package org.jivesoftware.openfire.spi;

import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.util.Arrays;
import java.util.Comparator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManager;
import org.apache.mina.core.filterchain.IoFilter;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.filter.ssl.SslFilter;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.jivesoftware.openfire.Connection;
import org.jivesoftware.openfire.certificate.CertificateManager;
import org.jivesoftware.openfire.keystore.OpenfireX509TrustManager;
import org.jivesoftware.openfire.trustcircle.TrustCircleManager;
import org.jivesoftware.util.ReferenceIDUtil;
import org.jivesoftware.util.SystemProperty;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jivesoftware/openfire/spi/EncryptionArtifactFactory.class */
public class EncryptionArtifactFactory {
    private final Logger Log = LoggerFactory.getLogger(EncryptionArtifactFactory.class);
    public static final SystemProperty<Class> TRUST_MANAGER_CLASS = SystemProperty.Builder.ofType(Class.class).setKey("xmpp.auth.ssl.default-trustmanager-impl").setBaseClass(TrustManager.class).setDefaultValue(OpenfireX509TrustManager.class).setDynamic(false).build();
    public static final SystemProperty<String> SSLCONTEXT_PROTOCOL = SystemProperty.Builder.ofType(String.class).setKey("xmpp.auth.ssl.context_protocol").setDefaultValue(null).setDynamic(false).build();
    private final ConnectionConfiguration configuration;
    private transient KeyManagerFactory keyManagerFactory;
    private transient SslContextFactory sslContextFactory;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/jivesoftware/openfire/spi/EncryptionArtifactFactory$SSLContextBlock.class */
    public static class SSLContextBlock {
        protected final SSLContext context;
        protected final KeyManager[] keyManagers;
        protected final TrustManager[] trustManagers;

        public SSLContextBlock(SSLContext sSLContext, KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) {
            this.context = sSLContext;
            this.keyManagers = keyManagerArr;
            this.trustManagers = trustManagerArr;
        }

        public SSLContext getContext() {
            return this.context;
        }

        public KeyManager[] getKeyManagers() {
            return this.keyManagers;
        }

        public TrustManager[] getTrustManagers() {
            return this.trustManagers;
        }
    }

    public EncryptionArtifactFactory(ConnectionConfiguration connectionConfiguration) {
        if (connectionConfiguration == null) {
            throw new IllegalArgumentException("Argument 'configuration' cannot be null");
        }
        this.configuration = connectionConfiguration;
    }

    public synchronized KeyManager[] getKeyManagers() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
        try {
            return new KeyManager[]{new ServerConnectionKeyManager(CertificateManager.getInstance())};
        } catch (Exception e) {
            this.keyManagerFactory = null;
            throw e;
        }
    }

    public synchronized TrustManager[] getTrustManagers() throws KeyStoreException, NoSuchAlgorithmException {
        Class value = TRUST_MANAGER_CLASS.getValue();
        this.Log.debug("Configured TrustManager class: {}", value.getCanonicalName());
        try {
            this.Log.debug("Attempting to instantiate '{}' using the three-argument constructor that is properietary to Openfire.", value);
            TrustManager trustManager = (TrustManager) value.getConstructor(TrustCircleManager.class, Boolean.TYPE, Boolean.TYPE).newInstance(TrustCircleManager.getInstance(), Boolean.valueOf(this.configuration.isAcceptSelfSignedCertificates()), Boolean.valueOf(this.configuration.isVerifyCertificateValidity()));
            this.Log.debug("Successfully instantiated '{}'.", value);
            return new TrustManager[]{trustManager};
        } catch (Exception e) {
            this.Log.debug("Unable to instantiate '{}' using the three-argument constructor that is properietary to Openfire. Trying to use a no-arg constructor instead...", value);
            try {
                TrustManager trustManager2 = (TrustManager) value.newInstance();
                this.Log.debug("Successfully instantiated '{}'.", value);
                return new TrustManager[]{trustManager2};
            } catch (IllegalAccessException | InstantiationException e2) {
                this.Log.warn("Unable to instantiate an instance of the configured Trust Manager implementation '{}'. Using {} instead.", new Object[]{value, OpenfireX509TrustManager.class, e2});
                return new TrustManager[]{new OpenfireX509TrustManager(TrustCircleManager.getInstance(), this.configuration.isAcceptSelfSignedCertificates(), this.configuration.isVerifyCertificateValidity())};
            }
        }
    }

    public static SSLContext getUninitializedSSLContext() throws NoSuchAlgorithmException {
        String value = SSLCONTEXT_PROTOCOL.getValue();
        return value == null ? SSLContext.getInstance((String) Arrays.stream(SSLContext.getDefault().getDefaultSSLParameters().getProtocols()).max(Comparator.naturalOrder()).orElse("TLSv1")) : SSLContext.getInstance(value);
    }

    public synchronized SSLContextBlock getSSLContext() throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
        SSLContext uninitializedSSLContext = getUninitializedSSLContext();
        KeyManager[] keyManagers = getKeyManagers();
        TrustManager[] trustManagers = getTrustManagers();
        uninitializedSSLContext.init(keyManagers, trustManagers, new SecureRandom());
        return new SSLContextBlock(uninitializedSSLContext, keyManagers, trustManagers);
    }

    private SSLEngine createSSLEngine() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        SSLContextBlock sSLContext = getSSLContext();
        SSLEngine createSSLEngine = sSLContext.getContext().createSSLEngine();
        for (TrustManager trustManager : sSLContext.getTrustManagers()) {
            if (trustManager instanceof OpenfireX509TrustManager) {
                ((OpenfireX509TrustManager) OpenfireX509TrustManager.class.cast(trustManager)).setSSLEngine(createSSLEngine);
            }
        }
        Set<String> encryptionProtocols = this.configuration.getEncryptionProtocols();
        if (!encryptionProtocols.isEmpty()) {
            createSSLEngine.setEnabledProtocols((String[]) encryptionProtocols.toArray(new String[encryptionProtocols.size()]));
        }
        Set<String> encryptionCipherSuites = this.configuration.getEncryptionCipherSuites();
        if (!encryptionCipherSuites.isEmpty()) {
            createSSLEngine.setEnabledCipherSuites((String[]) encryptionCipherSuites.toArray(new String[encryptionCipherSuites.size()]));
        }
        SSLParameters sSLParameters = createSSLEngine.getSSLParameters();
        sSLParameters.setUseCipherSuitesOrder(true);
        createSSLEngine.setSSLParameters(sSLParameters);
        return createSSLEngine;
    }

    public SSLEngine createServerModeSSLEngine() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        SSLEngine createSSLEngine = createSSLEngine();
        createSSLEngine.setUseClientMode(false);
        switch (this.configuration.getClientAuth()) {
            case needed:
                createSSLEngine.setNeedClientAuth(true);
                break;
            case wanted:
                createSSLEngine.setWantClientAuth(true);
                break;
            case disabled:
                createSSLEngine.setWantClientAuth(false);
                break;
        }
        return createSSLEngine;
    }

    public SSLEngine createClientModeSSLEngine() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        SSLEngine createSSLEngine = createSSLEngine();
        createSSLEngine.setUseClientMode(true);
        LinkedHashSet linkedHashSet = new LinkedHashSet(Arrays.asList(createSSLEngine.getEnabledProtocols()));
        linkedHashSet.remove("SSLv2Hello");
        createSSLEngine.setEnabledProtocols((String[]) linkedHashSet.toArray(new String[linkedHashSet.size()]));
        return createSSLEngine;
    }

    public synchronized SslContextFactory getSslContextFactory() {
        if (this.sslContextFactory != null) {
            return this.sslContextFactory;
        }
        this.Log.info("Creating new SslContextFactory instance");
        try {
            this.sslContextFactory = new SslContextFactory.Server();
            this.sslContextFactory.setTrustStore(this.configuration.getTrustStore().getStore());
            this.sslContextFactory.setTrustStorePassword(new String(this.configuration.getTrustStore().getConfiguration().getPassword()));
            this.sslContextFactory.setKeyStore(this.configuration.getIdentityStore().getStore());
            this.sslContextFactory.setKeyStorePassword(new String(this.configuration.getIdentityStore().getConfiguration().getPassword()));
            Set<String> encryptionProtocols = this.configuration.getEncryptionProtocols();
            if (!encryptionProtocols.isEmpty()) {
                this.sslContextFactory.setIncludeProtocols((String[]) encryptionProtocols.toArray(new String[encryptionProtocols.size()]));
            }
            Set<String> encryptionCipherSuites = this.configuration.getEncryptionCipherSuites();
            if (!encryptionCipherSuites.isEmpty()) {
                this.sslContextFactory.setIncludeCipherSuites((String[]) encryptionCipherSuites.toArray(new String[encryptionCipherSuites.size()]));
            }
            switch (this.configuration.getClientAuth()) {
                case needed:
                    this.sslContextFactory.setNeedClientAuth(true);
                    break;
                case wanted:
                    this.sslContextFactory.setNeedClientAuth(false);
                    this.sslContextFactory.setWantClientAuth(true);
                    break;
                case disabled:
                    this.sslContextFactory.setNeedClientAuth(false);
                    this.sslContextFactory.setWantClientAuth(false);
                    break;
            }
            return this.sslContextFactory;
        } catch (RuntimeException e) {
            this.sslContextFactory = null;
            throw e;
        }
    }

    public SslFilter createServerModeSslFilter() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        SSLContextBlock sSLContext = getSSLContext();
        return createSslFilter(sSLContext.getContext(), createServerModeSSLEngine());
    }

    public SslFilter createClientModeSslFilter() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        SSLContextBlock sSLContext = getSSLContext();
        return createSslFilter(sSLContext.getContext(), createClientModeSSLEngine());
    }

    private static SslFilter createSslFilter(SSLContext sSLContext, final SSLEngine sSLEngine) {
        SslFilter sslFilter = new SslFilter(sSLContext) { // from class: org.jivesoftware.openfire.spi.EncryptionArtifactFactory.1
            public void messageReceived(IoFilter.NextFilter nextFilter, IoSession ioSession, Object obj) throws SSLException {
                Connection connection = (Connection) ioSession.getAttribute("CONNECTION");
                if (connection != null) {
                    ReferenceIDUtil.setSessionReferenceId(sSLEngine.getSession(), connection.getConnectionDomain());
                }
                try {
                    try {
                        super.messageReceived(nextFilter, ioSession, obj);
                        if (connection != null) {
                            ReferenceIDUtil.removeSessionReferenceId(sSLEngine.getSession());
                        }
                    } catch (SSLException e) {
                        throw e;
                    }
                } catch (Throwable th) {
                    if (connection != null) {
                        ReferenceIDUtil.removeSessionReferenceId(sSLEngine.getSession());
                    }
                    throw th;
                }
            }
        };
        sslFilter.setUseClientMode(sSLEngine.getUseClientMode());
        sslFilter.setEnabledProtocols(sSLEngine.getEnabledProtocols());
        sslFilter.setEnabledCipherSuites(sSLEngine.getEnabledCipherSuites());
        if (sSLEngine.getNeedClientAuth()) {
            sslFilter.setNeedClientAuth(true);
        } else if (sSLEngine.getWantClientAuth()) {
            sslFilter.setWantClientAuth(true);
        }
        return sslFilter;
    }

    public static List<String> getSupportedProtocols() throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext uninitializedSSLContext = getUninitializedSSLContext();
        uninitializedSSLContext.init(null, null, null);
        return Arrays.asList(uninitializedSSLContext.createSSLEngine().getSupportedProtocols());
    }

    public static List<String> getDefaultProtocols() throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext uninitializedSSLContext = getUninitializedSSLContext();
        uninitializedSSLContext.init(null, null, null);
        return Arrays.asList(uninitializedSSLContext.createSSLEngine().getEnabledProtocols());
    }

    public static List<String> getSupportedCipherSuites() throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext uninitializedSSLContext = getUninitializedSSLContext();
        uninitializedSSLContext.init(null, null, null);
        return Arrays.asList(uninitializedSSLContext.createSSLEngine().getSupportedCipherSuites());
    }

    public static List<String> getDefaultCipherSuites() throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext uninitializedSSLContext = getUninitializedSSLContext();
        uninitializedSSLContext.init(null, null, null);
        return Arrays.asList(uninitializedSSLContext.createSSLEngine().getEnabledCipherSuites());
    }
}
