package org.teiid.transport;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import org.teiid.core.util.Assertion;
import org.teiid.net.socket.SocketUtil;

/* loaded from: input_file:org/teiid/transport/SSLConfiguration.class */
public class SSLConfiguration {
    public static final String ONEWAY = "1-way";
    public static final String TWOWAY = "2-way";
    public static final String ANONYMOUS = "anonymous";
    private static final String DEFAULT_SSL_PROTOCOL = "SSLv3";
    private static final String DEFAULT_KEYSTORE_TYPE = "JKS";
    private String keyStoreFileName;
    private String trustStoreFileName;
    private boolean sslEnabled = false;
    private String sslProtocol = DEFAULT_SSL_PROTOCOL;
    private String keyManagerFactoryAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
    private String keyStoreType = DEFAULT_KEYSTORE_TYPE;
    private String keyStorePassword = "";
    private String trustStorePassword = "";
    private String authenticationMode = ONEWAY;
    boolean clientEncryptionEnabled = true;

    public SSLEngine getServerSSLEngine() throws IOException, GeneralSecurityException {
        if (!isSslEnabled()) {
            return null;
        }
        SSLEngine createSSLEngine = (ANONYMOUS.equals(this.authenticationMode) ? SocketUtil.getAnonSSLContext() : SocketUtil.getSSLContext(this.keyStoreFileName, this.keyStorePassword, this.trustStoreFileName, this.trustStorePassword, this.keyManagerFactoryAlgorithm, this.keyStoreType, this.sslProtocol)).createSSLEngine();
        createSSLEngine.setUseClientMode(false);
        if (ANONYMOUS.equals(this.authenticationMode)) {
            Assertion.assertTrue(Arrays.asList(createSSLEngine.getSupportedCipherSuites()).contains("TLS_DH_anon_WITH_AES_128_CBC_SHA"));
            createSSLEngine.setEnabledCipherSuites(new String[]{"TLS_DH_anon_WITH_AES_128_CBC_SHA"});
        }
        createSSLEngine.setNeedClientAuth(TWOWAY.equals(this.authenticationMode));
        return createSSLEngine;
    }

    public boolean isSslEnabled() {
        return this.sslEnabled;
    }

    public boolean isClientEncryptionEnabled() {
        return this.clientEncryptionEnabled;
    }

    public void setSslEnabled(boolean z) {
        this.sslEnabled = z;
    }

    public void setKeystoreFilename(String str) {
        this.keyStoreFileName = str;
    }

    public void setKeystorePassword(String str) {
        this.keyStorePassword = str;
    }

    public void setKeystoreType(String str) {
        this.keyStoreType = str;
    }

    public void setSslProtocol(String str) {
        this.sslProtocol = str;
    }

    public void setKeymanagementAlgorithm(String str) {
        this.keyManagerFactoryAlgorithm = str;
    }

    public void setTruststoreFilename(String str) {
        this.trustStoreFileName = str;
    }

    public void setTruststorePassword(String str) {
        this.trustStorePassword = str;
    }

    public void setAuthenticationMode(String str) {
        this.authenticationMode = str;
    }

    public void setClientEncryptionEnabled(boolean z) {
        this.clientEncryptionEnabled = z;
    }
}
