package org.glassfish.grizzly.config;

import com.sun.enterprise.admin.servermgmt.KeystoreManager;
import com.sun.jdo.spi.persistence.utility.generator.JavaClassWriterHelper;
import com.sun.xml.wss.impl.config.ConfigurationConstants;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.inject.Provider;
import javax.net.ssl.SSLContext;
import org.glassfish.grizzly.config.dom.NetworkListener;
import org.glassfish.grizzly.config.dom.Protocol;
import org.glassfish.grizzly.config.dom.Ssl;
import org.glassfish.grizzly.config.ssl.SSLImplementation;
import org.glassfish.grizzly.config.ssl.ServerSocketFactory;
import org.glassfish.grizzly.localization.LogMessages;
import org.glassfish.grizzly.ssl.SSLContextConfigurator;
import org.glassfish.grizzly.ssl.SSLEngineConfigurator;
import org.glassfish.hk2.api.ServiceHandle;
import org.glassfish.hk2.api.ServiceLocator;

/* loaded from: input_file:org/glassfish/grizzly/config/SSLConfigurator.class */
public class SSLConfigurator extends SSLEngineConfigurator {
    private static final String PLAIN_PASSWORD_PROVIDER_NAME = "plain";
    private static final Logger LOGGER;
    private final Ssl ssl;
    protected final Provider<SSLImplementation> sslImplementation;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/glassfish/grizzly/config/SSLConfigurator$CipherInfo.class */
    public static final class CipherInfo {
        private static final short SSL2 = 1;
        private static final short SSL3 = 2;
        private static final short TLS = 4;
        private static final String[][] OLD_CIPHER_MAPPING = {new String[]{"rsa_null_md5", "SSL_RSA_WITH_NULL_MD5"}, new String[]{"rsa_null_sha", "SSL_RSA_WITH_NULL_SHA"}, new String[]{"rsa_rc4_40_md5", "SSL_RSA_EXPORT_WITH_RC4_40_MD5"}, new String[]{"rsa_rc4_128_md5", "SSL_RSA_WITH_RC4_128_MD5"}, new String[]{"rsa_rc4_128_sha", "SSL_RSA_WITH_RC4_128_SHA"}, new String[]{"rsa_3des_sha", "SSL_RSA_WITH_3DES_EDE_CBC_SHA"}, new String[]{"fips_des_sha", "SSL_RSA_WITH_DES_CBC_SHA"}, new String[]{"rsa_des_sha", "SSL_RSA_WITH_DES_CBC_SHA"}, new String[]{"SSL_RSA_WITH_NULL_MD5", "SSL_RSA_WITH_NULL_MD5"}, new String[]{"SSL_RSA_WITH_NULL_SHA", "SSL_RSA_WITH_NULL_SHA"}};
        private static final Map<String, CipherInfo> ciphers = new HashMap();
        private static final ReadWriteLock ciphersLock = new ReentrantReadWriteLock();
        private final String configName;
        private final String cipherName;
        private final short protocolVersion;

        private CipherInfo(String str, String str2, short s) {
            this.configName = str;
            this.cipherName = str2;
            this.protocolVersion = s;
        }

        public static void updateCiphers(SSLContext sSLContext) {
            String[] defaultCipherSuites = sSLContext.getServerSocketFactory().getDefaultCipherSuites();
            ciphersLock.writeLock().lock();
            try {
                for (String str : defaultCipherSuites) {
                    ciphers.put(str, new CipherInfo(str, str, (short) 6));
                }
                ciphersLock.writeLock().unlock();
            } catch (Throwable th) {
                ciphersLock.writeLock().unlock();
                throw th;
            }
        }

        public static CipherInfo getCipherInfo(String str) {
            ciphersLock.readLock().lock();
            try {
                CipherInfo cipherInfo = ciphers.get(str);
                ciphersLock.readLock().unlock();
                return cipherInfo;
            } catch (Throwable th) {
                ciphersLock.readLock().unlock();
                throw th;
            }
        }

        public String getConfigName() {
            return this.configName;
        }

        public String getCipherName() {
            return this.cipherName;
        }

        public boolean isSSL2() {
            return (this.protocolVersion & 1) == 1;
        }

        public boolean isSSL3() {
            return (this.protocolVersion & 2) == 2;
        }

        public boolean isTLS() {
            return (this.protocolVersion & 4) == 4;
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.String[], java.lang.String[][]] */
        static {
            int length = OLD_CIPHER_MAPPING.length;
            for (int i = 0; i < length; i++) {
                String str = OLD_CIPHER_MAPPING[i][0];
                ciphers.put(str, new CipherInfo(str, OLD_CIPHER_MAPPING[i][1], (short) 6));
            }
        }
    }

    /* loaded from: input_file:org/glassfish/grizzly/config/SSLConfigurator$InternalSSLContextConfigurator.class */
    private final class InternalSSLContextConfigurator extends SSLContextConfigurator {
        public InternalSSLContextConfigurator() {
            super(false);
        }

        @Override // org.glassfish.grizzly.ssl.SSLContextConfigurator
        public SSLContext createSSLContext() {
            return SSLConfigurator.this.configureSSL();
        }

        public SSLContext createSSLContext(boolean z) {
            return SSLConfigurator.this.configureSSL();
        }

        @Override // org.glassfish.grizzly.ssl.SSLContextConfigurator
        public boolean validateConfiguration(boolean z) {
            return super.validateConfiguration(z);
        }

        @Override // org.glassfish.grizzly.ssl.SSLContextConfigurator
        public void setKeyManagerFactoryAlgorithm(String str) {
            throw new IllegalStateException("The configuration is immutable");
        }

        @Override // org.glassfish.grizzly.ssl.SSLContextConfigurator
        public void setKeyPass(String str) {
            throw new IllegalStateException("The configuration is immutable");
        }

        @Override // org.glassfish.grizzly.ssl.SSLContextConfigurator
        public void setKeyPass(char[] cArr) {
            throw new IllegalStateException("The configuration is immutable");
        }

        @Override // org.glassfish.grizzly.ssl.SSLContextConfigurator
        public void setKeyStoreFile(String str) {
            throw new IllegalStateException("The configuration is immutable");
        }

        @Override // org.glassfish.grizzly.ssl.SSLContextConfigurator
        public void setKeyStorePass(String str) {
            throw new IllegalStateException("The configuration is immutable");
        }

        @Override // org.glassfish.grizzly.ssl.SSLContextConfigurator
        public void setKeyStorePass(char[] cArr) {
            throw new IllegalStateException("The configuration is immutable");
        }

        @Override // org.glassfish.grizzly.ssl.SSLContextConfigurator
        public void setKeyStoreProvider(String str) {
            throw new IllegalStateException("The configuration is immutable");
        }

        @Override // org.glassfish.grizzly.ssl.SSLContextConfigurator
        public void setKeyStoreType(String str) {
            throw new IllegalStateException("The configuration is immutable");
        }

        @Override // org.glassfish.grizzly.ssl.SSLContextConfigurator
        public void setSecurityProtocol(String str) {
            throw new IllegalStateException("The configuration is immutable");
        }

        @Override // org.glassfish.grizzly.ssl.SSLContextConfigurator
        public void setTrustManagerFactoryAlgorithm(String str) {
            throw new IllegalStateException("The configuration is immutable");
        }

        @Override // org.glassfish.grizzly.ssl.SSLContextConfigurator
        public void setTrustStoreFile(String str) {
            throw new IllegalStateException("The configuration is immutable");
        }

        @Override // org.glassfish.grizzly.ssl.SSLContextConfigurator
        public void setTrustStorePass(String str) {
            throw new IllegalStateException("The configuration is immutable");
        }

        @Override // org.glassfish.grizzly.ssl.SSLContextConfigurator
        public void setTrustStoreProvider(String str) {
            throw new IllegalStateException("The configuration is immutable");
        }

        @Override // org.glassfish.grizzly.ssl.SSLContextConfigurator
        public void setTrustStoreType(String str) {
            throw new IllegalStateException("The configuration is immutable");
        }
    }

    public SSLConfigurator(ServiceLocator serviceLocator, Ssl ssl) {
        Provider<SSLImplementation> provider;
        this.ssl = ssl;
        final ServiceHandle serviceHandle = serviceLocator.getServiceHandle(SSLImplementation.class, ssl.getClassname(), new Annotation[0]);
        if (serviceHandle != null) {
            provider = new Provider<SSLImplementation>() { // from class: org.glassfish.grizzly.config.SSLConfigurator.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // javax.inject.Provider
                /* renamed from: get */
                public SSLImplementation get2() {
                    return (SSLImplementation) serviceHandle.getService();
                }
            };
        } else {
            final SSLImplementation lookupSSLImplementation = lookupSSLImplementation(serviceLocator, ssl);
            if (lookupSSLImplementation == null) {
                throw new IllegalStateException("Can not configure SSLImplementation");
            }
            provider = new Provider<SSLImplementation>() { // from class: org.glassfish.grizzly.config.SSLConfigurator.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // javax.inject.Provider
                /* renamed from: get */
                public SSLImplementation get2() {
                    return lookupSSLImplementation;
                }
            };
        }
        this.sslImplementation = provider;
        this.needClientAuth = isNeedClientAuth(ssl);
        this.wantClientAuth = isWantClientAuth(ssl);
        this.clientMode = false;
        this.sslContextConfiguration = new InternalSSLContextConfigurator();
    }

    public SSLImplementation getSslImplementation() {
        return this.sslImplementation.get2();
    }

    protected SSLContext configureSSL() {
        LinkedList linkedList = new LinkedList();
        try {
            SSLContext initializeSSLContext = initializeSSLContext();
            if (this.ssl != null) {
                if (Boolean.parseBoolean(this.ssl.getSsl2Enabled())) {
                    linkedList.add("SSLv2");
                }
                if (Boolean.parseBoolean(this.ssl.getSsl3Enabled())) {
                    linkedList.add("SSLv3");
                }
                if (Boolean.parseBoolean(this.ssl.getTlsEnabled())) {
                    linkedList.add("TLSv1");
                }
                if (Boolean.parseBoolean(this.ssl.getTls11Enabled())) {
                    linkedList.add("TLSv1.1");
                }
                if (Boolean.parseBoolean(this.ssl.getTls12Enabled())) {
                    linkedList.add("TLSv1.2");
                }
                if (Boolean.parseBoolean(this.ssl.getSsl3Enabled()) || Boolean.parseBoolean(this.ssl.getTlsEnabled())) {
                    linkedList.add("SSLv2Hello");
                }
                if (linkedList.isEmpty()) {
                    logEmptyWarning(this.ssl, "WEB0307: All SSL protocol variants disabled for network-listener {0}, using SSL implementation specific defaults");
                } else {
                    String[] strArr = new String[linkedList.size()];
                    linkedList.toArray(strArr);
                    this.enabledProtocols = strArr;
                }
                linkedList.clear();
                String ssl3TlsCiphers = this.ssl.getSsl3TlsCiphers();
                if (ssl3TlsCiphers != null && ssl3TlsCiphers.length() > 0) {
                    for (String str : ssl3TlsCiphers.split(",")) {
                        linkedList.add(str.trim());
                    }
                }
                String ssl2Ciphers = this.ssl.getSsl2Ciphers();
                if (ssl2Ciphers != null && ssl2Ciphers.length() > 0) {
                    for (String str2 : ssl2Ciphers.split(",")) {
                        linkedList.add(str2.trim());
                    }
                }
                String[] jSSECiphers = getJSSECiphers(linkedList);
                if (jSSECiphers == null || jSSECiphers.length == 0) {
                    logEmptyWarning(this.ssl, "WEB0308: All SSL cipher suites disabled for network-listener(s) {0}.  Using SSL implementation specific defaults");
                } else {
                    this.enabledCipherSuites = jSSECiphers;
                }
            }
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Enabled secure protocols={0} ciphers={1}", new Object[]{Arrays.toString(this.enabledProtocols), Arrays.toString(this.enabledCipherSuites)});
            }
            return initializeSSLContext;
        } catch (Exception e) {
            if (!LOGGER.isLoggable(Level.WARNING)) {
                return null;
            }
            LOGGER.log(Level.WARNING, LogMessages.WARNING_GRIZZLY_CONFIG_SSL_GENERAL_CONFIG_ERROR(), (Throwable) e);
            return null;
        }
    }

    protected SSLContext initializeSSLContext() {
        SSLContext sSLContext = null;
        try {
            ServerSocketFactory serverSocketFactory = getSslImplementation().getServerSocketFactory();
            if (this.ssl != null) {
                if (this.ssl.getCrlFile() != null) {
                    setAttribute(serverSocketFactory, "crlFile", this.ssl.getCrlFile(), null, null);
                }
                if (this.ssl.getTrustAlgorithm() != null) {
                    setAttribute(serverSocketFactory, "truststoreAlgorithm", this.ssl.getTrustAlgorithm(), null, null);
                }
                if (this.ssl.getKeyAlgorithm() != null) {
                    setAttribute(serverSocketFactory, "algorithm", this.ssl.getKeyAlgorithm(), null, null);
                }
                setAttribute(serverSocketFactory, "trustMaxCertLength", this.ssl.getTrustMaxCertLength(), null, null);
            }
            setAttribute(serverSocketFactory, "keystore", this.ssl != null ? this.ssl.getKeyStore() : null, "javax.net.ssl.keyStore", null);
            setAttribute(serverSocketFactory, "keystoreType", this.ssl != null ? this.ssl.getKeyStoreType() : null, "javax.net.ssl.keyStoreType", "JKS");
            setAttribute(serverSocketFactory, "keystorePass", this.ssl != null ? getKeyStorePassword(this.ssl) : null, "javax.net.ssl.keyStorePassword", KeystoreManager.DEFAULT_MASTER_PASSWORD);
            setAttribute(serverSocketFactory, "truststore", this.ssl != null ? this.ssl.getTrustStore() : null, "javax.net.ssl.trustStore", null);
            setAttribute(serverSocketFactory, "truststoreType", this.ssl != null ? this.ssl.getTrustStoreType() : null, "javax.net.ssl.trustStoreType", "JKS");
            setAttribute(serverSocketFactory, "truststorePass", this.ssl != null ? getTrustStorePassword(this.ssl) : null, "javax.net.ssl.trustStorePassword", KeystoreManager.DEFAULT_MASTER_PASSWORD);
            serverSocketFactory.setAttribute(ConfigurationConstants.SYMMETRIC_KEY_ALIAS_ATTRIBUTE_NAME, this.ssl != null ? this.ssl.getCertNickname() : null);
            serverSocketFactory.init();
            sSLContext = serverSocketFactory.getSSLContext();
            CipherInfo.updateCiphers(sSLContext);
        } catch (IOException e) {
            if (LOGGER.isLoggable(Level.WARNING)) {
                LOGGER.log(Level.WARNING, LogMessages.WARNING_GRIZZLY_CONFIG_SSL_GENERAL_CONFIG_ERROR(), (Throwable) e);
            }
        }
        return sSLContext;
    }

    protected void logEmptyWarning(Ssl ssl, String str) {
        StringBuilder sb = new StringBuilder();
        for (NetworkListener networkListener : ((Protocol) ssl.getParent()).findNetworkListeners()) {
            if (sb.length() != 0) {
                sb.append(JavaClassWriterHelper.paramSeparator_);
            }
            sb.append(networkListener.getName());
        }
        LOGGER.log(Level.FINE, str, sb.toString());
    }

    public boolean isAllowLazyInit() {
        return this.ssl == null || Boolean.parseBoolean(this.ssl.getAllowLazyInit());
    }

    private static void setAttribute(ServerSocketFactory serverSocketFactory, String str, String str2, String str3, String str4) {
        serverSocketFactory.setAttribute(str, str2 == null ? System.getProperty(str3, str4) : str2);
    }

    private static boolean isWantClientAuth(Ssl ssl) {
        String clientAuth = ssl.getClientAuth();
        return clientAuth != null && "want".equalsIgnoreCase(clientAuth.trim());
    }

    private static boolean isNeedClientAuth(Ssl ssl) {
        if (Boolean.parseBoolean(ssl.getClientAuthEnabled())) {
            return true;
        }
        String clientAuth = ssl.getClientAuth();
        return clientAuth != null && "need".equalsIgnoreCase(clientAuth.trim());
    }

    private static SSLImplementation lookupSSLImplementation(ServiceLocator serviceLocator, Ssl ssl) {
        try {
            String classname = ssl.getClassname();
            if (classname == null) {
                return SSLImplementation.getInstance();
            }
            SSLImplementation sSLImplementation = (SSLImplementation) Utils.newInstance(serviceLocator, SSLImplementation.class, classname, classname);
            if (sSLImplementation != null) {
                return sSLImplementation;
            }
            if (LOGGER.isLoggable(Level.WARNING)) {
                LOGGER.warning(LogMessages.WARNING_GRIZZLY_CONFIG_SSL_SSL_IMPLEMENTATION_LOAD_ERROR(classname));
            }
            return SSLImplementation.getInstance();
        } catch (Exception e) {
            if (!LOGGER.isLoggable(Level.WARNING)) {
                return null;
            }
            LOGGER.log(Level.WARNING, LogMessages.WARNING_GRIZZLY_CONFIG_SSL_GENERAL_CONFIG_ERROR(), (Throwable) e);
            return null;
        }
    }

    private static String[] getJSSECiphers(List<String> list) {
        HashSet hashSet = null;
        for (String str : list) {
            if (str.length() > 0 && str.charAt(0) != '-') {
                if (str.charAt(0) == '+') {
                    str = str.substring(1);
                }
                String jSSECipher = getJSSECipher(str);
                if (jSSECipher != null) {
                    if (hashSet == null) {
                        hashSet = new HashSet(list.size());
                    }
                    hashSet.add(jSSECipher);
                } else if (LOGGER.isLoggable(Level.WARNING)) {
                    LOGGER.warning(LogMessages.WARNING_GRIZZLY_CONFIG_SSL_UNKNOWN_CIPHER_ERROR(str));
                }
            }
        }
        if (hashSet == null) {
            return null;
        }
        return (String[]) hashSet.toArray(new String[hashSet.size()]);
    }

    private static String getJSSECipher(String str) {
        CipherInfo cipherInfo = CipherInfo.getCipherInfo(str);
        if (cipherInfo != null) {
            return cipherInfo.getCipherName();
        }
        return null;
    }

    private String getKeyStorePassword(Ssl ssl) {
        return "plain".equalsIgnoreCase(ssl.getKeyStorePasswordProvider()) ? ssl.getKeyStorePassword() : getStorePasswordCustom(ssl.getKeyStorePassword());
    }

    private String getTrustStorePassword(Ssl ssl) {
        return "plain".equalsIgnoreCase(ssl.getTrustStorePasswordProvider()) ? ssl.getTrustStorePassword() : getStorePasswordCustom(ssl.getTrustStorePassword());
    }

    private String getStorePasswordCustom(String str) {
        try {
            SecurePasswordProvider securePasswordProvider = (SecurePasswordProvider) Utils.newInstance(str);
            if ($assertionsDisabled || securePasswordProvider != null) {
                return securePasswordProvider.getPassword();
            }
            throw new AssertionError();
        } catch (Exception e) {
            if (!LOGGER.isLoggable(Level.WARNING)) {
                return null;
            }
            LOGGER.log(Level.WARNING, LogMessages.WARNING_GRIZZLY_CONFIG_SSL_SECURE_PASSWORD_INITIALIZATION_ERROR(str), (Throwable) e);
            return null;
        }
    }

    static {
        $assertionsDisabled = !SSLConfigurator.class.desiredAssertionStatus();
        LOGGER = GrizzlyConfig.logger();
    }
}
