package org.opends.server.tools;

import com.forgerock.opendj.cli.ConnectionFactoryProvider;
import com.forgerock.opendj.util.StaticUtils;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.SSLContextBuilder;
import org.forgerock.opendj.ldap.TrustManagers;
import org.glassfish.grizzly.ssl.SSLContextConfigurator;
import org.opends.messages.ToolMessages;
import org.opends.server.extensions.BlindTrustManagerProvider;
import org.opends.server.util.CollectionUtils;
import org.opends.server.util.ExpirationCheckTrustManager;
import org.opends.server.util.SelectableCertificateKeyManager;

/* loaded from: input_file:org/opends/server/tools/SSLConnectionFactory.class */
public class SSLConnectionFactory {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private static final String[] TLS_PROTOCOLS;
    private SSLSocketFactory sslSocketFactory;

    public void init(boolean z, String str, String str2, String str3, String str4, String str5) throws SSLConnectionException {
        TrustManager[] trustManagerArr;
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            KeyManager[] keyManagerArr = null;
            if (z) {
                trustManagerArr = new BlindTrustManagerProvider().getTrustManagers();
            } else if (str4 == null) {
                trustManagerArr = StaticUtils.isFips() ? new TrustManager[]{TrustManagers.checkUsingPkcs11TrustStore()} : PromptTrustManager.getTrustManagers();
            } else {
                TrustManager[] trustManagers = getTrustManagers(KeyStore.getDefaultType(), null, str4, str5);
                trustManagerArr = new TrustManager[trustManagers.length];
                if (StaticUtils.isFips()) {
                    trustManagerArr = trustManagers;
                } else {
                    for (int i = 0; i < trustManagerArr.length; i++) {
                        trustManagerArr[i] = new ExpirationCheckTrustManager((X509TrustManager) trustManagers[i]);
                    }
                }
            }
            if (str != null) {
                keyManagerArr = getKeyManagers(KeyStore.getDefaultType(), null, str, str2);
                if (str3 != null) {
                    keyManagerArr = SelectableCertificateKeyManager.wrap(keyManagerArr, CollectionUtils.newTreeSet(str3));
                }
            }
            sSLContext.init(keyManagerArr, trustManagerArr, new SecureRandom());
            this.sslSocketFactory = sSLContext.getSocketFactory();
        } catch (Exception e) {
            throw new SSLConnectionException(ToolMessages.ERR_TOOLS_CANNOT_CREATE_SSL_CONNECTION.get(e.getMessage()), e);
        }
    }

    public Socket createSocket(String str, int i) throws SSLConnectionException, IOException {
        if (this.sslSocketFactory == null) {
            throw new SSLConnectionException(ToolMessages.ERR_TOOLS_SSL_CONNECTION_NOT_INITIALIZED.get());
        }
        return socketWithEnabledProtocols(this.sslSocketFactory.createSocket(str, i));
    }

    private Socket socketWithEnabledProtocols(Socket socket) {
        SSLSocket sSLSocket = (SSLSocket) socket;
        sSLSocket.setEnabledProtocols(TLS_PROTOCOLS);
        return sSLSocket;
    }

    public Socket createSocket(InetAddress inetAddress, int i) throws SSLConnectionException, IOException {
        if (this.sslSocketFactory == null) {
            throw new SSLConnectionException(ToolMessages.ERR_TOOLS_SSL_CONNECTION_NOT_INITIALIZED.get());
        }
        return socketWithEnabledProtocols(this.sslSocketFactory.createSocket(inetAddress, i));
    }

    public Socket createSocket(Socket socket, String str, int i, boolean z) throws SSLConnectionException, IOException {
        if (this.sslSocketFactory == null) {
            throw new SSLConnectionException(ToolMessages.ERR_TOOLS_SSL_CONNECTION_NOT_INITIALIZED.get());
        }
        return socketWithEnabledProtocols(this.sslSocketFactory.createSocket(socket, str, i, z));
    }

    private KeyManager[] getKeyManagers(String str, Provider provider, String str2, String str3) throws KeyStoreException, SSLConnectionException {
        if (str2 == null) {
            str2 = getKeyStore();
        }
        if (str3 == null) {
            str3 = getKeyStorePIN();
        }
        KeyStore keyStore = provider != null ? KeyStore.getInstance(str, provider) : KeyStore.getInstance(str);
        char[] cArr = null;
        if (str3 != null) {
            cArr = str3.toCharArray();
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(str2);
            keyStore.load(fileInputStream, cArr);
            fileInputStream.close();
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, cArr);
                return keyManagerFactory.getKeyManagers();
            } catch (Exception e) {
                logger.traceException(e);
                throw new SSLConnectionException(ToolMessages.ERR_TOOLS_CANNOT_INIT_KEYMANAGER.get(str2), e);
            }
        } catch (Exception e2) {
            logger.traceException(e2);
            throw new SSLConnectionException(ToolMessages.ERR_TOOLS_CANNOT_LOAD_KEYSTORE_FILE.get(str2), e2);
        }
    }

    private TrustManager[] getTrustManagers(String str, Provider provider, String str2, String str3) throws KeyStoreException, SSLConnectionException {
        if (str2 == null) {
            str2 = getTrustStore();
            if (str2 == null) {
                return null;
            }
        }
        if (str3 == null) {
            str3 = getTrustStorePIN();
        }
        KeyStore keyStore = provider != null ? KeyStore.getInstance(str, provider) : KeyStore.getInstance(str);
        char[] cArr = null;
        if (str3 != null) {
            cArr = str3.toCharArray();
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(str2);
            keyStore.load(fileInputStream, cArr);
            fileInputStream.close();
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                return trustManagerFactory.getTrustManagers();
            } catch (Exception e) {
                logger.traceException(e);
                throw new SSLConnectionException(ToolMessages.ERR_TOOLS_CANNOT_INIT_TRUSTMANAGER.get(str2), e);
            }
        } catch (Exception e2) {
            logger.traceException(e2);
            throw new SSLConnectionException(ToolMessages.ERR_TOOLS_CANNOT_LOAD_TRUSTSTORE_FILE.get(str2), e2);
        }
    }

    private String getKeyStorePIN() {
        return System.getProperty(SSLContextConfigurator.KEY_STORE_PASSWORD);
    }

    private String getTrustStorePIN() {
        return System.getProperty(SSLContextConfigurator.TRUST_STORE_PASSWORD);
    }

    private String getKeyStore() {
        return System.getProperty(SSLContextConfigurator.KEY_STORE_FILE);
    }

    private String getTrustStore() {
        return System.getProperty(SSLContextConfigurator.TRUST_STORE_FILE);
    }

    static {
        List<String> asList;
        try {
            asList = ConnectionFactoryProvider.getDefaultProtocols();
        } catch (NoSuchAlgorithmException e) {
            logger.trace("Unable to retrieve default TLS protocols of the JVM, defaulting to TLSv1", e);
            asList = Arrays.asList(SSLContextBuilder.PROTOCOL_TLS1);
        }
        TLS_PROTOCOLS = (String[]) asList.toArray(new String[asList.size()]);
    }
}
