package org.jivesoftware.openfire.spi;

import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.util.Arrays;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import org.apache.mina.filter.ssl.SslFilter;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.jivesoftware.openfire.keystore.OpenfireX509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jivesoftware/openfire/spi/EncryptionArtifactFactory.class */
public class EncryptionArtifactFactory {
    private final Logger Log = LoggerFactory.getLogger(EncryptionArtifactFactory.class);
    private final ConnectionConfiguration configuration;
    private transient KeyManagerFactory keyManagerFactory;
    private transient SslContextFactory sslContextFactory;

    public EncryptionArtifactFactory(ConnectionConfiguration connectionConfiguration) {
        if (connectionConfiguration == null) {
            throw new IllegalArgumentException("Argument 'configuration' cannot be null");
        }
        this.configuration = connectionConfiguration;
    }

    public synchronized KeyManager[] getKeyManagers() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
        try {
            if (this.keyManagerFactory == null) {
                this.keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                this.keyManagerFactory.init(this.configuration.getIdentityStore().getStore(), this.configuration.getIdentityStoreConfiguration().getPassword());
            }
            return this.keyManagerFactory.getKeyManagers();
        } catch (RuntimeException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            this.keyManagerFactory = null;
            throw e;
        }
    }

    public synchronized TrustManager[] getTrustManagers() throws KeyStoreException, NoSuchAlgorithmException {
        return new TrustManager[]{new OpenfireX509TrustManager(this.configuration.getTrustStore().getStore(), this.configuration.isAcceptSelfSignedCertificates(), this.configuration.isVerifyCertificateValidity())};
    }

    public synchronized SSLContext getSSLContext() throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
        SSLContext sSLContext = SSLContext.getInstance("TLSv1");
        sSLContext.init(getKeyManagers(), getTrustManagers(), new SecureRandom());
        return sSLContext;
    }

    private SSLEngine createSSLEngine() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        SSLEngine createSSLEngine = getSSLContext().createSSLEngine();
        Set<String> encryptionProtocols = this.configuration.getEncryptionProtocols();
        if (!encryptionProtocols.isEmpty()) {
            createSSLEngine.setEnabledProtocols((String[]) encryptionProtocols.toArray(new String[encryptionProtocols.size()]));
        }
        Set<String> encryptionCipherSuites = this.configuration.getEncryptionCipherSuites();
        if (!encryptionCipherSuites.isEmpty()) {
            createSSLEngine.setEnabledCipherSuites((String[]) encryptionCipherSuites.toArray(new String[encryptionCipherSuites.size()]));
        }
        return createSSLEngine;
    }

    public SSLEngine createServerModeSSLEngine() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        SSLEngine createSSLEngine = createSSLEngine();
        createSSLEngine.setUseClientMode(false);
        switch (this.configuration.getClientAuth()) {
            case needed:
                createSSLEngine.setNeedClientAuth(true);
                break;
            case wanted:
                createSSLEngine.setWantClientAuth(true);
                break;
            case disabled:
                createSSLEngine.setWantClientAuth(false);
                break;
        }
        return createSSLEngine;
    }

    public SSLEngine createClientModeSSLEngine() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        SSLEngine createSSLEngine = createSSLEngine();
        createSSLEngine.setUseClientMode(true);
        LinkedHashSet linkedHashSet = new LinkedHashSet(Arrays.asList(createSSLEngine.getEnabledProtocols()));
        linkedHashSet.remove("SSLv2Hello");
        createSSLEngine.setEnabledProtocols((String[]) linkedHashSet.toArray(new String[linkedHashSet.size()]));
        return createSSLEngine;
    }

    public synchronized SslContextFactory getSslContextFactory() {
        if (this.sslContextFactory != null) {
            return this.sslContextFactory;
        }
        this.Log.info("Creating new SslContextFactory instance");
        try {
            this.sslContextFactory = new SslContextFactory();
            this.sslContextFactory.setTrustStore(this.configuration.getTrustStore().getStore());
            this.sslContextFactory.setTrustStorePassword(new String(this.configuration.getTrustStore().getConfiguration().getPassword()));
            this.sslContextFactory.setKeyStore(this.configuration.getIdentityStore().getStore());
            this.sslContextFactory.setKeyStorePassword(new String(this.configuration.getIdentityStore().getConfiguration().getPassword()));
            Set<String> encryptionProtocols = this.configuration.getEncryptionProtocols();
            if (!encryptionProtocols.isEmpty()) {
                this.sslContextFactory.setIncludeProtocols((String[]) encryptionProtocols.toArray(new String[encryptionProtocols.size()]));
            }
            Set<String> encryptionCipherSuites = this.configuration.getEncryptionCipherSuites();
            if (!encryptionCipherSuites.isEmpty()) {
                this.sslContextFactory.setIncludeCipherSuites((String[]) encryptionCipherSuites.toArray(new String[encryptionCipherSuites.size()]));
            }
            switch (this.configuration.getClientAuth()) {
                case needed:
                    this.sslContextFactory.setNeedClientAuth(true);
                    break;
                case wanted:
                    this.sslContextFactory.setNeedClientAuth(false);
                    this.sslContextFactory.setWantClientAuth(true);
                    break;
                case disabled:
                    this.sslContextFactory.setNeedClientAuth(false);
                    this.sslContextFactory.setWantClientAuth(false);
                    break;
            }
            return this.sslContextFactory;
        } catch (RuntimeException e) {
            this.sslContextFactory = null;
            throw e;
        }
    }

    public SslFilter createServerModeSslFilter() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        return createSslFilter(getSSLContext(), createServerModeSSLEngine());
    }

    public SslFilter createClientModeSslFilter() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        return createSslFilter(getSSLContext(), createClientModeSSLEngine());
    }

    private static SslFilter createSslFilter(SSLContext sSLContext, SSLEngine sSLEngine) {
        SslFilter sslFilter = new SslFilter(sSLContext);
        sslFilter.setUseClientMode(sSLEngine.getUseClientMode());
        sslFilter.setEnabledProtocols(sSLEngine.getEnabledProtocols());
        sslFilter.setEnabledCipherSuites(sSLEngine.getEnabledCipherSuites());
        if (sSLEngine.getNeedClientAuth()) {
            sslFilter.setNeedClientAuth(true);
        } else if (sSLEngine.getWantClientAuth()) {
            sslFilter.setWantClientAuth(true);
        }
        return sslFilter;
    }

    public static List<String> getSupportedProtocols() throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sSLContext = SSLContext.getInstance("TLSv1");
        sSLContext.init(null, null, null);
        return Arrays.asList(sSLContext.createSSLEngine().getSupportedProtocols());
    }

    public static List<String> getDefaultProtocols() throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sSLContext = SSLContext.getInstance("TLSv1");
        sSLContext.init(null, null, null);
        return Arrays.asList(sSLContext.createSSLEngine().getEnabledProtocols());
    }

    public static List<String> getSupportedCipherSuites() throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sSLContext = SSLContext.getInstance("TLSv1");
        sSLContext.init(null, null, null);
        return Arrays.asList(sSLContext.createSSLEngine().getSupportedCipherSuites());
    }

    public static List<String> getDefaultCipherSuites() throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sSLContext = SSLContext.getInstance("TLSv1");
        sSLContext.init(null, null, null);
        return Arrays.asList(sSLContext.createSSLEngine().getEnabledCipherSuites());
    }
}
