package com.cloudhopper.smpp.ssl;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CRL;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:jars/smpp-server-ra-library-7.1.75.jar:jars/ch-smpp-5.0.10-SNAPSHOT.jar:com/cloudhopper/smpp/ssl/SslContextFactory.class */
public class SslContextFactory {
    private static final Logger logger = LoggerFactory.getLogger(SslContextFactory.class);
    private SSLContext sslContext;
    private InputStream keyStoreInputStream;
    private InputStream trustStoreInputStream;
    private final SslConfiguration sslConfig;

    public SslContextFactory() throws Exception {
        this(new SslConfiguration());
    }

    public SslContextFactory(SslConfiguration sslConfiguration) throws Exception {
        this.sslConfig = sslConfiguration;
        init();
    }

    private void init() throws Exception {
        if (this.sslContext == null) {
            if (this.keyStoreInputStream == null && this.sslConfig.getKeyStorePath() == null && this.trustStoreInputStream == null && this.sslConfig.getTrustStorePath() == null) {
                TrustManager[] trustManagerArr = null;
                if (this.sslConfig.isTrustAll()) {
                    logger.debug("No keystore or trust store configured.  ACCEPTING UNTRUSTED CERTIFICATES!!!!!");
                    trustManagerArr = new TrustManager[]{new X509TrustManager() { // from class: com.cloudhopper.smpp.ssl.SslContextFactory.1
                        @Override // javax.net.ssl.X509TrustManager
                        public X509Certificate[] getAcceptedIssuers() {
                            return null;
                        }

                        @Override // javax.net.ssl.X509TrustManager
                        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                        }

                        @Override // javax.net.ssl.X509TrustManager
                        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                        }
                    }};
                }
                SecureRandom secureRandom = this.sslConfig.getSecureRandomAlgorithm() == null ? null : SecureRandom.getInstance(this.sslConfig.getSecureRandomAlgorithm());
                this.sslContext = SSLContext.getInstance(this.sslConfig.getProtocol());
                this.sslContext.init(null, trustManagerArr, secureRandom);
                return;
            }
            checkKeyStore();
            KeyStore loadKeyStore = loadKeyStore();
            KeyStore loadTrustStore = loadTrustStore();
            Collection<? extends CRL> loadCRL = loadCRL(this.sslConfig.getCrlPath());
            if (this.sslConfig.isValidateCerts() && loadKeyStore != null) {
                if (this.sslConfig.getCertAlias() == null) {
                    ArrayList list = Collections.list(loadKeyStore.aliases());
                    this.sslConfig.setCertAlias(list.size() == 1 ? (String) list.get(0) : null);
                }
                Certificate certificate = this.sslConfig.getCertAlias() == null ? null : loadKeyStore.getCertificate(this.sslConfig.getCertAlias());
                if (certificate == null) {
                    throw new Exception("No certificate found in the keystore" + (this.sslConfig.getCertAlias() == null ? "" : " for alias " + this.sslConfig.getCertAlias()));
                }
                CertificateValidator certificateValidator = new CertificateValidator(loadTrustStore, loadCRL);
                certificateValidator.setMaxCertPathLength(this.sslConfig.getMaxCertPathLength());
                certificateValidator.setEnableCRLDP(this.sslConfig.isEnableCRLDP());
                certificateValidator.setEnableOCSP(this.sslConfig.isEnableOCSP());
                certificateValidator.setOcspResponderURL(this.sslConfig.getOcspResponderURL());
                certificateValidator.validate(loadKeyStore, certificate);
            }
            KeyManager[] keyManagers = getKeyManagers(loadKeyStore);
            TrustManager[] trustManagers = getTrustManagers(loadTrustStore, loadCRL);
            SecureRandom secureRandom2 = this.sslConfig.getSecureRandomAlgorithm() == null ? null : SecureRandom.getInstance(this.sslConfig.getSecureRandomAlgorithm());
            this.sslContext = this.sslConfig.getProvider() == null ? SSLContext.getInstance(this.sslConfig.getProtocol()) : SSLContext.getInstance(this.sslConfig.getProtocol(), this.sslConfig.getProvider());
            this.sslContext.init(keyManagers, trustManagers, secureRandom2);
            SSLEngine newSslEngine = newSslEngine();
            logger.info("Enabled Protocols {} of {}", Arrays.asList(newSslEngine.getEnabledProtocols()), Arrays.asList(newSslEngine.getSupportedProtocols()));
            logger.debug("Enabled Ciphers {} of {}", Arrays.asList(newSslEngine.getEnabledCipherSuites()), Arrays.asList(newSslEngine.getSupportedCipherSuites()));
        }
    }

    public SSLContext getSslContext() {
        return this.sslContext;
    }

    protected KeyStore loadKeyStore() throws Exception {
        return getKeyStore(this.keyStoreInputStream, this.sslConfig.getKeyStorePath(), this.sslConfig.getKeyStoreType(), this.sslConfig.getKeyStoreProvider(), this.sslConfig.getKeyStorePassword());
    }

    protected KeyStore loadTrustStore() throws Exception {
        return getKeyStore(this.trustStoreInputStream, this.sslConfig.getTrustStorePath(), this.sslConfig.getTrustStoreType(), this.sslConfig.getTrustStoreProvider(), this.sslConfig.getTrustStorePassword());
    }

    protected Collection<? extends CRL> loadCRL(String str) throws Exception {
        Collection<? extends CRL> collection = null;
        if (str != null) {
            FileInputStream fileInputStream = null;
            try {
                fileInputStream = new FileInputStream(str);
                collection = CertificateFactory.getInstance("X.509").generateCRLs(fileInputStream);
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        }
        return collection;
    }

    protected KeyStore getKeyStore(InputStream inputStream, String str, String str2, String str3, String str4) throws Exception {
        KeyStore keyStore = null;
        if (inputStream != null || str != null) {
            InputStream inputStream2 = inputStream;
            if (inputStream2 == null) {
                try {
                    inputStream2 = new FileInputStream(str);
                } catch (Throwable th) {
                    if (inputStream2 != null) {
                        inputStream2.close();
                    }
                    throw th;
                }
            }
            keyStore = str3 != null ? KeyStore.getInstance(str2, str3) : KeyStore.getInstance(str2);
            keyStore.load(inputStream2, str4 == null ? null : str4.toCharArray());
            if (inputStream2 != null) {
                inputStream2.close();
            }
        }
        return keyStore;
    }

    protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception {
        KeyManager[] keyManagerArr = null;
        if (keyStore != null) {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.sslConfig.getKeyManagerFactoryAlgorithm());
            keyManagerFactory.init(keyStore, this.sslConfig.getKeyManagerPassword() == null ? this.sslConfig.getKeyStorePassword() == null ? null : this.sslConfig.getKeyStorePassword().toCharArray() : this.sslConfig.getKeyManagerPassword().toCharArray());
            keyManagerArr = keyManagerFactory.getKeyManagers();
            if (this.sslConfig.getCertAlias() != null) {
                for (int i = 0; i < keyManagerArr.length; i++) {
                    if (keyManagerArr[i] instanceof X509KeyManager) {
                        keyManagerArr[i] = new AliasedX509ExtendedKeyManager(this.sslConfig.getCertAlias(), (X509KeyManager) keyManagerArr[i]);
                    }
                }
            }
        }
        return keyManagerArr;
    }

    protected TrustManager[] getTrustManagers(KeyStore keyStore, Collection<? extends CRL> collection) throws Exception {
        TrustManager[] trustManagerArr = null;
        if (keyStore != null) {
            if (this.sslConfig.isValidatePeerCerts() && this.sslConfig.getTrustManagerFactoryAlgorithm().equalsIgnoreCase("PKIX")) {
                PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
                pKIXBuilderParameters.setMaxPathLength(this.sslConfig.getMaxCertPathLength());
                pKIXBuilderParameters.setRevocationEnabled(true);
                if (collection != null && !collection.isEmpty()) {
                    pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(collection)));
                }
                if (this.sslConfig.isEnableCRLDP()) {
                    System.setProperty("com.sun.security.enableCRLDP", "true");
                }
                if (this.sslConfig.isEnableOCSP()) {
                    Security.setProperty("ocsp.enable", "true");
                    if (this.sslConfig.getOcspResponderURL() != null) {
                        Security.setProperty("ocsp.responderURL", this.sslConfig.getOcspResponderURL());
                    }
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this.sslConfig.getTrustManagerFactoryAlgorithm());
                trustManagerFactory.init(new CertPathTrustManagerParameters(pKIXBuilderParameters));
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } else {
                TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(this.sslConfig.getTrustManagerFactoryAlgorithm());
                trustManagerFactory2.init(keyStore);
                trustManagerArr = trustManagerFactory2.getTrustManagers();
            }
        }
        return trustManagerArr;
    }

    public void checkKeyStore() {
        if (this.sslContext != null) {
            return;
        }
        if (this.keyStoreInputStream == null && this.sslConfig.getKeyStorePath() == null) {
            throw new IllegalStateException("SSL doesn't have a valid keystore");
        }
        if (this.trustStoreInputStream == null && this.sslConfig.getTrustStorePath() == null) {
            this.trustStoreInputStream = this.keyStoreInputStream;
            this.sslConfig.setTrustStorePath(this.sslConfig.getKeyStorePath());
            this.sslConfig.setTrustStoreType(this.sslConfig.getKeyStoreType());
            this.sslConfig.setTrustStoreProvider(this.sslConfig.getKeyStoreProvider());
            this.sslConfig.setTrustStorePassword(this.sslConfig.getKeyStorePassword());
            this.sslConfig.setTrustManagerFactoryAlgorithm(this.sslConfig.getKeyManagerFactoryAlgorithm());
        }
        if (this.keyStoreInputStream == null || this.keyStoreInputStream != this.trustStoreInputStream) {
            return;
        }
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            streamCopy(this.keyStoreInputStream, byteArrayOutputStream, null, false);
            this.keyStoreInputStream.close();
            this.keyStoreInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
            this.trustStoreInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    private static void streamCopy(InputStream inputStream, OutputStream outputStream, byte[] bArr, boolean z) throws IOException {
        if (bArr == null) {
            bArr = new byte[4096];
        }
        while (true) {
            int read = inputStream.read(bArr);
            if (read <= 0) {
                break;
            } else {
                outputStream.write(bArr, 0, read);
            }
        }
        outputStream.flush();
        if (z) {
            inputStream.close();
        }
    }

    private static boolean contains(Object[] objArr, Object obj) {
        for (Object obj2 : objArr) {
            if (obj2.equals(obj)) {
                return true;
            }
        }
        return false;
    }

    public String[] selectProtocols(String[] strArr, String[] strArr2) {
        HashSet hashSet = new HashSet();
        if (this.sslConfig.getIncludeProtocols() != null) {
            for (String str : strArr2) {
                if (contains(this.sslConfig.getIncludeProtocols(), str)) {
                    hashSet.add(str);
                }
            }
        } else {
            hashSet.addAll(Arrays.asList(strArr));
        }
        if (this.sslConfig.getExcludeProtocols() != null) {
            hashSet.removeAll(Arrays.asList(this.sslConfig.getExcludeProtocols()));
        }
        return (String[]) hashSet.toArray(new String[hashSet.size()]);
    }

    public String[] selectCipherSuites(String[] strArr, String[] strArr2) {
        HashSet hashSet = new HashSet();
        if (this.sslConfig.getIncludeCipherSuites() != null) {
            for (String str : strArr2) {
                if (contains(this.sslConfig.getIncludeCipherSuites(), str)) {
                    hashSet.add(str);
                }
            }
        } else {
            hashSet.addAll(Arrays.asList(strArr));
        }
        if (this.sslConfig.getExcludeCipherSuites() != null) {
            hashSet.removeAll(Arrays.asList(this.sslConfig.getExcludeCipherSuites()));
        }
        return (String[]) hashSet.toArray(new String[hashSet.size()]);
    }

    public SSLServerSocket newSslServerSocket(String str, int i, int i2) throws IOException {
        SSLServerSocketFactory serverSocketFactory = this.sslContext.getServerSocketFactory();
        SSLServerSocket sSLServerSocket = (SSLServerSocket) (str == null ? serverSocketFactory.createServerSocket(i, i2) : serverSocketFactory.createServerSocket(i, i2, InetAddress.getByName(str)));
        if (this.sslConfig.getWantClientAuth()) {
            sSLServerSocket.setWantClientAuth(this.sslConfig.getWantClientAuth());
        }
        if (this.sslConfig.getNeedClientAuth()) {
            sSLServerSocket.setNeedClientAuth(this.sslConfig.getNeedClientAuth());
        }
        sSLServerSocket.setEnabledCipherSuites(selectCipherSuites(sSLServerSocket.getEnabledCipherSuites(), sSLServerSocket.getSupportedCipherSuites()));
        sSLServerSocket.setEnabledProtocols(selectProtocols(sSLServerSocket.getEnabledProtocols(), sSLServerSocket.getSupportedProtocols()));
        return sSLServerSocket;
    }

    public SSLSocket newSslSocket() throws IOException {
        SSLSocket sSLSocket = (SSLSocket) this.sslContext.getSocketFactory().createSocket();
        if (this.sslConfig.getWantClientAuth()) {
            sSLSocket.setWantClientAuth(this.sslConfig.getWantClientAuth());
        }
        if (this.sslConfig.getNeedClientAuth()) {
            sSLSocket.setNeedClientAuth(this.sslConfig.getNeedClientAuth());
        }
        sSLSocket.setEnabledCipherSuites(selectCipherSuites(sSLSocket.getEnabledCipherSuites(), sSLSocket.getSupportedCipherSuites()));
        sSLSocket.setEnabledProtocols(selectProtocols(sSLSocket.getEnabledProtocols(), sSLSocket.getSupportedProtocols()));
        return sSLSocket;
    }

    public SSLEngine newSslEngine(String str, int i) {
        SSLEngine createSSLEngine = this.sslConfig.isSessionCachingEnabled() ? this.sslContext.createSSLEngine(str, i) : this.sslContext.createSSLEngine();
        customize(createSSLEngine);
        return createSSLEngine;
    }

    public SSLEngine newSslEngine() {
        SSLEngine createSSLEngine = this.sslContext.createSSLEngine();
        customize(createSSLEngine);
        return createSSLEngine;
    }

    private void customize(SSLEngine sSLEngine) {
        if (this.sslConfig.getWantClientAuth()) {
            sSLEngine.setWantClientAuth(this.sslConfig.getWantClientAuth());
        }
        if (this.sslConfig.getNeedClientAuth()) {
            sSLEngine.setNeedClientAuth(this.sslConfig.getNeedClientAuth());
        }
        sSLEngine.setEnabledCipherSuites(selectCipherSuites(sSLEngine.getEnabledCipherSuites(), sSLEngine.getSupportedCipherSuites()));
        sSLEngine.setEnabledProtocols(selectProtocols(sSLEngine.getEnabledProtocols(), sSLEngine.getSupportedProtocols()));
    }
}
