package org.glassfish.grizzly.config.ssl;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.ServerSocket;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPathParameters;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import org.glassfish.grizzly.config.GrizzlyConfig;
import org.glassfish.grizzly.http.util.StringManager;

/* loaded from: input_file:org/glassfish/grizzly/config/ssl/SSLContextFactory.class */
public class SSLContextFactory implements Cloneable {
    private static final StringManager sm;
    private static final String defaultProtocol = "TLS";
    private static final String defaultAlgorithm;
    private static final String defaultKeyPass = "changeit";
    private static final Logger logger;
    private final Map<String, String> attributes = new HashMap();
    private boolean clientAuthNeed;
    private boolean clientAuthWant;
    private SSLServerSocketFactory sslProxy;
    private String[] enabledCiphers;
    static final /* synthetic */ boolean $assertionsDisabled;

    public SSLContext create() throws IOException {
        try {
            this.clientAuthNeed = Boolean.parseBoolean(getAttribute("clientAuthNeed"));
            this.clientAuthWant = Boolean.parseBoolean(getAttribute("clientAuthWant"));
            String attribute = getAttribute("protocol");
            if (attribute == null) {
                attribute = defaultProtocol;
            }
            String attribute2 = getAttribute("algorithm");
            if (attribute2 == null) {
                attribute2 = defaultAlgorithm;
            }
            SSLContext sSLContext = SSLContext.getInstance(attribute);
            configureSSLSessionContext(sSLContext.getServerSessionContext());
            String attribute3 = getAttribute("truststoreAlgorithm");
            if (attribute3 == null) {
                attribute3 = TrustManagerFactory.getDefaultAlgorithm();
            }
            sSLContext.init(getKeyManagers(attribute2, getAttribute("keyAlias")), getTrustManagers(attribute3), new SecureRandom());
            this.sslProxy = sSLContext.getServerSocketFactory();
            String attribute4 = getAttribute("ciphers");
            if (attribute4 != null) {
                this.enabledCiphers = getEnabledCiphers(attribute4, this.sslProxy.getSupportedCipherSuites());
            }
            checkConfig();
            return sSLContext;
        } catch (Exception e) {
            if (e instanceof IOException) {
                throw ((IOException) e);
            }
            throw new IOException(e.getMessage(), e);
        }
    }

    public final void setAttribute(String str, String str2) {
        if (str == null || str2 == null) {
            return;
        }
        this.attributes.put(str, str2);
    }

    public final String getAttribute(String str) {
        return this.attributes.get(str);
    }

    protected String[] getEnabledCiphers(String str, String[] strArr) {
        String[] strArr2 = null;
        if (str != null) {
            ArrayList arrayList = null;
            String str2 = str;
            int indexOf = str.indexOf(44);
            if (indexOf != -1) {
                int i = 0;
                while (indexOf != -1) {
                    String trim = str.substring(i, indexOf).trim();
                    if (trim.length() > 0) {
                        int i2 = 0;
                        while (true) {
                            if (strArr != null && i2 < strArr.length) {
                                if (strArr[i2].equals(trim)) {
                                    if (arrayList == null) {
                                        arrayList = new ArrayList();
                                    }
                                    arrayList.add(trim);
                                } else {
                                    i2++;
                                }
                            }
                        }
                    }
                    i = indexOf + 1;
                    indexOf = str.indexOf(44, i);
                }
                str2 = str.substring(i);
            }
            if (!$assertionsDisabled && str2 == null) {
                throw new AssertionError();
            }
            String trim2 = str2.trim();
            if (trim2.length() > 0) {
                int i3 = 0;
                while (true) {
                    if (strArr == null || i3 >= strArr.length) {
                        break;
                    }
                    if (strArr[i3].equals(trim2)) {
                        if (arrayList == null) {
                            arrayList = new ArrayList();
                        }
                        arrayList.add(trim2);
                    } else {
                        i3++;
                    }
                }
            }
            if (arrayList != null) {
                strArr2 = (String[]) arrayList.toArray(i4 -> {
                    return new String[i4];
                });
            }
        }
        return strArr2;
    }

    private String getKeystorePassword() {
        String attribute = getAttribute("keypass");
        if (attribute == null) {
            attribute = defaultKeyPass;
        }
        String attribute2 = getAttribute("keystorePass");
        if (attribute2 == null) {
            attribute2 = attribute;
        }
        return attribute2;
    }

    private KeyStore getKeystore(String str) throws IOException {
        String attribute = getAttribute("keystore");
        logger.log(Level.FINE, "Keystore file= {0}", attribute);
        String attribute2 = getAttribute("keystoreType");
        logger.log(Level.FINE, "Keystore type= {0}", attribute2);
        return getStore(attribute2, attribute, str);
    }

    protected KeyStore getTrustStore() throws IOException {
        KeyStore keyStore = null;
        String attribute = getAttribute("truststore");
        logger.log(Level.FINE, "Truststore file= {0}", attribute);
        String attribute2 = getAttribute("truststoreType");
        logger.log(Level.FINE, "Truststore type= {0}", attribute2);
        String truststorePassword = getTruststorePassword();
        if (attribute != null && truststorePassword != null) {
            keyStore = getStore(attribute2, attribute, truststorePassword);
        }
        return keyStore;
    }

    private String getTruststorePassword() {
        String attribute = getAttribute("truststorePass");
        if (attribute == null) {
            attribute = System.getProperty("javax.net.ssl.trustStorePassword");
            if (attribute == null) {
                attribute = getKeystorePassword();
            }
        }
        return attribute;
    }

    private KeyStore getStore(String str, String str2, String str3) throws IOException {
        FileInputStream fileInputStream = null;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(str);
                if (!"PKCS11".equalsIgnoreCase(str) && !"".equalsIgnoreCase(str2)) {
                    File file = new File(str2);
                    if (!file.isAbsolute()) {
                        file = new File(System.getProperty("catalina.base"), str2);
                    }
                    fileInputStream = new FileInputStream(file);
                }
                keyStore.load(fileInputStream, str3.toCharArray());
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                    }
                }
                return keyStore;
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e2) {
                    }
                }
                throw th;
            }
        } catch (FileNotFoundException e3) {
            logger.log(Level.SEVERE, sm.getString("jsse.keystore_load_failed", str, str2, e3.getMessage()), (Throwable) e3);
            throw e3;
        } catch (IOException e4) {
            logger.log(Level.SEVERE, sm.getString("jsse.keystore_load_failed", str, str2, e4.getMessage()), (Throwable) e4);
            throw e4;
        } catch (Exception e5) {
            logger.log(Level.SEVERE, sm.getString("jsse.keystore_load_failed", str, str2, e5.getMessage()), (Throwable) e5);
            throw new IOException(sm.getString("jsse.keystore_load_failed", str, str2, e5.getMessage()));
        }
    }

    protected String[] getEnabledProtocols(SSLServerSocket sSLServerSocket, String str) {
        String[] supportedProtocols = sSLServerSocket.getSupportedProtocols();
        String[] strArr = null;
        if (str != null) {
            ArrayList arrayList = null;
            String str2 = str;
            int indexOf = str.indexOf(44);
            if (indexOf != -1) {
                int i = 0;
                while (indexOf != -1) {
                    String trim = str.substring(i, indexOf).trim();
                    if (supportedProtocols != null && trim.length() > 0) {
                        int length = supportedProtocols.length;
                        int i2 = 0;
                        while (true) {
                            if (i2 >= length) {
                                break;
                            }
                            if (supportedProtocols[i2].equals(trim)) {
                                if (arrayList == null) {
                                    arrayList = new ArrayList();
                                }
                                arrayList.add(trim);
                            } else {
                                i2++;
                            }
                        }
                    }
                    i = indexOf + 1;
                    indexOf = str.indexOf(44, i);
                }
                str2 = str.substring(i);
            }
            if (!$assertionsDisabled && str2 == null) {
                throw new AssertionError();
            }
            String trim2 = str2.trim();
            if (trim2.length() > 0 && supportedProtocols != null) {
                int length2 = supportedProtocols.length;
                int i3 = 0;
                while (true) {
                    if (i3 >= length2) {
                        break;
                    }
                    if (supportedProtocols[i3].equals(trim2)) {
                        if (arrayList == null) {
                            arrayList = new ArrayList();
                        }
                        arrayList.add(trim2);
                    } else {
                        i3++;
                    }
                }
            }
            if (arrayList != null) {
                strArr = (String[]) arrayList.toArray(i4 -> {
                    return new String[i4];
                });
            }
        }
        return strArr;
    }

    private void initServerSocket(ServerSocket serverSocket) {
        if (!(serverSocket instanceof SSLServerSocket)) {
            throw new IllegalArgumentException("The ServerSocket has to be SSLServerSocket");
        }
        SSLServerSocket sSLServerSocket = (SSLServerSocket) serverSocket;
        if (getAttribute("ciphers") != null) {
            sSLServerSocket.setEnabledCipherSuites(this.enabledCiphers);
        }
        setEnabledProtocols(sSLServerSocket, getEnabledProtocols(sSLServerSocket, getAttribute("protocols")));
        if (this.clientAuthNeed) {
            sSLServerSocket.setNeedClientAuth(this.clientAuthNeed);
        } else {
            sSLServerSocket.setWantClientAuth(this.clientAuthWant);
        }
    }

    private void setEnabledProtocols(SSLServerSocket sSLServerSocket, String[] strArr) {
        if (strArr != null) {
            sSLServerSocket.setEnabledProtocols(strArr);
        }
    }

    protected KeyManager[] getKeyManagers(String str, String str2) throws Exception {
        String keystorePassword = getKeystorePassword();
        KeyStore keystore = getKeystore(keystorePassword);
        if (str2 != null && !keystore.isKeyEntry(str2)) {
            throw new IOException(sm.getString("jsse.alias_no_key_entry", str2));
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
        keyManagerFactory.init(keystore, keystorePassword.toCharArray());
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (str2 != null) {
            for (int i = 0; i < keyManagers.length; i++) {
                keyManagers[i] = new JSSEKeyManager((X509KeyManager) keyManagers[i], str2);
            }
        }
        return keyManagers;
    }

    protected TrustManager[] getTrustManagers(String str) throws Exception {
        String attribute = getAttribute("crlFile");
        TrustManager[] trustManagerArr = null;
        KeyStore trustStore = getTrustStore();
        if (trustStore != null) {
            if (attribute == null) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
                trustManagerFactory.init(trustStore);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } else {
                TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(str);
                trustManagerFactory2.init(new CertPathTrustManagerParameters(getParameters(str, attribute, trustStore)));
                trustManagerArr = trustManagerFactory2.getTrustManagers();
            }
        }
        return trustManagerArr;
    }

    private CertPathParameters getParameters(String str, String str2, KeyStore keyStore) throws Exception {
        if (!"PKIX".equalsIgnoreCase(str)) {
            throw new CRLException("CRLs not supported for type: " + str);
        }
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(getCRLs(str2))));
        pKIXBuilderParameters.setRevocationEnabled(true);
        String attribute = getAttribute("trustMaxCertLength");
        if (attribute != null) {
            try {
                pKIXBuilderParameters.setMaxPathLength(Integer.parseInt(attribute));
            } catch (Exception e) {
                logger.warning("Bad maxCertLength: " + attribute);
            }
        }
        return pKIXBuilderParameters;
    }

    private Collection<? extends CRL> getCRLs(String str) throws IOException, CRLException, CertificateException {
        File file = new File(str);
        if (!file.isAbsolute()) {
            file = new File(System.getProperty("catalina.base"), str);
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            Collection<? extends CRL> generateCRLs = certificateFactory.generateCRLs(fileInputStream);
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (Exception e) {
                }
            }
            return generateCRLs;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (Exception e2) {
                }
            }
            throw th;
        }
    }

    private void configureSSLSessionContext(SSLSessionContext sSLSessionContext) {
        String attribute = getAttribute("sslSessionTimeout");
        if (attribute != null) {
            sSLSessionContext.setSessionTimeout(Integer.parseInt(attribute));
        }
        String attribute2 = getAttribute("ssl3SessionTimeout");
        if (attribute2 != null) {
            sSLSessionContext.setSessionTimeout(Integer.parseInt(attribute2));
        }
        String attribute3 = getAttribute("sslSessionCacheSize");
        if (attribute3 != null) {
            sSLSessionContext.setSessionCacheSize(Integer.parseInt(attribute3));
        }
    }

    private void checkConfig() throws IOException {
        ServerSocket createServerSocket = this.sslProxy.createServerSocket();
        initServerSocket(createServerSocket);
        try {
            try {
                createServerSocket.setSoTimeout(1);
                createServerSocket.accept();
                if (createServerSocket.isClosed()) {
                    return;
                }
                createServerSocket.close();
            } catch (SSLException e) {
                throw new IOException(sm.getString("jsse.invalid_ssl_conf", e.getMessage()), e);
            } catch (Exception e2) {
                if (createServerSocket.isClosed()) {
                    return;
                }
                createServerSocket.close();
            }
        } catch (Throwable th) {
            if (!createServerSocket.isClosed()) {
                createServerSocket.close();
            }
            throw th;
        }
    }

    static {
        $assertionsDisabled = !SSLContextFactory.class.desiredAssertionStatus();
        sm = StringManager.getManager(SSLContextFactory.class.getPackage().getName(), SSLContextFactory.class.getClassLoader());
        defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
        logger = GrizzlyConfig.logger();
    }
}
