package org.apache.cxf.transport.https;

import java.security.GeneralSecurityException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509KeyManager;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.configuration.jsse.TLSParameterBase;
import org.apache.cxf.configuration.jsse.TLSServerParameters;
import org.apache.cxf.transport.https.httpclient.DefaultHostnameVerifier;
import org.apache.cxf.transport.https.httpclient.PublicSuffixMatcherLoader;

/* loaded from: input_file:WEB-INF/lib/cxf-rt-transports-http-3.0.4.redhat-621107.jar:org/apache/cxf/transport/https/SSLUtils.class */
public final class SSLUtils {
    private SSLUtils() {
    }

    public static HostnameVerifier getHostnameVerifier(TLSClientParameters tLSClientParameters) {
        return tLSClientParameters.getHostnameVerifier() != null ? tLSClientParameters.getHostnameVerifier() : tLSClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier() ? HttpsURLConnection.getDefaultHostnameVerifier() : tLSClientParameters.isDisableCNCheck() ? new AllowAllHostnameVerifier() : new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault());
    }

    public static SSLContext getSSLContext(TLSParameterBase tLSParameterBase) throws Exception {
        String jsseProvider = tLSParameterBase.getJsseProvider();
        String secureSocketProtocol = tLSParameterBase.getSecureSocketProtocol() != null ? tLSParameterBase.getSecureSocketProtocol() : "TLS";
        SSLContext sSLContext = jsseProvider == null ? SSLContext.getInstance(secureSocketProtocol) : SSLContext.getInstance(secureSocketProtocol, jsseProvider);
        if (tLSParameterBase instanceof TLSClientParameters) {
            sSLContext.getClientSessionContext().setSessionTimeout(((TLSClientParameters) tLSParameterBase).getSslCacheTimeout());
        }
        KeyManager[] keyManagers = tLSParameterBase.getKeyManagers();
        if (tLSParameterBase.getCertAlias() != null) {
            getKeyManagersWithCertAlias(tLSParameterBase, keyManagers);
        }
        sSLContext.init(keyManagers, tLSParameterBase.getTrustManagers(), tLSParameterBase.getSecureRandom());
        return sSLContext;
    }

    protected static void getKeyManagersWithCertAlias(TLSParameterBase tLSParameterBase, KeyManager[] keyManagerArr) throws GeneralSecurityException {
        if (tLSParameterBase.getCertAlias() != null) {
            for (int i = 0; i < keyManagerArr.length; i++) {
                if (keyManagerArr[i] instanceof X509KeyManager) {
                    try {
                        keyManagerArr[i] = new AliasedX509ExtendedKeyManager(tLSParameterBase.getCertAlias(), (X509KeyManager) keyManagerArr[i]);
                    } catch (Exception e) {
                        throw new GeneralSecurityException(e);
                    }
                }
            }
        }
    }

    public static SSLEngine createServerSSLEngine(TLSServerParameters tLSServerParameters) throws Exception {
        SSLEngine createSSLEngine = getSSLContext(tLSServerParameters).createSSLEngine();
        createSSLEngine.setUseClientMode(false);
        createSSLEngine.setNeedClientAuth(tLSServerParameters.getClientAuthentication().isRequired());
        return createSSLEngine;
    }

    public static SSLEngine createClientSSLEngine(TLSClientParameters tLSClientParameters) throws Exception {
        SSLEngine createSSLEngine = getSSLContext(tLSClientParameters).createSSLEngine();
        createSSLEngine.setUseClientMode(true);
        return createSSLEngine;
    }
}
