package org.wildfly.security.ssl;

import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.IdentityHashMap;
import java.util.function.Supplier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.wildfly.common.Assert;
import org.wildfly.security.OneTimeSecurityFactory;
import org.wildfly.security.SecurityFactory;
import org.wildfly.security._private.ElytronMessages;

/* loaded from: input_file:org/wildfly/security/ssl/SSLUtils.class */
public final class SSLUtils {
    public static final String SSL_SESSION_IDENTITY_KEY = "org.wildfly.security.ssl.identity";
    private static final String serviceType = SSLContext.class.getSimpleName();
    private static final SecurityFactory<X509TrustManager> DEFAULT_TRUST_MANAGER_SECURITY_FACTORY = new OneTimeSecurityFactory(() -> {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw ElytronMessages.log.noDefaultTrustManager();
    });

    private SSLUtils() {
    }

    public static SecurityFactory<SSLContext> createSslContextFactory(ProtocolSelector protocolSelector, Supplier<Provider[]> supplier) {
        Provider[] providerArr = supplier.get();
        IdentityHashMap identityHashMap = new IdentityHashMap();
        for (Provider provider : providerArr) {
            for (Provider.Service service : provider.getServices()) {
                if (serviceType.equals(service.getType())) {
                    String algorithm = service.getAlgorithm();
                    if (!identityHashMap.containsKey(algorithm)) {
                        identityHashMap.put(algorithm, provider);
                    }
                }
            }
        }
        for (String str : protocolSelector.evaluate((String[]) identityHashMap.keySet().toArray(new String[identityHashMap.size()]))) {
            Provider provider2 = (Provider) identityHashMap.get(str);
            if (provider2 != null) {
                return createSimpleSslContextFactory(str, provider2);
            }
        }
        return SSLUtils::throwIt;
    }

    private static SSLContext throwIt() throws NoSuchAlgorithmException {
        throw ElytronMessages.log.noAlgorithmForSslProtocol();
    }

    public static SecurityFactory<SSLContext> createSimpleSslContextFactory(String str, Provider provider) {
        return () -> {
            return SSLContext.getInstance(str, provider);
        };
    }

    public static SSLContext createConfiguredSslContext(SSLContext sSLContext, SSLConfigurator sSLConfigurator) {
        return new DelegatingSSLContext(new ConfiguredSSLContextSpi(sSLContext, sSLConfigurator));
    }

    public static SecurityFactory<SSLContext> createConfiguredSslContextFactory(SecurityFactory<SSLContext> securityFactory, SSLConfigurator sSLConfigurator) {
        return () -> {
            return createConfiguredSslContext((SSLContext) securityFactory.create(), sSLConfigurator);
        };
    }

    public static SecurityFactory<X509TrustManager> getDefaultX509TrustManagerSecurityFactory() {
        return DEFAULT_TRUST_MANAGER_SECURITY_FACTORY;
    }

    public static SSLEngine createSNIDispatchingSSLEngine(SNIServerSSLContextSelector sNIServerSSLContextSelector) {
        Assert.checkNotNullParam("selector", sNIServerSSLContextSelector);
        return new SNIServerSSLEngine(sNIServerSSLContextSelector);
    }

    public static SecurityFactory<SSLEngine> createSNIDispatchingSSLEngineFactory(SNIServerSSLContextSelector sNIServerSSLContextSelector) {
        Assert.checkNotNullParam("selector", sNIServerSSLContextSelector);
        return () -> {
            return new SNIServerSSLEngine(sNIServerSSLContextSelector);
        };
    }
}
