package com.tangosol.internal.net.ssl;

import com.oracle.coherence.common.net.SSLSocketProvider;
import com.oracle.coherence.common.net.SocketProvider;
import com.tangosol.coherence.config.ParameterMacroExpressionParser;
import com.tangosol.coherence.config.xml.OperationalConfigNamespaceHandler;
import com.tangosol.coherence.config.xml.processor.PasswordProviderBuilderProcessor;
import com.tangosol.coherence.http.AbstractGenericHttpServer;
import com.tangosol.config.xml.DefaultProcessingContext;
import com.tangosol.config.xml.DocumentProcessor;
import com.tangosol.internal.net.LegacyXmlSocketProviderFactoryDependencies;
import com.tangosol.net.DatagramTest;
import com.tangosol.net.SocketProviderFactory;
import com.tangosol.run.xml.XmlElement;
import com.tangosol.run.xml.XmlHelper;
import com.tangosol.run.xml.XmlValue;
import com.tangosol.util.Base;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.concurrent.Executor;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:com/tangosol/internal/net/ssl/LegacyXmlSSLSocketProviderDependencies.class */
public class LegacyXmlSSLSocketProviderDependencies extends SSLSocketProvider.DefaultDependencies {
    protected String m_sDescription;
    protected volatile boolean m_fConfigured;
    protected XmlElement m_xml;
    protected SocketProviderFactory.Dependencies m_DependenciesProviderFactory;
    public static final String XML_NAME = "ssl";
    public static final String DEFAULT_SSL_PROTOCOL = "TLS";
    public static final String DEFAULT_IDENTITY_ALGORITHM = "SunX509";
    public static final String DEFAULT_TRUST_ALGORITHM = "SunX509";
    public static final String DEFAULT_KEYSTORE_TYPE = "JKS";

    public LegacyXmlSSLSocketProviderDependencies(XmlElement xmlElement) {
        this(xmlElement, null);
    }

    public LegacyXmlSSLSocketProviderDependencies(XmlElement xmlElement, SocketProviderFactory.Dependencies dependencies) {
        this.m_sDescription = "SSLSocketProvider()";
        if (xmlElement == null) {
            throw new IllegalArgumentException("Null xml");
        }
        this.m_xml = xmlElement;
        this.m_DependenciesProviderFactory = dependencies == null ? new SocketProviderFactory.DefaultDependencies() : dependencies;
    }

    @Override // com.oracle.coherence.common.net.SSLSocketProvider.DefaultDependencies, com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
    public SocketProvider getDelegateSocketProvider() {
        ensureConfigured();
        return super.getDelegateSocketProvider();
    }

    @Override // com.oracle.coherence.common.net.SSLSocketProvider.DefaultDependencies, com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
    public SSLContext getSSLContext() {
        ensureConfigured();
        return super.getSSLContext();
    }

    @Override // com.oracle.coherence.common.net.SSLSocketProvider.DefaultDependencies, com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
    public SSLSocketProvider.ClientAuthMode getClientAuth() {
        ensureConfigured();
        return super.getClientAuth();
    }

    @Override // com.oracle.coherence.common.net.SSLSocketProvider.DefaultDependencies, com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
    public HostnameVerifier getHostnameVerifier() {
        ensureConfigured();
        return super.getHostnameVerifier();
    }

    @Override // com.oracle.coherence.common.net.SSLSocketProvider.DefaultDependencies, com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
    public String[] getEnabledCipherSuites() {
        ensureConfigured();
        return super.getEnabledCipherSuites();
    }

    @Override // com.oracle.coherence.common.net.SSLSocketProvider.DefaultDependencies, com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
    public String[] getEnabledProtocolVersions() {
        ensureConfigured();
        return super.getEnabledProtocolVersions();
    }

    @Override // com.oracle.coherence.common.net.SSLSocketProvider.DefaultDependencies, com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
    public Executor getExecutor() {
        ensureConfigured();
        return super.getExecutor();
    }

    @Override // com.oracle.coherence.common.net.SSLSocketProvider.DefaultDependencies, com.oracle.coherence.common.net.SSLSocketProvider.Dependencies
    public Logger getLogger() {
        ensureConfigured();
        return super.getLogger();
    }

    protected void ensureConfigured() {
        if (this.m_fConfigured) {
            return;
        }
        synchronized (this.m_xml) {
            applyConfig(this.m_xml);
            this.m_fConfigured = true;
        }
    }

    protected void applyConfig(XmlElement xmlElement) {
        SSLSocketProvider.ClientAuthMode valueOf;
        String str;
        StringBuffer stringBuffer = new StringBuffer();
        try {
            SSLContext sSLContext = null;
            KeyManager[] keyManagerArr = null;
            TrustManager[] trustManagerArr = null;
            String string = xmlElement.ensureElement("protocol").getString("TLS");
            XmlElement element = xmlElement.getElement(DatagramTest.COMMAND_PROVIDER);
            if (element != null) {
                String string2 = element.ensureElement("name").getString(null);
                Provider instantiateProvider = instantiateProvider(element);
                if (instantiateProvider != null) {
                    sSLContext = SSLContext.getInstance(string, instantiateProvider);
                } else if (string2 != null) {
                    sSLContext = SSLContext.getInstance(string, string2);
                }
            }
            if (sSLContext == null) {
                sSLContext = SSLContext.getInstance(string);
            }
            this.m_ctx = sSLContext;
            XmlElement element2 = xmlElement.getElement("executor");
            if (element2 != null) {
                if (XmlHelper.isInstanceConfigEmpty(element2)) {
                    this.m_executor = SSLSocketProviderDefaultDependencies.DEFAULT_EXECUTOR;
                } else {
                    this.m_executor = (Executor) XmlHelper.createInstance(element2, null, null);
                }
            }
            XmlElement element3 = xmlElement.getElement("identity-manager");
            if (element3 == null) {
                stringBuffer.append("identity=unspecified");
            } else {
                stringBuffer.append("identity=");
                String string3 = element3.ensureElement("algorithm").getString("SunX509");
                stringBuffer.append(string3);
                KeyManagerFactory keyManagerFactory = null;
                XmlElement element4 = element3.getElement(DatagramTest.COMMAND_PROVIDER);
                if (element4 != null) {
                    String string4 = element4.ensureElement("name").getString(null);
                    Provider instantiateProvider2 = instantiateProvider(element4);
                    if (instantiateProvider2 != null) {
                        keyManagerFactory = KeyManagerFactory.getInstance(string3, instantiateProvider2);
                    } else if (string4 != null) {
                        keyManagerFactory = KeyManagerFactory.getInstance(string3, string4);
                    }
                }
                if (keyManagerFactory == null) {
                    keyManagerFactory = KeyManagerFactory.getInstance(string3);
                }
                XmlElement ensureElement = element3.ensureElement("key-store");
                String string5 = element3.ensureElement("password").getString(null);
                char[] pwdFromProvider = string5 == null ? getPwdFromProvider(element3) : string5.toCharArray();
                String string6 = ensureElement.ensureElement("url").getString(null);
                String string7 = ensureElement.ensureElement("password").getString(null);
                KeyStore loadKeyStore = loadKeyStore(string6, string7 == null ? getPwdFromProvider(ensureElement) : string7.toCharArray(), ensureElement.ensureElement("type").getString("JKS"));
                if (string6 != null && string6.length() > 0) {
                    stringBuffer.append('/').append(string6);
                }
                if (string5 != null) {
                    element3.ensureElement("password").setString(null);
                }
                if (string7 != null) {
                    ensureElement.ensureElement("password").setString(null);
                }
                keyManagerFactory.init(loadKeyStore, pwdFromProvider);
                keyManagerArr = keyManagerFactory.getKeyManagers();
            }
            XmlElement element5 = xmlElement.getElement("trust-manager");
            if (element5 == null || element5.getElementList().isEmpty()) {
                stringBuffer.append(", trust=unspecified");
            } else {
                stringBuffer.append(", trust=");
                String string8 = element5.ensureElement("algorithm").getString("SunX509");
                stringBuffer.append(string8);
                TrustManagerFactory trustManagerFactory = null;
                XmlElement element6 = element5.getElement(DatagramTest.COMMAND_PROVIDER);
                if (element6 != null) {
                    String string9 = element6.ensureElement("name").getString(null);
                    Provider instantiateProvider3 = instantiateProvider(element6);
                    if (instantiateProvider3 != null) {
                        trustManagerFactory = TrustManagerFactory.getInstance(string8, instantiateProvider3);
                    } else if (string9 != null) {
                        trustManagerFactory = TrustManagerFactory.getInstance(string8, string9);
                    }
                }
                if (trustManagerFactory == null) {
                    trustManagerFactory = TrustManagerFactory.getInstance(string8);
                }
                XmlElement ensureElement2 = element5.ensureElement("key-store");
                String string10 = ensureElement2.ensureElement("url").getString(null);
                String string11 = ensureElement2.ensureElement("password").getString(null);
                KeyStore loadKeyStore2 = loadKeyStore(string10, string11 == null ? getPwdFromProvider(ensureElement2) : string11.toCharArray(), ensureElement2.ensureElement("type").getString("JKS"));
                if (string10 != null && string10.length() > 0) {
                    stringBuffer.append('/').append(string10);
                }
                if (string11 != null) {
                    ensureElement2.ensureElement("password").setString(null);
                }
                trustManagerFactory.init(loadKeyStore2);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            }
            XmlElement element7 = xmlElement.getElement("hostname-verifier");
            if (element7 != null) {
                this.m_hostnameVerifier = (HostnameVerifier) XmlHelper.createInstance(element7, null, null);
                stringBuffer.append(", hostname-verifier=enabled");
            }
            SecureRandom secureRandom = new SecureRandom();
            secureRandom.nextInt();
            sSLContext.init(keyManagerArr, trustManagerArr, secureRandom);
            XmlElement element8 = xmlElement.getElement("cipher-suites");
            if (element8 != null) {
                ArrayList arrayList = new ArrayList();
                Iterator elements = element8.getElements("name");
                while (elements.hasNext()) {
                    arrayList.add(((XmlElement) elements.next()).getValue());
                }
                XmlValue attribute = element8.getAttribute("usage");
                if (attribute != null && attribute.getString().equals("black-list")) {
                    ArrayList arrayList2 = new ArrayList(Arrays.asList(sSLContext.createSSLEngine().getEnabledCipherSuites()));
                    arrayList2.removeAll(arrayList);
                    arrayList = arrayList2;
                }
                this.m_asCipherSuitesEnabled = (String[]) arrayList.toArray(new String[arrayList.size()]);
            }
            XmlElement element9 = xmlElement.getElement("protocol-versions");
            if (element9 != null) {
                ArrayList arrayList3 = new ArrayList();
                Iterator elements2 = element9.getElements("name");
                while (elements2.hasNext()) {
                    arrayList3.add(((XmlElement) elements2.next()).getValue());
                }
                XmlValue attribute2 = element9.getAttribute("usage");
                if (attribute2 != null && attribute2.getString().equals("black-list")) {
                    ArrayList arrayList4 = new ArrayList(Arrays.asList(sSLContext.createSSLEngine().getEnabledProtocols()));
                    arrayList4.removeAll(arrayList3);
                    arrayList3 = arrayList4;
                }
                this.m_asProtocolVersionsEnabled = (String[]) arrayList3.toArray(new String[arrayList3.size()]);
            }
            XmlElement element10 = xmlElement.getElement(LegacyXmlSocketProviderFactoryDependencies.XML_PROVIDER_NAME);
            if (element10 == null) {
                this.m_DependenciesProviderFactory.getSocketProviderFactory();
                setDelegate(SocketProviderFactory.DEFAULT_SOCKET_PROVIDER);
            } else {
                setDelegate(this.m_DependenciesProviderFactory.getSocketProviderFactory().getSocketProvider(element10));
            }
            if (keyManagerArr == null && trustManagerArr == null) {
                valueOf = SSLSocketProvider.ClientAuthMode.none;
                str = AbstractGenericHttpServer.AUTH_NONE;
            } else {
                XmlElement element11 = xmlElement.getElement("client-auth");
                String string12 = element11 == null ? null : element11.getString();
                if (string12 == null) {
                    valueOf = trustManagerArr == null ? SSLSocketProvider.ClientAuthMode.none : SSLSocketProvider.ClientAuthMode.required;
                    str = (keyManagerArr == null && trustManagerArr == null) ? AbstractGenericHttpServer.AUTH_NONE : (keyManagerArr != null || trustManagerArr == null) ? (keyManagerArr == null || trustManagerArr != null) ? "two-way" : "one-way server" : "one-way client";
                } else {
                    valueOf = SSLSocketProvider.ClientAuthMode.valueOf(string12);
                    str = "client-auth " + valueOf.name();
                }
            }
            this.m_clientAuthMode = valueOf;
            this.m_sDescription = stringBuffer.insert(0, "SSLSocketProvider(auth=" + str + ", ").append(')').toString();
        } catch (IOException e) {
            throw Base.ensureRuntimeException(e);
        } catch (GeneralSecurityException e2) {
            throw new IllegalArgumentException("Invalid configuration: " + String.valueOf(xmlElement), e2);
        }
    }

    protected Provider instantiateProvider(XmlElement xmlElement) {
        if (XmlHelper.isInstanceConfigEmpty(xmlElement)) {
            return null;
        }
        return (Provider) XmlHelper.createInstance(xmlElement, null, null);
    }

    protected KeyStore loadKeyStore(String str, String str2, String str3) throws GeneralSecurityException, IOException {
        return loadKeyStore(str, (str2 == null || str2.length() == 0) ? null : str2.toCharArray(), str3);
    }

    protected KeyStore loadKeyStore(String str, char[] cArr, String str2) throws GeneralSecurityException, IOException {
        if (str == null || str.length() == 0) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance(str2);
        InputStream inputStream = null;
        try {
            inputStream = getClass().getClassLoader().getResourceAsStream(new URL(str).getFile());
            if (inputStream == null) {
                inputStream = new URL(str).openStream();
            }
            keyStore.load(inputStream, cArr);
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e) {
                }
            }
            return keyStore;
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e2) {
                }
            }
            throw th;
        }
    }

    protected char[] getPwdFromProvider(XmlElement xmlElement) {
        XmlElement ensureElement = xmlElement.ensureElement("password-provider");
        if (ensureElement == null) {
            return null;
        }
        OperationalConfigNamespaceHandler operationalConfigNamespaceHandler = new OperationalConfigNamespaceHandler();
        DefaultProcessingContext defaultProcessingContext = new DefaultProcessingContext(new DocumentProcessor.DefaultDependencies(operationalConfigNamespaceHandler).setExpressionParser(new ParameterMacroExpressionParser()), (XmlElement) null);
        defaultProcessingContext.ensureNamespaceHandler("", operationalConfigNamespaceHandler);
        return new PasswordProviderBuilderProcessor().process2(defaultProcessingContext, ensureElement).realize2(null, null, null).get();
    }

    @Override // com.oracle.coherence.common.net.SSLSocketProvider.DefaultDependencies
    public String toString() {
        return this.m_sDescription;
    }
}
