package org.objectweb.celtix.bus.transports.https;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.lang.reflect.Method;
import java.net.URLConnection;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.logging.Handler;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.objectweb.celtix.bus.configuration.security.SSLClientPolicy;
import org.objectweb.celtix.common.logging.LogUtils;
import org.objectweb.celtix.configuration.Configuration;

/* loaded from: input_file:org/objectweb/celtix/bus/transports/https/JettySslClientConfigurer.class */
public final class JettySslClientConfigurer {
    private static final long serialVersionUID = 1;
    private static final Logger LOG = LogUtils.getL7dLogger(JettySslClientConfigurer.class);
    private static final String DEFAUL_KEYSTORE_TYPE = "PKCS12";
    private static final String DEFAUL_TRUST_STORE_TYPE = "JKS";
    private static final String DEFAULT_SECURE_SOCKET_PROTOCOL = "TLSv1";
    private static final String CERTIFICATE_FACTORY_TYPE = "X.509";
    private static final String PKCS12_TYPE = "PKCS12";
    SSLClientPolicy sslPolicy;
    private String keyStoreLocation;
    private String keyStorePassword;
    private String keyPassword;
    private String[] cipherSuites;
    private String trustStoreLocation;
    private String keystoreKeyManagerFactoryAlgorithm;
    private String trustStoreKeyManagerFactoryAlgorithm;
    private HttpsURLConnection httpsConnection;
    private String secureSocketProtocol;
    private Configuration config;
    private String keyStoreType = "PKCS12";
    private String trustStoreType = DEFAUL_TRUST_STORE_TYPE;

    public JettySslClientConfigurer(SSLClientPolicy sSLClientPolicy, URLConnection uRLConnection, Configuration configuration) {
        this.sslPolicy = sSLClientPolicy;
        this.httpsConnection = (HttpsURLConnection) uRLConnection;
        this.config = configuration;
    }

    public void configure() {
        setupSecurityConfigurer();
        setupKeystore();
        setupKeystoreType();
        setupKeystorePassword();
        setupKeyPassword();
        setupKeystoreAlgorithm();
        setupTrustStoreAlgorithm();
        setupCiphersuites();
        setupTrustStore();
        setupTrustStoreType();
        setupSecureSocketProtocol();
        setupSessionCaching();
        setupSessionCacheKey();
        setupMaxChainLength();
        setupCertValidator();
        setupProxyHost();
        setupProxyPort();
        if (this.keyStoreType.equalsIgnoreCase("PKCS12")) {
            setupSSLContextPKCS12();
        } else {
            setupSSLContext();
        }
    }

    private boolean setupSSLContext() {
        if (this.keyStorePassword != null && this.keyPassword != null && !this.keyStorePassword.equals(this.keyPassword)) {
            LogUtils.log(LOG, Level.WARNING, "KEY_PASSWORD_NOT_SAME_KEYSTORE_PASSWORD");
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance(this.secureSocketProtocol);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.keystoreKeyManagerFactoryAlgorithm);
            KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
            DataInputStream dataInputStream = new DataInputStream(new FileInputStream(this.keyStoreLocation));
            byte[] bArr = new byte[dataInputStream.available()];
            dataInputStream.readFully(bArr);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            KeyManager[] keyManagerArr = null;
            if (this.keyStorePassword != null) {
                try {
                    keyStore.load(byteArrayInputStream, this.keyStorePassword.toCharArray());
                    keyManagerFactory.init(keyStore, this.keyStorePassword.toCharArray());
                    keyManagerArr = keyManagerFactory.getKeyManagers();
                    LogUtils.log(LOG, Level.INFO, "LOADED_KEYSTORE", new Object[]{this.keyStoreLocation});
                } catch (Exception e) {
                    LogUtils.log(LOG, Level.WARNING, "FAILED_TO_LOAD_KEYSTORE", new Object[]{this.keyStoreLocation, e.getMessage()});
                }
            }
            if (this.keyStorePassword == null && this.keyStoreLocation != null) {
                LogUtils.log(LOG, Level.WARNING, "FAILED_TO_LOAD_KEYSTORE_NULL_PASSWORD", new Object[]{this.keyStoreLocation});
            }
            TrustManager[] trustManagerArr = null;
            KeyStore keyStore2 = KeyStore.getInstance(this.trustStoreType);
            keyStore2.load(new FileInputStream(this.trustStoreLocation), null);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this.trustStoreKeyManagerFactoryAlgorithm);
            try {
                trustManagerFactory.init(keyStore2);
                trustManagerArr = trustManagerFactory.getTrustManagers();
                LogUtils.log(LOG, Level.INFO, "LOADED_TRUST_STORE", new Object[]{this.trustStoreLocation});
            } catch (Exception e2) {
                LogUtils.log(LOG, Level.WARNING, "FAILED_TO_LOAD_TRUST_STORE", new Object[]{this.trustStoreLocation, e2.getMessage()});
            }
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            this.httpsConnection.setSSLSocketFactory(new SSLSocketFactoryWrapper(sSLContext.getSocketFactory(), this.cipherSuites));
            return true;
        } catch (Exception e3) {
            LogUtils.log(LOG, Level.SEVERE, "SSL_CONTEXT_INIT_FAILURE", new Object[]{e3.getMessage()});
            return false;
        }
    }

    private boolean setupSSLContextPKCS12() {
        if (this.keyStorePassword != null && this.keyPassword != null && !this.keyStorePassword.equals(this.keyPassword)) {
            LogUtils.log(LOG, Level.WARNING, "KEY_PASSWORD_NOT_SAME_KEYSTORE_PASSWORD");
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance(this.secureSocketProtocol);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.keystoreKeyManagerFactoryAlgorithm);
            KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
            KeyManager[] keyManagerArr = null;
            byte[] loadClientCredential = loadClientCredential(this.keyStoreLocation);
            if (loadClientCredential != null && loadClientCredential.length > 0 && this.keyStorePassword != null) {
                try {
                    keyStore.load(new ByteArrayInputStream(loadClientCredential), this.keyStorePassword.toCharArray());
                    keyManagerFactory.init(keyStore, this.keyStorePassword.toCharArray());
                    keyManagerArr = keyManagerFactory.getKeyManagers();
                    LogUtils.log(LOG, Level.INFO, "LOADED_KEYSTORE", new Object[]{this.keyStoreLocation});
                } catch (Exception e) {
                    LogUtils.log(LOG, Level.WARNING, "FAILED_TO_LOAD_KEYSTORE", new Object[]{this.keyStoreLocation, e.getMessage()});
                }
            }
            if (this.keyStorePassword == null && this.keyStoreLocation != null) {
                LogUtils.log(LOG, Level.WARNING, "FAILED_TO_LOAD_KEYSTORE_NULL_PASSWORD", new Object[]{this.keyStoreLocation});
            }
            TrustManager[] trustManagerArr = new TrustManager[1];
            KeyStore keyStore2 = KeyStore.getInstance(this.trustStoreType);
            keyStore2.load(null, "".toCharArray());
            CertificateFactory certificateFactory = CertificateFactory.getInstance(CERTIFICATE_FACTORY_TYPE);
            byte[] loadCACert = loadCACert(this.trustStoreLocation);
            if (loadCACert != null) {
                try {
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(loadCACert);
                    X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                    keyStore2.setCertificateEntry(x509Certificate.getIssuerDN().toString(), x509Certificate);
                    byteArrayInputStream.close();
                } catch (Exception e2) {
                    LogUtils.log(LOG, Level.WARNING, "FAILED_TO_LOAD_TRUST_STORE", new Object[]{this.trustStoreLocation, e2.getMessage()});
                }
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this.trustStoreKeyManagerFactoryAlgorithm);
            trustManagerFactory.init(keyStore2);
            LogUtils.log(LOG, Level.INFO, "LOADED_TRUST_STORE", new Object[]{this.trustStoreLocation});
            sSLContext.init(keyManagerArr, trustManagerFactory.getTrustManagers(), null);
            this.httpsConnection.setSSLSocketFactory(new SSLSocketFactoryWrapper(sSLContext.getSocketFactory(), this.cipherSuites));
            return true;
        } catch (Exception e3) {
            LogUtils.log(LOG, Level.SEVERE, "SSL_CONTEXT_INIT_FAILURE", new Object[]{e3.getMessage()});
            return false;
        }
    }

    private static byte[] loadClientCredential(String str) throws IOException {
        if (str == null) {
            return null;
        }
        FileInputStream fileInputStream = new FileInputStream(str);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[512];
        int read = fileInputStream.read(bArr);
        while (true) {
            int i = read;
            if (i <= 0) {
                fileInputStream.close();
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, i);
            read = fileInputStream.read(bArr);
        }
    }

    private static byte[] loadCACert(String str) throws IOException {
        if (str == null) {
            return null;
        }
        FileInputStream fileInputStream = new FileInputStream(str);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[512];
        int read = fileInputStream.read(bArr);
        while (true) {
            int i = read;
            if (i <= 0) {
                fileInputStream.close();
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, i);
            read = fileInputStream.read(bArr);
        }
    }

    public void setupKeystore() {
        if (this.sslPolicy.isSetKeystore()) {
            this.keyStoreLocation = this.sslPolicy.getKeystore();
            LogUtils.log(LOG, Level.INFO, "KEY_STORE_SET", new Object[]{this.keyStoreLocation});
            return;
        }
        this.keyStoreLocation = System.getProperty("javax.net.ssl.keyStore");
        if (this.keyStoreLocation != null) {
            LogUtils.log(LOG, Level.INFO, "KEY_STORE_SYSTEM_PROPERTY_SET", new Object[]{this.keyStoreLocation});
        } else {
            this.keyStoreLocation = System.getProperty("user.home") + "/.keystore";
            LogUtils.log(LOG, Level.INFO, "KEY_STORE_NOT_SET", new Object[]{this.keyStoreLocation});
        }
    }

    public void setupKeystoreType() {
        if (!this.sslPolicy.isSetKeystoreType()) {
            LogUtils.log(LOG, Level.INFO, "KEY_STORE_TYPE_NOT_SET", new Object[]{"PKCS12"});
        } else {
            this.keyStoreType = this.sslPolicy.getKeystoreType();
            LogUtils.log(LOG, Level.INFO, "KEY_STORE_TYPE_SET", new Object[]{this.keyStoreType});
        }
    }

    public void setupKeystorePassword() {
        if (this.sslPolicy.isSetKeystorePassword()) {
            LogUtils.log(LOG, Level.INFO, "KEY_STORE_PASSWORD_SET");
            this.keyStorePassword = this.sslPolicy.getKeystorePassword();
            return;
        }
        this.keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword");
        if (this.keyStorePassword != null) {
            LogUtils.log(LOG, Level.INFO, "KEY_STORE_PASSWORD_SYSTEM_PROPERTY_SET");
        } else {
            LogUtils.log(LOG, Level.INFO, "KEY_STORE_PASSWORD_NOT_SET");
        }
    }

    public void setupKeyPassword() {
        if (this.sslPolicy.isSetKeyPassword()) {
            LogUtils.log(LOG, Level.INFO, "KEY_PASSWORD_SET");
            this.keyPassword = this.sslPolicy.getKeyPassword();
            return;
        }
        this.keyPassword = System.getProperty("javax.net.ssl.keyStorePassword");
        if (this.keyPassword != null) {
            LogUtils.log(LOG, Level.INFO, "KEY_PASSWORD_SYSTEM_PROPERTY_SET");
        } else {
            LogUtils.log(LOG, Level.INFO, "KEY_PASSWORD_NOT_SET");
        }
    }

    public void setupKeystoreAlgorithm() {
        if (this.sslPolicy.isSetKeystoreAlgorithm()) {
            this.keystoreKeyManagerFactoryAlgorithm = this.sslPolicy.getKeystoreAlgorithm();
            LogUtils.log(LOG, Level.INFO, "KEY_STORE_ALGORITHM_SET", new Object[]{this.keystoreKeyManagerFactoryAlgorithm});
        } else {
            this.keystoreKeyManagerFactoryAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
            LogUtils.log(LOG, Level.INFO, "KEY_STORE_ALGORITHM_NOT_SET", new Object[]{this.keystoreKeyManagerFactoryAlgorithm});
        }
    }

    public void setupTrustStoreAlgorithm() {
        if (this.sslPolicy.isSetKeystoreAlgorithm()) {
            this.trustStoreKeyManagerFactoryAlgorithm = this.sslPolicy.getTrustStoreAlgorithm();
            LogUtils.log(LOG, Level.INFO, "TRUST_STORE_ALGORITHM_SET", new Object[]{this.trustStoreKeyManagerFactoryAlgorithm});
        } else {
            this.trustStoreKeyManagerFactoryAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
            LogUtils.log(LOG, Level.INFO, "TRUST_STORE_ALGORITHM_NOT_SET", new Object[]{this.trustStoreKeyManagerFactoryAlgorithm});
        }
    }

    public void setupCiphersuites() {
        if (!this.sslPolicy.isSetCiphersuites()) {
            LogUtils.log(LOG, Level.INFO, "CIPHERSUITE_NOT_SET");
            return;
        }
        List ciphersuites = this.sslPolicy.getCiphersuites();
        int size = ciphersuites.size();
        this.cipherSuites = new String[size];
        String str = null;
        for (int i = 0; i < size; i++) {
            this.cipherSuites[i] = (String) ciphersuites.get(i);
            str = str == null ? this.cipherSuites[i] : str + ", " + this.cipherSuites[i];
        }
        LogUtils.log(LOG, Level.INFO, "CIPHERSUITE_SET", new Object[]{str});
    }

    public void setupTrustStore() {
        if (this.sslPolicy.isSetTrustStore()) {
            this.trustStoreLocation = this.sslPolicy.getTrustStore();
            LogUtils.log(LOG, Level.INFO, "TRUST_STORE_SET", new Object[]{this.trustStoreLocation});
            return;
        }
        this.trustStoreLocation = System.getProperty("javax.net.ssl.trustStore");
        if (this.trustStoreLocation != null) {
            LogUtils.log(LOG, Level.INFO, "TRUST_STORE_SYSTEM_PROPERTY_SET", new Object[]{this.trustStoreLocation});
        } else {
            this.trustStoreLocation = System.getProperty("java.home") + "/lib/security/cacerts";
            LogUtils.log(LOG, Level.INFO, "TRUST_STORE_NOT_SET", new Object[]{this.trustStoreLocation});
        }
    }

    public void setupTrustStoreType() {
        if (!this.sslPolicy.isSetTrustStoreType()) {
            LogUtils.log(LOG, Level.INFO, "TRUST_STORE_TYPE_NOT_SET", new Object[]{DEFAUL_TRUST_STORE_TYPE});
        } else {
            this.trustStoreType = this.sslPolicy.getTrustStoreType();
            LogUtils.log(LOG, Level.INFO, "TRUST_STORE_TYPE_SET", new Object[]{this.trustStoreType});
        }
    }

    public void setupSecureSocketProtocol() {
        if (this.sslPolicy.isSetSecureSocketProtocol()) {
            this.secureSocketProtocol = this.sslPolicy.getSecureSocketProtocol();
            LogUtils.log(LOG, Level.INFO, "SECURE_SOCKET_PROTOCOL_SET", new Object[]{this.secureSocketProtocol});
        } else {
            LogUtils.log(LOG, Level.INFO, "SECURE_SOCKET_PROTOCOL_NOT_SET");
            this.secureSocketProtocol = DEFAULT_SECURE_SOCKET_PROTOCOL;
        }
    }

    public boolean setupSessionCaching() {
        if (!this.sslPolicy.isSetSessionCaching()) {
            return true;
        }
        LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_CLIENT_POLICY_DATA", new Object[]{"SessionCaching"});
        return true;
    }

    public boolean setupSessionCacheKey() {
        if (!this.sslPolicy.isSetSessionCacheKey()) {
            return true;
        }
        LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_CLIENT_POLICY_DATA", new Object[]{"SessionCacheKey"});
        return true;
    }

    public boolean setupMaxChainLength() {
        if (!this.sslPolicy.isSetMaxChainLength()) {
            return true;
        }
        LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_CLIENT_POLICY_DATA", new Object[]{"MaxChainLength"});
        return true;
    }

    public boolean setupCertValidator() {
        if (!this.sslPolicy.isSetCertValidator()) {
            return true;
        }
        LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_CLIENT_POLICY_DATA", new Object[]{"CertValidator"});
        return true;
    }

    public boolean setupProxyHost() {
        if (!this.sslPolicy.isSetProxyHost()) {
            return true;
        }
        LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_CLIENT_POLICY_DATA", new Object[]{"ProxyHost"});
        return true;
    }

    public boolean setupProxyPort() {
        if (!this.sslPolicy.isSetProxyPort()) {
            return true;
        }
        LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_CLIENT_POLICY_DATA", new Object[]{"ProxyPort"});
        return true;
    }

    public void setupSecurityConfigurer() {
        String property = System.getProperty("celtix.security.configurer.celtix." + this.config.getId() + ".http-client");
        if (property == null || property.equals("")) {
            return;
        }
        LogUtils.log(LOG, Level.WARNING, "UNOFFICIAL_SECURITY_CONFIGURER");
        try {
            Class<?> cls = Class.forName(property);
            cls.getDeclaredMethod("configure", SSLClientPolicy.class).invoke(cls.newInstance(), this.sslPolicy);
            LogUtils.log(LOG, Level.INFO, "SUCCESS_INVOKING_SECURITY_CONFIGURER", new Object[]{property});
        } catch (Exception e) {
            LogUtils.log(LOG, Level.SEVERE, "ERROR_INVOKING_SECURITY_CONFIGURER", new Object[]{property, e.getMessage()});
        }
    }

    protected HttpsURLConnection getHttpsConnection() {
        return this.httpsConnection;
    }

    protected boolean testAllDataHasSetupMethod() {
        for (Method method : this.sslPolicy.getClass().getDeclaredMethods()) {
            String name = method.getName();
            if (name.startsWith("isSet")) {
                try {
                    getClass().getMethod("setup" + name.substring("isSet".length(), name.length()), null);
                } catch (Exception e) {
                    e.printStackTrace();
                    return false;
                }
            }
        }
        return true;
    }

    protected void addLogHandler(Handler handler) {
        LOG.addHandler(handler);
    }
}
