package org.jppf.ssl;

import java.io.InputStream;
import java.lang.reflect.Constructor;
import java.net.Socket;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.concurrent.Callable;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.jppf.comm.socket.SocketWrapper;
import org.jppf.jmx.JMXEnvHelper;
import org.jppf.jmx.JMXHelper;
import org.jppf.jmx.JPPFJMXProperties;
import org.jppf.serialization.ObjectSerializer;
import org.jppf.utils.JPPFConfiguration;
import org.jppf.utils.JPPFIdentifiers;
import org.jppf.utils.LoggingUtils;
import org.jppf.utils.RegexUtils;
import org.jppf.utils.StringUtils;
import org.jppf.utils.TypedProperties;
import org.jppf.utils.configuration.JPPFProperties;
import org.jppf.utils.configuration.JPPFProperty;
import org.jppf.utils.streams.StreamUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jppf/ssl/SSLHelper2.class */
public final class SSLHelper2 {
    private static Logger log = LoggerFactory.getLogger(SSLHelper2.class);
    private static boolean debugEnabled = LoggingUtils.isDebugEnabled(log);
    private final TypedProperties sslConfig;

    public SSLHelper2(TypedProperties typedProperties) {
        this.sslConfig = typedProperties;
    }

    private SSLContext getSSLContext() throws SSLConfigurationException {
        return getSSLContext("jppf.ssl");
    }

    public SSLContext getSSLContext(int i) throws SSLConfigurationException {
        boolean booleanValue = ((Boolean) this.sslConfig.get((JPPFProperty) JPPFProperties.SSL_CLIENT_DISTINCT_TRUSTSTORE)).booleanValue();
        if (debugEnabled) {
            log.debug("using {} trust store for clients, identifier = {}", booleanValue ? "distinct" : "same", JPPFIdentifiers.asString(i));
        }
        switch (i) {
            case JPPFIdentifiers.CLIENT_HEARTBEAT_CHANNEL /* 65526 */:
            case JPPFIdentifiers.CLIENT_JOB_DATA_CHANNEL /* 65530 */:
            case JPPFIdentifiers.CLIENT_CLASSLOADER_CHANNEL /* 65531 */:
                String[] strArr = new String[1];
                strArr[0] = booleanValue ? "jppf.ssl.client" : "jppf.ssl";
                return getSSLContext(strArr);
            case JPPFIdentifiers.NODE_HEARTBEAT_CHANNEL /* 65527 */:
            case JPPFIdentifiers.NODE_JOB_DATA_CHANNEL /* 65532 */:
            case JPPFIdentifiers.NODE_CLASSLOADER_CHANNEL /* 65533 */:
                return getSSLContext("jppf.ssl");
            case JPPFIdentifiers.JMX_REMOTE_CHANNEL /* 65528 */:
                return getSSLContext("jppf.ssl.client", "jppf.ssl");
            case JPPFIdentifiers.ACCEPTOR_CHANNEL /* 65529 */:
            default:
                throw new SSLConfigurationException("unknown channel identifier " + Integer.toHexString(i));
        }
    }

    private SSLContext getSSLContext(String... strArr) throws SSLConfigurationException {
        try {
            char[] password = getPassword("jppf.ssl.keystore.password");
            KeyStore store = getStore("jppf.ssl.keystore", password);
            KeyManagerFactory keyManagerFactory = null;
            if (store != null) {
                keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(store, password);
            }
            TrustManagerFactory[] trustManagerFactoryArr = new TrustManagerFactory[strArr.length];
            for (int i = 0; i < strArr.length; i++) {
                trustManagerFactoryArr[i] = getTrustManagerFactory(strArr[i]);
            }
            ArrayList arrayList = null;
            for (TrustManagerFactory trustManagerFactory : trustManagerFactoryArr) {
                if (trustManagerFactory != null) {
                    for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                        if (trustManager instanceof X509TrustManager) {
                            if (arrayList == null) {
                                arrayList = new ArrayList();
                            }
                            arrayList.add((X509TrustManager) trustManager);
                        }
                    }
                }
            }
            if (debugEnabled) {
                log.debug("tmfs={}, trustManagers={}", Arrays.asList(trustManagerFactoryArr), arrayList);
            }
            SSLContext sSLContext = SSLContext.getInstance((String) this.sslConfig.get((JPPFProperty) JPPFProperties.SSL_CONTEXT_PROTOCOL));
            sSLContext.init(keyManagerFactory == null ? null : keyManagerFactory.getKeyManagers(), arrayList == null ? null : new TrustManager[]{new CompositeX509TrustManager(arrayList)}, null);
            if (debugEnabled) {
                log.debug("initialized SSLContext = {}", sSLContext);
            }
            printSupportedParameters(sSLContext);
            return sSLContext;
        } catch (SSLConfigurationException e) {
            throw e;
        } catch (Exception e2) {
            throw new SSLConfigurationException(e2);
        }
    }

    private TrustManagerFactory getTrustManagerFactory(String str) throws SSLConfigurationException {
        try {
            KeyStore store = getStore(str + ".truststore", getPassword(str + ".truststore.password"));
            TrustManagerFactory trustManagerFactory = null;
            if (store != null) {
                trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(store);
            }
            return trustManagerFactory;
        } catch (SSLConfigurationException e) {
            throw e;
        } catch (Exception e2) {
            throw new SSLConfigurationException(e2);
        }
    }

    public SSLParameters getSSLParameters() throws Exception {
        SSLParameters defaultSSLParameters = SSLContext.getDefault().getDefaultSSLParameters();
        SSLParameters sSLParameters = new SSLParameters();
        String[] strArr = (String[]) this.sslConfig.get((JPPFProperty) JPPFProperties.SSL_CIPHER_SUITES);
        if (strArr == null || strArr.length <= 0) {
            sSLParameters.setCipherSuites(defaultSSLParameters.getCipherSuites());
        } else {
            sSLParameters.setCipherSuites(strArr);
        }
        sSLParameters.setProtocols((String[]) this.sslConfig.get((JPPFProperty) JPPFProperties.SSL_PROTOCOLS));
        String lowerCase = ((String) this.sslConfig.get((JPPFProperty) JPPFProperties.SSL_CLIENT_AUTH)).toLowerCase();
        sSLParameters.setWantClientAuth("want".equals(lowerCase));
        sSLParameters.setNeedClientAuth("need".equals(lowerCase));
        if (debugEnabled) {
            log.debug("SSL parameters: {}", dumpSSLParameters(sSLParameters));
        }
        return sSLParameters;
    }

    public SocketWrapper createSSLClientConnection(SocketWrapper socketWrapper) throws Exception {
        if (debugEnabled) {
            log.debug("creating client SSL connection from {}", socketWrapper);
        }
        SSLSocket sSLSocket = (SSLSocket) getSSLContext().getSocketFactory().createSocket(socketWrapper.getSocket(), socketWrapper.getHost(), socketWrapper.getPort(), true);
        sSLSocket.setSSLParameters(getSSLParameters());
        sSLSocket.setUseClientMode(true);
        ObjectSerializer serializer = socketWrapper.getSerializer();
        SocketWrapper socketWrapper2 = (SocketWrapper) socketWrapper.getClass().getConstructor(Socket.class).newInstance(sSLSocket);
        socketWrapper2.setSerializer(serializer);
        socketWrapper2.setHost(socketWrapper.getHost());
        socketWrapper2.setPort(socketWrapper.getPort());
        return socketWrapper2;
    }

    public void configureJMXProperties(String str, Map<String, Object> map) throws Exception {
        if (JMXHelper.JMXMP_PROTOCOL.equals(str)) {
            configureJMXMPProperties(map);
        } else {
            configureJPPFJMXProperties(map);
        }
    }

    public void configureJMXMPProperties(Map<String, Object> map) throws Exception {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        SSLSocketFactory socketFactory = getSSLContext("jppf.ssl.client", "jppf.ssl").getSocketFactory();
        linkedHashMap.put("jmx.remote.profiles", "TLS");
        linkedHashMap.put("jmx.remote.tls.socket.factory", socketFactory);
        SSLParameters sSLParameters = getSSLParameters();
        linkedHashMap.put("jmx.remote.tls.enabled.protocols", StringUtils.arrayToString(" ", null, null, sSLParameters.getProtocols()));
        linkedHashMap.put("jmx.remote.tls.enabled.cipher.suites", StringUtils.arrayToString(" ", null, null, sSLParameters.getCipherSuites()));
        linkedHashMap.put("jmx.remote.tls.need.client.authentication", "" + sSLParameters.getNeedClientAuth());
        linkedHashMap.put("jmx.remote.tls.want.client.authentication", "" + sSLParameters.getWantClientAuth());
        map.putAll(linkedHashMap);
        if (debugEnabled) {
            log.debug("JMX SSL connection properties: {}", linkedHashMap);
        }
    }

    public void configureJPPFJMXProperties(Map<String, Object> map) throws Exception {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        SSLContext sSLContext = getSSLContext("jppf.ssl.client", "jppf.ssl");
        linkedHashMap.put("jppf.ssl", true);
        linkedHashMap.put(JPPFJMXProperties.TLS_ENABLED.getName(), true);
        linkedHashMap.put(JPPFJMXProperties.TLS_CONTEXT_PROTOCOL.getName(), sSLContext.getProtocol());
        SSLParameters sSLParameters = getSSLParameters();
        linkedHashMap.put(JPPFJMXProperties.TLS_ENABLED_PROTOCOLS.getName(), StringUtils.arrayToString(" ", null, null, sSLParameters.getProtocols()));
        linkedHashMap.put(JPPFJMXProperties.TLS_ENABLED_CIPHER_SUITES.getName(), StringUtils.arrayToString(" ", null, null, sSLParameters.getCipherSuites()));
        if (sSLParameters.getNeedClientAuth()) {
            linkedHashMap.put(JPPFJMXProperties.TLS_CLIENT_AUTHENTICATION.getName(), "need");
        } else if (sSLParameters.getWantClientAuth()) {
            linkedHashMap.put(JPPFJMXProperties.TLS_CLIENT_AUTHENTICATION.getName(), "want");
        }
        convert(linkedHashMap, JPPFProperties.SSL_CLIENT_DISTINCT_TRUSTSTORE, JPPFJMXProperties.TLS_CLIENT_DISTINCT_TRUSTSTORE);
        convert(linkedHashMap, JPPFProperties.SSL_CLIENT_TRUSTSTORE_PASSWORD, JPPFJMXProperties.TLS_CLIENT_TRUSTSTORE_PASSWORD);
        convert(linkedHashMap, JPPFProperties.SSL_CLIENT_TRUSTSTORE_PASSWORD_SOURCE, JPPFJMXProperties.TLS_CLIENT_TRUSTSTORE_PASSWORD_SOURCE);
        convert(linkedHashMap, JPPFProperties.SSL_CLIENT_TRUSTSTORE_FILE, JPPFJMXProperties.TLS_CLIENT_TRUSTSTORE_FILE);
        convert(linkedHashMap, JPPFProperties.SSL_CLIENT_TRUSTSTORE_SOURCE, JPPFJMXProperties.TLS_CLIENT_TRUSTSTORE_SOURCE);
        convert(linkedHashMap, JPPFProperties.SSL_CLIENT_TRUSTSTORE_TYPE, JPPFJMXProperties.TLS_CLIENT_TRUSTSTORE_TYPE);
        convert(linkedHashMap, JPPFProperties.SSL_TRUSTSTORE_PASSWORD, JPPFJMXProperties.TLS_TRUSTSTORE_PASSWORD);
        convert(linkedHashMap, JPPFProperties.SSL_TRUSTSTORE_PASSWORD_SOURCE, JPPFJMXProperties.TLS_TRUSTSTORE_PASSWORD_SOURCE);
        convert(linkedHashMap, JPPFProperties.SSL_TRUSTSTORE_FILE, JPPFJMXProperties.TLS_TRUSTSTORE_FILE);
        convert(linkedHashMap, JPPFProperties.SSL_TRUSTSTORE_SOURCE, JPPFJMXProperties.TLS_TRUSTSTORE_SOURCE);
        convert(linkedHashMap, JPPFProperties.SSL_TRUSTSTORE_TYPE, JPPFJMXProperties.TLS_TRUSTSTORE_TYPE);
        convert(linkedHashMap, JPPFProperties.SSL_KEYSTORE_PASSWORD, JPPFJMXProperties.TLS_KEYSTORE_PASSWORD);
        convert(linkedHashMap, JPPFProperties.SSL_KEYSTORE_PASSWORD_SOURCE, JPPFJMXProperties.TLS_KEYSTORE_PASSWORD_SOURCE);
        convert(linkedHashMap, JPPFProperties.SSL_KEYSTORE_FILE, JPPFJMXProperties.TLS_KEYSTORE_FILE);
        convert(linkedHashMap, JPPFProperties.SSL_KEYSTORE_SOURCE, JPPFJMXProperties.TLS_KEYSTORE_SOURCE);
        convert(linkedHashMap, JPPFProperties.SSL_KEYSTORE_TYPE, JPPFJMXProperties.TLS_KEYSTORE_TYPE);
        map.putAll(linkedHashMap);
        if (debugEnabled) {
            log.debug("JMX SSL connection properties: {} from props={}", linkedHashMap, this.sslConfig);
        }
    }

    private void convert(Map<String, Object> map, JPPFProperty<?> jPPFProperty, JPPFProperty<String> jPPFProperty2) {
        String string = jPPFProperty.valueType() == String.class ? JMXEnvHelper.getString(jPPFProperty, null, this.sslConfig) : this.sslConfig.getString(jPPFProperty.getName());
        if (string != null) {
            map.put(jPPFProperty2.getName(), string);
        }
    }

    private static KeyStore getKeyOrTrustStore(InputStream inputStream, char[] cArr, String str) throws Exception {
        if (inputStream == null) {
            return null;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(inputStream, cArr);
            StreamUtils.close(inputStream, log);
            return keyStore;
        } catch (Throwable th) {
            StreamUtils.close(inputStream, log);
            throw th;
        }
    }

    private char[] getPassword(String str) throws Exception {
        String string = this.sslConfig.getString(str, null);
        return string != null ? string.toCharArray() : (char[]) callSource(this.sslConfig.getString(str + ".source", null));
    }

    private KeyStore getStore(String str, char[] cArr) throws Exception {
        String string = this.sslConfig.getString(str + ".type", KeyStore.getDefaultType());
        String str2 = str.contains("keystore") ? "keystore" : "truststore";
        String string2 = this.sslConfig.getString(str + ".file", null);
        if (string2 != null) {
            if (debugEnabled) {
                log.debug("getting {} of type {} from file {}", new Object[]{str2, string, string2});
            }
            return getKeyOrTrustStore(new FileStoreSource(string2).call(), cArr, string);
        }
        String string3 = this.sslConfig.getString(str + ".source", null);
        if (debugEnabled) {
            log.debug("getting {} of type {} from source {}", new Object[]{str2, string, string3});
        }
        return getKeyOrTrustStore((InputStream) callSource(string3), cArr, string);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static <E> E callSource(String str) throws Exception {
        if (str == null) {
            return null;
        }
        String[] split = RegexUtils.SPACES_PATTERN.split(str);
        Class<?> cls = Class.forName(split[0]);
        String[] strArr = null;
        if (split.length > 1) {
            strArr = new String[split.length - 1];
            System.arraycopy(split, 1, strArr, 0, strArr.length);
        }
        Constructor<?> constructor = null;
        try {
            constructor = cls.getConstructor(String[].class);
        } catch (NoSuchMethodException e) {
        }
        return (E) (constructor == null ? (Callable) cls.newInstance() : (Callable) constructor.newInstance(strArr)).call();
    }

    public static String getClientConfigId(String str) {
        TypedProperties properties = JPPFConfiguration.getProperties();
        String str2 = (str == null || "".equals(str)) ? "" : str + ".";
        String str3 = str2 + JPPFProperties.SSL_CONFIGURATION_FILE.getName();
        String string = properties.getString(str3);
        if (string == null || "".equals(string.trim())) {
            str3 = str2 + JPPFProperties.SSL_CONFIGURATION_SOURCE.getName();
            string = properties.getString(str3);
            if (string == null) {
                if (str == null || "".equals(str)) {
                    return null;
                }
                return getClientConfigId(null);
            }
        }
        return str3 + '=' + string;
    }

    public static String dumpSSLParameters(SSLParameters sSLParameters) {
        return String.format("protocols=%s, needCLientAuth=%b, wantClientAuth=%b, cipher suites=%s", StringUtils.arrayToString(sSLParameters.getProtocols()), Boolean.valueOf(sSLParameters.getNeedClientAuth()), Boolean.valueOf(sSLParameters.getWantClientAuth()), StringUtils.arrayToString(sSLParameters.getCipherSuites()));
    }

    private static void printSupportedParameters(SSLContext sSLContext) {
        SSLParameters supportedSSLParameters = sSLContext.getSupportedSSLParameters();
        if (debugEnabled) {
            log.debug("supported protocols: {}, supported cipher suites: {}", Arrays.asList(supportedSSLParameters.getProtocols()), Arrays.asList(supportedSSLParameters.getCipherSuites()));
        }
    }
}
