package org.opends.server.replication.protocol;

import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.util.SortedSet;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import org.opends.messages.ReplicationMessages;
import org.opends.server.config.ConfigException;
import org.opends.server.loggers.ErrorLogger;
import org.opends.server.types.DirectoryConfig;

/* loaded from: input_file:org/opends/server/replication/protocol/ReplSessionSecurity.class */
public class ReplSessionSecurity {
    private static boolean useSSL = true;
    private boolean sslEncryption;
    private String sslCertNickname;
    private String[] sslProtocols;
    private String[] sslCipherSuites;
    public static final int HANDSHAKE_TIMEOUT = 4000;

    public ReplSessionSecurity(String str, SortedSet<String> sortedSet, SortedSet<String> sortedSet2, boolean z) throws ConfigException {
        if (sortedSet == null || sortedSet.size() == 0) {
            this.sslProtocols = null;
        } else {
            this.sslProtocols = new String[sortedSet.size()];
            sortedSet.toArray(this.sslProtocols);
        }
        if (sortedSet2 == null || sortedSet2.size() == 0) {
            this.sslCipherSuites = null;
        } else {
            this.sslCipherSuites = new String[sortedSet.size()];
            sortedSet.toArray(this.sslCipherSuites);
        }
        this.sslEncryption = z;
        this.sslCertNickname = str;
    }

    public ReplSessionSecurity() throws ConfigException {
        this(DirectoryConfig.getCryptoManager().getSslCertNickname(), DirectoryConfig.getCryptoManager().getSslProtocols(), DirectoryConfig.getCryptoManager().getSslCipherSuites(), DirectoryConfig.getCryptoManager().isSslEncryption());
    }

    private boolean isSecurePort(String str) {
        return useSSL;
    }

    public boolean isSslEncryption(String str) {
        return this.sslEncryption;
    }

    public ProtocolSession createClientSession(String str, Socket socket, int i) throws ConfigException, IOException {
        if (!isSecurePort(str)) {
            return new SocketSession(socket);
        }
        SSLSocket sSLSocket = (SSLSocket) DirectoryConfig.getCryptoManager().getSslContext(this.sslCertNickname).getSocketFactory().createSocket(socket, socket.getInetAddress().getHostName(), socket.getPort(), false);
        sSLSocket.setUseClientMode(true);
        sSLSocket.setSoTimeout(i);
        if (this.sslProtocols != null) {
            sSLSocket.setEnabledProtocols(this.sslProtocols);
        }
        if (this.sslCipherSuites != null) {
            sSLSocket.setEnabledCipherSuites(this.sslCipherSuites);
        }
        sSLSocket.startHandshake();
        return new TLSSocketSession(socket, sSLSocket);
    }

    public ProtocolSession createServerSession(Socket socket, int i) throws ConfigException, IOException {
        if (!useSSL) {
            return new SocketSession(socket);
        }
        try {
            SSLSocket sSLSocket = (SSLSocket) DirectoryConfig.getCryptoManager().getSslContext(this.sslCertNickname).getSocketFactory().createSocket(socket, socket.getInetAddress().getHostName(), socket.getPort(), false);
            sSLSocket.setUseClientMode(false);
            sSLSocket.setNeedClientAuth(true);
            sSLSocket.setSoTimeout(i);
            if (this.sslProtocols != null) {
                sSLSocket.setEnabledProtocols(this.sslProtocols);
            }
            if (this.sslCipherSuites != null) {
                sSLSocket.setEnabledCipherSuites(this.sslCipherSuites);
            }
            sSLSocket.startHandshake();
            return new TLSSocketSession(socket, sSLSocket);
        } catch (SSLException e) {
            InetAddress inetAddress = socket.getInetAddress();
            ErrorLogger.logError(ReplicationMessages.NOTE_SSL_SERVER_CON_ATTEMPT_ERROR.get(inetAddress.getHostName(), inetAddress.getHostAddress(), e.getLocalizedMessage()));
            return null;
        }
    }
}
