package org.apache.qpid.jms.transports;

import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.OpenSslX509KeyManagerFactory;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SslProtocols;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.File;
import java.io.FileInputStream;
import java.net.URI;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/qpid-jms-client-0.54.0.redhat-00001.jar:org/apache/qpid/jms/transports/TransportSupport.class */
public class TransportSupport {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) TransportSupport.class);

    public static boolean isOpenSSLPossible(TransportOptions transportOptions) {
        boolean z = false;
        if (transportOptions.isUseOpenSSL()) {
            if (!OpenSsl.isAvailable()) {
                LOG.debug("OpenSSL could not be enabled because a suitable implementation could not be found.", OpenSsl.unavailabilityCause());
            } else if (transportOptions.getSslContextOverride() != null) {
                LOG.debug("OpenSSL could not be enabled due to user SSLContext being supplied.");
            } else if (!OpenSsl.supportsKeyManagerFactory()) {
                LOG.debug("OpenSSL could not be enabled because the version provided does not allow a KeyManagerFactory to be used.");
            } else if (transportOptions.isVerifyHost() && !OpenSsl.supportsHostnameValidation()) {
                LOG.debug("OpenSSL could not be enabled due to verifyHost being enabled but not supported by the provided OpenSSL version.");
            } else if (transportOptions.getKeyAlias() != null) {
                LOG.debug("OpenSSL could not be enabled because a keyAlias is set and that feature is not supported for OpenSSL.");
            } else {
                LOG.debug("OpenSSL Enabled: Version {} of OpenSSL will be used", OpenSsl.versionString());
                z = true;
            }
        }
        return z;
    }

    public static SslHandler createSslHandler(ByteBufAllocator byteBufAllocator, URI uri, TransportOptions transportOptions) throws Exception {
        SSLEngine createJdkSslEngine;
        if (isOpenSSLPossible(transportOptions)) {
            createJdkSslEngine = createOpenSslEngine(byteBufAllocator, uri, createOpenSslContext(transportOptions), transportOptions);
        } else {
            SSLContext sslContextOverride = transportOptions.getSslContextOverride();
            if (sslContextOverride == null) {
                sslContextOverride = createJdkSslContext(transportOptions);
            }
            createJdkSslEngine = createJdkSslEngine(uri, sslContextOverride, transportOptions);
        }
        return new SslHandler(createJdkSslEngine);
    }

    public static SSLContext createJdkSslContext(TransportOptions transportOptions) throws Exception {
        try {
            String contextProtocol = transportOptions.getContextProtocol();
            LOG.trace("Getting SSLContext instance using protocol: {}", contextProtocol);
            SSLContext sSLContext = SSLContext.getInstance(contextProtocol);
            sSLContext.init(loadKeyManagers(transportOptions), loadTrustManagers(transportOptions), new SecureRandom());
            return sSLContext;
        } catch (Exception e) {
            LOG.error("Failed to create SSLContext: {}", e, e);
            throw e;
        }
    }

    public static SSLEngine createJdkSslEngine(URI uri, SSLContext sSLContext, TransportOptions transportOptions) throws Exception {
        SSLEngine createSSLEngine = uri == null ? sSLContext.createSSLEngine() : sSLContext.createSSLEngine(uri.getHost(), uri.getPort());
        createSSLEngine.setEnabledProtocols(buildEnabledProtocols(createSSLEngine, transportOptions));
        createSSLEngine.setEnabledCipherSuites(buildEnabledCipherSuites(createSSLEngine, transportOptions));
        createSSLEngine.setUseClientMode(true);
        if (transportOptions.isVerifyHost()) {
            SSLParameters sSLParameters = createSSLEngine.getSSLParameters();
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            createSSLEngine.setSSLParameters(sSLParameters);
        }
        return createSSLEngine;
    }

    public static SslContext createOpenSslContext(TransportOptions transportOptions) throws Exception {
        try {
            LOG.trace("Getting SslContext instance using protocol: {}", transportOptions.getContextProtocol());
            KeyManagerFactory loadKeyManagerFactory = loadKeyManagerFactory(transportOptions, SslProvider.OPENSSL);
            TrustManagerFactory loadTrustManagerFactory = loadTrustManagerFactory(transportOptions);
            SslContextBuilder sslProvider = SslContextBuilder.forClient().sslProvider(SslProvider.OPENSSL);
            if (transportOptions.getContextProtocol().equals(TransportOptions.DEFAULT_CONTEXT_PROTOCOL)) {
                sslProvider.protocols(SslProtocols.TLS_v1_2);
            } else {
                sslProvider.protocols(transportOptions.getContextProtocol());
            }
            sslProvider.keyManager(loadKeyManagerFactory);
            sslProvider.trustManager(loadTrustManagerFactory);
            return sslProvider.build();
        } catch (Exception e) {
            LOG.error("Failed to create SslContext: {}", e, e);
            throw e;
        }
    }

    public static SSLEngine createOpenSslEngine(ByteBufAllocator byteBufAllocator, URI uri, SslContext sslContext, TransportOptions transportOptions) throws Exception {
        if (byteBufAllocator == null) {
            throw new IllegalArgumentException("OpenSSL engine requires a valid ByteBufAllocator to operate");
        }
        SSLEngine newEngine = uri == null ? sslContext.newEngine(byteBufAllocator) : sslContext.newEngine(byteBufAllocator, uri.getHost(), uri.getPort());
        newEngine.setEnabledProtocols(buildEnabledProtocols(newEngine, transportOptions));
        newEngine.setEnabledCipherSuites(buildEnabledCipherSuites(newEngine, transportOptions));
        newEngine.setUseClientMode(true);
        if (transportOptions.isVerifyHost()) {
            SSLParameters sSLParameters = newEngine.getSSLParameters();
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            newEngine.setSSLParameters(sSLParameters);
        }
        return newEngine;
    }

    private static String[] buildEnabledProtocols(SSLEngine sSLEngine, TransportOptions transportOptions) {
        ArrayList arrayList = new ArrayList();
        if (transportOptions.getEnabledProtocols() != null) {
            List asList = Arrays.asList(transportOptions.getEnabledProtocols());
            LOG.trace("Configured protocols from transport options: {}", asList);
            arrayList.addAll(asList);
        } else {
            List asList2 = Arrays.asList(sSLEngine.getEnabledProtocols());
            LOG.trace("Default protocols from the SSLEngine: {}", asList2);
            arrayList.addAll(asList2);
        }
        String[] disabledProtocols = transportOptions.getDisabledProtocols();
        if (disabledProtocols != null) {
            List asList3 = Arrays.asList(disabledProtocols);
            LOG.trace("Disabled protocols: {}", asList3);
            arrayList.removeAll(asList3);
        }
        LOG.trace("Enabled protocols: {}", arrayList);
        return (String[]) arrayList.toArray(new String[0]);
    }

    private static String[] buildEnabledCipherSuites(SSLEngine sSLEngine, TransportOptions transportOptions) {
        ArrayList arrayList = new ArrayList();
        if (transportOptions.getEnabledCipherSuites() != null) {
            List asList = Arrays.asList(transportOptions.getEnabledCipherSuites());
            LOG.trace("Configured cipher suites from transport options: {}", asList);
            arrayList.addAll(asList);
        } else {
            List asList2 = Arrays.asList(sSLEngine.getEnabledCipherSuites());
            LOG.trace("Default cipher suites from the SSLEngine: {}", asList2);
            arrayList.addAll(asList2);
        }
        String[] disabledCipherSuites = transportOptions.getDisabledCipherSuites();
        if (disabledCipherSuites != null) {
            List asList3 = Arrays.asList(disabledCipherSuites);
            LOG.trace("Disabled cipher suites: {}", asList3);
            arrayList.removeAll(asList3);
        }
        LOG.trace("Enabled cipher suites: {}", arrayList);
        return (String[]) arrayList.toArray(new String[0]);
    }

    private static TrustManager[] loadTrustManagers(TransportOptions transportOptions) throws Exception {
        TrustManagerFactory loadTrustManagerFactory = loadTrustManagerFactory(transportOptions);
        if (loadTrustManagerFactory != null) {
            return loadTrustManagerFactory.getTrustManagers();
        }
        return null;
    }

    private static TrustManagerFactory loadTrustManagerFactory(TransportOptions transportOptions) throws Exception {
        if (transportOptions.isTrustAll()) {
            return InsecureTrustManagerFactory.INSTANCE;
        }
        if (transportOptions.getTrustStoreLocation() == null) {
            return null;
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        String trustStoreLocation = transportOptions.getTrustStoreLocation();
        String trustStorePassword = transportOptions.getTrustStorePassword();
        String trustStoreType = transportOptions.getTrustStoreType();
        LOG.trace("Attempt to load TrustStore from location {} of type {}", trustStoreLocation, trustStoreType);
        trustManagerFactory.init(loadStore(trustStoreLocation, trustStorePassword, trustStoreType));
        return trustManagerFactory;
    }

    private static KeyManager[] loadKeyManagers(TransportOptions transportOptions) throws Exception {
        if (transportOptions.getKeyStoreLocation() == null) {
            return null;
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        String keyStoreLocation = transportOptions.getKeyStoreLocation();
        String keyStorePassword = transportOptions.getKeyStorePassword();
        String keyStoreType = transportOptions.getKeyStoreType();
        String keyAlias = transportOptions.getKeyAlias();
        LOG.trace("Attempt to load KeyStore from location {} of type {}", keyStoreLocation, keyStoreType);
        KeyStore loadStore = loadStore(keyStoreLocation, keyStorePassword, keyStoreType);
        keyManagerFactory.init(loadStore, keyStorePassword != null ? keyStorePassword.toCharArray() : null);
        if (keyAlias == null) {
            return keyManagerFactory.getKeyManagers();
        }
        validateAlias(loadStore, keyAlias);
        return wrapKeyManagers(keyAlias, keyManagerFactory.getKeyManagers());
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v17, types: [javax.net.ssl.KeyManagerFactory] */
    private static KeyManagerFactory loadKeyManagerFactory(TransportOptions transportOptions, SslProvider sslProvider) throws Exception {
        if (transportOptions.getKeyStoreLocation() == null) {
            return null;
        }
        OpenSslX509KeyManagerFactory keyManagerFactory = sslProvider.equals(SslProvider.JDK) ? KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()) : new OpenSslX509KeyManagerFactory();
        String keyStoreLocation = transportOptions.getKeyStoreLocation();
        String keyStorePassword = transportOptions.getKeyStorePassword();
        String keyStoreType = transportOptions.getKeyStoreType();
        LOG.trace("Attempt to load KeyStore from location {} of type {}", keyStoreLocation, keyStoreType);
        keyManagerFactory.init(loadStore(keyStoreLocation, keyStorePassword, keyStoreType), keyStorePassword != null ? keyStorePassword.toCharArray() : null);
        return keyManagerFactory;
    }

    private static KeyManager[] wrapKeyManagers(String str, KeyManager[] keyManagerArr) {
        KeyManager[] keyManagerArr2 = new KeyManager[keyManagerArr.length];
        for (int i = 0; i < keyManagerArr.length; i++) {
            KeyManager keyManager = keyManagerArr[i];
            if (keyManager instanceof X509ExtendedKeyManager) {
                keyManager = new X509AliasKeyManager(str, (X509ExtendedKeyManager) keyManager);
            }
            keyManagerArr2[i] = keyManager;
        }
        return keyManagerArr2;
    }

    private static void validateAlias(KeyStore keyStore, String str) throws IllegalArgumentException, KeyStoreException {
        if (!keyStore.containsAlias(str)) {
            throw new IllegalArgumentException("The alias '" + str + "' doesn't exist in the key store");
        }
        if (!keyStore.isKeyEntry(str)) {
            throw new IllegalArgumentException("The alias '" + str + "' in the keystore doesn't represent a key entry");
        }
    }

    private static KeyStore loadStore(String str, String str2, String str3) throws Exception {
        char[] charArray;
        KeyStore keyStore = KeyStore.getInstance(str3);
        FileInputStream fileInputStream = new FileInputStream(new File(str));
        Throwable th = null;
        if (str2 != null) {
            try {
                try {
                    charArray = str2.toCharArray();
                } finally {
                }
            } catch (Throwable th2) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th2;
            }
        } else {
            charArray = null;
        }
        keyStore.load(fileInputStream, charArray);
        if (fileInputStream != null) {
            if (0 != 0) {
                try {
                    fileInputStream.close();
                } catch (Throwable th4) {
                    th.addSuppressed(th4);
                }
            } else {
                fileInputStream.close();
            }
        }
        return keyStore;
    }
}
