package com.sleepycat.je.rep.utilint.net;

import com.sleepycat.je.rep.ReplicationSSLConfig;
import com.sleepycat.je.rep.net.DataChannel;
import com.sleepycat.je.rep.net.DataChannelFactory;
import com.sleepycat.je.rep.net.InstanceContext;
import com.sleepycat.je.rep.net.InstanceLogger;
import com.sleepycat.je.rep.net.InstanceParams;
import com.sleepycat.je.rep.net.PasswordSource;
import com.sleepycat.je.rep.net.SSLAuthenticator;
import com.sleepycat.je.rep.utilint.RepUtils;
import com.sleepycat.je.rep.utilint.net.DataChannelFactoryBuilder;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.nio.channels.SocketChannel;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import org.glassfish.jersey.SslConfigurator;

/* loaded from: input_file:WEB-INF/lib/je-6.4.9.jar:com/sleepycat/je/rep/utilint/net/SSLChannelFactory.class */
public class SSLChannelFactory implements DataChannelFactory {
    private static final String SSL_CONTEXT_PROTOCOL = "TLS";
    private static final String X509_ALGO_NAME_PROPERTY = "je.ssl.x509AlgoName";
    private static final String X509_ALGO_NAME = getX509AlgoName();
    private final SSLContext serverSSLContext;
    private final SSLContext clientSSLContext;
    private final SSLParameters baseSSLParameters;
    private final SSLAuthenticator sslAuthenticator;
    private final HostnameVerifier sslHostVerifier;
    private final InstanceLogger logger;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/je-6.4.9.jar:com/sleepycat/je/rep/utilint/net/SSLChannelFactory$KeyStoreInfo.class */
    public static class KeyStoreInfo {
        private final String ksFile;
        private final KeyStore ks;
        private final char[] ksPwd;

        private KeyStoreInfo(String str, KeyStore keyStore, char[] cArr) {
            this.ksFile = str;
            this.ks = keyStore;
            this.ksPwd = cArr == null ? null : Arrays.copyOf(cArr, cArr.length);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void clearPassword() {
            if (this.ksPwd != null) {
                Arrays.fill(this.ksPwd, ' ');
            }
        }
    }

    public SSLChannelFactory(InstanceParams instanceParams) {
        this.serverSSLContext = constructSSLContext(instanceParams, false);
        this.clientSSLContext = constructSSLContext(instanceParams, true);
        this.baseSSLParameters = filterSSLParameters(constructSSLParameters(instanceParams), this.serverSSLContext);
        this.sslAuthenticator = constructSSLAuthenticator(instanceParams);
        this.sslHostVerifier = constructSSLHostVerifier(instanceParams);
        this.logger = instanceParams.getContext().getLoggerFactory().getLogger(getClass());
    }

    public SSLChannelFactory(SSLContext sSLContext, SSLContext sSLContext2, SSLParameters sSLParameters, SSLAuthenticator sSLAuthenticator, HostnameVerifier hostnameVerifier, InstanceLogger instanceLogger) {
        this.serverSSLContext = sSLContext;
        this.clientSSLContext = sSLContext2;
        this.baseSSLParameters = filterSSLParameters(sSLParameters, sSLContext);
        this.sslAuthenticator = sSLAuthenticator;
        this.sslHostVerifier = hostnameVerifier;
        this.logger = instanceLogger;
    }

    @Override // com.sleepycat.je.rep.net.DataChannelFactory
    public DataChannel acceptChannel(SocketChannel socketChannel) {
        SocketAddress remoteSocketAddress = socketChannel.socket().getRemoteSocketAddress();
        String str = null;
        if (remoteSocketAddress == null) {
            throw new IllegalArgumentException("socketChannel is not connected");
        }
        if (remoteSocketAddress instanceof InetSocketAddress) {
            str = ((InetSocketAddress) remoteSocketAddress).getAddress().toString();
        }
        SSLEngine createSSLEngine = this.serverSSLContext.createSSLEngine(str, socketChannel.socket().getPort());
        createSSLEngine.setSSLParameters(this.baseSSLParameters);
        createSSLEngine.setUseClientMode(false);
        if (this.sslAuthenticator != null) {
            createSSLEngine.setWantClientAuth(true);
        }
        return new SSLDataChannel(socketChannel, createSSLEngine, null, null, this.sslAuthenticator, this.logger);
    }

    @Override // com.sleepycat.je.rep.net.DataChannelFactory
    public DataChannel connect(InetSocketAddress inetSocketAddress, DataChannelFactory.ConnectOptions connectOptions) throws IOException {
        SocketChannel openSocketChannel = RepUtils.openSocketChannel(inetSocketAddress, connectOptions);
        String hostName = inetSocketAddress.getHostName();
        if (hostName == null) {
            hostName = inetSocketAddress.getAddress().toString();
        }
        SSLEngine createSSLEngine = this.clientSSLContext.createSSLEngine(hostName, inetSocketAddress.getPort());
        createSSLEngine.setSSLParameters(this.baseSSLParameters);
        createSSLEngine.setUseClientMode(true);
        return new SSLDataChannel(openSocketChannel, createSSLEngine, hostName, this.sslHostVerifier, null, this.logger);
    }

    public static KeyStore readKeyStore(InstanceContext instanceContext) {
        KeyStoreInfo readKeyStoreInfo = readKeyStoreInfo(instanceContext);
        try {
            KeyStore keyStore = readKeyStoreInfo.ks;
            readKeyStoreInfo.clearPassword();
            return keyStore;
        } catch (Throwable th) {
            readKeyStoreInfo.clearPassword();
            throw th;
        }
    }

    public static boolean isValidAuthenticator(String str) {
        String trim = str.trim();
        if (trim.equals("") || trim.equals("mirror")) {
            return true;
        }
        if (!trim.startsWith("dnmatch(") || !trim.endsWith(")")) {
            return false;
        }
        try {
            SSLDNAuthenticator.validate(trim);
            return true;
        } catch (IllegalArgumentException e) {
            return false;
        }
    }

    public static boolean isValidHostVerifier(String str) {
        String trim = str.trim();
        if (trim.equals("") || trim.equals("mirror") || trim.equals("hostname")) {
            return true;
        }
        if (!trim.startsWith("dnmatch(") || !trim.endsWith(")")) {
            return false;
        }
        try {
            SSLDNHostVerifier.validate(trim);
            return true;
        } catch (IllegalArgumentException e) {
            return false;
        }
    }

    private static SSLContext constructSSLContext(InstanceParams instanceParams, boolean z) {
        ReplicationSSLConfig replicationSSLConfig = (ReplicationSSLConfig) instanceParams.getContext().getRepNetConfig();
        KeyManager[] keyManagerArr = null;
        KeyStoreInfo readKeyStoreInfo = readKeyStoreInfo(instanceParams.getContext());
        if (readKeyStoreInfo != null) {
            try {
                String sSLClientKeyAlias = z ? replicationSSLConfig.getSSLClientKeyAlias() : replicationSSLConfig.getSSLServerKeyAlias();
                if (sSLClientKeyAlias != null && sSLClientKeyAlias.isEmpty()) {
                    sSLClientKeyAlias = null;
                }
                keyManagerArr = buildKeyManagerList(readKeyStoreInfo, sSLClientKeyAlias, z);
                readKeyStoreInfo.clearPassword();
            } catch (Throwable th) {
                readKeyStoreInfo.clearPassword();
                throw th;
            }
        }
        TrustManager[] trustManagerArr = null;
        KeyStoreInfo readTrustStoreInfo = readTrustStoreInfo(instanceParams.getContext());
        if (readTrustStoreInfo != null) {
            try {
                trustManagerArr = buildTrustManagerList(readTrustStoreInfo);
                readTrustStoreInfo.clearPassword();
            } catch (Throwable th2) {
                readTrustStoreInfo.clearPassword();
                throw th2;
            }
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            try {
                sSLContext.init(keyManagerArr, trustManagerArr, null);
                return sSLContext;
            } catch (KeyManagementException e) {
                throw new IllegalStateException("Error establishing SSLContext", e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("Unable to find a suitable SSLContext", e2);
        }
    }

    private static KeyManager[] buildKeyManagerList(KeyStoreInfo keyStoreInfo, String str, boolean z) {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(X509_ALGO_NAME);
            try {
                keyManagerFactory.init(keyStoreInfo.ks, keyStoreInfo.ksPwd);
                KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
                if (str != null) {
                    X509ExtendedKeyManager x509ExtendedKeyManager = null;
                    int length = keyManagers.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        KeyManager keyManager = keyManagers[i];
                        if (keyManager instanceof X509ExtendedKeyManager) {
                            x509ExtendedKeyManager = (X509ExtendedKeyManager) keyManager;
                            break;
                        }
                        i++;
                    }
                    if (x509ExtendedKeyManager == null) {
                        throw new IllegalStateException("Unable to locate an X509ExtendedKeyManager corresponding to keyStore " + keyStoreInfo.ksFile);
                    }
                    KeyManager[] keyManagerArr = new KeyManager[1];
                    keyManagerArr[0] = z ? new AliasKeyManager(x509ExtendedKeyManager, null, str) : new AliasKeyManager(x509ExtendedKeyManager, str, null);
                    keyManagers = keyManagerArr;
                }
                return keyManagers;
            } catch (KeyStoreException e) {
                throw new IllegalStateException("Error processing keystore file " + keyStoreInfo.ksFile, e);
            } catch (NoSuchAlgorithmException e2) {
                throw new IllegalStateException("Unable to find appropriate algorithm for keystore file " + keyStoreInfo.ksFile, e2);
            } catch (UnrecoverableKeyException e3) {
                throw new IllegalStateException("Unable to recover key from keystore file " + keyStoreInfo.ksFile, e3);
            }
        } catch (NoSuchAlgorithmException e4) {
            throw new IllegalStateException("Unable to find a suitable KeyManagerFactory", e4);
        }
    }

    private static KeyStoreInfo readKeyStoreInfo(InstanceContext instanceContext) {
        ReplicationSSLConfig replicationSSLConfig = (ReplicationSSLConfig) instanceContext.getRepNetConfig();
        String sSLKeyStore = replicationSSLConfig.getSSLKeyStore();
        if (sSLKeyStore == null || sSLKeyStore.isEmpty()) {
            sSLKeyStore = System.getProperty(SslConfigurator.KEY_STORE_FILE);
        }
        if (sSLKeyStore == null) {
            return null;
        }
        String sSLKeyStoreType = replicationSSLConfig.getSSLKeyStoreType();
        char[] keyStorePassword = getKeyStorePassword(instanceContext);
        try {
            if (keyStorePassword == null) {
                throw new IllegalArgumentException("Unable to open keystore without a password");
            }
            KeyStoreInfo keyStoreInfo = new KeyStoreInfo(sSLKeyStore, loadStore(sSLKeyStore, keyStorePassword, "keystore", sSLKeyStoreType), keyStorePassword);
            if (keyStorePassword != null) {
                Arrays.fill(keyStorePassword, ' ');
            }
            return keyStoreInfo;
        } catch (Throwable th) {
            if (keyStorePassword != null) {
                Arrays.fill(keyStorePassword, ' ');
            }
            throw th;
        }
    }

    private static char[] getKeyStorePassword(InstanceContext instanceContext) {
        ReplicationSSLConfig replicationSSLConfig = (ReplicationSSLConfig) instanceContext.getRepNetConfig();
        char[] cArr = null;
        PasswordSource sSLKeyStorePasswordSource = replicationSSLConfig.getSSLKeyStorePasswordSource();
        if (sSLKeyStorePasswordSource == null) {
            sSLKeyStorePasswordSource = constructKSPasswordSource(new InstanceParams(instanceContext, null));
        }
        if (sSLKeyStorePasswordSource != null) {
            cArr = sSLKeyStorePasswordSource.getPassword();
        } else {
            String sSLKeyStorePassword = replicationSSLConfig.getSSLKeyStorePassword();
            if (sSLKeyStorePassword == null || sSLKeyStorePassword.isEmpty()) {
                sSLKeyStorePassword = System.getProperty(SslConfigurator.KEY_STORE_PASSWORD);
            }
            if (sSLKeyStorePassword != null) {
                cArr = sSLKeyStorePassword.toCharArray();
            }
        }
        return cArr;
    }

    private static TrustManager[] buildTrustManagerList(KeyStoreInfo keyStoreInfo) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(X509_ALGO_NAME);
            try {
                trustManagerFactory.init(keyStoreInfo.ks);
                return trustManagerFactory.getTrustManagers();
            } catch (KeyStoreException e) {
                throw new IllegalStateException("Error initializing truststore " + keyStoreInfo.ksFile, e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("Unable to find a suitable TrustManagerFactory", e2);
        }
    }

    private static KeyStoreInfo readTrustStoreInfo(InstanceContext instanceContext) {
        ReplicationSSLConfig replicationSSLConfig = (ReplicationSSLConfig) instanceContext.getRepNetConfig();
        String sSLTrustStore = replicationSSLConfig.getSSLTrustStore();
        if (sSLTrustStore == null || sSLTrustStore.isEmpty()) {
            sSLTrustStore = System.getProperty(SslConfigurator.TRUST_STORE_FILE);
        }
        String sSLTrustStoreType = replicationSSLConfig.getSSLTrustStoreType();
        if (sSLTrustStoreType == null || sSLTrustStoreType.isEmpty()) {
            sSLTrustStoreType = KeyStore.getDefaultType();
        }
        if (sSLTrustStore == null) {
            return null;
        }
        return new KeyStoreInfo(sSLTrustStore, loadStore(sSLTrustStore, null, "truststore", sSLTrustStoreType), null);
    }

    private static SSLParameters constructSSLParameters(InstanceParams instanceParams) {
        ReplicationSSLConfig replicationSSLConfig = (ReplicationSSLConfig) instanceParams.getContext().getRepNetConfig();
        String sSLCipherSuites = replicationSSLConfig.getSSLCipherSuites();
        String[] strArr = null;
        if (sSLCipherSuites != null && !sSLCipherSuites.isEmpty()) {
            strArr = sSLCipherSuites.split(",");
        }
        String sSLProtocols = replicationSSLConfig.getSSLProtocols();
        String[] strArr2 = null;
        if (sSLProtocols != null && !sSLProtocols.isEmpty()) {
            strArr2 = sSLProtocols.split(",");
        }
        return new SSLParameters(strArr, strArr2);
    }

    private static SSLParameters filterSSLParameters(SSLParameters sSLParameters, SSLContext sSLContext) throws IllegalArgumentException {
        SSLParameters supportedSSLParameters = sSLContext.getSupportedSSLParameters();
        String[] cipherSuites = sSLParameters.getCipherSuites();
        if (cipherSuites != null) {
            cipherSuites = filterConfig(cipherSuites, supportedSSLParameters.getCipherSuites());
            if (cipherSuites.length == 0) {
                throw new IllegalArgumentException("None of the configured SSL cipher suites are supported by the environment.");
            }
        }
        String[] protocols = sSLParameters.getProtocols();
        if (protocols != null) {
            protocols = filterConfig(protocols, supportedSSLParameters.getProtocols());
            if (protocols.length == 0) {
                throw new IllegalArgumentException("None of the configured SSL protocols are supported by the environment.");
            }
        }
        SSLParameters sSLParameters2 = new SSLParameters(cipherSuites, protocols);
        sSLParameters2.setWantClientAuth(sSLParameters.getWantClientAuth());
        sSLParameters2.setNeedClientAuth(sSLParameters.getNeedClientAuth());
        return sSLParameters2;
    }

    private static String[] filterConfig(String[] strArr, String[] strArr2) {
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            int length = strArr2.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (str.equals(strArr2[i])) {
                    arrayList.add(str);
                    break;
                }
                i++;
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private static Object constructSSLChecker(InstanceParams instanceParams, String str, String str2, Class<?> cls, String str3) {
        return DataChannelFactoryBuilder.constructObject(str, cls, str3, new DataChannelFactoryBuilder.CtorArgSpec(new Class[]{InstanceParams.class}, new Object[]{new InstanceParams(instanceParams.getContext(), str2)}));
    }

    private static SSLAuthenticator constructSSLAuthenticator(InstanceParams instanceParams) throws IllegalArgumentException {
        ReplicationSSLConfig replicationSSLConfig = (ReplicationSSLConfig) instanceParams.getContext().getRepNetConfig();
        String sSLAuthenticator = replicationSSLConfig.getSSLAuthenticator();
        String sSLAuthenticatorClass = replicationSSLConfig.getSSLAuthenticatorClass();
        if (sSLAuthenticator != null && !sSLAuthenticator.equals("") && sSLAuthenticatorClass != null && !sSLAuthenticatorClass.equals("")) {
            throw new IllegalArgumentException("Cannot specify both authenticator and authenticatorClass");
        }
        if (sSLAuthenticator != null && !sSLAuthenticator.equals("")) {
            return constructStdAuthenticator(instanceParams, sSLAuthenticator);
        }
        if (sSLAuthenticatorClass == null || sSLAuthenticatorClass.equals("")) {
            return null;
        }
        return (SSLAuthenticator) constructSSLChecker(instanceParams, sSLAuthenticatorClass, replicationSSLConfig.getSSLAuthenticatorParams(), SSLAuthenticator.class, "authenticator");
    }

    private static SSLAuthenticator constructStdAuthenticator(InstanceParams instanceParams, String str) throws IllegalArgumentException {
        String trim = str.trim();
        if (trim.startsWith("dnmatch(") && trim.endsWith(")")) {
            return new SSLDNAuthenticator(new InstanceParams(instanceParams.getContext(), trim.substring("dnmatch(".length(), trim.length() - 1)));
        }
        if (trim.equals("mirror")) {
            return new SSLMirrorAuthenticator(new InstanceParams(instanceParams.getContext(), null));
        }
        throw new IllegalArgumentException(trim + " is not a valid authenticator specification.");
    }

    private static HostnameVerifier constructSSLHostVerifier(InstanceParams instanceParams) throws IllegalArgumentException {
        ReplicationSSLConfig replicationSSLConfig = (ReplicationSSLConfig) instanceParams.getContext().getRepNetConfig();
        String sSLHostVerifier = replicationSSLConfig.getSSLHostVerifier();
        String sSLHostVerifierClass = replicationSSLConfig.getSSLHostVerifierClass();
        if (sSLHostVerifier != null && !sSLHostVerifier.equals("") && sSLHostVerifierClass != null && !sSLHostVerifierClass.equals("")) {
            throw new IllegalArgumentException("Cannot specify both hostVerifier and hostVerifierClass");
        }
        if (sSLHostVerifier != null && !sSLHostVerifier.equals("")) {
            return constructStdHostVerifier(instanceParams, sSLHostVerifier);
        }
        if (sSLHostVerifierClass == null || sSLHostVerifierClass.equals("")) {
            return null;
        }
        return (HostnameVerifier) constructSSLChecker(instanceParams, sSLHostVerifierClass, replicationSSLConfig.getSSLHostVerifierParams(), HostnameVerifier.class, "hostname verifier");
    }

    private static HostnameVerifier constructStdHostVerifier(InstanceParams instanceParams, String str) throws IllegalArgumentException {
        String trim = str.trim();
        if (trim.startsWith("dnmatch(") && trim.endsWith(")")) {
            return new SSLDNHostVerifier(new InstanceParams(instanceParams.getContext(), trim.substring("dnmatch(".length(), trim.length() - 1)));
        }
        if (trim.equals("mirror")) {
            return new SSLMirrorHostVerifier(new InstanceParams(instanceParams.getContext(), null));
        }
        if (trim.equals("hostname")) {
            return new SSLStdHostVerifier(new InstanceParams(instanceParams.getContext(), null));
        }
        throw new IllegalArgumentException(trim + " is not a valid hostVerifier specification.");
    }

    private static PasswordSource constructPasswordSource(InstanceParams instanceParams, String str, String str2) {
        return (PasswordSource) DataChannelFactoryBuilder.constructObject(str, PasswordSource.class, "password source", new DataChannelFactoryBuilder.CtorArgSpec(new Class[]{InstanceParams.class}, new Object[]{new InstanceParams(instanceParams.getContext(), str2)}));
    }

    private static PasswordSource constructKSPasswordSource(InstanceParams instanceParams) {
        ReplicationSSLConfig replicationSSLConfig = (ReplicationSSLConfig) instanceParams.getContext().getRepNetConfig();
        String sSLKeyStorePasswordClass = replicationSSLConfig.getSSLKeyStorePasswordClass();
        if (sSLKeyStorePasswordClass == null || sSLKeyStorePasswordClass.equals("")) {
            return null;
        }
        return constructPasswordSource(instanceParams, sSLKeyStorePasswordClass, replicationSSLConfig.getSSLKeyStorePasswordParams());
    }

    private static KeyStore loadStore(String str, char[] cArr, String str2, String str3) throws IllegalArgumentException {
        if (str3 == null || str3.isEmpty()) {
            str3 = KeyStore.getDefaultType();
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(str3);
            try {
                FileInputStream fileInputStream = new FileInputStream(str);
                try {
                    try {
                        keyStore.load(fileInputStream, cArr);
                        return keyStore;
                    } finally {
                        try {
                            fileInputStream.close();
                        } catch (IOException e) {
                        }
                    }
                } catch (IOException e2) {
                    throw new IllegalArgumentException("Error reading from " + str2 + " file " + str, e2);
                } catch (NoSuchAlgorithmException e3) {
                    throw new IllegalArgumentException("Unable to check " + str2 + " integrity: " + str, e3);
                } catch (CertificateException e4) {
                    throw new IllegalArgumentException("Not all certificates could be loaded: " + str, e4);
                }
            } catch (FileNotFoundException e5) {
                throw new IllegalArgumentException("Unable to locate specified " + str2 + " " + str, e5);
            }
        } catch (KeyStoreException e6) {
            throw new IllegalArgumentException("Unable to find a " + str2 + " instance of type " + str3, e6);
        }
    }

    private static String getX509AlgoName() {
        String property = System.getProperty(X509_ALGO_NAME_PROPERTY);
        return (property == null || property.isEmpty()) ? System.getProperty("java.vendor").startsWith("IBM") ? "IbmX509" : "SunX509" : property;
    }
}
