package org.jboss.modcluster.mcmp.impl;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.cert.CRL;
import java.security.cert.CertPathParameters;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import javax.net.SocketFactory;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import org.jboss.logging.Logger;
import org.jboss.modcluster.ModClusterMessages;
import org.jboss.modcluster.config.SSLConfiguration;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/layers/base/org/jboss/mod_cluster/core/main/mod_cluster-core-1.3.3.Final.jar:org/jboss/modcluster/mcmp/impl/JSSESocketFactory.class */
public class JSSESocketFactory extends SocketFactory {
    static Logger log = Logger.getLogger((Class<?>) JSSESocketFactory.class);
    private SSLSocketFactory socketFactory;
    private String[] enabledCiphers;
    private SSLConfiguration config;

    public JSSESocketFactory(SSLConfiguration sSLConfiguration) {
        this.socketFactory = null;
        this.config = null;
        this.config = sSLConfiguration;
        try {
            SSLContext sSLContext = SSLContext.getInstance(this.config.getSslProtocol());
            sSLContext.init(getKeyManagers(), getTrustManagers(), new SecureRandom());
            this.socketFactory = sSLContext.getSocketFactory();
            String sslCiphers = this.config.getSslCiphers();
            this.enabledCiphers = sslCiphers != null ? getEnabled(sslCiphers, this.socketFactory.getSupportedCipherSuites()) : this.socketFactory.getDefaultCipherSuites();
        } catch (IOException e) {
            throw new IllegalStateException(e);
        } catch (GeneralSecurityException e2) {
            throw new IllegalStateException(e2);
        }
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket() throws IOException {
        Socket createSocket = this.socketFactory.createSocket();
        initSocket(createSocket);
        return createSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        Socket createSocket = this.socketFactory.createSocket(inetAddress, i);
        initSocket(createSocket);
        return createSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        Socket createSocket = this.socketFactory.createSocket(inetAddress, i, inetAddress2, i2);
        initSocket(createSocket);
        return createSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
        Socket createSocket = this.socketFactory.createSocket(str, i, inetAddress, i2);
        initSocket(createSocket);
        return createSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
        Socket createSocket = this.socketFactory.createSocket(str, i);
        initSocket(createSocket);
        return createSocket;
    }

    public void handshake(Socket socket) throws IOException {
        if (!(socket instanceof SSLSocket)) {
            throw new IllegalArgumentException();
        }
        ((SSLSocket) socket).startHandshake();
    }

    private static String[] getEnabled(String str, String[] strArr) {
        if (str == null) {
            return null;
        }
        HashSet hashSet = new HashSet(Arrays.asList(strArr));
        String[] split = str.split(",");
        ArrayList arrayList = new ArrayList(split.length);
        for (String str2 : split) {
            String trim = str2.trim();
            if (trim.length() > 0 && hashSet.contains(trim)) {
                arrayList.add(trim);
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private KeyStore getKeystore() throws IOException, KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException {
        return getStore(this.config.getSslKeyStoreType(), this.config.getSslKeyStoreProvider(), this.config.getSslKeyStore(), this.config.getSslKeyStorePassword());
    }

    protected KeyStore getTrustStore() throws IOException, KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException {
        String sslTrustStore = this.config.getSslTrustStore();
        if (sslTrustStore == null) {
            return null;
        }
        String sslTrustStorePassword = this.config.getSslTrustStorePassword();
        if (sslTrustStorePassword == null) {
            sslTrustStorePassword = this.config.getSslKeyStorePassword();
        } else if (sslTrustStorePassword.equals("")) {
            sslTrustStorePassword = null;
        }
        String sslTrustStoreType = this.config.getSslTrustStoreType();
        if (sslTrustStoreType == null) {
            sslTrustStoreType = this.config.getSslKeyStoreType();
        }
        String sslTrustStoreProvider = this.config.getSslTrustStoreProvider();
        if (sslTrustStoreProvider == null) {
            sslTrustStoreProvider = this.config.getSslKeyStoreProvider();
        }
        return getStore(sslTrustStoreType, sslTrustStoreProvider, sslTrustStore, sslTrustStorePassword);
    }

    private KeyStore getStore(String str, String str2, String str3, String str4) throws IOException, KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException {
        FileInputStream fileInputStream = null;
        try {
            KeyStore keyStore = str2 == null ? KeyStore.getInstance(str) : KeyStore.getInstance(str, str2);
            if (!"PKCS11".equalsIgnoreCase(str) && !"".equals(str3)) {
                File file = new File(str3);
                if (!file.isAbsolute()) {
                    file = new File(System.getProperty("catalina.base"), str3);
                }
                fileInputStream = new FileInputStream(file);
            }
            if (str4 == null) {
                keyStore.load(fileInputStream, null);
            } else {
                keyStore.load(fileInputStream, str4.toCharArray());
            }
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e) {
                    log.warn(e.getLocalizedMessage(), e);
                }
            }
            return keyStore;
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    fileInputStream.close();
                } catch (IOException e2) {
                    log.warn(e2.getLocalizedMessage(), e2);
                }
            }
            throw th;
        }
    }

    protected KeyManager[] getKeyManagers() throws GeneralSecurityException, IOException {
        KeyStore keystore = getKeystore();
        String sslKeyAlias = this.config.getSslKeyAlias();
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.config.getSslCertificateEncodingAlgorithm());
        keyManagerFactory.init(keystore, this.config.getSslKeyStorePassword().toCharArray());
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (sslKeyAlias != null) {
            if ("JKS".equals(this.config.getSslKeyStoreType())) {
                sslKeyAlias = sslKeyAlias.toLowerCase();
            }
            for (int i = 0; i < keyManagers.length; i++) {
                keyManagers[i] = new JSSEKeyManager((X509KeyManager) keyManagers[i], sslKeyAlias);
            }
        }
        return keyManagers;
    }

    protected TrustManager[] getTrustManagers() throws GeneralSecurityException, IOException {
        KeyStore trustStore = getTrustStore();
        if (trustStore == null) {
            return null;
        }
        String sslTrustAlgorithm = this.config.getSslTrustAlgorithm();
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(sslTrustAlgorithm);
        if (this.config.getSslCrlFile() == null) {
            trustManagerFactory.init(trustStore);
            return trustManagerFactory.getTrustManagers();
        }
        trustManagerFactory.init(new CertPathTrustManagerParameters(getParameters(sslTrustAlgorithm, this.config.getSslCrlFile(), trustStore)));
        return trustManagerFactory.getTrustManagers();
    }

    protected CertPathParameters getParameters(String str, String str2, KeyStore keyStore) throws GeneralSecurityException, IOException {
        if (!"PKIX".equalsIgnoreCase(str)) {
            throw ModClusterMessages.MESSAGES.crlNotSupported(str);
        }
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(getCRLs(str2))));
        pKIXBuilderParameters.setRevocationEnabled(true);
        pKIXBuilderParameters.setMaxPathLength(this.config.getSslTrustMaxCertLength());
        return pKIXBuilderParameters;
    }

    protected Collection<? extends CRL> getCRLs(String str) throws FileNotFoundException, GeneralSecurityException {
        File file = new File(str);
        if (!file.isAbsolute()) {
            file = new File(System.getProperty("catalina.base"), str);
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            return certificateFactory.generateCRLs(fileInputStream);
        } finally {
            try {
                fileInputStream.close();
            } catch (Exception e) {
                log.warn(e.getLocalizedMessage(), e);
            }
        }
    }

    private void initSocket(Socket socket) {
        SSLSocket sSLSocket = (SSLSocket) socket;
        if (this.enabledCiphers != null) {
            sSLSocket.setEnabledCipherSuites(this.enabledCiphers);
        }
        String[] enabled = getEnabled(this.config.getSslProtocol(), sSLSocket.getSupportedProtocols());
        if (enabled != null) {
            sSLSocket.setEnabledProtocols(enabled);
        }
    }
}
