package com.urbancode.commons.util.ssl;

import com.urbancode.commons.util.logging.LogUtil;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.log4j.Logger;

/* loaded from: input_file:lib/udclient.jar:com/urbancode/commons/util/ssl/SSLConfigurator.class */
public class SSLConfigurator {
    public static final String POLICY_CLASS_PROPERTY = "SSLConfigurator.policyClass";
    private static final Logger log = Logger.getLogger((Class<?>) SSLConfigurator.class);
    SSLContext context;
    SSLSocketFactory socketFactory;
    SSLServerSocketFactory serverSocketFactory;
    SSLSocketConfig config;
    SSLConfiguratorPolicy policy;
    private String[] serverProtocols;

    private static SSLContext init(SSLContext sSLContext) throws KeyManagementException {
        sSLContext.init(null, null, null);
        return sSLContext;
    }

    public SSLConfigurator() throws IOException, NoSuchAlgorithmException, KeyManagementException {
        this(init(SSLContext.getInstance("TLS")));
    }

    public SSLConfigurator(SSLContext sSLContext) throws IOException {
        this.serverProtocols = null;
        this.context = sSLContext;
        this.config = new SSLSocketConfig() { // from class: com.urbancode.commons.util.ssl.SSLConfigurator.1
            @Override // com.urbancode.commons.util.ssl.SSLSocketConfig
            public void configure(SSLSocket sSLSocket) {
                sSLSocket.setEnabledProtocols(SSLConfigurator.this.policy.enabledProtocols(sSLSocket.getSupportedProtocols(), false));
                sSLSocket.setEnabledCipherSuites(SSLConfigurator.this.policy.enabledCipherSuites(sSLSocket.getSupportedCipherSuites()));
            }

            @Override // com.urbancode.commons.util.ssl.SSLSocketConfig
            public void configure(SSLServerSocket sSLServerSocket) {
                sSLServerSocket.setEnabledProtocols(SSLConfigurator.this.policy.enabledProtocols(sSLServerSocket.getSupportedProtocols(), true));
                sSLServerSocket.setEnabledCipherSuites(SSLConfigurator.this.policy.enabledCipherSuites(sSLServerSocket.getSupportedCipherSuites()));
            }
        };
        this.socketFactory = wrap(sSLContext.getSocketFactory());
        this.serverSocketFactory = wrap(sSLContext.getServerSocketFactory());
        String property = System.getProperty(POLICY_CLASS_PROPERTY);
        if (property != null) {
            try {
                this.policy = (SSLConfiguratorPolicy) Class.forName(property).newInstance();
            } catch (Exception e) {
                throw new RuntimeException("Could not create policy instance " + property + ": " + e.toString(), e);
            }
        } else {
            this.policy = new SSLConfiguratorDefaultPolicy();
        }
        if (LogUtil.isTraceEnabled(log)) {
            String[] initSupportedServerProtocols = initSupportedServerProtocols();
            String[] supportedProtocols = getContext().createSSLEngine().getSupportedProtocols();
            String[] supportedCipherSuites = sSLContext.getServerSocketFactory().getSupportedCipherSuites();
            String[] supportedCipherSuites2 = sSLContext.getSocketFactory().getSupportedCipherSuites();
            LogUtil.logTrace(log, "Server Supported Protocols: " + Arrays.toString(initSupportedServerProtocols));
            LogUtil.logTrace(log, "Server Enabled Protocols: " + Arrays.toString(getEnabledServerProtocols()));
            LogUtil.logTrace(log, "Client Supported Protocols: " + Arrays.toString(supportedProtocols));
            LogUtil.logTrace(log, "Client Enabled Protocols: " + Arrays.toString(getEnabledClientProtocols()));
            LogUtil.logTrace(log, "Server Supported CipherSuites: " + Arrays.toString(supportedCipherSuites));
            LogUtil.logTrace(log, "Server Enabled CipherSuites: " + Arrays.toString(getEnabledServerCiphers()));
            LogUtil.logTrace(log, "Client Supported CipherSuites: " + Arrays.toString(supportedCipherSuites2));
            LogUtil.logTrace(log, "Client Enabled CipherSuites: " + Arrays.toString(getEnabledClientCiphers()));
        }
    }

    public SSLContext getContext() {
        return this.context;
    }

    public SSLSocketFactory getSocketFactory() {
        return this.socketFactory;
    }

    public SSLServerSocketFactory getServerSocketFactory() {
        return this.serverSocketFactory;
    }

    public SSLSocketFactory wrap(SSLSocketFactory sSLSocketFactory) {
        ConfigurableSSLSocketFactory configurableSSLSocketFactory = new ConfigurableSSLSocketFactory(sSLSocketFactory);
        configurableSSLSocketFactory.addSocketConfigurator(this.config);
        return configurableSSLSocketFactory;
    }

    public SSLServerSocketFactory wrap(SSLServerSocketFactory sSLServerSocketFactory) {
        ConfigurableSSLServerSocketFactory configurableSSLServerSocketFactory = new ConfigurableSSLServerSocketFactory(sSLServerSocketFactory);
        configurableSSLServerSocketFactory.addSocketConfigurator(this.config);
        return configurableSSLServerSocketFactory;
    }

    public void configure(SSLEngine sSLEngine) {
        sSLEngine.setEnabledProtocols(this.policy.enabledProtocols(sSLEngine.getSupportedProtocols(), true));
        sSLEngine.setEnabledCipherSuites(this.policy.enabledCipherSuites(sSLEngine.getSupportedCipherSuites()));
    }

    public void configure(SSLSocket sSLSocket) {
        this.config.configure(sSLSocket);
    }

    public void configure(SSLServerSocket sSLServerSocket) {
        this.config.configure(sSLServerSocket);
    }

    public String[] getEnabledServerProtocols() throws IOException {
        return this.policy.enabledProtocols(initSupportedServerProtocols(), true);
    }

    private String[] initSupportedServerProtocols() throws IOException {
        if (this.serverProtocols == null) {
            synchronized (this) {
                if (this.serverProtocols == null) {
                    SSLServerSocket sSLServerSocket = (SSLServerSocket) getServerSocketFactory().createServerSocket(0);
                    try {
                        this.serverProtocols = sSLServerSocket.getSupportedProtocols();
                        sSLServerSocket.close();
                    } catch (Throwable th) {
                        sSLServerSocket.close();
                        throw th;
                    }
                }
            }
        }
        return this.serverProtocols;
    }

    public String[] getEnabledClientProtocols() throws IOException {
        SSLEngine createSSLEngine = getContext().createSSLEngine();
        try {
            return this.policy.enabledProtocols(createSSLEngine.getSupportedProtocols(), false);
        } finally {
            createSSLEngine.closeInbound();
            createSSLEngine.closeOutbound();
        }
    }

    public String[] getEnabledServerCiphers() {
        return this.policy.enabledCipherSuites(getServerSocketFactory().getSupportedCipherSuites());
    }

    public String[] getEnabledClientCiphers() {
        return this.policy.enabledCipherSuites(getSocketFactory().getSupportedCipherSuites());
    }
}
