package org.apache.activemq.spring;

import java.io.InputStream;
import java.net.MalformedURLException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CRL;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import javax.annotation.PostConstruct;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.activemq.broker.SslContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:activemq-spring-5.11.0.redhat-630347-12.jar:org/apache/activemq/spring/SpringSslContext.class */
public class SpringSslContext extends SslContext {
    private static final transient Logger LOG = LoggerFactory.getLogger((Class<?>) SpringSslContext.class);
    private String keyStoreType = "jks";
    private String trustStoreType = "jks";
    private String secureRandomAlgorithm = "SHA1PRNG";
    private String keyStoreAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
    private String trustStoreAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
    private String keyStore;
    private String trustStore;
    private String keyStoreKeyPassword;
    private String keyStorePassword;
    private String trustStorePassword;
    private String crlPath;

    @PostConstruct
    private void postConstruct() {
        try {
            afterPropertiesSet();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public void afterPropertiesSet() throws Exception {
        this.keyManagers.addAll(createKeyManagers());
        this.trustManagers.addAll(createTrustManagers());
        if (this.secureRandom == null) {
            this.secureRandom = createSecureRandom();
        }
    }

    private SecureRandom createSecureRandom() throws NoSuchAlgorithmException {
        return SecureRandom.getInstance(this.secureRandomAlgorithm);
    }

    private Collection<TrustManager> createTrustManagers() throws Exception {
        KeyStore createTrustManagerKeyStore = createTrustManagerKeyStore();
        if (createTrustManagerKeyStore == null) {
            return new ArrayList(0);
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this.trustStoreAlgorithm);
        boolean z = false;
        if (this.crlPath != null) {
            if (this.trustStoreAlgorithm.equalsIgnoreCase("PKIX")) {
                Collection<? extends CRL> loadCRL = loadCRL();
                if (loadCRL != null) {
                    PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(createTrustManagerKeyStore, (CertSelector) null);
                    pKIXBuilderParameters.setRevocationEnabled(true);
                    pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(loadCRL)));
                    trustManagerFactory.init(new CertPathTrustManagerParameters(pKIXBuilderParameters));
                    z = true;
                }
            } else {
                LOG.warn("Revocation checking is only supported with 'trustStoreAlgorithm=\"PKIX\"'. Ignoring CRL: " + this.crlPath);
            }
        }
        if (!z) {
            trustManagerFactory.init(createTrustManagerKeyStore);
        }
        return Arrays.asList(trustManagerFactory.getTrustManagers());
    }

    private Collection<KeyManager> createKeyManagers() throws Exception {
        KeyStore createKeyManagerKeyStore = createKeyManagerKeyStore();
        if (createKeyManagerKeyStore == null) {
            return new ArrayList(0);
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.keyStoreAlgorithm);
        keyManagerFactory.init(createKeyManagerKeyStore, this.keyStoreKeyPassword == null ? this.keyStorePassword == null ? null : this.keyStorePassword.toCharArray() : this.keyStoreKeyPassword.toCharArray());
        return Arrays.asList(keyManagerFactory.getKeyManagers());
    }

    private KeyStore createTrustManagerKeyStore() throws Exception {
        if (this.trustStore == null) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance(this.trustStoreType);
        InputStream inputStream = Utils.resourceFromString(this.trustStore).getInputStream();
        try {
            keyStore.load(inputStream, this.trustStorePassword == null ? null : this.trustStorePassword.toCharArray());
            inputStream.close();
            return keyStore;
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    private KeyStore createKeyManagerKeyStore() throws Exception {
        if (this.keyStore == null) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
        InputStream inputStream = Utils.resourceFromString(this.keyStore).getInputStream();
        try {
            keyStore.load(inputStream, this.keyStorePassword == null ? null : this.keyStorePassword.toCharArray());
            inputStream.close();
            return keyStore;
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    public String getTrustStoreType() {
        return this.trustStoreType;
    }

    public String getKeyStoreType() {
        return this.keyStoreType;
    }

    public String getKeyStore() {
        return this.keyStore;
    }

    public void setKeyStore(String str) throws MalformedURLException {
        this.keyStore = str;
    }

    public String getTrustStore() {
        return this.trustStore;
    }

    public void setTrustStore(String str) throws MalformedURLException {
        this.trustStore = str;
    }

    public String getKeyStoreAlgorithm() {
        return this.keyStoreAlgorithm;
    }

    public void setKeyStoreAlgorithm(String str) {
        this.keyStoreAlgorithm = str;
    }

    public String getTrustStoreAlgorithm() {
        return this.trustStoreAlgorithm;
    }

    public void setTrustStoreAlgorithm(String str) {
        this.trustStoreAlgorithm = str;
    }

    public String getKeyStoreKeyPassword() {
        return this.keyStoreKeyPassword;
    }

    public void setKeyStoreKeyPassword(String str) {
        this.keyStoreKeyPassword = str;
    }

    public String getKeyStorePassword() {
        return this.keyStorePassword;
    }

    public void setKeyStorePassword(String str) {
        this.keyStorePassword = str;
    }

    public String getTrustStorePassword() {
        return this.trustStorePassword;
    }

    public void setTrustStorePassword(String str) {
        this.trustStorePassword = str;
    }

    public void setKeyStoreType(String str) {
        this.keyStoreType = str;
    }

    public void setTrustStoreType(String str) {
        this.trustStoreType = str;
    }

    public String getSecureRandomAlgorithm() {
        return this.secureRandomAlgorithm;
    }

    public void setSecureRandomAlgorithm(String str) {
        this.secureRandomAlgorithm = str;
    }

    public String getCrlPath() {
        return this.crlPath;
    }

    public void setCrlPath(String str) {
        this.crlPath = str;
    }

    private Collection<? extends CRL> loadCRL() throws Exception {
        if (this.crlPath == null) {
            return null;
        }
        InputStream inputStream = Utils.resourceFromString(this.crlPath).getInputStream();
        try {
            Collection<? extends CRL> generateCRLs = CertificateFactory.getInstance("X.509").generateCRLs(inputStream);
            inputStream.close();
            return generateCRLs;
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }
}
