package org.globus.gsi.jsse;

import java.security.InvalidAlgorithmParameterException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertStore;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.globus.gsi.provider.GlobusTrustManagerFactoryParameters;
import org.globus.gsi.provider.SigningPolicyStore;
import org.globus.gsi.proxy.ProxyPolicyHandler;

/* loaded from: input_file:WEB-INF/lib/JGlobus-Core-2.0.4.jar:org/globus/gsi/jsse/SSLConfigurator.class */
public class SSLConfigurator {
    private String provider;
    private String secureRandomAlgorithm;
    private KeyStore credentialStore;
    private KeyStore trustAnchorStore;
    private CertStore crlStore;
    private SigningPolicyStore policyStore;
    private boolean rejectLimitProxy;
    private Map<String, ProxyPolicyHandler> handlers;
    private String trustAnchorStoreType;
    private String trustAnchorStoreLocation;
    private String trustAnchorStorePassword;
    private String credentialStoreType;
    private String credentialStoreLocation;
    private String credentialStorePassword;
    private String crlStoreType;
    private String crlLocationPattern;
    private SSLContext sslContext;
    private String sslKeyManagerFactoryAlgorithm;
    private String protocol = SSLSocketFactory.TLS;
    private Log logger = LogFactory.getLog(getClass());

    public SSLConfigurator() {
        this.sslKeyManagerFactoryAlgorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ? "SunX509" : Security.getProperty("ssl.KeyManagerFactory.algorithm");
    }

    public javax.net.ssl.SSLSocketFactory createFactory() throws GlobusSSLConfigurationException {
        return getSSLContext().getSocketFactory();
    }

    public SSLContext getSSLContext() throws GlobusSSLConfigurationException {
        if (this.sslContext == null) {
            configureContext();
        }
        return this.sslContext;
    }

    public SSLServerSocketFactory createServerFactory() throws GlobusSSLConfigurationException {
        return getSSLContext().getServerSocketFactory();
    }

    private void configureContext() throws GlobusSSLConfigurationException {
        ManagerFactoryParameters certPathParameters = getCertPathParameters();
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("GSI");
            trustManagerFactory.init(certPathParameters);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            KeyManager[] loadKeyManagers = loadKeyManagers();
            SecureRandom loadSecureRandom = loadSecureRandom();
            this.sslContext = loadSSLContext();
            try {
                this.sslContext.init(loadKeyManagers, trustManagers, loadSecureRandom);
            } catch (KeyManagementException e) {
                throw new GlobusSSLConfigurationException(e);
            }
        } catch (InvalidAlgorithmParameterException e2) {
            throw new GlobusSSLConfigurationException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new GlobusSSLConfigurationException(e3);
        }
    }

    private ManagerFactoryParameters getCertPathParameters() throws GlobusSSLConfigurationException {
        KeyStore keyStore;
        if (this.trustAnchorStore == null) {
            this.logger.trace("No trustAnchorStore available");
            keyStore = GlobusSSLHelper.buildTrustStore(this.provider, this.trustAnchorStoreType, this.trustAnchorStoreLocation, this.trustAnchorStorePassword);
        } else {
            keyStore = this.trustAnchorStore;
        }
        CertStore findCRLStore = this.crlStore != null ? this.crlStore : GlobusSSLHelper.findCRLStore(this.crlLocationPattern);
        return this.handlers == null ? new GlobusTrustManagerFactoryParameters(keyStore, findCRLStore, this.policyStore, this.rejectLimitProxy) : new GlobusTrustManagerFactoryParameters(keyStore, findCRLStore, this.policyStore, this.rejectLimitProxy, this.handlers);
    }

    private SSLContext loadSSLContext() throws GlobusSSLConfigurationException {
        try {
            return this.provider == null ? SSLContext.getInstance(this.protocol) : SSLContext.getInstance(this.protocol, this.provider);
        } catch (NoSuchAlgorithmException e) {
            throw new GlobusSSLConfigurationException(e);
        } catch (NoSuchProviderException e2) {
            throw new GlobusSSLConfigurationException(e2);
        }
    }

    private SecureRandom loadSecureRandom() throws GlobusSSLConfigurationException {
        try {
            if (this.secureRandomAlgorithm == null) {
                return null;
            }
            return SecureRandom.getInstance(this.secureRandomAlgorithm);
        } catch (NoSuchAlgorithmException e) {
            throw new GlobusSSLConfigurationException(e);
        }
    }

    private KeyManager[] loadKeyManagers() throws GlobusSSLConfigurationException {
        KeyStore keyStore;
        try {
            if (this.credentialStore != null) {
                keyStore = this.credentialStore;
            } else {
                if (this.credentialStoreLocation == null) {
                    return null;
                }
                keyStore = GlobusSSLHelper.findCredentialStore(this.provider, this.credentialStoreType, this.credentialStoreLocation, this.credentialStorePassword);
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.sslKeyManagerFactoryAlgorithm);
            keyManagerFactory.init(keyStore, this.credentialStorePassword == null ? null : this.credentialStorePassword.toCharArray());
            return keyManagerFactory.getKeyManagers();
        } catch (KeyStoreException e) {
            throw new GlobusSSLConfigurationException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new GlobusSSLConfigurationException(e2);
        } catch (UnrecoverableKeyException e3) {
            throw new GlobusSSLConfigurationException(e3);
        }
    }

    public String getProvider() {
        return this.provider;
    }

    public void setProvider(String str) {
        this.provider = str;
    }

    public String getProtocol() {
        return this.protocol;
    }

    public void setProtocol(String str) {
        this.protocol = str;
    }

    public String getSecureRandomAlgorithm() {
        return this.secureRandomAlgorithm;
    }

    public void setSecureRandomAlgorithm(String str) {
        this.secureRandomAlgorithm = str;
    }

    public String getCredentialStorePassword() {
        return this.credentialStorePassword;
    }

    public void setCredentialStorePassword(String str) {
        this.credentialStorePassword = str;
    }

    public KeyStore getTrustAnchorStore() {
        return this.trustAnchorStore;
    }

    public void setTrustAnchorStore(KeyStore keyStore) {
        this.trustAnchorStore = keyStore;
    }

    public CertStore getCrlStore() {
        return this.crlStore;
    }

    public void setCrlStore(CertStore certStore) {
        this.crlStore = certStore;
    }

    public SigningPolicyStore getPolicyStore() {
        return this.policyStore;
    }

    public void setPolicyStore(SigningPolicyStore signingPolicyStore) {
        this.policyStore = signingPolicyStore;
    }

    public boolean isRejectLimitProxy() {
        return this.rejectLimitProxy;
    }

    public void setRejectLimitProxy(boolean z) {
        this.rejectLimitProxy = z;
    }

    public Map<String, ProxyPolicyHandler> getHandlers() {
        return this.handlers;
    }

    public void setHandlers(Map<String, ProxyPolicyHandler> map) {
        this.handlers = map;
    }

    public String getCredentialStoreLocation() {
        return this.credentialStoreLocation;
    }

    public void setCredentialStoreLocation(String str) {
        this.credentialStoreLocation = str;
    }

    public String getCredentialStoreType() {
        return this.credentialStoreType;
    }

    public void setCredentialStoreType(String str) {
        this.credentialStoreType = str;
    }

    public String getTrustAnchorStoreType() {
        return this.trustAnchorStoreType;
    }

    public void setTrustAnchorStoreType(String str) {
        this.trustAnchorStoreType = str;
    }

    public String getTrustAnchorStoreLocation() {
        return this.trustAnchorStoreLocation;
    }

    public void setTrustAnchorStoreLocation(String str) {
        this.trustAnchorStoreLocation = str;
    }

    public String getTrustAnchorStorePassword() {
        return this.trustAnchorStorePassword;
    }

    public void setTrustAnchorStorePassword(String str) {
        this.trustAnchorStorePassword = str;
    }

    public String getCrlStoreType() {
        return this.crlStoreType;
    }

    public void setCrlStoreType(String str) {
        this.crlStoreType = str;
    }

    public String getCrlLocationPattern() {
        return this.crlLocationPattern;
    }

    public void setCrlLocationPattern(String str) {
        this.crlLocationPattern = str;
    }

    public KeyStore getCredentialStore() {
        return this.credentialStore;
    }

    public void setCredentialStore(KeyStore keyStore) {
        this.credentialStore = keyStore;
    }
}
