package com.sun.grizzly.config;

import com.sun.enterprise.admin.servermgmt.KeystoreManager;
import com.sun.grizzly.SSLConfig;
import com.sun.grizzly.config.dom.NetworkListener;
import com.sun.grizzly.config.dom.Protocol;
import com.sun.grizzly.config.dom.Ssl;
import com.sun.grizzly.util.ClassLoaderUtil;
import com.sun.grizzly.util.net.SSLImplementation;
import com.sun.grizzly.util.net.ServerSocketFactory;
import com.sun.jdo.spi.persistence.utility.generator.JavaClassWriterHelper;
import java.util.LinkedList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;

/* loaded from: input_file:com/sun/grizzly/config/SSLConfigHolder.class */
public class SSLConfigHolder {
    public static final String APP_BUFFER_ATTR_NAME = "TMP_DECODED_BUFFER";
    private static final Logger logger = GrizzlyEmbeddedHttps.logger();
    protected SSLImplementation sslImplementation;
    protected SSLContext sslContext;
    protected String[] enabledCipherSuites = null;
    protected String[] enabledProtocols = null;
    protected boolean clientMode = false;
    protected boolean needClientAuth = false;
    protected boolean wantClientAuth = false;

    public void setSSLConfig(SSLConfig sSLConfig) {
        this.sslContext = sSLConfig.createSSLContext();
    }

    public void setSSLContext(SSLContext sSLContext) {
        this.sslContext = sSLContext;
    }

    public SSLContext getSSLContext() {
        return this.sslContext;
    }

    public void setSSLImplementation(SSLImplementation sSLImplementation) {
        this.sslImplementation = sSLImplementation;
    }

    public SSLImplementation getSSLImplementation() {
        return this.sslImplementation;
    }

    public String[] getEnabledCipherSuites() {
        return this.enabledCipherSuites;
    }

    public void setEnabledCipherSuites(String[] strArr) {
        this.enabledCipherSuites = strArr;
    }

    public String[] getEnabledProtocols() {
        return this.enabledProtocols;
    }

    public void setEnabledProtocols(String[] strArr) {
        this.enabledProtocols = strArr;
    }

    public boolean isClientMode() {
        return this.clientMode;
    }

    public void setClientMode(boolean z) {
        this.clientMode = z;
    }

    public boolean isNeedClientAuth() {
        return this.needClientAuth;
    }

    public void setNeedClientAuth(boolean z) {
        this.needClientAuth = z;
    }

    public boolean isWantClientAuth() {
        return this.wantClientAuth;
    }

    public void setWantClientAuth(boolean z) {
        this.wantClientAuth = z;
    }

    public SSLEngine createSSLEngine() {
        SSLEngine createSSLEngine = this.sslContext.createSSLEngine();
        if (logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "newSSLEngine: " + createSSLEngine);
        }
        if (this.enabledCipherSuites != null) {
            createSSLEngine.setEnabledCipherSuites(this.enabledCipherSuites);
        }
        if (this.enabledProtocols != null) {
            createSSLEngine.setEnabledProtocols(this.enabledProtocols);
        }
        createSSLEngine.setUseClientMode(this.clientMode);
        createSSLEngine.setWantClientAuth(this.wantClientAuth);
        createSSLEngine.setNeedClientAuth(this.needClientAuth);
        return createSSLEngine;
    }

    public static SSLConfigHolder configureSSL(Ssl ssl) {
        SSLConfigHolder sSLConfigHolder = new SSLConfigHolder();
        if (configureSSL(ssl, sSLConfigHolder)) {
            return sSLConfigHolder;
        }
        return null;
    }

    public static boolean configureSSL(Ssl ssl, SSLConfigHolder sSLConfigHolder) {
        LinkedList linkedList = new LinkedList();
        if (ssl != null) {
            if (Boolean.parseBoolean(ssl.getClientAuthEnabled())) {
                sSLConfigHolder.setNeedClientAuth(true);
            }
            if (Boolean.parseBoolean(ssl.getSsl2Enabled())) {
                linkedList.add("SSLv2");
            }
            if (Boolean.parseBoolean(ssl.getSsl3Enabled())) {
                linkedList.add("SSLv3");
            }
            if (Boolean.parseBoolean(ssl.getTlsEnabled())) {
                linkedList.add("TLSv1");
            }
            if (Boolean.parseBoolean(ssl.getSsl3Enabled()) || Boolean.parseBoolean(ssl.getTlsEnabled())) {
                linkedList.add("SSLv2Hello");
            }
            if (linkedList.isEmpty()) {
                logEmptyWarning(ssl, "WEB0307: All SSL protocol variants disabled for network-listener {0}, using SSL implementation specific defaults");
            } else {
                String[] strArr = new String[linkedList.size()];
                linkedList.toArray(strArr);
                sSLConfigHolder.setEnabledProtocols(strArr);
            }
            String clientAuth = ssl.getClientAuth();
            if (clientAuth != null) {
                if ("want".equalsIgnoreCase(clientAuth.trim())) {
                    sSLConfigHolder.setWantClientAuth(true);
                } else if ("need".equalsIgnoreCase(clientAuth.trim())) {
                    sSLConfigHolder.setNeedClientAuth(true);
                }
            }
            if (ssl.getClassname() != null) {
                SSLImplementation sSLImplementation = (SSLImplementation) ClassLoaderUtil.load(ssl.getClassname());
                if (sSLImplementation != null) {
                    sSLConfigHolder.setSSLImplementation(sSLImplementation);
                } else {
                    logger.log(Level.WARNING, "Unable to load SSLImplementation");
                }
            }
            linkedList.clear();
            String ssl3TlsCiphers = ssl.getSsl3TlsCiphers();
            if (ssl3TlsCiphers != null && ssl3TlsCiphers.length() > 0) {
                for (String str : ssl3TlsCiphers.split(",")) {
                    linkedList.add(str.trim());
                }
            }
            String ssl2Ciphers = ssl.getSsl2Ciphers();
            if (ssl2Ciphers != null && ssl2Ciphers.length() > 0) {
                for (String str2 : ssl2Ciphers.split(",")) {
                    linkedList.add(str2.trim());
                }
            }
            if (linkedList.isEmpty()) {
                logEmptyWarning(ssl, "WEB0308: All SSL cipher suites disabled for network-listener(s) {0}.  Using SSL implementation specific defaults");
            } else {
                String[] strArr2 = new String[linkedList.size()];
                linkedList.toArray(strArr2);
                sSLConfigHolder.setEnabledCipherSuites(strArr2);
            }
        }
        try {
            initializeSSL(ssl, sSLConfigHolder);
            return true;
        } catch (Exception e) {
            logger.log(Level.WARNING, "SSL support could not be configured!", (Throwable) e);
            return false;
        }
    }

    private static void logEmptyWarning(Ssl ssl, String str) {
        StringBuilder sb = new StringBuilder();
        for (NetworkListener networkListener : ((Protocol) ssl.getParent()).findNetworkListeners()) {
            if (sb.length() != 0) {
                sb.append(JavaClassWriterHelper.paramSeparator_);
            }
            sb.append(networkListener.getName());
        }
        logger.log(Level.FINE, str, sb.toString());
    }

    private static void initializeSSL(Ssl ssl, SSLConfigHolder sSLConfigHolder) throws Exception {
        SSLImplementation sSLImplementation = SSLImplementation.getInstance();
        ServerSocketFactory serverSocketFactory = sSLImplementation.getServerSocketFactory();
        if (ssl != null) {
            if (ssl.getCrlFile() != null) {
                setAttribute(serverSocketFactory, "crlFile", ssl.getCrlFile(), null, null);
            }
            if (ssl.getTrustAlgorithm() != null) {
                setAttribute(serverSocketFactory, "trustAlgorithm", ssl.getTrustAlgorithm(), null, null);
            }
            setAttribute(serverSocketFactory, "trustMaxCertLength", ssl.getTrustMaxCertLength(), null, null);
        }
        setAttribute(serverSocketFactory, "keystore", ssl != null ? ssl.getKeyStore() : null, "javax.net.ssl.keyStore", null);
        setAttribute(serverSocketFactory, "keystoreType", ssl != null ? ssl.getKeyStoreType() : null, "javax.net.ssl.keyStoreType", "JKS");
        setAttribute(serverSocketFactory, "keystorePass", ssl != null ? ssl.getKeyStorePassword() : null, "javax.net.ssl.keyStorePassword", KeystoreManager.DEFAULT_MASTER_PASSWORD);
        setAttribute(serverSocketFactory, "truststore", ssl != null ? ssl.getTrustStore() : null, "javax.net.ssl.trustStore", null);
        setAttribute(serverSocketFactory, "truststoreType", ssl != null ? ssl.getTrustStoreType() : null, "javax.net.ssl.trustStoreType", "JKS");
        setAttribute(serverSocketFactory, "truststorePass", ssl != null ? ssl.getTrustStorePassword() : null, "javax.net.ssl.trustStorePassword", KeystoreManager.DEFAULT_MASTER_PASSWORD);
        serverSocketFactory.setAttribute("keyAlias", ssl != null ? ssl.getCertNickname() : null);
        serverSocketFactory.init();
        sSLConfigHolder.setSSLImplementation(sSLImplementation);
        sSLConfigHolder.setSSLContext(serverSocketFactory.getSSLContext());
    }

    public static boolean isAllowLazyInit(Ssl ssl) {
        return ssl == null || Boolean.parseBoolean(ssl.getAllowLazyInit());
    }

    private static void setAttribute(ServerSocketFactory serverSocketFactory, String str, String str2, String str3, String str4) {
        serverSocketFactory.setAttribute(str, str2 == null ? System.getProperty(str3, str4) : str2);
    }
}
