package com.oracle.coherence.common.net;

import com.oracle.coherence.common.internal.net.ssl.SSLCertUtility;
import com.oracle.coherence.common.internal.net.ssl.SSLServerSocket;
import com.oracle.coherence.common.internal.net.ssl.SSLServerSocketChannel;
import com.oracle.coherence.common.internal.net.ssl.SSLSocket;
import com.oracle.coherence.common.internal.net.ssl.SSLSocketChannel;
import com.oracle.coherence.common.internal.security.SecurityProvider;
import com.oracle.coherence.common.util.DaemonThreadFactory;
import com.tangosol.coherence.config.unit.Seconds;
import com.tangosol.internal.net.ssl.SSLContextDependencies;
import com.tangosol.net.ssl.RefreshPolicy;
import java.io.IOException;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketAddress;
import java.nio.channels.ServerSocketChannel;
import java.nio.channels.SocketChannel;
import java.security.NoSuchAlgorithmException;
import java.util.concurrent.Executor;
import java.util.concurrent.Executors;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;

/* loaded from: input_file:com/oracle/coherence/common/net/SSLSocketProvider.class */
public class SSLSocketProvider implements SocketProvider {
    protected Dependencies m_dependencies;
    private static final Logger LOGGER = Logger.getLogger(SSLSocketProvider.class.getName());
    public static final Seconds NO_REFRESH = new Seconds(0);
    private static final Executor DEFAULT_EXECUTOR = Executors.newCachedThreadPool(new DaemonThreadFactory("SSLExecutor-"));

    /* loaded from: input_file:com/oracle/coherence/common/net/SSLSocketProvider$ClientAuthMode.class */
    public enum ClientAuthMode {
        none,
        wanted,
        required
    }

    /* loaded from: input_file:com/oracle/coherence/common/net/SSLSocketProvider$DefaultDependencies.class */
    public static class DefaultDependencies implements Dependencies {
        protected SocketProvider m_delegate;
        protected SSLContext m_ctx;
        protected ClientAuthMode m_clientAuthMode;
        protected HostnameVerifier m_hostnameVerifier;
        protected String[] m_asCipherSuitesEnabled;
        protected String[] m_asProtocolVersionsEnabled;
        protected Executor m_executor;
        protected Logger m_logger;
        protected String m_sDescription;
        protected Seconds m_refreshPeriod;
        protected RefreshPolicy m_refreshPolicy;
        protected SSLContextDependencies m_sslContextDependencies;

        public DefaultDependencies() {
            this.m_delegate = TcpSocketProvider.INSTANCE;
            this.m_sDescription = "SSLSocketProvider()";
            this.m_refreshPeriod = SSLSocketProvider.NO_REFRESH;
            this.m_refreshPolicy = RefreshPolicy.Always;
        }

        public DefaultDependencies(Dependencies dependencies) {
            this.m_delegate = TcpSocketProvider.INSTANCE;
            this.m_sDescription = "SSLSocketProvider()";
            this.m_refreshPeriod = SSLSocketProvider.NO_REFRESH;
            this.m_refreshPolicy = RefreshPolicy.Always;
            if (dependencies != null) {
                this.m_delegate = dependencies.getDelegateSocketProvider();
                this.m_ctx = dependencies.getSSLContext();
                this.m_clientAuthMode = dependencies.getClientAuth();
                this.m_hostnameVerifier = dependencies.getHostnameVerifier();
                this.m_asCipherSuitesEnabled = dependencies.getEnabledCipherSuites();
                this.m_asProtocolVersionsEnabled = dependencies.getEnabledProtocolVersions();
                this.m_executor = dependencies.getExecutor();
                this.m_logger = dependencies.getLogger();
            }
        }

        public DefaultDependencies applySSLSettings(SSLSettings sSLSettings) {
            return setSSLContext(sSLSettings.getSSLContext()).setClientAuth(sSLSettings.getClientAuth()).setHostnameVerifier(sSLSettings.getHostnameVerifier()).setEnabledCipherSuites(sSLSettings.getEnabledCipherSuites()).setEnabledProtocolVersions(sSLSettings.getEnabledProtocolVersions());
        }

        @Override // com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
        public SocketProvider getDelegateSocketProvider() {
            return this.m_delegate;
        }

        public DefaultDependencies setDelegate(SocketProvider socketProvider) {
            this.m_delegate = socketProvider;
            return this;
        }

        @Override // com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
        public SSLContext getSSLContext() {
            SSLContext sSLContext = this.m_ctx;
            if (sSLContext != null) {
                return sSLContext;
            }
            try {
                return SSLContext.getDefault();
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalStateException(e);
            }
        }

        public DefaultDependencies setSSLContext(SSLContext sSLContext) {
            this.m_ctx = sSLContext;
            return this;
        }

        @Override // com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
        public SSLParameters getSSLParameters() {
            SSLParameters defaultSSLParameters = getSSLContext().getDefaultSSLParameters();
            String[] enabledCipherSuites = getEnabledCipherSuites();
            String[] enabledProtocolVersions = getEnabledProtocolVersions();
            if (enabledCipherSuites != null) {
                defaultSSLParameters.setCipherSuites(enabledCipherSuites);
            }
            if (enabledProtocolVersions != null) {
                defaultSSLParameters.setProtocols(enabledProtocolVersions);
            }
            switch (getClientAuth()) {
                case none:
                default:
                    defaultSSLParameters.setWantClientAuth(false);
                    defaultSSLParameters.setNeedClientAuth(false);
                    break;
                case wanted:
                    defaultSSLParameters.setNeedClientAuth(false);
                    defaultSSLParameters.setWantClientAuth(true);
                    break;
                case required:
                    defaultSSLParameters.setWantClientAuth(true);
                    defaultSSLParameters.setNeedClientAuth(true);
                    break;
            }
            return defaultSSLParameters;
        }

        @Override // com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
        public ClientAuthMode getClientAuth() {
            return this.m_clientAuthMode;
        }

        @Override // com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
        public DefaultDependencies setClientAuth(ClientAuthMode clientAuthMode) {
            this.m_clientAuthMode = clientAuthMode;
            return this;
        }

        @Override // com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
        public HostnameVerifier getHostnameVerifier() {
            return this.m_hostnameVerifier;
        }

        public DefaultDependencies setHostnameVerifier(HostnameVerifier hostnameVerifier) {
            this.m_hostnameVerifier = hostnameVerifier;
            return this;
        }

        @Override // com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
        public Executor getExecutor() {
            Executor executor = this.m_executor;
            return executor == null ? SSLSocketProvider.DEFAULT_EXECUTOR : executor;
        }

        public DefaultDependencies setExecutor(Executor executor) {
            this.m_executor = executor;
            return this;
        }

        @Override // com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
        public String[] getEnabledCipherSuites() {
            return this.m_asCipherSuitesEnabled;
        }

        public DefaultDependencies setEnabledCipherSuites(String[] strArr) {
            this.m_asCipherSuitesEnabled = strArr;
            return this;
        }

        @Override // com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
        public String[] getEnabledProtocolVersions() {
            return this.m_asProtocolVersionsEnabled;
        }

        public DefaultDependencies setEnabledProtocolVersions(String[] strArr) {
            this.m_asProtocolVersionsEnabled = strArr;
            return this;
        }

        public DefaultDependencies setRefreshPeriod(Seconds seconds) {
            this.m_refreshPeriod = seconds == null ? SSLSocketProvider.NO_REFRESH : seconds;
            return this;
        }

        @Override // com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
        public Seconds getRefreshPeriod() {
            return this.m_refreshPeriod;
        }

        @Override // com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
        public RefreshPolicy getRefreshPolicy() {
            return this.m_refreshPolicy;
        }

        public DefaultDependencies setRefreshPolicy(RefreshPolicy refreshPolicy) {
            this.m_refreshPolicy = refreshPolicy == null ? RefreshPolicy.Always : refreshPolicy;
            return this;
        }

        @Override // com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
        public SSLContextDependencies getSSLContextDependencies() {
            return new SSLContextDependencies(this.m_sslContextDependencies, null);
        }

        public void setSSLContextDependencies(SSLContextDependencies sSLContextDependencies) {
            this.m_sslContextDependencies = sSLContextDependencies;
        }

        @Override // com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
        public Logger getLogger() {
            Logger logger = this.m_logger;
            return logger == null ? SSLSocketProvider.LOGGER : logger;
        }

        public DefaultDependencies setLogger(Logger logger) {
            this.m_logger = logger;
            return this;
        }

        @Override // com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
        public DefaultDependencies setDescription(String str) {
            this.m_sDescription = str;
            return this;
        }

        public String toString() {
            if (this.m_sDescription != null && !this.m_sDescription.isEmpty()) {
                return this.m_sDescription;
            }
            StringBuilder sb = new StringBuilder();
            sb.append(getSSLContext());
            if (getHostnameVerifier() != null) {
                sb.append(", hostname-verifier=enabled");
            }
            ClientAuthMode clientAuth = getClientAuth();
            if (clientAuth != null) {
                sb.append(", client-auth=" + String.valueOf(clientAuth));
            }
            return sb.toString();
        }

        protected DefaultDependencies validate() throws IllegalArgumentException {
            ensureArgument(getDelegateSocketProvider(), "DelegateSocketProvider");
            ensureArgument(getExecutor(), "Executor");
            ensureArgument(getLogger(), "Logger");
            return this;
        }

        protected static void ensureArgument(Object obj, String str) {
            if (obj == null) {
                throw new IllegalArgumentException(str + " cannot be null");
            }
        }

        static {
            SecurityProvider.ensureRegistration();
        }
    }

    /* loaded from: input_file:com/oracle/coherence/common/net/SSLSocketProvider$Dependencies.class */
    public interface Dependencies {
        public static final String DEFAULT_SSL_PROTOCOL = "TLS";
        public static final String DEFAULT_IDENTITY_ALGORITHM = "SunX509";
        public static final String DEFAULT_TRUST_ALGORITHM = "SunX509";
        public static final String KEYSTORE_TYPE_JKS = "JKS";
        public static final String KEYSTORE_TYPE_PKCS12 = "PKCS12";
        public static final String DEFAULT_KEYSTORE_TYPE = "PKCS12";

        SocketProvider getDelegateSocketProvider();

        SSLContext getSSLContext();

        SSLParameters getSSLParameters();

        ClientAuthMode getClientAuth();

        DefaultDependencies setClientAuth(ClientAuthMode clientAuthMode);

        HostnameVerifier getHostnameVerifier();

        String[] getEnabledCipherSuites();

        String[] getEnabledProtocolVersions();

        Executor getExecutor();

        Logger getLogger();

        Dependencies setDescription(String str);

        Seconds getRefreshPeriod();

        RefreshPolicy getRefreshPolicy();

        SSLContextDependencies getSSLContextDependencies();
    }

    public SSLSocketProvider() {
        this(null);
    }

    public SSLSocketProvider(Dependencies dependencies) {
        this.m_dependencies = copyDependencies(dependencies).validate();
    }

    @Override // com.oracle.coherence.common.net.SocketProvider
    public SocketAddress resolveAddress(String str) {
        return getDependencies().getDelegateSocketProvider().resolveAddress(str);
    }

    @Override // com.oracle.coherence.common.net.SocketProvider
    public String getAddressString(Socket socket) {
        return getDependencies().getDelegateSocketProvider().getAddressString(socket);
    }

    @Override // com.oracle.coherence.common.net.SocketProvider
    public String getAddressString(ServerSocket serverSocket) {
        return getDependencies().getDelegateSocketProvider().getAddressString(serverSocket);
    }

    @Override // com.oracle.coherence.common.net.SocketProvider
    public Socket openSocket() throws IOException {
        return new SSLSocket(getDependencies().getDelegateSocketProvider().openSocket(), this);
    }

    @Override // com.oracle.coherence.common.net.SocketProvider
    public SocketChannel openSocketChannel() throws IOException {
        return new SSLSocketChannel(getDependencies().getDelegateSocketProvider().openSocketChannel(), this);
    }

    @Override // com.oracle.coherence.common.net.SocketProvider
    public ServerSocket openServerSocket() throws IOException {
        return new SSLServerSocket(getDependencies().getDelegateSocketProvider().openServerSocket(), this);
    }

    @Override // com.oracle.coherence.common.net.SocketProvider
    public ServerSocketChannel openServerSocketChannel() throws IOException {
        return new SSLServerSocketChannel(getDependencies().getDelegateSocketProvider().openServerSocketChannel(), this);
    }

    @Override // com.oracle.coherence.common.net.SocketProvider
    public SocketProvider getDelegate() {
        return getDependencies().getDelegateSocketProvider();
    }

    public String toString() {
        return "SSLSocketProvider(" + getDependencies().toString() + ")";
    }

    public void ensureSessionValidity(SSLSession sSLSession, Socket socket) throws SSLException {
        if (sSLSession == null || socket == null) {
            throw new IllegalArgumentException();
        }
        HostnameVerifier hostnameVerifier = getDependencies().getHostnameVerifier();
        if (hostnameVerifier != null && !hostnameVerifier.verify(socket.getInetAddress().getHostName(), sSLSession)) {
            throw new SSLException("Unacceptable peer: " + String.valueOf(socket));
        }
        getDependencies().getLogger().log(Level.FINE, "Established " + sSLSession.getCipherSuite() + " connection with " + String.valueOf(socket));
        if (SSLCertUtility.useSelfSigned(sSLSession)) {
            getDependencies().getLogger().log(Level.WARNING, "Using self-signed SSL certificate in production environment is not recommended.\nPlease use SSL certificate that is signed by an certificate authority.");
        }
    }

    public Dependencies getDependencies() {
        return this.m_dependencies;
    }

    protected DefaultDependencies copyDependencies(Dependencies dependencies) {
        return new DefaultDependencies(dependencies);
    }
}
