package org.jgroups.util;

import java.io.File;
import java.io.FileNotFoundException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocket;
import org.jgroups.Lifecycle;
import org.jgroups.annotations.Property;
import org.jgroups.conf.PropertyConverter;

/* loaded from: input_file:org/jgroups/util/TLS.class */
public class TLS implements Lifecycle {

    @Property(description = "Enables TLS; when true, SSL sockets will be used instead of regular sockets")
    protected boolean enabled;

    @Property(description = "One or more TLS protocol names to use, e.g. TLSv1.3. Setting this requires configuring key and trust stores")
    protected String[] protocols;

    @Property(description = "The list of cipher suites")
    protected String[] cipher_suites;

    @Property(description = "The security provider. Defaults to null, which will use the default JDK provider")
    protected String provider;

    @Property(description = "Fully qualified path to the keystore")
    protected String keystore_path;

    @Property(description = "Keystore password", exposeAsManagedAttribute = false)
    protected String keystore_password;

    @Property(description = "Alias used for fetching the key")
    protected String keystore_alias;

    @Property(description = "Fully qualified path to the truststore")
    protected String truststore_path;

    @Property(description = "The password of the truststore", exposeAsManagedAttribute = false)
    protected String truststore_password;

    @Property(description = "The type of the keystore")
    protected String keystore_type = "pkcs12";

    @Property(description = "The type of the truststore")
    protected String truststore_type = "pkcs12";

    @Property(description = "Defines whether client certificate authentication is required. Legal values are NONE, WANT or NEED")
    protected TLSClientAuth client_auth = TLSClientAuth.NONE;

    @Property(description = "A list of regular expression that servers use to match and accept SNI host names", converter = SniMatcherConverter.class)
    protected List<SNIMatcher> sni_matchers = new ArrayList();

    /* loaded from: input_file:org/jgroups/util/TLS$SniMatcherConverter.class */
    public static class SniMatcherConverter implements PropertyConverter {
        @Override // org.jgroups.conf.PropertyConverter
        public Object convert(Object obj, Class<?> cls, String str, String str2, boolean z, StackType stackType) throws Exception {
            if (str2 == null) {
                return null;
            }
            List<String> parseStringList = Util.parseStringList(str2, ",");
            ArrayList arrayList = new ArrayList(parseStringList.size());
            Iterator<String> it = parseStringList.iterator();
            while (it.hasNext()) {
                arrayList.add((SNIMatcher) Util.loadClass(it.next(), getClass()).getConstructor(new Class[0]).newInstance(new Object[0]));
            }
            return arrayList;
        }

        @Override // org.jgroups.conf.PropertyConverter
        public String toString(Object obj) {
            if (obj != null) {
                return obj.getClass().getSimpleName();
            }
            return null;
        }
    }

    public boolean enabled() {
        return this.enabled;
    }

    public TLS enabled(boolean z) {
        this.enabled = z;
        return this;
    }

    public String[] getProtocols() {
        return this.protocols;
    }

    public TLS setProtocols(String[] strArr) {
        this.protocols = strArr;
        return this;
    }

    public String[] getCipherSuites() {
        return this.cipher_suites;
    }

    public TLS setCipherSuites(String[] strArr) {
        this.cipher_suites = strArr;
        return this;
    }

    public String getProvider() {
        return this.provider;
    }

    public TLS setProvider(String str) {
        this.provider = str;
        return this;
    }

    public String getKeystorePath() {
        return this.keystore_path;
    }

    public TLS setKeystorePath(String str) {
        this.keystore_path = str;
        return this;
    }

    public String getKeystorePassword() {
        return this.keystore_password;
    }

    public TLS setKeystorePassword(String str) {
        this.keystore_password = str;
        return this;
    }

    public String getKeystoreType() {
        return this.keystore_type;
    }

    public TLS setKeystoreType(String str) {
        this.keystore_type = str;
        return this;
    }

    public String getKeystoreAlias() {
        return this.keystore_alias;
    }

    public TLS setKeystoreAlias(String str) {
        this.keystore_alias = str;
        return this;
    }

    public String getTruststorePath() {
        return this.truststore_path;
    }

    public TLS setTruststorePath(String str) {
        this.truststore_path = str;
        return this;
    }

    public String getTruststorePassword() {
        return this.truststore_password;
    }

    public TLS setTruststorePassword(String str) {
        this.truststore_password = str;
        return this;
    }

    public String getTruststoreType() {
        return this.truststore_type;
    }

    public TLS setTruststoreType(String str) {
        this.truststore_type = str;
        return this;
    }

    public TLSClientAuth getClientAuth() {
        return this.client_auth;
    }

    public TLS setClientAuth(TLSClientAuth tLSClientAuth) {
        this.client_auth = tLSClientAuth;
        return this;
    }

    public List<SNIMatcher> getSniMatchers() {
        return this.sni_matchers;
    }

    public TLS setSniMatchers(List<SNIMatcher> list) {
        this.sni_matchers = list;
        return this;
    }

    @Override // org.jgroups.Lifecycle
    public void init() throws Exception {
        if (this.truststore_path == null) {
            this.truststore_path = this.keystore_path;
            this.truststore_type = this.keystore_type;
            this.truststore_password = this.keystore_password;
        }
        if (this.keystore_path != null && !new File(this.keystore_path).exists()) {
            throw new FileNotFoundException(this.keystore_path);
        }
    }

    public SSLContext createContext() {
        SslContextFactory sslContextFactory = new SslContextFactory();
        sslContextFactory.classLoader(getClass().getClassLoader()).sslProtocol(SslContextFactory.DEFAULT_SSL_PROTOCOL).provider(this.provider).keyStoreFileName(this.keystore_path).keyStorePassword(this.keystore_password).keyStoreType(this.keystore_type).keyAlias(this.keystore_alias).trustStoreFileName(this.truststore_path).trustStorePassword(this.truststore_password).trustStoreType(this.truststore_type);
        return sslContextFactory.getContext();
    }

    public SocketFactory createSocketFactory() {
        return createSocketFactory(createContext());
    }

    public SocketFactory createSocketFactory(SSLContext sSLContext) {
        DefaultSocketFactory defaultSocketFactory = new DefaultSocketFactory(sSLContext);
        SSLParameters sSLParameters = new SSLParameters();
        if (this.protocols != null) {
            sSLParameters.setProtocols(this.protocols);
        }
        if (this.cipher_suites != null) {
            sSLParameters.setCipherSuites(this.cipher_suites);
        }
        sSLParameters.setSNIMatchers(this.sni_matchers);
        switch (this.client_auth) {
            case NEED:
                sSLParameters.setNeedClientAuth(true);
                break;
            case WANT:
                sSLParameters.setWantClientAuth(true);
                break;
        }
        defaultSocketFactory.setServerSocketConfigurator(serverSocket -> {
            ((SSLServerSocket) serverSocket).setSSLParameters(sSLParameters);
        });
        return defaultSocketFactory;
    }
}
