package org.jboss.as.domain.management.security;

import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Set;
import java.util.function.Consumer;
import java.util.function.Supplier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLContextSpi;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import org.jboss.as.domain.management.logging.DomainManagementLogger;
import org.jboss.msc.Service;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;

/* loaded from: input_file:org/jboss/as/domain/management/security/SSLContextService.class */
public class SSLContextService implements Service {
    private final Consumer<SSLContext> sslContextConsumer;
    private final Supplier<AbstractKeyManagerService> keyManagersSupplier;
    private final Supplier<TrustManager[]> trustManagersSupplier;
    private volatile String protocol;
    private volatile Set<String> enabledCipherSuites;
    private volatile Set<String> enabledProtocols;
    private volatile SSLContext theSSLContext;

    /* loaded from: input_file:org/jboss/as/domain/management/security/SSLContextService$LazyInitSSLContext.class */
    static final class LazyInitSSLContext extends SSLContext {

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/jboss/as/domain/management/security/SSLContextService$LazyInitSSLContext$LazyInitSpi.class */
        public static class LazyInitSpi extends SSLContextSpi {
            private volatile SSLContext wrapped;
            private volatile boolean init;
            private volatile SSLServerSocketFactory serverSocketFactory;
            private volatile SSLSocketFactory socketFactory;
            final Supplier<AbstractKeyManagerService> keyManagersSupplier;
            final Supplier<TrustManager[]> trustManagersSupplier;
            private final Set<String> enabledCipherSuites;
            private final Set<String> enabledProtocols;

            /* loaded from: input_file:org/jboss/as/domain/management/security/SSLContextService$LazyInitSSLContext$LazyInitSpi$LazySSLServerSocketFactory.class */
            private class LazySSLServerSocketFactory extends SSLServerSocketFactory {
                private final LazyInitSpi wrapped;
                private volatile SSLServerSocketFactory factory;

                private LazySSLServerSocketFactory(LazyInitSpi lazyInitSpi) {
                    this.wrapped = lazyInitSpi;
                }

                protected void createFactory() {
                    if (this.factory == null) {
                        synchronized (this) {
                            if (this.factory == null) {
                                this.wrapped.doInit();
                                this.factory = this.wrapped.wrapped.getServerSocketFactory();
                            }
                        }
                    }
                }

                @Override // javax.net.ssl.SSLServerSocketFactory
                public String[] getDefaultCipherSuites() {
                    return this.factory == null ? this.wrapped.wrapped.getDefaultSSLParameters().getCipherSuites() : this.factory.getDefaultCipherSuites();
                }

                @Override // javax.net.ssl.SSLServerSocketFactory
                public String[] getSupportedCipherSuites() {
                    return this.factory == null ? this.wrapped.wrapped.getSupportedSSLParameters().getCipherSuites() : this.factory.getSupportedCipherSuites();
                }

                @Override // javax.net.ServerSocketFactory
                public ServerSocket createServerSocket(int i) throws IOException {
                    LazyInitSpi.this.doInit();
                    return this.factory.createServerSocket(i);
                }

                @Override // javax.net.ServerSocketFactory
                public ServerSocket createServerSocket(int i, int i2) throws IOException {
                    LazyInitSpi.this.doInit();
                    return this.factory.createServerSocket(i, i2);
                }

                @Override // javax.net.ServerSocketFactory
                public ServerSocket createServerSocket(int i, int i2, InetAddress inetAddress) throws IOException {
                    LazyInitSpi.this.doInit();
                    return this.factory.createServerSocket(i, i2, inetAddress);
                }
            }

            /* loaded from: input_file:org/jboss/as/domain/management/security/SSLContextService$LazyInitSSLContext$LazyInitSpi$LazySSLSocketFactory.class */
            private class LazySSLSocketFactory extends SSLSocketFactory {
                private final LazyInitSpi wrapped;
                private volatile SSLSocketFactory factory;

                private LazySSLSocketFactory(LazyInitSpi lazyInitSpi) {
                    this.wrapped = lazyInitSpi;
                }

                @Override // javax.net.ssl.SSLSocketFactory
                public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
                    createFactory();
                    return this.factory.createSocket(socket, str, i, z);
                }

                protected void createFactory() {
                    if (this.factory == null) {
                        synchronized (this) {
                            if (this.factory == null) {
                                this.wrapped.doInit();
                                this.factory = this.wrapped.wrapped.getSocketFactory();
                            }
                        }
                    }
                }

                @Override // javax.net.ssl.SSLSocketFactory
                public String[] getDefaultCipherSuites() {
                    return this.factory == null ? this.wrapped.wrapped.getDefaultSSLParameters().getCipherSuites() : this.factory.getDefaultCipherSuites();
                }

                @Override // javax.net.ssl.SSLSocketFactory
                public String[] getSupportedCipherSuites() {
                    return this.factory == null ? this.wrapped.wrapped.getSupportedSSLParameters().getCipherSuites() : this.factory.getSupportedCipherSuites();
                }

                @Override // javax.net.SocketFactory
                public Socket createSocket(String str, int i) throws IOException {
                    createFactory();
                    return this.factory.createSocket(str, i);
                }

                @Override // javax.net.SocketFactory
                public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
                    createFactory();
                    return this.factory.createSocket(inetAddress, i);
                }

                @Override // javax.net.SocketFactory
                public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException {
                    createFactory();
                    return this.factory.createSocket(str, i, inetAddress, i2);
                }

                @Override // javax.net.SocketFactory
                public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
                    createFactory();
                    return this.factory.createSocket(inetAddress, i, inetAddress2, i2);
                }

                public Socket createSocket(Socket socket, InputStream inputStream, boolean z) throws IOException {
                    createFactory();
                    return this.factory.createSocket(socket, inputStream, z);
                }

                @Override // javax.net.SocketFactory
                public Socket createSocket() throws IOException {
                    createFactory();
                    return this.factory.createSocket();
                }
            }

            /* JADX INFO: Access modifiers changed from: private */
            public void doInit() {
                if (this.init) {
                    return;
                }
                synchronized (this) {
                    try {
                        if (!this.init) {
                            try {
                                this.wrapped.init((this.keyManagersSupplier != null ? this.keyManagersSupplier.get() : null).getKeyManagers(), this.trustManagersSupplier != null ? this.trustManagersSupplier.get() : null, null);
                                this.wrapped = SSLContextService.wrapSslContext(this.wrapped, this.enabledCipherSuites, this.enabledProtocols);
                                this.init = true;
                            } catch (Exception e) {
                                throw DomainManagementLogger.SECURITY_LOGGER.failedToCreateLazyInitSSLContext(e);
                            }
                        }
                    } catch (Throwable th) {
                        this.init = true;
                        throw th;
                    }
                }
            }

            private LazyInitSpi(SSLContext sSLContext, Supplier<AbstractKeyManagerService> supplier, Supplier<TrustManager[]> supplier2, Set<String> set, Set<String> set2) {
                this.init = false;
                this.wrapped = sSLContext;
                this.keyManagersSupplier = supplier;
                this.trustManagersSupplier = supplier2;
                this.enabledCipherSuites = set;
                this.enabledProtocols = set2;
            }

            @Override // javax.net.ssl.SSLContextSpi
            protected SSLEngine engineCreateSSLEngine() {
                doInit();
                return this.wrapped.createSSLEngine();
            }

            @Override // javax.net.ssl.SSLContextSpi
            protected SSLEngine engineCreateSSLEngine(String str, int i) {
                doInit();
                return this.wrapped.createSSLEngine(str, i);
            }

            @Override // javax.net.ssl.SSLContextSpi
            protected SSLSessionContext engineGetClientSessionContext() {
                return this.wrapped.getClientSessionContext();
            }

            @Override // javax.net.ssl.SSLContextSpi
            protected SSLSessionContext engineGetServerSessionContext() {
                return this.wrapped.getServerSessionContext();
            }

            @Override // javax.net.ssl.SSLContextSpi
            protected SSLServerSocketFactory engineGetServerSocketFactory() {
                if (this.serverSocketFactory == null) {
                    synchronized (this) {
                        if (this.serverSocketFactory == null) {
                            this.serverSocketFactory = new LazySSLServerSocketFactory(this);
                        }
                    }
                }
                return this.serverSocketFactory;
            }

            @Override // javax.net.ssl.SSLContextSpi
            protected SSLSocketFactory engineGetSocketFactory() {
                if (this.socketFactory == null) {
                    synchronized (this) {
                        if (this.socketFactory == null) {
                            this.socketFactory = new LazySSLSocketFactory(this);
                        }
                    }
                }
                return this.socketFactory;
            }

            @Override // javax.net.ssl.SSLContextSpi
            protected void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws KeyManagementException {
                this.wrapped.init(keyManagerArr, trustManagerArr, secureRandom);
            }
        }

        LazyInitSSLContext(SSLContext sSLContext, Supplier<AbstractKeyManagerService> supplier, Supplier<TrustManager[]> supplier2, Set<String> set, Set<String> set2) {
            super(new LazyInitSpi(sSLContext, supplier, supplier2, set, set2), sSLContext.getProvider(), sSLContext.getProtocol());
        }
    }

    /* loaded from: input_file:org/jboss/as/domain/management/security/SSLContextService$ServiceUtil.class */
    public static final class ServiceUtil {
        private static final String SERVICE_SUFFIX = "ssl-context";
        private static final String TRUST_ONLY_SERVICE_SUFFIX = "ssl-context-trust-only";

        public static ServiceName createServiceName(ServiceName serviceName, boolean z) {
            String[] strArr = new String[1];
            strArr[0] = z ? TRUST_ONLY_SERVICE_SUFFIX : "ssl-context";
            return serviceName.append(strArr);
        }

        public static Supplier<SSLContext> requires(ServiceBuilder<?> serviceBuilder, ServiceName serviceName, boolean z) {
            return serviceBuilder.requires(createServiceName(serviceName, z));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLContextService(Consumer<SSLContext> consumer, Supplier<AbstractKeyManagerService> supplier, Supplier<TrustManager[]> supplier2, String str, Set<String> set, Set<String> set2) {
        this.sslContextConsumer = consumer;
        this.keyManagersSupplier = supplier;
        this.trustManagersSupplier = supplier2;
        this.protocol = str;
        this.enabledCipherSuites = set;
        this.enabledProtocols = set2;
    }

    public String getProtocol() {
        return this.protocol;
    }

    public void setProtocol(String str) {
        this.protocol = str;
    }

    @Override // org.jboss.msc.Service
    public void start(StartContext startContext) throws StartException {
        SSLContext wrapSslContext;
        AbstractKeyManagerService abstractKeyManagerService = this.keyManagersSupplier != null ? this.keyManagersSupplier.get() : null;
        TrustManager[] trustManagerArr = this.trustManagersSupplier != null ? this.trustManagersSupplier.get() : null;
        try {
            SSLContext sSLContext = SSLContext.getInstance(this.protocol);
            if (abstractKeyManagerService == null || !abstractKeyManagerService.isLazy()) {
                sSLContext.init(abstractKeyManagerService != null ? abstractKeyManagerService.getKeyManagers() : null, trustManagerArr, null);
                wrapSslContext = wrapSslContext(sSLContext, this.enabledCipherSuites, this.enabledProtocols);
            } else {
                wrapSslContext = new LazyInitSSLContext(sSLContext, this.keyManagersSupplier, this.trustManagersSupplier, this.enabledCipherSuites, this.enabledProtocols);
            }
            this.theSSLContext = wrapSslContext;
            this.sslContextConsumer.accept(this.theSSLContext);
        } catch (KeyManagementException e) {
            throw DomainManagementLogger.ROOT_LOGGER.unableToStart(e);
        } catch (NoSuchAlgorithmException e2) {
            throw DomainManagementLogger.ROOT_LOGGER.unableToStart(e2);
        }
    }

    protected static SSLContext wrapSslContext(SSLContext sSLContext, Set<String> set, Set<String> set2) throws StartException {
        String[] calculateCommon;
        String[] calculateCommon2;
        if (!set.isEmpty() || !set2.isEmpty()) {
            SSLParameters supportedSSLParameters = sSLContext.getSupportedSSLParameters();
            if (set.isEmpty()) {
                calculateCommon = new String[0];
            } else {
                calculateCommon = calculateCommon(supportedSSLParameters.getCipherSuites(), set);
                if (calculateCommon.length == 0) {
                    throw DomainManagementLogger.ROOT_LOGGER.noCipherSuitesInCommon(Arrays.asList(supportedSSLParameters.getCipherSuites()).toString(), set.toString());
                }
            }
            if (set2.isEmpty()) {
                calculateCommon2 = new String[0];
            } else {
                calculateCommon2 = calculateCommon(supportedSSLParameters.getProtocols(), set2);
                if (calculateCommon2.length == 0) {
                    throw DomainManagementLogger.ROOT_LOGGER.noProtocolsInCommon(Arrays.asList(supportedSSLParameters.getProtocols()).toString(), set2.toString());
                }
            }
            sSLContext = new WrapperSSLContext(sSLContext, calculateCommon, calculateCommon2);
        }
        return sSLContext;
    }

    private static String[] calculateCommon(String[] strArr, Set<String> set) {
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            if (set.contains(str)) {
                arrayList.add(str);
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    @Override // org.jboss.msc.Service
    public void stop(StopContext stopContext) {
        this.sslContextConsumer.accept(null);
        this.theSSLContext = null;
    }
}
