecurityParams securityParams, ParameterMap parameterMap) {
        Properties properties = new Properties();
        properties.setProperty("je.rep.channelType", KVSecurityConstants.SSL_TRANSPORT_NAME);
        String keystoreFile = securityParams.getKeystoreFile();
        if (keystoreFile != null) {
            properties.setProperty("je.rep.ssl.keyStoreFile", securityParams.resolveFile(keystoreFile).getPath());
        }
        String keystoreType = securityParams.getKeystoreType();
        if (keystoreType != null) {
            properties.setProperty("je.rep.ssl.keyStoreType", keystoreType);
        }
        KeyStorePasswordSource create = KeyStorePasswordSource.create(securityParams);
        if (create != null) {
            properties.setProperty("je.rep.ssl.keyStorePasswordClass", create.getClass().getName());
            properties.setProperty("je.rep.ssl.keyStorePasswordParams", create.getParamString());
        }
        String truststoreFile = securityParams.getTruststoreFile();
        if (truststoreFile != null) {
            properties.setProperty("je.rep.ssl.trustStoreFile", securityParams.resolveFile(truststoreFile).getPath());
        }
        String truststoreType = securityParams.getTruststoreType();
        if (truststoreType != null) {
            properties.setProperty("je.rep.ssl.trustStoreType", truststoreType);
        }
        String transServerKeyAlias = securityParams.getTransServerKeyAlias(parameterMap);
        if (transServerKeyAlias != null) {
            properties.setProperty("je.rep.ssl.serverKeyAlias", transServerKeyAlias);
        }
        String transClientKeyAlias = securityParams.getTransClientKeyAlias(parameterMap);
        if (transClientKeyAlias != null) {
            properties.setProperty("je.rep.ssl.clientKeyAlias", transClientKeyAlias);
        }
        String transAllowCipherSuites = securityParams.getTransAllowCipherSuites(parameterMap);
        if (transAllowCipherSuites != null) {
            properties.setProperty("je.rep.ssl.cipherSuites", transAllowCipherSuites);
        }
        String transAllowProtocols = securityParams.getTransAllowProtocols(parameterMap);
        if (transAllowProtocols != null) {
            properties.setProperty("je.rep.ssl.protocols", transAllowProtocols);
        }
        String transClientIdentityAllowed = securityParams.getTransClientIdentityAllowed(parameterMap);
        if (transClientIdentityAllowed != null) {
            SSLConfig.InstanceInfo<SSLAuthenticator> makeAuthenticatorInfo = SSLConfig.makeAuthenticatorInfo(transClientIdentityAllowed);
            properties.setProperty("je.rep.ssl.authenticatorClass", makeAuthenticatorInfo.jeImplClass);
            properties.setProperty("je.rep.ssl.authenticatorParams", makeAuthenticatorInfo.jeImplParams);
        }
        String transServerIdentityAllowed = securityParams.getTransServerIdentityAllowed(parameterMap);
        if (transServerIdentityAllowed != null) {
            SSLConfig.InstanceInfo<HostnameVerifier> makeHostVerifierInfo = SSLConfig.makeHostVerifierInfo(transServerIdentityAllowed);
            properties.setProperty("je.rep.ssl.hostVerifierClass", makeHostVerifierInfo.jeImplClass);
            properties.setProperty("je.rep.ssl.hostVerifierParams", makeHostVerifierInfo.jeImplParams);
        }
        return properties;
    }

    SSLConfig makeSSLConfig(SecurityParams securityParams, ParameterMap parameterMap, char[] cArr, boolean z) {
        SSLConfig sSLConfig = new SSLConfig(getSSLProperties(securityParams, parameterMap, true, z));
        sSLConfig.setKeystorePassword(cArr);
        return sSLConfig;
    }

    Properties getSSLProperties(SecurityParams securityParams, ParameterMap parameterMap, boolean z, boolean z2) {
        Properties properties = new Properties();
        String transAllowCipherSuites = securityParams.getTransAllowCipherSuites(parameterMap);
        if (transAllowCipherSuites != null) {
            properties.setProperty("oracle.kv.ssl.ciphersuites", transAllowCipherSuites);
        }
        String transAllowProtocols = securityParams.getTransAllowProtocols(parameterMap);
        if (transAllowProtocols != null) {
            properties.setProperty("oracle.kv.ssl.protocols", transAllowProtocols);
        }
        if (!z2) {
            String transClientAllowCipherSuites = securityParams.getTransClientAllowCipherSuites(parameterMap);
            if (transClientAllowCipherSuites != null) {
                properties.setProperty("oracle.kv.ssl.ciphersuites", transClientAllowCipherSuites);
            }
            String transClientAllowProtocols = securityParams.getTransClientAllowProtocols(parameterMap);
            if (transClientAllowProtocols != null) {
                properties.setProperty("oracle.kv.ssl.protocols", transClientAllowProtocols);
            }
        }
        String keystoreFile = securityParams.getKeystoreFile();
        if (keystoreFile != null) {
            properties.setProperty(SSLConfig.KEYSTORE_FILE, z ? securityParams.resolveFile(keystoreFile).getPath() : keystoreFile);
            String keystoreType = securityParams.getKeystoreType();
            if (keystoreType != null) {
                properties.setProperty(SSLConfig.KEYSTORE_TYPE, keystoreType);
            }
        }
        String truststoreFile = securityParams.getTruststoreFile();
        if (truststoreFile != null) {
            properties.setProperty("oracle.kv.ssl.trustStore", z ? securityParams.resolveFile(truststoreFile).getPath() : truststoreFile);
            String truststoreType = securityParams.getTruststoreType();
            if (truststoreType != null) {
                properties.setProperty("oracle.kv.ssl.trustStoreType", truststoreType);
            }
        }
        if (z2) {
            String transServerKeyAlias = securityParams.getTransServerKeyAlias(parameterMap);
            if (transServerKeyAlias != null) {
                properties.setProperty(SSLConfig.KEYSTORE_ALIAS, transServerKeyAlias);
            }
            String transClientIdentityAllowed = securityParams.getTransClientIdentityAllowed(parameterMap);
            if (transClientIdentityAllowed != null) {
                properties.setProperty(SSLConfig.CLIENT_AUTHENTICATOR, transClientIdentityAllowed);
            }
        } else {
            String transClientKeyAlias = securityParams.getTransClientKeyAlias(parameterMap);
            if (transClientKeyAlias != null) {
                properties.setProperty(SSLConfig.KEYSTORE_ALIAS, transClientKeyAlias);
            }
            String transServerIdentityAllowed = securityParams.getTransServerIdentityAllowed(parameterMap);
            if (transServerIdentityAllowed != null) {
                properties.setProperty("oracle.kv.ssl.hostnameVerifier", transServerIdentityAllowed);
            }
        }
        return properties;
    }
}
