package org.wildfly.security.ssl;

import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.IdentityHashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.function.Supplier;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.wildfly.common.Assert;
import org.wildfly.security.OneTimeSecurityFactory;
import org.wildfly.security.SecurityFactory;
import org.wildfly.security._private.ElytronMessages;

/* loaded from: input_file:org/wildfly/security/ssl/SSLUtils.class */
public final class SSLUtils {
    public static final String SSL_SESSION_IDENTITY_KEY = "org.wildfly.security.ssl.identity";
    private static final String[] NO_STRINGS = new String[0];
    private static final String SERVICE_TYPE = SSLContext.class.getSimpleName();
    private static final SecurityFactory<X509TrustManager> DEFAULT_TRUST_MANAGER_SECURITY_FACTORY = new OneTimeSecurityFactory(() -> {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw ElytronMessages.log.noDefaultTrustManager();
    });

    private SSLUtils() {
    }

    public static SecurityFactory<SSLContext> createSslContextFactory(ProtocolSelector protocolSelector, Supplier<Provider[]> supplier) {
        return createSslContextFactory(protocolSelector, supplier, null);
    }

    public static SecurityFactory<SSLContext> createSslContextFactory(ProtocolSelector protocolSelector, Supplier<Provider[]> supplier, String str) {
        Set<Provider.Service> services;
        IdentityHashMap identityHashMap = new IdentityHashMap();
        for (Provider provider : supplier.get()) {
            if ((str == null || str.equals(provider.getName())) && (services = provider.getServices()) != null) {
                for (Provider.Service service : services) {
                    if (SERVICE_TYPE.equals(service.getType())) {
                        ((List) identityHashMap.computeIfAbsent(service.getAlgorithm(), str2 -> {
                            return new ArrayList();
                        })).add(provider);
                    }
                }
            }
        }
        String[] evaluate = protocolSelector.evaluate((String[]) identityHashMap.keySet().toArray(NO_STRINGS));
        if (evaluate.length > 0) {
            return () -> {
                for (String str3 : evaluate) {
                    Iterator it = ((List) identityHashMap.getOrDefault(str3, Collections.emptyList())).iterator();
                    while (it.hasNext()) {
                        try {
                            return SSLContext.getInstance(str3, (Provider) it.next());
                        } catch (NoSuchAlgorithmException e) {
                        }
                    }
                }
                throw ElytronMessages.log.noAlgorithmForSslProtocol();
            };
        }
        if (ElytronMessages.log.isTraceEnabled()) {
            ElytronMessages.log.tracef("No %s provided by providers in %s: %s", SERVICE_TYPE, SSLUtils.class.getSimpleName(), Arrays.toString(supplier.get()));
        }
        return SSLUtils::throwIt;
    }

    private static SSLContext throwIt() throws NoSuchAlgorithmException {
        throw ElytronMessages.log.noAlgorithmForSslProtocol();
    }

    public static SecurityFactory<SSLContext> createSimpleSslContextFactory(String str, Provider provider) {
        return () -> {
            return SSLContext.getInstance(str, provider);
        };
    }

    public static SSLContext createConfiguredSslContext(SSLContext sSLContext, SSLConfigurator sSLConfigurator) {
        return createConfiguredSslContext(sSLContext, sSLConfigurator, true);
    }

    public static SSLContext createConfiguredSslContext(SSLContext sSLContext, SSLConfigurator sSLConfigurator, boolean z) {
        return new DelegatingSSLContext(new ConfiguredSSLContextSpi(sSLContext, sSLConfigurator, z));
    }

    public static SecurityFactory<SSLContext> createConfiguredSslContextFactory(SecurityFactory<SSLContext> securityFactory, SSLConfigurator sSLConfigurator) {
        return () -> {
            return createConfiguredSslContext((SSLContext) securityFactory.create(), sSLConfigurator);
        };
    }

    public static SecurityFactory<X509TrustManager> getDefaultX509TrustManagerSecurityFactory() {
        return DEFAULT_TRUST_MANAGER_SECURITY_FACTORY;
    }

    public static SSLEngine createSelectingSSLEngine(SSLContextSelector sSLContextSelector) {
        Assert.checkNotNullParam("selector", sSLContextSelector);
        return new SelectingServerSSLEngine(sSLContextSelector);
    }

    public static SSLEngine createSelectingSSLEngine(SSLContextSelector sSLContextSelector, String str, int i) {
        Assert.checkNotNullParam("selector", sSLContextSelector);
        return new SelectingServerSSLEngine(sSLContextSelector, str, i);
    }

    public static SNIMatcher createHostNamePredicateSNIMatcher(final Predicate<SNIHostName> predicate) {
        Assert.checkNotNullParam("predicate", predicate);
        return new SNIMatcher(0) { // from class: org.wildfly.security.ssl.SSLUtils.1
            @Override // javax.net.ssl.SNIMatcher
            public boolean matches(SNIServerName sNIServerName) {
                return (sNIServerName instanceof SNIHostName) && predicate.test((SNIHostName) sNIServerName);
            }
        };
    }

    public static SNIMatcher createHostNameStringPredicateSNIMatcher(final Predicate<String> predicate) {
        Assert.checkNotNullParam("predicate", predicate);
        return new SNIMatcher(0) { // from class: org.wildfly.security.ssl.SSLUtils.2
            @Override // javax.net.ssl.SNIMatcher
            public boolean matches(SNIServerName sNIServerName) {
                return (sNIServerName instanceof SNIHostName) && predicate.test(((SNIHostName) sNIServerName).getAsciiName());
            }
        };
    }

    public static SNIMatcher createHostNameStringSNIMatcher(String str) {
        Assert.checkNotNullParam("string", str);
        str.getClass();
        return createHostNameStringPredicateSNIMatcher((v1) -> {
            return r0.equals(v1);
        });
    }

    public static SNIMatcher createHostNameSuffixSNIMatcher(String str) {
        Assert.checkNotNullParam("suffix", str);
        Assert.checkNotEmptyParam("suffix", str);
        String str2 = str.startsWith(".") ? str : "." + str;
        return createHostNameStringPredicateSNIMatcher(str3 -> {
            return str3.endsWith(str2);
        });
    }

    public static SecurityFactory<SSLEngine> createDispatchingSSLEngineFactory(SSLContextSelector sSLContextSelector) {
        Assert.checkNotNullParam("selector", sSLContextSelector);
        return () -> {
            return new SelectingServerSSLEngine(sSLContextSelector);
        };
    }

    public static Object getOrDefault(SSLSession sSLSession, String str, Object obj) {
        Assert.checkNotNullParam("sslSession", sSLSession);
        Assert.checkNotNullParam("key", str);
        Object value = sSLSession.getValue(str);
        return value != null ? value : obj;
    }

    public static Object putSessionValueIfAbsent(SSLSession sSLSession, String str, Object obj) {
        Assert.checkNotNullParam("sslSession", sSLSession);
        Assert.checkNotNullParam("key", str);
        Assert.checkNotNullParam("newValue", obj);
        synchronized (sSLSession) {
            Object value = sSLSession.getValue(str);
            if (value != null) {
                return value;
            }
            sSLSession.putValue(str, obj);
            return null;
        }
    }

    public static Object removeSessionValue(SSLSession sSLSession, String str) {
        Object value;
        Assert.checkNotNullParam("sslSession", sSLSession);
        Assert.checkNotNullParam("key", str);
        synchronized (sSLSession) {
            value = sSLSession.getValue(str);
            sSLSession.removeValue(str);
        }
        return value;
    }

    public static boolean removeSessionValue(SSLSession sSLSession, String str, Object obj) {
        Assert.checkNotNullParam("sslSession", sSLSession);
        Assert.checkNotNullParam("key", str);
        Assert.checkNotNullParam("value", obj);
        synchronized (sSLSession) {
            if (!Objects.equals(sSLSession.getValue(str), obj)) {
                return false;
            }
            sSLSession.removeValue(str);
            return true;
        }
    }

    public static Object replaceSessionValue(SSLSession sSLSession, String str, Object obj) {
        Object value;
        Assert.checkNotNullParam("sslSession", sSLSession);
        Assert.checkNotNullParam("key", str);
        Assert.checkNotNullParam("newValue", obj);
        synchronized (sSLSession) {
            value = sSLSession.getValue(str);
            if (value != null) {
                sSLSession.putValue(str, obj);
            }
        }
        return value;
    }

    public static boolean replaceSessionValue(SSLSession sSLSession, String str, Object obj, Object obj2) {
        Assert.checkNotNullParam("sslSession", sSLSession);
        Assert.checkNotNullParam("key", str);
        Assert.checkNotNullParam("oldValue", obj);
        Assert.checkNotNullParam("newValue", obj2);
        synchronized (sSLSession) {
            if (!Objects.equals(sSLSession.getValue(str), obj)) {
                return false;
            }
            sSLSession.putValue(str, obj2);
            return true;
        }
    }

    public static <R> R computeIfAbsent(SSLSession sSLSession, String str, Function<String, R> function) {
        Assert.checkNotNullParam("sslSession", sSLSession);
        Assert.checkNotNullParam("key", str);
        Assert.checkNotNullParam("mappingFunction", function);
        synchronized (sSLSession) {
            R r = (R) sSLSession.getValue(str);
            if (r != null) {
                return r;
            }
            R apply = function.apply(str);
            Assert.assertNotNull(apply);
            sSLSession.putValue(str, apply);
            return apply;
        }
    }
}
