package com.buildforge.services.common.ssl.provider;

import com.buildforge.services.common.dbo.MessageDBO;
import com.buildforge.services.common.dbo.SSLDBO;
import com.buildforge.services.common.ssl.config.KeyStore;
import com.buildforge.services.common.ssl.config.KeyStoreManager;
import com.buildforge.services.common.ssl.config.SSLConfig;
import com.buildforge.services.common.ssl.config.SSLConfigManager;
import com.buildforge.services.common.ssl.core.BFX509KeyManager;
import com.buildforge.services.common.ssl.core.BFX509TrustManager;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:com/buildforge/services/common/ssl/provider/AbstractJSSEProvider.class */
public abstract class AbstractJSSEProvider implements JSSEProvider {
    private static final Logger log = Logger.getLogger(AbstractJSSEProvider.class.getName());
    private static Map<SSLConfig, SSLContext> sslContextCache = new HashMap();

    public AbstractJSSEProvider() {
        if (JSSEProviderFactory.isFipsEnabled()) {
            try {
                JSSEProviderFactory.initializeFips();
            } catch (Exception e) {
                MessageDBO messageDBO = new MessageDBO(MessageDBO.Severity.WARNING, "SSLFIPSEnableError", new String[0]);
                if (log.isLoggable(Level.WARNING)) {
                    log.log(Level.WARNING, messageDBO.translate(), (Throwable) e);
                }
            }
        }
    }

    public String getDefaultSSLSocketFactoryClass(String str) {
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, "getDefaultSSLSocketFactoryClass: " + str);
        }
        return str;
    }

    public abstract String getSSLProtocolPackageHandler();

    @Override // com.buildforge.services.common.ssl.provider.JSSEProvider
    public String[] getCiphersForSecurityLevel(boolean z, SSLDBO.CipherGroup cipherGroup) {
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, "getCiphersForSecurityLevel: ", new Object[]{new Boolean(z), cipherGroup});
        }
        return SSLConfigManager.adjustSupportedCiphersToSecurityLevel(z ? ((SSLSocketFactory) SSLSocketFactory.getDefault()).getSupportedCipherSuites() : ((SSLServerSocketFactory) SSLServerSocketFactory.getDefault()).getSupportedCipherSuites(), cipherGroup);
    }

    @Override // com.buildforge.services.common.ssl.provider.JSSEProvider
    public SSLContext getSSLContext(SSLConfig sSLConfig) throws Exception {
        SSLContext sSLContext = sslContextCache.get(sSLConfig);
        if (sSLContext != null) {
            return sSLContext;
        }
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, "SSLContext cache miss, generating new SSLContext.");
        }
        KeyStore keyStoreByUuid = KeyStoreManager.getInstance().getKeyStoreByUuid(sSLConfig.getKeyStoreId());
        KeyStore keyStoreByUuid2 = KeyStoreManager.getInstance().getKeyStoreByUuid(sSLConfig.getTrustStoreId());
        if (keyStoreByUuid == null && keyStoreByUuid2 != null) {
            keyStoreByUuid = keyStoreByUuid2;
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Set keystore to truststore.");
            }
        } else if (keyStoreByUuid != null && keyStoreByUuid2 == null) {
            keyStoreByUuid2 = keyStoreByUuid;
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Set truststore to keystore.");
            }
        }
        if (keyStoreByUuid == null || keyStoreByUuid2 == null) {
            MessageDBO messageDBO = new MessageDBO(MessageDBO.Severity.WARNING, "SSLKeystoreNotFound", sSLConfig.getKeyStoreId(), sSLConfig.getAlias());
            if (log.isLoggable(Level.WARNING)) {
                log.log(Level.WARNING, messageDBO.translate());
            }
            throw new IllegalArgumentException(messageDBO.translate());
        }
        java.security.KeyStore javaKeyStore = keyStoreByUuid.getJavaKeyStore(true);
        java.security.KeyStore javaKeyStore2 = keyStoreByUuid2.getJavaKeyStore(true);
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(JSSEProviderFactory.getInstance().getTrustManager(), JSSEProviderFactory.getInstance().getContextProvider());
            trustManagerFactory.init(javaKeyStore2);
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(JSSEProviderFactory.getInstance().getKeyManager(), JSSEProviderFactory.getInstance().getContextProvider());
                keyManagerFactory.init(javaKeyStore, keyStoreByUuid.getPassword().toCharArray());
                try {
                    TrustManager[] trustManagerArr = {new BFX509TrustManager(trustManagerFactory.getTrustManagers(), sSLConfig, javaKeyStore2)};
                    KeyManager[] keyManagerArr = {new BFX509KeyManager(keyManagerFactory, sSLConfig, javaKeyStore)};
                    SSLContext sSLContextInstance = getSSLContextInstance(sSLConfig);
                    sSLContextInstance.init(keyManagerArr, trustManagerArr, null);
                    if (sslContextCache.size() > 100) {
                        sslContextCache.clear();
                    }
                    sslContextCache.put(sSLConfig, sSLContextInstance);
                    if (log.isLoggable(Level.FINE)) {
                        log.log(Level.FINE, "SSLContext cache size: " + sslContextCache.size());
                    }
                    return sSLContextInstance;
                } catch (Exception e) {
                    MessageDBO messageDBO2 = new MessageDBO(MessageDBO.Severity.WARNING, "SSLContextInitFailed", sSLConfig.getAlias());
                    if (log.isLoggable(Level.WARNING)) {
                        log.log(Level.WARNING, messageDBO2.translate(), (Throwable) e);
                    }
                    throw e;
                }
            } catch (Exception e2) {
                MessageDBO messageDBO3 = new MessageDBO(MessageDBO.Severity.WARNING, "SSLKeyManagerInitFailed", sSLConfig.getAlias());
                if (log.isLoggable(Level.WARNING)) {
                    log.log(Level.WARNING, messageDBO3.translate(), (Throwable) e2);
                }
                throw e2;
            }
        } catch (Exception e3) {
            MessageDBO messageDBO4 = new MessageDBO(MessageDBO.Severity.WARNING, "SSLTrustManagerInitFailed", sSLConfig.getAlias());
            if (log.isLoggable(Level.WARNING)) {
                log.log(Level.WARNING, messageDBO4.translate(), (Throwable) e3);
            }
            throw e3;
        }
    }

    @Override // com.buildforge.services.common.ssl.provider.JSSEProvider
    public SSLServerSocketFactory getSSLServerSocketFactory(SSLConfig sSLConfig) throws Exception {
        try {
            return getSSLContext(sSLConfig).getServerSocketFactory();
        } catch (Exception e) {
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "The following exception occurred in getSSLServerSocketFactory().", (Throwable) e);
            }
            throw e;
        }
    }

    @Override // com.buildforge.services.common.ssl.provider.JSSEProvider
    public SSLSocketFactory getSSLSocketFactory(SSLConfig sSLConfig) throws Exception {
        return getSSLContext(sSLConfig).getSocketFactory();
    }

    @Override // com.buildforge.services.common.ssl.provider.JSSEProvider
    public SSLEngine getSSLEngine(boolean z, SSLConfig sSLConfig) throws Exception {
        try {
            SSLEngine createSSLEngine = getSSLContext(sSLConfig).createSSLEngine();
            adjustEngineToSecuritySettings(z, sSLConfig, createSSLEngine);
            return createSSLEngine;
        } catch (Exception e) {
            MessageDBO messageDBO = new MessageDBO(MessageDBO.Severity.WARNING, "SSLEngineError", sSLConfig.getAlias());
            if (log.isLoggable(Level.WARNING)) {
                log.log(Level.WARNING, messageDBO.translate(), (Throwable) e);
            }
            throw e;
        }
    }

    private void adjustEngineToSecuritySettings(boolean z, SSLConfig sSLConfig, SSLEngine sSLEngine) {
        if (sSLConfig.getEnabledCiphers() == null || sSLConfig.getEnabledCiphers().length() <= 0) {
            sSLEngine.setEnabledCipherSuites(SSLConfigManager.adjustSupportedCiphersToSecurityLevel(sSLEngine.getSupportedCipherSuites(), sSLConfig.getCipherSuiteGroup()));
        } else {
            sSLEngine.setEnabledCipherSuites(SSLConfigManager.convertCipherStringToList(sSLConfig.getEnabledCiphers()));
        }
        if (!z) {
            if (sSLConfig.getClientAuth().equals(SSLDBO.ClientAuth.SUPPORTED)) {
                sSLEngine.setWantClientAuth(true);
            } else if (sSLConfig.getClientAuth().equals(SSLDBO.ClientAuth.REQUIRED)) {
                sSLEngine.setNeedClientAuth(true);
            }
        }
        if (sSLConfig.getProtocol() != null) {
            sSLEngine.setEnabledProtocols(new String[]{sSLConfig.getProtocol().toString()});
        }
    }

    public TrustManagerFactory getTrustManagerFactoryInstance(String str, String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
        return TrustManagerFactory.getInstance(str, str2);
    }

    public KeyManagerFactory getKeyManagerFactoryInstance(String str, String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
        return KeyManagerFactory.getInstance(str, str2);
    }

    @Override // com.buildforge.services.common.ssl.provider.JSSEProvider
    public SSLContext getSSLContextInstance(SSLConfig sSLConfig) throws Exception {
        String contextProvider = JSSEProviderFactory.isFipsEnabled() ? "IBMJSSE2" : JSSEProviderFactory.getInstance().getContextProvider();
        SSLDBO.Protocol protocol = JSSEProviderFactory.isFipsEnabled() ? SSLDBO.Protocol.TLS : sSLConfig.getProtocol();
        if (protocol == null) {
            throw new IllegalArgumentException(new MessageDBO(MessageDBO.Severity.WARNING, "SSLProtocolNotSpecified", new String[0]).translate());
        }
        return contextProvider != null ? SSLContext.getInstance(protocol.toString(), contextProvider) : SSLContext.getInstance(protocol.toString());
    }

    @Override // com.buildforge.services.common.ssl.provider.JSSEProvider
    public java.security.KeyStore getKeyStoreInstance(String str, String str2) throws KeyStoreException, NoSuchProviderException {
        return str2 != null ? java.security.KeyStore.getInstance(str, str2) : java.security.KeyStore.getInstance(str);
    }

    public static void clearSSLContextCache() {
        if (sslContextCache == null || sslContextCache.size() <= 0) {
            return;
        }
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, "Clearing standard javax.net.ssl.SSLContext cache.");
        }
        sslContextCache.clear();
    }
}
