package org.opends.server.replication.protocol;

import java.io.IOException;
import java.net.Socket;
import java.util.SortedSet;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.config.server.ConfigException;
import org.opends.messages.ReplicationMessages;
import org.opends.server.core.DirectoryServer;
import org.opends.server.types.CryptoManager;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/replication/protocol/ReplSessionSecurity.class */
public final class ReplSessionSecurity {
    private static final String REPLICATION_SERVER_NAME = "Replication Server";
    private static final String REPLICATION_CLIENT_NAME = "Replication Client";
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private final boolean sslEncryption;
    private final SortedSet<String> sslCertNicknames;
    private final String[] sslProtocols;
    private final String[] sslCipherSuites;

    public ReplSessionSecurity() throws ConfigException {
        this(getCryptoManager().getSslCertNicknames(), getCryptoManager().getSslProtocols(), getCryptoManager().getSslCipherSuites(), getCryptoManager().isSslEncryption());
    }

    public ReplSessionSecurity(SortedSet<String> sortedSet, SortedSet<String> sortedSet2, SortedSet<String> sortedSet3, boolean z) throws ConfigException {
        if (sortedSet2 == null || sortedSet2.isEmpty()) {
            this.sslProtocols = null;
        } else {
            this.sslProtocols = new String[sortedSet2.size()];
            sortedSet2.toArray(this.sslProtocols);
        }
        if (sortedSet3 == null || sortedSet3.isEmpty()) {
            this.sslCipherSuites = null;
        } else {
            this.sslCipherSuites = new String[sortedSet3.size()];
            sortedSet3.toArray(this.sslCipherSuites);
        }
        this.sslEncryption = z;
        this.sslCertNicknames = sortedSet;
    }

    public Session createClientSession(Socket socket, int i) throws ConfigException, IOException {
        boolean z = false;
        SSLSocket sSLSocket = null;
        try {
            sSLSocket = (SSLSocket) getCryptoManager().getSslContext(REPLICATION_CLIENT_NAME, this.sslCertNicknames).getSocketFactory().createSocket(socket, socket.getInetAddress().getHostName(), socket.getPort(), false);
            sSLSocket.setUseClientMode(true);
            sSLSocket.setSoTimeout(i);
            if (this.sslProtocols != null) {
                sSLSocket.setEnabledProtocols(this.sslProtocols);
            }
            if (this.sslCipherSuites != null) {
                sSLSocket.setEnabledCipherSuites(this.sslCipherSuites);
            }
            sSLSocket.startHandshake();
            z = true;
            Session session = new Session(socket, sSLSocket);
            if (1 == 0) {
                StaticUtils.close(socket);
                StaticUtils.close(sSLSocket);
            }
            return session;
        } catch (Throwable th) {
            if (!z) {
                StaticUtils.close(socket);
                StaticUtils.close(sSLSocket);
            }
            throw th;
        }
    }

    private static CryptoManager getCryptoManager() {
        return DirectoryServer.getInstance().getServerContext().getCryptoManager();
    }

    public Session createServerSession(Socket socket, int i) throws ConfigException, IOException {
        boolean z = false;
        SSLSocket sSLSocket = null;
        try {
            try {
                sSLSocket = (SSLSocket) getCryptoManager().getSslContext(REPLICATION_SERVER_NAME, this.sslCertNicknames).getSocketFactory().createSocket(socket, socket.getInetAddress().getHostName(), socket.getPort(), false);
                sSLSocket.setUseClientMode(false);
                sSLSocket.setNeedClientAuth(true);
                sSLSocket.setSoTimeout(i);
                if (this.sslProtocols != null) {
                    sSLSocket.setEnabledProtocols(this.sslProtocols);
                }
                if (this.sslCipherSuites != null) {
                    sSLSocket.setEnabledCipherSuites(this.sslCipherSuites);
                }
                sSLSocket.startHandshake();
                z = true;
                Session session = new Session(socket, sSLSocket);
                if (1 == 0) {
                    StaticUtils.close(socket);
                    StaticUtils.close(sSLSocket);
                }
                return session;
            } catch (SSLException e) {
                logger.debug(ReplicationMessages.INFO_SSL_SERVER_CON_ATTEMPT_ERROR, socket.getRemoteSocketAddress(), socket.getLocalSocketAddress(), e.getLocalizedMessage());
                if (!z) {
                    StaticUtils.close(socket);
                    StaticUtils.close(sSLSocket);
                }
                return null;
            }
        } catch (Throwable th) {
            if (!z) {
                StaticUtils.close(socket);
                StaticUtils.close(sSLSocket);
            }
            throw th;
        }
    }

    public boolean isSslEncryption() {
        return this.sslEncryption;
    }

    public String toString() {
        return getClass().getSimpleName() + " " + (this.sslEncryption ? "with SSL" : "");
    }
}
