package org.red5.net.websocket;

import java.io.File;
import java.io.NotActiveException;
import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import org.apache.mina.filter.ssl.KeyStoreFactory;
import org.apache.mina.filter.ssl.SslContextFactory;
import org.apache.mina.filter.ssl.SslFilter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/red5/net/websocket/SecureWebSocketConfiguration.class */
public class SecureWebSocketConfiguration {
    private static Logger log = LoggerFactory.getLogger(SecureWebSocketConfiguration.class);
    private String keystorePassword;
    private String truststorePassword;
    private String keystoreFile;
    private String truststoreFile;
    private String[] cipherSuites;
    private String[] protocols;

    public SslFilter getSslFilter() throws Exception {
        if (this.keystoreFile == null || this.truststoreFile == null) {
            throw new NotActiveException("Keystore or truststore are null");
        }
        SSLContext sslContext = getSslContext();
        if (sslContext == null) {
            throw new NotActiveException("SSLContext is null");
        }
        SslFilter sslFilter = new SslFilter(sslContext);
        if (this.cipherSuites != null) {
            sslFilter.setEnabledCipherSuites(this.cipherSuites);
        }
        if (this.protocols != null) {
            if (log.isDebugEnabled()) {
                log.debug("Using these protocols: {}", Arrays.toString(this.protocols));
            }
            sslFilter.setEnabledProtocols(this.protocols);
        }
        return sslFilter;
    }

    private SSLContext getSslContext() {
        SSLContext sSLContext = null;
        try {
            log.debug("Keystore: {}", this.keystoreFile);
            File file = new File(this.keystoreFile);
            log.trace("Keystore - read: {} path: {}", Boolean.valueOf(file.canRead()), file.getCanonicalPath());
            log.debug("Truststore: {}", this.truststoreFile);
            File file2 = new File(this.truststoreFile);
            log.trace("Truststore - read: {} path: {}", Boolean.valueOf(file2.canRead()), file2.getCanonicalPath());
            if (file.exists() && file2.exists()) {
                SslContextFactory sslContextFactory = new SslContextFactory();
                KeyStoreFactory keyStoreFactory = new KeyStoreFactory();
                keyStoreFactory.setDataFile(file);
                keyStoreFactory.setPassword(this.keystorePassword);
                KeyStoreFactory keyStoreFactory2 = new KeyStoreFactory();
                keyStoreFactory2.setDataFile(file2);
                keyStoreFactory2.setPassword(this.truststorePassword);
                sslContextFactory.setKeyManagerFactoryKeyStore(keyStoreFactory.newInstance());
                sslContextFactory.setTrustManagerFactoryKeyStore(keyStoreFactory2.newInstance());
                sslContextFactory.setKeyManagerFactoryKeyStorePassword(this.keystorePassword);
                sSLContext = sslContextFactory.newInstance();
                log.debug("SSL provider: {}", sSLContext.getProvider());
                boolean booleanValue = Boolean.valueOf(System.getProperty("jsse.enableSNIExtension", "false")).booleanValue();
                SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
                if (log.isDebugEnabled()) {
                    log.debug("SSL context params - need client auth: {} want client auth: {} endpoint id algorithm: {}", new Object[]{Boolean.valueOf(defaultSSLParameters.getNeedClientAuth()), Boolean.valueOf(defaultSSLParameters.getWantClientAuth()), defaultSSLParameters.getEndpointIdentificationAlgorithm()});
                    String[] protocols = defaultSSLParameters.getProtocols();
                    if (protocols != null) {
                        for (String str : protocols) {
                            log.debug("SSL context supported protocol: {}", str);
                        }
                    } else {
                        log.debug("No protocols");
                    }
                    String[] cipherSuites = defaultSSLParameters.getCipherSuites();
                    if (cipherSuites != null) {
                        for (String str2 : cipherSuites) {
                            log.debug("SSL context supported cipher: {}", str2);
                        }
                    } else {
                        log.debug("No ciphers");
                    }
                    log.debug("SNI extension enabled: {}", Boolean.valueOf(booleanValue));
                    List<SNIServerName> serverNames = defaultSSLParameters.getServerNames();
                    if (serverNames != null) {
                        Iterator<SNIServerName> it = serverNames.iterator();
                        while (it.hasNext()) {
                            log.debug("SNI server name: {}", it.next());
                        }
                    } else {
                        log.debug("No SNI server names specified");
                    }
                    Collection<SNIMatcher> sNIMatchers = defaultSSLParameters.getSNIMatchers();
                    if (sNIMatchers != null) {
                        Iterator<SNIMatcher> it2 = sNIMatchers.iterator();
                        while (it2.hasNext()) {
                            log.debug("SNI matcher: {}", it2.next());
                        }
                    } else {
                        log.debug("No SNI matchers specified");
                    }
                }
                if (booleanValue) {
                    SNIMatcher createSNIMatcher = SNIHostName.createSNIMatcher("");
                    ArrayList arrayList = new ArrayList(1);
                    arrayList.add(createSNIMatcher);
                    defaultSSLParameters.setSNIMatchers(arrayList);
                }
            } else {
                log.warn("Keystore or Truststore file does not exist");
            }
        } catch (Exception e) {
            log.error("Exception getting SSL context", e);
        }
        return sSLContext;
    }

    public void setKeystorePassword(String str) {
        this.keystorePassword = str;
    }

    public void setTruststorePassword(String str) {
        this.truststorePassword = str;
    }

    public void setKeystoreFile(String str) {
        this.keystoreFile = str;
    }

    public void setTruststoreFile(String str) {
        this.truststoreFile = str;
    }

    public String[] getCipherSuites() {
        return this.cipherSuites;
    }

    public void setCipherSuites(String[] strArr) {
        this.cipherSuites = strArr;
    }

    public String[] getProtocols() {
        return this.protocols;
    }

    public void setProtocols(String[] strArr) {
        this.protocols = strArr;
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
        if (log.isDebugEnabled()) {
            for (Provider provider : Security.getProviders()) {
                log.debug("Provider: {} = {}", provider.getName(), provider.getInfo());
            }
        }
    }
}
