package org.jppf.ssl;

import java.io.InputStream;
import java.lang.reflect.Constructor;
import java.net.Socket;
import java.security.KeyStore;
import java.util.Map;
import java.util.concurrent.Callable;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import org.jppf.comm.socket.SocketWrapper;
import org.jppf.serialization.ObjectSerializer;
import org.jppf.utils.FileUtils;
import org.jppf.utils.JPPFConfiguration;
import org.jppf.utils.JPPFIdentifiers;
import org.jppf.utils.LoggingUtils;
import org.jppf.utils.RegexUtils;
import org.jppf.utils.StringUtils;
import org.jppf.utils.TypedProperties;
import org.jppf.utils.configuration.JPPFProperties;
import org.jppf.utils.configuration.JPPFProperty;
import org.jppf.utils.streams.StreamUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jppf/ssl/SSLHelper.class */
public final class SSLHelper {
    private static Logger log = LoggerFactory.getLogger(SSLHelper.class);
    private static boolean debugEnabled = LoggingUtils.isDebugEnabled(log);
    private static TypedProperties sslConfig = null;

    public static SSLContext getSSLContext() throws Exception {
        return getSSLContext("jppf.ssl");
    }

    public static SSLContext getSSLContext(int i) throws Exception {
        if (sslConfig == null) {
            loadSSLProperties();
        }
        boolean booleanValue = ((Boolean) sslConfig.get((JPPFProperty) JPPFProperties.SSL_CLIENT_DISTINCT_TRUSTSTORE)).booleanValue();
        if (debugEnabled) {
            log.debug("using {} trust store for clients, identifier = {}", booleanValue ? "distinct" : "same", JPPFIdentifiers.asString(i));
        }
        switch (i) {
            case JPPFIdentifiers.CLIENT_JOB_DATA_CHANNEL /* 65530 */:
            case JPPFIdentifiers.CLIENT_CLASSLOADER_CHANNEL /* 65531 */:
                return getSSLContext(booleanValue ? "jppf.ssl.client" : "jppf.ssl");
            case JPPFIdentifiers.NODE_JOB_DATA_CHANNEL /* 65532 */:
            case JPPFIdentifiers.NODE_CLASSLOADER_CHANNEL /* 65533 */:
                return getSSLContext("jppf.ssl");
            default:
                throw new IllegalStateException("unknown channel identifier " + Integer.toHexString(i));
        }
    }

    private static SSLContext getSSLContext(String str) throws Exception {
        try {
            if (sslConfig == null) {
                loadSSLProperties();
            }
            char[] password = getPassword("jppf.ssl.keystore.password");
            KeyStore store = getStore("jppf.ssl.keystore", password);
            KeyManagerFactory keyManagerFactory = null;
            if (store != null) {
                keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(store, password);
            }
            KeyStore store2 = getStore(str + ".truststore", getPassword(str + ".truststore.password"));
            TrustManagerFactory trustManagerFactory = null;
            if (store2 != null) {
                trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(store2);
            }
            SSLContext sSLContext = SSLContext.getInstance((String) sslConfig.get((JPPFProperty) JPPFProperties.SSL_CONTEXT_PROTOCOL));
            sSLContext.init(keyManagerFactory == null ? null : keyManagerFactory.getKeyManagers(), trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(), null);
            return sSLContext;
        } catch (Exception e) {
            if (e instanceof SSLConfigurationException) {
                throw e;
            }
            throw new SSLConfigurationException(e);
        }
    }

    public static SSLParameters getSSLParameters() throws Exception {
        if (sslConfig == null) {
            loadSSLProperties();
        }
        SSLParameters sSLParameters = new SSLParameters();
        String str = (String) sslConfig.get((JPPFProperty) JPPFProperties.SSL_CIPHER_SUITES);
        sSLParameters.setCipherSuites(str == null ? null : RegexUtils.SPACES_PATTERN.split(str.trim()));
        String str2 = (String) sslConfig.get((JPPFProperty) JPPFProperties.SSL_PROTOCOLS);
        sSLParameters.setProtocols(str2 == null ? null : RegexUtils.SPACES_PATTERN.split(str2.trim()));
        String lowerCase = ((String) sslConfig.get((JPPFProperty) JPPFProperties.SSL_CLIENT_AUTH)).toLowerCase();
        sSLParameters.setWantClientAuth("want".equals(lowerCase));
        sSLParameters.setNeedClientAuth("need".equals(lowerCase));
        if (debugEnabled) {
            log.debug("SSL parameters : cipher suites=" + StringUtils.arrayToString(sSLParameters.getCipherSuites()) + ", protocols=" + StringUtils.arrayToString(sSLParameters.getProtocols()) + ", needCLientAuth=" + sSLParameters.getNeedClientAuth() + ", wantClientAuth=" + sSLParameters.getWantClientAuth());
        }
        return sSLParameters;
    }

    public static SocketWrapper createSSLClientConnection(SocketWrapper socketWrapper) throws Exception {
        SSLSocket sSLSocket = (SSLSocket) getSSLContext().getSocketFactory().createSocket(socketWrapper.getSocket(), socketWrapper.getHost(), socketWrapper.getPort(), true);
        sSLSocket.setSSLParameters(getSSLParameters());
        sSLSocket.setUseClientMode(true);
        ObjectSerializer serializer = socketWrapper.getSerializer();
        SocketWrapper socketWrapper2 = (SocketWrapper) socketWrapper.getClass().getConstructor(Socket.class).newInstance(sSLSocket);
        socketWrapper2.setSerializer(serializer);
        socketWrapper2.setHost(socketWrapper.getHost());
        socketWrapper2.setPort(socketWrapper.getPort());
        return socketWrapper2;
    }

    public static void configureJMXProperties(Map<String, Object> map) throws Exception {
        SSLSocketFactory socketFactory = getSSLContext().getSocketFactory();
        map.put("jmx.remote.profiles", "TLS");
        map.put("jmx.remote.tls.socket.factory", socketFactory);
        SSLParameters sSLParameters = getSSLParameters();
        map.put("jmx.remote.tls.enabled.protocols", StringUtils.arrayToString(" ", null, null, sSLParameters.getProtocols()));
        map.put("jmx.remote.tls.enabled.cipher.suites", StringUtils.arrayToString(" ", null, null, sSLParameters.getCipherSuites()));
        map.put("jmx.remote.tls.need.client.authentication", "" + sSLParameters.getNeedClientAuth());
        map.put("jmx.remote.tls.want.client.authentication", "" + sSLParameters.getWantClientAuth());
    }

    private static KeyStore getKeyOrTrustStore(InputStream inputStream, char[] cArr, String str) throws Exception {
        if (inputStream == null) {
            return null;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(inputStream, cArr);
            StreamUtils.close(inputStream, log);
            return keyStore;
        } catch (Throwable th) {
            StreamUtils.close(inputStream, log);
            throw th;
        }
    }

    private static char[] getPassword(String str) throws Exception {
        String string = sslConfig.getString(str, null);
        return string != null ? string.toCharArray() : (char[]) callSource(sslConfig.getString(str + ".source", null));
    }

    private static KeyStore getStore(String str, char[] cArr) throws Exception {
        String string = sslConfig.getString(str + ".type", KeyStore.getDefaultType());
        String string2 = sslConfig.getString(str + ".file", null);
        return string2 != null ? getKeyOrTrustStore(new FileStoreSource(string2).call(), cArr, string) : getKeyOrTrustStore((InputStream) callSource(sslConfig.getString(str + ".source", null)), cArr, string);
    }

    private static <E> E callSource(String str) throws Exception {
        if (str == null) {
            return null;
        }
        String[] split = RegexUtils.SPACES_PATTERN.split(str);
        Class<?> cls = Class.forName(split[0]);
        String[] strArr = null;
        if (split.length > 1) {
            strArr = new String[split.length - 1];
            System.arraycopy(split, 1, strArr, 0, strArr.length);
        }
        Constructor<?> constructor = null;
        try {
            constructor = cls.getConstructor(String[].class);
        } catch (NoSuchMethodException e) {
        }
        return (E) (constructor == null ? (Callable) cls.newInstance() : (Callable) constructor.newInstance(strArr)).call();
    }

    private static synchronized void loadSSLProperties() throws Exception {
        InputStream fileInputStream;
        if (sslConfig == null) {
            sslConfig = new TypedProperties();
            TypedProperties properties = JPPFConfiguration.getProperties();
            String str = (String) properties.get((JPPFProperty) JPPFProperties.SSL_CONFIGURATION_SOURCE);
            if (str != null) {
                fileInputStream = (InputStream) callSource(str);
            } else {
                str = (String) properties.get((JPPFProperty) JPPFProperties.SSL_CONFIGURATION_FILE);
                if (str == null) {
                    throw new SSLConfigurationException("no SSL configuration source is configured");
                }
                fileInputStream = FileUtils.getFileInputStream(str);
            }
            if (fileInputStream == null) {
                StringBuilder sb = new StringBuilder().append("could not load the SSL configuration '");
                throw new SSLConfigurationException(sb.append(sb).append("'").toString());
            }
            try {
                sslConfig.load(fileInputStream);
                if (debugEnabled) {
                    log.debug("successfully loaded the SSL configuration from '{}'", fileInputStream);
                }
            } finally {
                StreamUtils.closeSilent(fileInputStream);
            }
        }
    }

    public static void resetConfig() {
        if (sslConfig != null) {
            sslConfig.clear();
            sslConfig = null;
        }
    }

    public static String getClientConfigId(String str) {
        TypedProperties properties = JPPFConfiguration.getProperties();
        String str2 = (str == null || "".equals(str)) ? "" : str + ".";
        String str3 = str2 + JPPFProperties.SSL_CONFIGURATION_FILE.getName();
        String string = properties.getString(str3);
        if (string == null || "".equals(string.trim())) {
            str3 = str2 + JPPFProperties.SSL_CONFIGURATION_SOURCE.getName();
            string = properties.getString(str3);
            if (string == null) {
                if (str == null || "".equals(str)) {
                    return null;
                }
                return getClientConfigId(null);
            }
        }
        return str3 + '=' + string;
    }
}
