package org.apache.cxf.configuration.jsse;

import ch.qos.logback.core.net.ssl.SSL;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.cxf.BusFactory;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.SystemPropertyAction;
import org.apache.cxf.configuration.security.FiltersType;
import org.apache.cxf.helpers.FileUtils;
import org.apache.cxf.resource.ResourceManager;

/* loaded from: input_file:BOOT-INF/lib/cxf-core-4.0.0.jar:org/apache/cxf/configuration/jsse/SSLUtils.class */
public final class SSLUtils {
    static final String PKCS12_TYPE = "PKCS12";
    private static final String DEFAULT_KEYSTORE_TYPE = "JKS";
    private static final String DEFAULT_TRUST_STORE_TYPE = "JKS";
    private static final String HTTPS_CIPHER_SUITES = "https.cipherSuites";
    private static final List<String> DEFAULT_CIPHERSUITE_FILTERS_EXCLUDE = Arrays.asList(".*NULL.*", ".*anon.*", ".*EXPORT.*", ".*DES.*", ".*MD5", ".*CBC.*", ".*RC4.*");
    private static volatile KeyManager[] defaultManagers;

    private SSLUtils() {
    }

    public static KeyManager[] getDefaultKeyStoreManagers(Logger logger) {
        if (defaultManagers == null) {
            loadDefaultKeyManagers(logger);
        }
        if (defaultManagers.length == 0) {
            return null;
        }
        return defaultManagers;
    }

    private static synchronized void loadDefaultKeyManagers(Logger logger) {
        if (defaultManagers != null) {
            return;
        }
        String keystore = getKeystore(null, logger);
        String keystorePassword = getKeystorePassword(null, logger);
        String keyPassword = getKeyPassword(null, logger);
        String keystoreType = getKeystoreType(null, logger);
        if (keystore != null) {
            File file = new File(keystore);
            try {
                InputStream newInputStream = FileUtils.exists(file) ? Files.newInputStream(file.toPath(), new OpenOption[0]) : getResourceAsStream(keystore);
                if (newInputStream != null) {
                    try {
                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                        KeyStore keyStore = KeyStore.getInstance(keystoreType != null ? keystoreType : KeyStore.getDefaultType());
                        keyStore.load(newInputStream, keystorePassword != null ? keystorePassword.toCharArray() : null);
                        keyManagerFactory.init(keyStore, keyPassword != null ? keyPassword.toCharArray() : null);
                        defaultManagers = keyManagerFactory.getKeyManagers();
                    } finally {
                    }
                }
                if (newInputStream != null) {
                    newInputStream.close();
                }
            } catch (Exception e) {
                logger.log(Level.WARNING, "Default key managers cannot be initialized: " + e.getMessage(), (Throwable) e);
                defaultManagers = new KeyManager[0];
            }
        }
        if (null == defaultManagers) {
            logger.log(Level.FINER, "No default keystore {0}", keystore);
            defaultManagers = new KeyManager[0];
        }
    }

    public static TrustManager[] getDefaultTrustStoreManagers(Logger logger) {
        String truststore = getTruststore(null, logger);
        String truststorePassword = getTruststorePassword(null, logger);
        String trustStoreType = getTrustStoreType(null, logger, SSL.DEFAULT_KEYSTORE_TYPE);
        if (truststore == null) {
            return null;
        }
        File file = new File(truststore);
        try {
            InputStream newInputStream = FileUtils.exists(file) ? Files.newInputStream(file.toPath(), new OpenOption[0]) : getResourceAsStream(truststore);
            try {
                if (newInputStream == null) {
                    logger.log(Level.FINER, "No default trust keystore {0}", truststore);
                    if (newInputStream != null) {
                        newInputStream.close();
                    }
                    return null;
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                KeyStore keyStore = KeyStore.getInstance(trustStoreType);
                keyStore.load(newInputStream, truststorePassword != null ? truststorePassword.toCharArray() : null);
                trustManagerFactory.init(keyStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                if (newInputStream != null) {
                    newInputStream.close();
                }
                return trustManagers;
            } finally {
            }
        } catch (Exception e) {
            logger.log(Level.WARNING, "Default trust managers cannot be initialized: " + e.getMessage(), (Throwable) e);
            return null;
        }
    }

    private static InputStream getResourceAsStream(String str) {
        ResourceManager resourceManager;
        InputStream resourceAsStream = ClassLoaderUtils.getResourceAsStream(str, SSLUtils.class);
        if (resourceAsStream == null && (resourceManager = (ResourceManager) BusFactory.getThreadDefaultBus(true).getExtension(ResourceManager.class)) != null) {
            resourceAsStream = resourceManager.getResourceAsStream(str);
        }
        return resourceAsStream;
    }

    public static KeyManager[] loadKeyStore(KeyManagerFactory keyManagerFactory, KeyStore keyStore, InputStream inputStream, String str, String str2, Logger logger) {
        KeyManager[] keyManagerArr = null;
        try {
            keyStore.load(inputStream, str2.toCharArray());
            keyManagerFactory.init(keyStore, str2.toCharArray());
            keyManagerArr = keyManagerFactory.getKeyManagers();
            LogUtils.log(logger, Level.FINE, "LOADED_KEYSTORE", str);
        } catch (Exception e) {
            LogUtils.log(logger, Level.WARNING, "FAILED_TO_LOAD_KEYSTORE", new Object[]{str, e.getMessage()});
        }
        return keyManagerArr;
    }

    protected static byte[] loadFile(String str) throws IOException {
        if (str == null) {
            return null;
        }
        return Files.readAllBytes(FileSystems.getDefault().getPath(str, new String[0]));
    }

    public static String getKeystore(String str, Logger logger) {
        String str2;
        if (str != null) {
            str2 = "KEY_STORE_SET";
        } else {
            str = SystemPropertyAction.getProperty("javax.net.ssl.keyStore");
            if (str != null) {
                str2 = "KEY_STORE_SYSTEM_PROPERTY_SET";
            } else {
                str = SystemPropertyAction.getProperty("user.home") + "/.keystore";
                str2 = "KEY_STORE_NOT_SET";
            }
        }
        LogUtils.log(logger, Level.FINE, str2, str);
        return str;
    }

    public static String getKeystoreType(String str, Logger logger) {
        return getKeystoreType(str, logger, SSL.DEFAULT_KEYSTORE_TYPE);
    }

    public static String getKeystoreType(String str, Logger logger, String str2) {
        String str3;
        if (str != null) {
            str3 = "KEY_STORE_TYPE_SET";
        } else {
            str = SystemPropertyAction.getProperty("javax.net.ssl.keyStoreType", null);
            if (str == null) {
                str = str2;
                str3 = "KEY_STORE_TYPE_NOT_SET";
            } else {
                str3 = "KEY_STORE_TYPE_SYSTEM_SET";
            }
        }
        LogUtils.log(logger, Level.FINE, str3, str);
        return str;
    }

    public static String getKeystoreProvider(String str, Logger logger) {
        String str2;
        if (str != null) {
            str2 = "KEY_STORE_PROVIDER_SET";
        } else {
            str = SystemPropertyAction.getProperty("javax.net.ssl.keyStoreProvider", null);
            str2 = str == null ? "KEY_STORE_PROVIDER_NOT_SET" : "KEY_STORE_PROVIDER_SYSTEM_SET";
        }
        LogUtils.log(logger, Level.FINE, str2, str);
        return str;
    }

    public static String getKeystorePassword(String str, Logger logger) {
        String str2;
        if (str != null) {
            str2 = "KEY_STORE_PASSWORD_SET";
        } else {
            str = SystemPropertyAction.getProperty("javax.net.ssl.keyStorePassword");
            str2 = str != null ? "KEY_STORE_PASSWORD_SYSTEM_PROPERTY_SET" : "KEY_STORE_PASSWORD_NOT_SET";
        }
        LogUtils.log(logger, Level.FINE, str2);
        return str;
    }

    public static String getKeyPassword(String str, Logger logger) {
        String str2;
        if (str != null) {
            str2 = "KEY_PASSWORD_SET";
        } else {
            str = SystemPropertyAction.getProperty("javax.net.ssl.keyPassword");
            if (str == null) {
                str = SystemPropertyAction.getProperty("javax.net.ssl.keyStorePassword");
            }
            str2 = str != null ? "KEY_PASSWORD_SYSTEM_PROPERTY_SET" : "KEY_PASSWORD_NOT_SET";
        }
        LogUtils.log(logger, Level.FINE, str2);
        return str;
    }

    public static String getKeystoreAlgorithm(String str, Logger logger) {
        String str2;
        if (str != null) {
            str2 = "KEY_STORE_ALGORITHM_SET";
        } else {
            str = KeyManagerFactory.getDefaultAlgorithm();
            str2 = "KEY_STORE_ALGORITHM_NOT_SET";
        }
        LogUtils.log(logger, Level.FINE, str2, str);
        return str;
    }

    public static String getTrustStoreAlgorithm(String str, Logger logger) {
        String str2;
        if (str != null) {
            str2 = "TRUST_STORE_ALGORITHM_SET";
        } else {
            str = TrustManagerFactory.getDefaultAlgorithm();
            str2 = "TRUST_STORE_ALGORITHM_NOT_SET";
        }
        LogUtils.log(logger, Level.FINE, str2, str);
        return str;
    }

    public static SSLContext getSSLContext(String str, KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sSLContext = SSLContext.getInstance(str);
        sSLContext.init(keyManagerArr, trustManagerArr, null);
        return sSLContext;
    }

    public static String[] getSupportedCipherSuites(SSLContext sSLContext) {
        return sSLContext.getSocketFactory().getSupportedCipherSuites();
    }

    public static String[] getServerSupportedCipherSuites(SSLContext sSLContext) {
        return sSLContext.getServerSocketFactory().getSupportedCipherSuites();
    }

    public static String[] getCiphersuitesToInclude(List<String> list, FiltersType filtersType, String[] strArr, String[] strArr2, Logger logger) {
        if (list != null && !list.isEmpty()) {
            return getCiphersFromList(list, logger, false);
        }
        String[] systemCiphersuites = getSystemCiphersuites(logger);
        if (systemCiphersuites != null) {
            return systemCiphersuites;
        }
        if (strArr == null || strArr.length == 0 || (filtersType != null && (filtersType.isSetInclude() || filtersType.isSetExclude()))) {
            LogUtils.log(logger, Level.FINE, "CIPHERSUITES_NOT_SET");
            return getFilteredCiphersuites(filtersType, strArr2, logger, false);
        }
        LogUtils.log(logger, Level.FINE, "CIPHERSUITES_SET", Arrays.toString(strArr));
        return strArr;
    }

    public static String[] getFilteredCiphersuites(FiltersType filtersType, String[] strArr, Logger logger, boolean z) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        if (filtersType != null) {
            compileRegexPatterns(arrayList, filtersType.getInclude(), true, logger);
            if (filtersType.isSetExclude()) {
                compileRegexPatterns(arrayList2, filtersType.getExclude(), false, logger);
            } else {
                compileRegexPatterns(arrayList2, filterDefaultExcludes(filtersType.getInclude(), DEFAULT_CIPHERSUITE_FILTERS_EXCLUDE), false, logger);
            }
        }
        ArrayList arrayList3 = new ArrayList();
        for (String str : strArr) {
            if (!matchesOneOf(str, arrayList) || matchesOneOf(str, arrayList2)) {
                LogUtils.log(logger, Level.FINE, "CIPHERSUITE_EXCLUDED", str);
                if (z) {
                    arrayList3.add(str);
                }
            } else {
                LogUtils.log(logger, Level.FINE, "CIPHERSUITE_INCLUDED", str);
                if (!z) {
                    arrayList3.add(str);
                }
            }
        }
        return getCiphersFromList(arrayList3, logger, z);
    }

    private static List<String> filterDefaultExcludes(List<String> list, List<String> list2) {
        return (list == null || list.isEmpty()) ? list2 : (List) list2.stream().filter(str -> {
            return !list.stream().anyMatch(str -> {
                return str.matches(str);
            });
        }).collect(Collectors.toList());
    }

    private static String[] getSystemCiphersuites(Logger logger) {
        String property = System.getProperty(HTTPS_CIPHER_SUITES);
        if (property == null || property.isEmpty()) {
            return null;
        }
        LogUtils.log(logger, Level.FINE, "CIPHERSUITES_SYSTEM_PROPERTY_SET", property);
        return property.split(",");
    }

    private static void compileRegexPatterns(List<Pattern> list, List<String> list2, boolean z, Logger logger) {
        if (list2 != null) {
            String str = z ? "CIPHERSUITE_INCLUDE_FILTER" : "CIPHERSUITE_EXCLUDE_FILTER";
            for (String str2 : list2) {
                LogUtils.log(logger, Level.FINE, str, str2);
                list.add(Pattern.compile(str2));
            }
        }
    }

    private static boolean matchesOneOf(String str, List<Pattern> list) {
        boolean z = false;
        if (list != null) {
            Iterator<Pattern> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (it.next().matcher(str).matches()) {
                    z = true;
                    break;
                }
            }
        }
        return z;
    }

    private static String[] getCiphersFromList(List<String> list, Logger logger, boolean z) {
        String[] strArr = (String[]) list.toArray(new String[0]);
        if (logger.isLoggable(Level.FINE)) {
            LogUtils.log(logger, Level.FINE, z ? "CIPHERSUITES_EXCLUDED" : "CIPHERSUITES_SET", String.join(", ", strArr));
        }
        return strArr;
    }

    public static String getTruststore(String str, Logger logger) {
        String str2;
        if (str != null) {
            str2 = "TRUST_STORE_SET";
        } else {
            str = SystemPropertyAction.getProperty("javax.net.ssl.trustStore");
            str2 = str != null ? "TRUST_STORE_SYSTEM_PROPERTY_SET" : "TRUST_STORE_NOT_SET";
        }
        LogUtils.log(logger, Level.FINE, str2, str);
        return str;
    }

    public static String getTrustStoreType(String str, Logger logger) {
        return getTrustStoreType(str, logger, SSL.DEFAULT_KEYSTORE_TYPE);
    }

    public static String getTrustStoreType(String str, Logger logger, String str2) {
        String str3;
        if (str != null) {
            str3 = "TRUST_STORE_TYPE_SET";
        } else {
            str = SystemPropertyAction.getProperty("javax.net.ssl.trustStoreType");
            if (str == null) {
                str = str2;
                str3 = "TRUST_STORE_TYPE_NOT_SET";
            } else {
                str3 = "TRUST_STORE_TYPE_SYSTEM_SET";
            }
        }
        LogUtils.log(logger, Level.FINE, str3, str);
        return str;
    }

    public static String getTruststorePassword(String str, Logger logger) {
        String str2;
        if (str != null) {
            str2 = "TRUST_STORE_PASSWORD_SET";
        } else {
            str = SystemPropertyAction.getProperty("javax.net.ssl.trustStorePassword");
            str2 = str != null ? "TRUST_STORE_PASSWORD_SYSTEM_PROPERTY_SET" : "TRUST_STORE_PASSWORD_NOT_SET";
        }
        LogUtils.log(logger, Level.FINE, str2);
        return str;
    }

    public static String getTruststoreProvider(String str, Logger logger) {
        String str2;
        if (str != null) {
            str2 = "TRUST_STORE_PROVIDER_SET";
        } else {
            str = SystemPropertyAction.getProperty("javax.net.ssl.trustStoreProvider", null);
            str2 = str == null ? "TRUST_STORE_PROVIDER_NOT_SET" : "TRUST_STORE_PROVIDER_SYSTEM_SET";
        }
        LogUtils.log(logger, Level.FINE, str2, str);
        return str;
    }
}
