package com.unboundid.util.ssl;

import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.util.Debug;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.Validator;
import java.io.IOException;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;

@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
/* loaded from: input_file:WEB-INF/lib/unboundid-ldapsdk-4.0.6.jar:com/unboundid/util/ssl/SSLUtil.class */
public final class SSLUtil {
    public static final String PROPERTY_DEFAULT_SSL_PROTOCOL = "com.unboundid.util.SSLUtil.defaultSSLProtocol";
    public static final String PROPERTY_ENABLED_SSL_PROTOCOLS = "com.unboundid.util.SSLUtil.enabledSSLProtocols";
    private static final AtomicReference<String> DEFAULT_SSL_PROTOCOL = new AtomicReference<>("TLSv1");
    private static final AtomicReference<Set<String>> ENABLED_SSL_PROTOCOLS = new AtomicReference<>();
    private final KeyManager[] keyManagers;
    private final TrustManager[] trustManagers;

    public SSLUtil() {
        this.keyManagers = null;
        this.trustManagers = null;
    }

    public SSLUtil(TrustManager trustManager) {
        this.keyManagers = null;
        if (trustManager == null) {
            this.trustManagers = null;
        } else {
            this.trustManagers = new TrustManager[]{trustManager};
        }
    }

    public SSLUtil(TrustManager[] trustManagerArr) {
        this.keyManagers = null;
        if (trustManagerArr == null || trustManagerArr.length == 0) {
            this.trustManagers = null;
        } else {
            this.trustManagers = trustManagerArr;
        }
    }

    public SSLUtil(KeyManager keyManager, TrustManager trustManager) {
        if (keyManager == null) {
            this.keyManagers = null;
        } else {
            this.keyManagers = new KeyManager[]{keyManager};
        }
        if (trustManager == null) {
            this.trustManagers = null;
        } else {
            this.trustManagers = new TrustManager[]{trustManager};
        }
    }

    public SSLUtil(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) {
        if (keyManagerArr == null || keyManagerArr.length == 0) {
            this.keyManagers = null;
        } else {
            this.keyManagers = keyManagerArr;
        }
        if (trustManagerArr == null || trustManagerArr.length == 0) {
            this.trustManagers = null;
        } else {
            this.trustManagers = trustManagerArr;
        }
    }

    public KeyManager[] getKeyManagers() {
        return this.keyManagers;
    }

    public TrustManager[] getTrustManagers() {
        return this.trustManagers;
    }

    public SSLContext createSSLContext() throws GeneralSecurityException {
        return createSSLContext(DEFAULT_SSL_PROTOCOL.get());
    }

    public SSLContext createSSLContext(String str) throws GeneralSecurityException {
        Validator.ensureNotNull(str);
        SSLContext sSLContext = SSLContext.getInstance(str);
        sSLContext.init(this.keyManagers, this.trustManagers, null);
        return sSLContext;
    }

    public SSLContext createSSLContext(String str, String str2) throws GeneralSecurityException {
        Validator.ensureNotNull(str, str2);
        SSLContext sSLContext = SSLContext.getInstance(str, str2);
        sSLContext.init(this.keyManagers, this.trustManagers, null);
        return sSLContext;
    }

    public SSLSocketFactory createSSLSocketFactory() throws GeneralSecurityException {
        return new SetEnabledProtocolsSSLSocketFactory(createSSLContext().getSocketFactory(), ENABLED_SSL_PROTOCOLS.get());
    }

    public SSLSocketFactory createSSLSocketFactory(String str) throws GeneralSecurityException {
        return new SetEnabledProtocolsSSLSocketFactory(createSSLContext(str).getSocketFactory(), str);
    }

    public SSLSocketFactory createSSLSocketFactory(String str, String str2) throws GeneralSecurityException {
        return createSSLContext(str, str2).getSocketFactory();
    }

    public SSLServerSocketFactory createSSLServerSocketFactory() throws GeneralSecurityException {
        return new SetEnabledProtocolsSSLServerSocketFactory(createSSLContext().getServerSocketFactory(), ENABLED_SSL_PROTOCOLS.get());
    }

    public SSLServerSocketFactory createSSLServerSocketFactory(String str) throws GeneralSecurityException {
        return new SetEnabledProtocolsSSLServerSocketFactory(createSSLContext(str).getServerSocketFactory(), str);
    }

    public SSLServerSocketFactory createSSLServerSocketFactory(String str, String str2) throws GeneralSecurityException {
        return createSSLContext(str, str2).getServerSocketFactory();
    }

    public static String getDefaultSSLProtocol() {
        return DEFAULT_SSL_PROTOCOL.get();
    }

    public static void setDefaultSSLProtocol(String str) {
        Validator.ensureNotNull(str);
        DEFAULT_SSL_PROTOCOL.set(str);
    }

    public static Set<String> getEnabledSSLProtocols() {
        return ENABLED_SSL_PROTOCOLS.get();
    }

    public static void setEnabledSSLProtocols(Collection<String> collection) {
        if (collection == null) {
            ENABLED_SSL_PROTOCOLS.set(Collections.emptySet());
        } else {
            ENABLED_SSL_PROTOCOLS.set(Collections.unmodifiableSet(new HashSet(collection)));
        }
    }

    public static void applyEnabledSSLProtocols(Socket socket) throws LDAPException {
        try {
            applyEnabledSSLProtocols(socket, ENABLED_SSL_PROTOCOLS.get());
        } catch (IOException e) {
            Debug.debugException(e);
            throw new LDAPException(ResultCode.CONNECT_ERROR, e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void applyEnabledSSLProtocols(Socket socket, Set<String> set) throws IOException {
        if (socket == null || !(socket instanceof SSLSocket) || set.isEmpty()) {
            return;
        }
        SSLSocket sSLSocket = (SSLSocket) socket;
        try {
            sSLSocket.setEnabledProtocols(getSSLProtocolsToEnable(set, sSLSocket.getSupportedProtocols()));
        } catch (Exception e) {
            Debug.debugException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void applyEnabledSSLProtocols(ServerSocket serverSocket, Set<String> set) throws IOException {
        if (serverSocket == null || !(serverSocket instanceof SSLServerSocket) || set.isEmpty()) {
            return;
        }
        SSLServerSocket sSLServerSocket = (SSLServerSocket) serverSocket;
        try {
            sSLServerSocket.setEnabledProtocols(getSSLProtocolsToEnable(set, sSLServerSocket.getSupportedProtocols()));
        } catch (Exception e) {
            Debug.debugException(e);
        }
    }

    private static String[] getSSLProtocolsToEnable(Set<String> set, String[] strArr) throws IOException {
        HashSet hashSet = new HashSet(set.size());
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(StaticUtils.toLowerCase(it.next()));
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            if (hashSet.contains(StaticUtils.toLowerCase(str))) {
                arrayList.add(str);
            }
        }
        if (!arrayList.isEmpty()) {
            return (String[]) arrayList.toArray(StaticUtils.NO_STRINGS);
        }
        StringBuilder sb = new StringBuilder();
        Iterator<String> it2 = set.iterator();
        while (it2.hasNext()) {
            sb.append('\'');
            sb.append(it2.next());
            sb.append('\'');
            if (it2.hasNext()) {
                sb.append(", ");
            }
        }
        StringBuilder sb2 = new StringBuilder();
        for (int i = 0; i < strArr.length; i++) {
            if (i > 0) {
                sb2.append(", ");
            }
            sb2.append('\'');
            sb2.append(strArr[i]);
            sb2.append('\'');
        }
        throw new IOException(SSLMessages.ERR_NO_ENABLED_SSL_PROTOCOLS_AVAILABLE_FOR_SOCKET.get(sb.toString(), sb2.toString(), PROPERTY_ENABLED_SSL_PROTOCOLS, SSLUtil.class.getName() + ".setEnabledSSLProtocols"));
    }

    static void configureSSLDefaults() {
        String property = System.getProperty(PROPERTY_DEFAULT_SSL_PROTOCOL);
        if (property == null || property.length() <= 0) {
            try {
                HashSet hashSet = new HashSet(Arrays.asList(SSLContext.getDefault().getSupportedSSLParameters().getProtocols()));
                if (hashSet.contains("TLSv1.2")) {
                    DEFAULT_SSL_PROTOCOL.set("TLSv1.2");
                } else if (hashSet.contains("TLSv1.1")) {
                    DEFAULT_SSL_PROTOCOL.set("TLSv1.1");
                } else if (hashSet.contains("TLSv1")) {
                    DEFAULT_SSL_PROTOCOL.set("TLSv1");
                }
            } catch (Exception e) {
                Debug.debugException(e);
            }
        } else {
            DEFAULT_SSL_PROTOCOL.set(property);
        }
        HashSet hashSet2 = new HashSet(10);
        hashSet2.add("TLSv1");
        if (DEFAULT_SSL_PROTOCOL.get().equals("TLSv1.2")) {
            hashSet2.add("TLSv1.1");
            hashSet2.add("TLSv1.2");
        } else if (DEFAULT_SSL_PROTOCOL.get().equals("TLSv1.1")) {
            hashSet2.add("TLSv1.1");
        }
        String property2 = System.getProperty(PROPERTY_ENABLED_SSL_PROTOCOLS);
        if (property2 != null && property2.length() > 0) {
            hashSet2.clear();
            StringTokenizer stringTokenizer = new StringTokenizer(property2, ", ", false);
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                if (nextToken.length() > 0) {
                    hashSet2.add(nextToken);
                }
            }
        }
        ENABLED_SSL_PROTOCOLS.set(Collections.unmodifiableSet(hashSet2));
    }

    public static String certificateToString(X509Certificate x509Certificate) {
        StringBuilder sb = new StringBuilder();
        certificateToString(x509Certificate, sb);
        return sb.toString();
    }

    public static void certificateToString(X509Certificate x509Certificate, StringBuilder sb) {
        sb.append("Certificate(subject='");
        sb.append(x509Certificate.getSubjectX500Principal().getName("RFC2253"));
        sb.append("', serialNumber=");
        sb.append(x509Certificate.getSerialNumber());
        sb.append(", notBefore=");
        StaticUtils.encodeGeneralizedTime(x509Certificate.getNotBefore());
        sb.append(", notAfter=");
        StaticUtils.encodeGeneralizedTime(x509Certificate.getNotAfter());
        sb.append(", signatureAlgorithm='");
        sb.append(x509Certificate.getSigAlgName());
        sb.append("', signatureBytes='");
        StaticUtils.toHex(x509Certificate.getSignature(), sb);
        sb.append("', issuerSubject='");
        sb.append(x509Certificate.getIssuerX500Principal().getName("RFC2253"));
        sb.append("')");
    }

    static {
        configureSSLDefaults();
    }
}
