package org.openehealth.ipf.commons.audit;

import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLContextSpi;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import org.openehealth.ipf.commons.audit.protocol.AuditTransmissionProtocol;

/* loaded from: input_file:org/openehealth/ipf/commons/audit/CustomTlsParameters.class */
public class CustomTlsParameters implements TlsParameters {
    protected String certAlias;
    protected int sessionTimeout;
    protected boolean performDomainValidation;
    protected String clientAuthentication;
    protected String provider = "SunJSSE";
    protected String tlsProtocol = "TLSv1.2";
    protected String certificateType = "SunX509";
    protected List<String> sniHostnames = new ArrayList();
    protected String keyStoreType = System.getProperty(AuditTransmissionProtocol.JAVAX_NET_SSL_KEYSTORE_TYPE, KeyStore.getDefaultType());
    protected String trustStoreType = this.keyStoreType;
    protected String keyStoreFile = System.getProperty(AuditTransmissionProtocol.JAVAX_NET_SSL_KEYSTORE);
    protected String keyStorePassword = System.getProperty(AuditTransmissionProtocol.JAVAX_NET_SSL_KEYSTORE_PASSWORD);
    protected String trustStoreFile = System.getProperty(AuditTransmissionProtocol.JAVAX_NET_SSL_TRUSTSTORE);
    protected String trustStorePassword = System.getProperty(AuditTransmissionProtocol.JAVAX_NET_SSL_TRUSTSTORE_PASSWORD);
    protected String enabledClientCipherSuites = System.getProperty(AuditTransmissionProtocol.JAVAX_TLS_CLIENT_CIPHERSUITES);
    protected String enabledServerCipherSuites = System.getProperty(AuditTransmissionProtocol.JAVAX_TLS_SERVER_CIPHERSUITES);
    protected String enabledProtocols = System.getProperty(AuditTransmissionProtocol.JDK_TLS_CLIENT_PROTOCOLS, "TLSv1.2");

    /* loaded from: input_file:org/openehealth/ipf/commons/audit/CustomTlsParameters$AliasX509ExtendedKeyManager.class */
    private static final class AliasX509ExtendedKeyManager extends X509ExtendedKeyManager {
        private final String certAlias;
        private final X509KeyManager keyManager;

        public AliasX509ExtendedKeyManager(X509KeyManager x509KeyManager, String str) {
            this.keyManager = x509KeyManager;
            this.certAlias = str;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return this.certAlias != null ? this.certAlias : this.keyManager.chooseClientAlias(strArr, principalArr, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return this.certAlias != null ? this.certAlias : this.keyManager.chooseServerAlias(str, principalArr, socket);
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
            return this.certAlias != null ? this.certAlias : super.chooseEngineServerAlias(str, principalArr, sSLEngine);
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
            return this.certAlias != null ? this.certAlias : super.chooseEngineClientAlias(strArr, principalArr, sSLEngine);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return this.keyManager.getClientAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return this.keyManager.getServerAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.keyManager.getCertificateChain(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.keyManager.getPrivateKey(str);
        }
    }

    /* loaded from: input_file:org/openehealth/ipf/commons/audit/CustomTlsParameters$CustomSSLContext.class */
    private static final class CustomSSLContext extends SSLContext {
        CustomSSLContext(SSLContextSpiDecorator sSLContextSpiDecorator) {
            super(sSLContextSpiDecorator, sSLContextSpiDecorator.getDelegate().getProvider(), sSLContextSpiDecorator.getDelegate().getProtocol());
        }
    }

    /* loaded from: input_file:org/openehealth/ipf/commons/audit/CustomTlsParameters$SSLContextSpiDecorator.class */
    private static final class SSLContextSpiDecorator extends SSLContextSpi {
        private final SSLContext sslContext;
        private final Function<SSLEngine, SSLEngine> sslEngineConfigurer;
        private final Function<SSLSocketFactory, SSLSocketFactory> sslSocketFactoryConfigurer;

        public SSLContextSpiDecorator(SSLContext sSLContext, Function<SSLEngine, SSLEngine> function, Function<SSLSocketFactory, SSLSocketFactory> function2) {
            this.sslContext = sSLContext;
            this.sslEngineConfigurer = function;
            this.sslSocketFactoryConfigurer = function2;
        }

        SSLContext getDelegate() {
            return this.sslContext;
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws KeyManagementException {
            this.sslContext.init(keyManagerArr, trustManagerArr, secureRandom);
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected SSLSocketFactory engineGetSocketFactory() {
            return this.sslSocketFactoryConfigurer.apply(this.sslContext.getSocketFactory());
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected SSLServerSocketFactory engineGetServerSocketFactory() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected SSLEngine engineCreateSSLEngine() {
            return this.sslEngineConfigurer.apply(this.sslContext.createSSLEngine());
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected SSLEngine engineCreateSSLEngine(String str, int i) {
            return this.sslEngineConfigurer.apply(this.sslContext.createSSLEngine(str, i));
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected SSLSessionContext engineGetServerSessionContext() {
            return this.sslContext.getServerSessionContext();
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected SSLSessionContext engineGetClientSessionContext() {
            return this.sslContext.getClientSessionContext();
        }
    }

    /* loaded from: input_file:org/openehealth/ipf/commons/audit/CustomTlsParameters$SSLSocketFactoryDecorator.class */
    private static final class SSLSocketFactoryDecorator extends SSLSocketFactory {
        private final SSLSocketFactory delegate;
        private final Function<SSLSocket, SSLSocket> sslSocketConfigurer;

        public SSLSocketFactoryDecorator(SSLSocketFactory sSLSocketFactory, Function<SSLSocket, SSLSocket> function) {
            this.delegate = sSLSocketFactory;
            this.sslSocketConfigurer = function;
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getDefaultCipherSuites() {
            return this.delegate.getDefaultCipherSuites();
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getSupportedCipherSuites() {
            return this.delegate.getSupportedCipherSuites();
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket() throws IOException {
            return configureSocket(this.delegate.createSocket());
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
            return configureSocket(this.delegate.createSocket(socket, str, i, z));
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i) throws IOException {
            return configureSocket(this.delegate.createSocket(str, i));
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException {
            return configureSocket(this.delegate.createSocket(str, i, inetAddress, i2));
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
            return configureSocket(this.delegate.createSocket(inetAddress, i));
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
            return configureSocket(this.delegate.createSocket(inetAddress, i, inetAddress2, i2));
        }

        public SSLSocketFactory getDelegate() {
            return this.delegate;
        }

        private Socket configureSocket(Socket socket) {
            return this.sslSocketConfigurer.apply((SSLSocket) socket);
        }
    }

    static TlsParameters getDefault() {
        return new CustomTlsParameters();
    }

    public void setProvider(String str) {
        this.provider = str;
    }

    public void setTlsProtocol(String str) {
        this.tlsProtocol = str;
    }

    public void setKeyStoreType(String str) {
        this.keyStoreType = str;
    }

    public void setTrustStoreType(String str) {
        this.trustStoreType = str;
    }

    public void setCertificateType(String str) {
        this.certificateType = str;
    }

    public void setCertAlias(String str) {
        this.certAlias = str;
    }

    public void setKeyStoreFile(String str) {
        this.keyStoreFile = str;
    }

    public void setKeyStorePassword(String str) {
        this.keyStorePassword = str;
    }

    public void setTrustStoreFile(String str) {
        this.trustStoreFile = str;
    }

    public void setTrustStorePassword(String str) {
        this.trustStorePassword = str;
    }

    public void setEnabledClientCipherSuites(String str) {
        this.enabledClientCipherSuites = str;
    }

    public void setEnabledServerCipherSuites(String str) {
        this.enabledServerCipherSuites = str;
    }

    public void setEnabledProtocols(String str) {
        this.enabledProtocols = str;
    }

    public void setSessionTimeout(int i) {
        this.sessionTimeout = i;
    }

    public void setPerformDomainValidation(boolean z) {
        this.performDomainValidation = z;
    }

    public String getClientAuthentication() {
        return this.clientAuthentication;
    }

    public void setClientAuthentication(String str) {
        this.clientAuthentication = str;
    }

    public List<String> getSniHostnames() {
        return this.sniHostnames;
    }

    public void setSniHostnames(List<String> list) {
        this.sniHostnames = list;
    }

    private Function<SSLSocketFactory, SSLSocketFactory> sslSocketFactoryConfigurer(boolean z) {
        return sSLSocketFactory -> {
            return new SSLSocketFactoryDecorator(sSLSocketFactory, sslSocketConfigurer(z));
        };
    }

    private Function<SSLSocket, SSLSocket> sslSocketConfigurer(boolean z) {
        return sSLSocket -> {
            if (!z && this.enabledClientCipherSuites != null) {
                sSLSocket.setEnabledCipherSuites(split(this.enabledClientCipherSuites));
            }
            if (z && this.enabledServerCipherSuites != null) {
                sSLSocket.setEnabledCipherSuites(split(this.enabledServerCipherSuites));
            }
            if (this.enabledProtocols != null) {
                sSLSocket.setEnabledProtocols(split(this.enabledProtocols));
            }
            if (this.sniHostnames.isEmpty()) {
                SSLParameters sSLParameters = sSLSocket.getSSLParameters();
                sSLParameters.setServerNames((List) this.sniHostnames.stream().map(SNIHostName::new).collect(Collectors.toList()));
                sSLSocket.setSSLParameters(sSLParameters);
            }
            if (this.performDomainValidation) {
                SSLParameters sSLParameters2 = sSLSocket.getSSLParameters();
                sSLParameters2.setEndpointIdentificationAlgorithm("HTTPS");
                sSLSocket.setSSLParameters(sSLParameters2);
            }
            return sSLSocket;
        };
    }

    private Function<SSLEngine, SSLEngine> sslEngineConfigurer(boolean z) {
        return sSLEngine -> {
            if (!z && this.enabledClientCipherSuites != null) {
                sSLEngine.setEnabledCipherSuites(split(this.enabledClientCipherSuites));
            }
            if (z && this.enabledServerCipherSuites != null) {
                sSLEngine.setEnabledCipherSuites(split(this.enabledClientCipherSuites));
            }
            if (this.enabledProtocols != null) {
                sSLEngine.setEnabledProtocols(split(this.enabledProtocols));
            }
            return sSLEngine;
        };
    }

    protected String[] split(String str) {
        return str.split("\\s*,\\s*");
    }

    @Override // org.openehealth.ipf.commons.audit.TlsParameters
    public SSLContext getSSLContext(boolean z) {
        try {
            KeyStore keyStore = getKeyStore(this.keyStoreType, this.keyStoreFile, this.keyStorePassword);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.certificateType, this.provider);
            keyManagerFactory.init(keyStore, this.keyStorePassword.toCharArray());
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            if (keyManagers != null && this.certAlias != null) {
                for (int i = 0; i < keyManagers.length; i++) {
                    if (keyManagers[i] instanceof X509KeyManager) {
                        keyManagers[i] = new AliasX509ExtendedKeyManager((X509KeyManager) keyManagers[i], this.certAlias);
                    }
                }
            }
            KeyStore keyStore2 = getKeyStore(this.trustStoreType, this.trustStoreFile, this.trustStorePassword);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this.certificateType, this.provider);
            trustManagerFactory.init(keyStore2);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            SecureRandom secureRandom = new SecureRandom();
            SSLContext sSLContext = SSLContext.getInstance(this.tlsProtocol, this.provider);
            sSLContext.init(keyManagers, trustManagers, secureRandom);
            if (this.sessionTimeout > 0) {
                sSLContext.getClientSessionContext().setSessionTimeout(this.sessionTimeout);
            }
            return new CustomSSLContext(new SSLContextSpiDecorator(sSLContext, sslEngineConfigurer(z), sslSocketFactoryConfigurer(z)));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private KeyStore getKeyStore(String str, String str2, String str3) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(str);
        InputStream newInputStream = Files.newInputStream(Paths.get(str2, new String[0]), new OpenOption[0]);
        try {
            keyStore.load(newInputStream, str3.toCharArray());
            if (newInputStream != null) {
                newInputStream.close();
            }
            return keyStore;
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
