package eu.clarussecure.proxy.protocol.plugins.tcp.ssl;

import eu.clarussecure.proxy.protocol.plugins.tcp.TCPConstants;
import eu.clarussecure.proxy.spi.protocol.Configuration;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelPipeline;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import io.netty.util.concurrent.Future;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/clarussecure/proxy/protocol/plugins/tcp/ssl/SSLSessionInitializer.class */
public class SSLSessionInitializer {
    private static final Logger LOGGER = LoggerFactory.getLogger(SSLSessionInitializer.class);
    private static SSLMode CLIENT_SSL_MODE = SSLMode.valueOf(System.getProperty("tcp.ssl.client", SSLMode.ALLOWED.toString()).toUpperCase());
    private static SSLMode SERVER_SSL_MODE = SSLMode.valueOf(System.getProperty("tcp.ssl.server", SSLMode.ALLOWED.toString()).toUpperCase());
    private static final boolean USE_SELF_SIGNED_CERTIFICATE;
    private static final File CERTIFICATE_FILE;
    private static final File PRIVATE_KEY_FILE;

    /* loaded from: input_file:eu/clarussecure/proxy/protocol/plugins/tcp/ssl/SSLSessionInitializer$SSLMode.class */
    public enum SSLMode {
        DISABLED,
        ALLOWED,
        REQUIRED
    }

    public SSLMode getClientMode() {
        return CLIENT_SSL_MODE;
    }

    public SSLMode getServerMode() {
        return SERVER_SSL_MODE;
    }

    public static void setClientMode(SSLMode sSLMode) {
        CLIENT_SSL_MODE = sSLMode;
    }

    public static void setServerMode(SSLMode sSLMode) {
        SERVER_SSL_MODE = sSLMode;
    }

    public Future<Channel> addSSLHandlerOnClientSide(ChannelHandlerContext channelHandlerContext) throws IOException {
        return addSSLHandlerOnClientSide(channelHandlerContext, channelHandlerContext.pipeline());
    }

    public Future<Channel> addSSLHandlerOnClientSide(ChannelHandlerContext channelHandlerContext, ChannelPipeline channelPipeline) throws IOException {
        SslContextBuilder forServer;
        LOGGER.debug("Adding a SSL handler on client side...");
        LOGGER.trace("Building a server SSL context for client side...");
        if (USE_SELF_SIGNED_CERTIFICATE) {
            LOGGER.trace("... using self signed certificate");
            try {
                SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
                forServer = SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey());
            } catch (CertificateException e) {
                throw new IOException(e);
            }
        } else if (CERTIFICATE_FILE == null || PRIVATE_KEY_FILE == null) {
            try {
                String property = System.getProperty("javax.net.ssl.keyStore", System.getProperty("java.home") + "/lib/security/jssecacerts");
                String property2 = System.getProperty("javax.net.ssl.keyStorePassword", "");
                String property3 = System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType());
                if (LOGGER.isTraceEnabled()) {
                    LOGGER.trace("... using keystore {} (of type {})", property, property3);
                }
                KeyStore keyStore = KeyStore.getInstance(property3);
                char[] charArray = property2.toCharArray();
                try {
                    FileInputStream fileInputStream = new FileInputStream(property);
                    Throwable th = null;
                    try {
                        try {
                            keyStore.load(fileInputStream, charArray);
                            if (fileInputStream != null) {
                                if (0 != 0) {
                                    try {
                                        fileInputStream.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    fileInputStream.close();
                                }
                            }
                            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                            keyManagerFactory.init(keyStore, charArray);
                            forServer = SslContextBuilder.forServer(keyManagerFactory);
                        } finally {
                        }
                    } catch (Throwable th3) {
                        if (fileInputStream != null) {
                            if (th != null) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                        throw th3;
                    }
                } catch (CertificateException e2) {
                    throw new IOException(e2);
                }
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e3) {
                throw new IOException(e3);
            }
        } else {
            if (LOGGER.isTraceEnabled()) {
                LOGGER.trace("... using certificate {} and private key {}", CERTIFICATE_FILE, PRIVATE_KEY_FILE);
            }
            forServer = SslContextBuilder.forServer(CERTIFICATE_FILE, PRIVATE_KEY_FILE);
        }
        SslHandler sslHandler = new SslHandler(forServer.build().newEngine(channelHandlerContext.alloc()), true);
        channelPipeline.addFirst("SSLHandler", sslHandler);
        Future<Channel> handshakeFuture = sslHandler.handshakeFuture();
        LOGGER.debug("SSL handler added SSL on client side");
        return handshakeFuture;
    }

    public Future<Channel> addSSLHandlerOnServerSide(ChannelHandlerContext channelHandlerContext) throws SSLException {
        return addSSLHandlerOnServerSide(channelHandlerContext, channelHandlerContext.pipeline());
    }

    public Future<Channel> addSSLHandlerOnServerSide(ChannelHandlerContext channelHandlerContext, ChannelPipeline channelPipeline) throws SSLException {
        LOGGER.debug("Adding a SSL handler on server side...");
        LOGGER.trace("Building a client SSL context for server side...");
        SslContext build = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).build();
        InetSocketAddress serverEndpoint = ((Configuration) channelHandlerContext.channel().attr(TCPConstants.CONFIGURATION_KEY).get()).getServerEndpoint();
        SslHandler newHandler = build.newHandler(channelHandlerContext.alloc(), serverEndpoint.getHostString(), serverEndpoint.getPort());
        channelPipeline.addFirst("SSLHandler", newHandler);
        Future<Channel> handshakeFuture = newHandler.handshakeFuture();
        LOGGER.debug("SSL handler added SSL on server side");
        return handshakeFuture;
    }

    static {
        String property = System.getProperty("tcp.ssl.use.self.signed.certificate", "true");
        USE_SELF_SIGNED_CERTIFICATE = Boolean.TRUE.toString().equalsIgnoreCase(property) || "1".equalsIgnoreCase(property) || "yes".equalsIgnoreCase(property) || "on".equalsIgnoreCase(property);
        String property2 = System.getProperty("tcp.ssl.certificate.file");
        CERTIFICATE_FILE = property2 == null ? null : new File(property2);
        String property3 = System.getProperty("tcp.ssl.private.key.file");
        PRIVATE_KEY_FILE = property3 == null ? null : new File(property3);
    }
}
