package oracle.kv.impl.security.ssl;

import com.sleepycat.je.rep.net.SSLAuthenticator;
import com.sleepycat.je.rep.utilint.net.AliasKeyManager;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import oracle.kv.impl.util.registry.RMISocketPolicy;
import oracle.kv.impl.util.registry.ssl.SSLSocketPolicy;

/* loaded from: input_file:oracle/kv/impl/security/ssl/SSLConfig.class */
public class SSLConfig {
    public static final String ENABLED_CIPHER_SUITES = "oracle.kv.ssl.ciphersuites";
    public static final String ENABLED_PROTOCOLS = "oracle.kv.ssl.protocols";
    public static final String CLIENT_AUTHENTICATOR = "oracle.kv.ssl.clientAuthenticator";
    public static final String SERVER_HOST_VERIFIER = "oracle.kv.ssl.hostnameVerifier";
    public static final String KEYSTORE_FILE = "oracle.kv.ssl.keyStore";
    public static final String KEYSTORE_TYPE = "oracle.kv.ssl.keyStoreType";
    public static final String KEYSTORE_ALIAS = "oracle.kv.ssl.keyStoreAlias";
    public static final String TRUSTSTORE_FILE = "oracle.kv.ssl.trustStore";
    public static final String TRUSTSTORE_TYPE = "oracle.kv.ssl.trustStoreType";
    private static final String X509_ALGO_NAME_PROPERTY = "oracle.kv.ssl.x509AlgoName";
    static final String JE_SSL_DN_AUTHENTICATOR_CLASS = "com.sleepycat.je.rep.utilint.net.SSLDNAuthenticator";
    static final String JE_SSL_DN_HOST_VERIFIER_CLASS = "com.sleepycat.je.rep.utilint.net.SSLDNHostVerifier";
    static final String JE_SSL_STD_HOST_VERIFIER_CLASS = "com.sleepycat.je.rep.utilint.net.SSLStdHostVerifier";
    private static final Set<String> allProps = new HashSet();
    private static final String X509_ALGO_NAME;
    private final Properties props;
    private char[] keystorePassword = null;
    private static final String KEY_OF_GCM_CIPHER = "_GCM_";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:oracle/kv/impl/security/ssl/SSLConfig$InstanceInfo.class */
    public static final class InstanceInfo<T> {
        final T impl;
        final String jeImplClass;
        final String jeImplParams;

        private InstanceInfo(T t, String str, String str2) {
            this.impl = t;
            this.jeImplClass = str;
            this.jeImplParams = str2;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:oracle/kv/impl/security/ssl/SSLConfig$SSLAuthInfo.class */
    public class SSLAuthInfo {
        private File keyStore;
        private String keyStoreType;
        private char[] keyStorePassword;
        private String keyStoreAlias;
        private File trustStore;
        private String trustStoreType;
        private char[] trustStorePassword;

        private SSLAuthInfo() {
        }
    }

    public SSLConfig(Properties properties) {
        this.props = properties;
        if (properties != null) {
            validateProperties(properties);
        }
    }

    public static Properties validateProperties(Properties properties) throws IllegalArgumentException {
        Properties properties2 = new Properties();
        for (String str : properties.stringPropertyNames()) {
            if (str.startsWith("oracle.kv.ssl.")) {
                if (!allProps.contains(str)) {
                    throw new IllegalArgumentException(str + " is not a supported SSL property");
                }
                properties2.setProperty(str, properties.getProperty(str));
            }
        }
        String property = properties.getProperty("oracle.kv.ssl.trustStore");
        if (property != null) {
            File file = new File(property);
            if (!file.isAbsolute()) {
                throw new IllegalArgumentException("The truststore file must be specified using an absolute pathname. File is: " + file);
            }
        }
        return properties2;
    }

    public synchronized void setKeystorePassword(char[] cArr) {
        if (this.keystorePassword != null) {
            Arrays.fill(this.keystorePassword, ' ');
        }
        if (cArr == null) {
            this.keystorePassword = null;
        } else {
            this.keystorePassword = Arrays.copyOf(cArr, cArr.length);
        }
    }

    public RMISocketPolicy makeClientSocketPolicy() throws IllegalStateException {
        try {
            return new SSLSocketPolicy(null, makeSSLControl(false));
        } catch (Exception e) {
            throw new IllegalStateException("Exception while initializing SSL configuration", e);
        }
    }

    public SSLControl makeSSLControl(boolean z) throws KeyStoreException, IOException {
        SSLParameters sSLParameters = new SSLParameters();
        String prop = getProp("oracle.kv.ssl.ciphersuites");
        if (prop != null) {
            sSLParameters.setCipherSuites(trim(prop.split(",")));
        }
        String prop2 = getProp("oracle.kv.ssl.protocols");
        if (prop2 != null) {
            sSLParameters.setProtocols(trim(prop2.split(",")));
        }
        SSLContext makeSSLContext = makeSSLContext(makeAuth(), z);
        SSLAuthenticator sSLAuthenticator = null;
        HostnameVerifier hostnameVerifier = null;
        if (z) {
            String prop3 = getProp(CLIENT_AUTHENTICATOR);
            if (prop3 != null) {
                sSLAuthenticator = makeAuthenticator(prop3);
                sSLParameters.setNeedClientAuth(true);
            }
        } else {
            String prop4 = getProp("oracle.kv.ssl.hostnameVerifier");
            if (prop4 != null) {
                hostnameVerifier = makeHostVerifier(prop4);
            }
        }
        return new SSLControl(filterSSLParameters(sSLParameters, makeSSLContext, z), makeSSLContext, hostnameVerifier, sSLAuthenticator);
    }

    private static SSLParameters filterSSLParameters(SSLParameters sSLParameters, SSLContext sSLContext, boolean z) throws IllegalArgumentException {
        SSLParameters supportedSSLParameters = sSLContext.getSupportedSSLParameters();
        String[] cipherSuites = sSLParameters.getCipherSuites();
        if (cipherSuites != null) {
            cipherSuites = filterConfig(cipherSuites, supportedSSLParameters.getCipherSuites());
            if (cipherSuites.length == 0) {
                throw new IllegalArgumentException("None of the configured SSL cipher suites are supported by the environment.");
            }
        } else if (!z) {
            cipherSuites = reorderCipherSuites(supportedSSLParameters.getCipherSuites());
        }
        String[] protocols = sSLParameters.getProtocols();
        if (protocols != null) {
            protocols = filterConfig(protocols, supportedSSLParameters.getProtocols());
            if (protocols.length == 0) {
                throw new IllegalArgumentException("None of the configured SSL protocols are supported by the environment.");
            }
        }
        SSLParameters sSLParameters2 = new SSLParameters(cipherSuites, protocols);
        sSLParameters2.setNeedClientAuth(sSLParameters.getNeedClientAuth());
        return sSLParameters2;
    }

    private static SSLAuthenticator makeAuthenticator(String str) {
        return makeAuthenticatorInfo(str).impl;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static InstanceInfo<SSLAuthenticator> makeAuthenticatorInfo(String str) {
        String trim = str.trim();
        if (!trim.startsWith("dnmatch(") || !trim.endsWith(")")) {
            throw new IllegalArgumentException(trim + " is not a valid server peer constraint.");
        }
        String substring = trim.substring("dnmatch(".length(), trim.length() - 1);
        return new InstanceInfo<>(new SSLPatternAuthenticator(substring), JE_SSL_DN_AUTHENTICATOR_CLASS, substring);
    }

    private HostnameVerifier makeHostVerifier(String str) {
        return makeHostVerifierInfo(str).impl;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static InstanceInfo<HostnameVerifier> makeHostVerifierInfo(String str) {
        String trim = str.trim();
        if ("hostname".equals(trim)) {
            return new InstanceInfo<>(new SSLStdHostVerifier(), JE_SSL_STD_HOST_VERIFIER_CLASS, null);
        }
        if (!trim.startsWith("dnmatch(") || !trim.endsWith(")")) {
            throw new IllegalArgumentException(trim + " is not a valid client peer constraint.");
        }
        String substring = trim.substring("dnmatch(".length(), trim.length() - 1);
        return new InstanceInfo<>(new SSLPatternVerifier(substring), JE_SSL_DN_HOST_VERIFIER_CLASS, substring);
    }

    private SSLAuthInfo makeAuth() {
        SSLAuthInfo sSLAuthInfo = new SSLAuthInfo();
        String prop = getProp(KEYSTORE_FILE);
        if (prop != null) {
            sSLAuthInfo.keyStore = new File(prop);
        }
        String prop2 = getProp(KEYSTORE_TYPE);
        if (prop2 != null) {
            sSLAuthInfo.keyStoreType = prop2;
        }
        char[] cArr = this.keystorePassword;
        if (cArr != null) {
            sSLAuthInfo.keyStorePassword = cArr;
        }
        String prop3 = getProp(KEYSTORE_ALIAS);
        if (prop3 != null) {
            sSLAuthInfo.keyStoreAlias = prop3;
        }
        String prop4 = getProp("oracle.kv.ssl.trustStore");
        if (prop4 != null) {
            sSLAuthInfo.trustStore = new File(prop4);
        }
        String prop5 = getProp("oracle.kv.ssl.trustStoreType");
        if (prop5 != null) {
            sSLAuthInfo.trustStoreType = prop5;
        }
        return sSLAuthInfo;
    }

    private SSLContext makeSSLContext(SSLAuthInfo sSLAuthInfo, boolean z) throws KeyStoreException, IOException {
        try {
            KeyManager[] keyManagerArr = null;
            TrustManager[] trustManagerArr = null;
            if (sSLAuthInfo.keyStore != null && sSLAuthInfo.keyStorePassword != null) {
                String str = sSLAuthInfo.keyStoreType;
                if (str == null) {
                    str = KeyStore.getDefaultType();
                }
                KeyStore keyStore = KeyStore.getInstance(str);
                keyStore.load(new FileInputStream(sSLAuthInfo.keyStore), sSLAuthInfo.keyStorePassword);
                String str2 = sSLAuthInfo.keyStoreAlias;
                if (str2 != null && !keyStore.containsAlias(str2)) {
                    throw new IllegalArgumentException("Alias " + str2 + " not found in " + sSLAuthInfo.keyStore);
                }
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(X509_ALGO_NAME);
                keyManagerFactory.init(keyStore, sSLAuthInfo.keyStorePassword);
                keyManagerArr = keyManagerFactory.getKeyManagers();
                if (str2 != null) {
                    X509ExtendedKeyManager x509ExtendedKeyManager = null;
                    int length = keyManagerArr.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        KeyManager keyManager = keyManagerArr[i];
                        if (keyManager instanceof X509ExtendedKeyManager) {
                            x509ExtendedKeyManager = (X509ExtendedKeyManager) keyManager;
                            break;
                        }
                        i++;
                    }
                    if (x509ExtendedKeyManager == null) {
                        throw new IllegalStateException("Unable to locate an X509ExtendedKeyManager corresponding to keyStore " + sSLAuthInfo.keyStore);
                    }
                    KeyManager[] keyManagerArr2 = new KeyManager[1];
                    keyManagerArr2[0] = new AliasKeyManager(x509ExtendedKeyManager, z ? str2 : null, z ? null : str2);
                    keyManagerArr = keyManagerArr2;
                }
            }
            if (sSLAuthInfo.trustStore != null) {
                String str3 = sSLAuthInfo.trustStoreType;
                if (str3 == null) {
                    str3 = KeyStore.getDefaultType();
                }
                KeyStore keyStore2 = KeyStore.getInstance(str3);
                keyStore2.load(new FileInputStream(sSLAuthInfo.trustStore), sSLAuthInfo.trustStorePassword != null ? sSLAuthInfo.trustStorePassword : null);
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(X509_ALGO_NAME);
                trustManagerFactory.init(keyStore2);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            }
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            return sSLContext;
        } catch (KeyManagementException e) {
            throw new KeyStoreException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new KeyStoreException(e2);
        } catch (UnrecoverableKeyException e3) {
            throw new KeyStoreException(e3);
        } catch (CertificateException e4) {
            throw new KeyStoreException(e4);
        }
    }

    private String getProp(String str) {
        return trim(this.props.getProperty(str));
    }

    private String trim(String str) {
        if (str == null) {
            return null;
        }
        String trim = str.trim();
        if (trim.isEmpty()) {
            return null;
        }
        return trim;
    }

    private String[] trim(String[] strArr) {
        if (strArr == null) {
            return null;
        }
        String[] strArr2 = new String[strArr.length];
        int i = 0;
        for (String str : strArr) {
            String trim = trim(str);
            if (trim != null) {
                int i2 = i;
                i++;
                strArr2[i2] = trim;
            }
        }
        if (i == 0) {
            return null;
        }
        return (String[]) Arrays.copyOf(strArr2, i);
    }

    private static String[] filterConfig(String[] strArr, String[] strArr2) {
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            int length = strArr2.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (str.equals(strArr2[i])) {
                    arrayList.add(str);
                    break;
                }
                i++;
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private static String[] reorderCipherSuites(String[] strArr) {
        if (strArr == null || strArr.length == 0) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            if (str.contains(KEY_OF_GCM_CIPHER)) {
                arrayList.add(str);
            }
        }
        if (arrayList.size() == 0) {
            return null;
        }
        for (String str2 : strArr) {
            if (!str2.contains(KEY_OF_GCM_CIPHER)) {
                arrayList.add(str2);
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private static String getX509AlgoName() {
        String property = System.getProperty(X509_ALGO_NAME_PROPERTY);
        return (property == null || property.isEmpty()) ? System.getProperty("java.vendor").startsWith("IBM") ? "IbmX509" : "SunX509" : property;
    }

    char[] getKeystorePassword() {
        return this.keystorePassword;
    }

    static {
        allProps.add("oracle.kv.ssl.ciphersuites");
        allProps.add("oracle.kv.ssl.protocols");
        allProps.add(CLIENT_AUTHENTICATOR);
        allProps.add("oracle.kv.ssl.hostnameVerifier");
        allProps.add(KEYSTORE_FILE);
        allProps.add(KEYSTORE_TYPE);
        allProps.add(KEYSTORE_ALIAS);
        allProps.add("oracle.kv.ssl.trustStore");
        allProps.add("oracle.kv.ssl.trustStoreType");
        X509_ALGO_NAME = getX509AlgoName();
    }
}
