package com.ibm.watson.litelinks;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Throwables;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.cache.RemovalListener;
import com.google.common.cache.RemovalNotification;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.util.ReferenceCountUtil;
import java.io.File;
import java.io.FileInputStream;
import java.io.FilenameFilter;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import java.util.concurrent.ExecutionException;
import java.util.stream.Collectors;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/ibm/watson/litelinks/SSLHelper.class */
public class SSLHelper {
    private static final Logger logger = LoggerFactory.getLogger(SSLHelper.class);
    private static final boolean TRUST_EVERYTHING = false;
    private static final Boolean USE_OPEN_SSL;
    static final String[] TLS_PROTOS;
    private static final LoadingCache<List<Object>, SslContext> sslcCache;
    private static final FilenameFilter CERT_FILES;

    /* loaded from: input_file:com/ibm/watson/litelinks/SSLHelper$KeyStoreInfo.class */
    public static class KeyStoreInfo {
        private final File file;
        private final char[] password;
        private final String type;

        public KeyStoreInfo(File file, char[] cArr, String str) {
            this.file = file;
            this.password = cArr;
            this.type = str;
        }

        public File getFile() {
            return this.file;
        }

        public char[] getPassword() {
            return this.password;
        }

        public String getType() {
            return this.type;
        }

        public int hashCode() {
            return (31 * ((31 * (31 + (this.file == null ? 0 : this.file.hashCode()))) + Arrays.hashCode(this.password))) + (this.type == null ? 0 : this.type.hashCode());
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            KeyStoreInfo keyStoreInfo = (KeyStoreInfo) obj;
            return Objects.equals(this.file, keyStoreInfo.file) && Arrays.equals(this.password, keyStoreInfo.password) && Objects.equals(this.type, keyStoreInfo.type);
        }
    }

    /* loaded from: input_file:com/ibm/watson/litelinks/SSLHelper$SSLParams.class */
    public static class SSLParams {
        public static final String DEFAULT_PROTOCOL = "TLSv1.2";
        public static final String DEFAULT_STORE_TYPE = "JKS";
        public static final String[] SSL_PROPS_FILE_JVM_ARGS = {"com.ibm.watson.litelinks.ssl.configfile", "com.ibm.watson.ssl.configfile"};
        public static final String[] PREFIX = {"litelinks.ssl.", "watson.ssl."};
        public static final String PARAM_PROTOCOL = "protocol";
        public static final String PARAM_CLIENT_AUTH = "clientauth";
        public static final String PARAM_CIPHERS = "ciphersuites";
        public static final String PARAM_KEYMGRALG = "keymanager.algorithm";
        public static final String PARAM_KEYPATH = "keystore.path";
        public static final String PARAM_KEYPASS = "keystore.password";
        public static final String PARAM_KEYTYPE = "keystore.type";
        public static final String PARAM_TRUSTMGRALG = "trustmanager.algorithm";
        public static final String PARAM_TRUSTPATH = "truststore.path";
        public static final String PARAM_TRUSTPASS = "truststore.password";
        public static final String PARAM_TRUSTTYPE = "truststore.type";
        public static final String PARAM_PKEY_PATH = "key.path";
        public static final String PARAM_PKEY_CERTS = "key.certpath";
        public static final String PARAM_PKEY_PASS = "key.password";
        public static final String PARAM_CERTS_PATH = "trustcerts.path";
        public static final List<String> PARAM_LIST = Arrays.asList(PARAM_PROTOCOL, PARAM_CLIENT_AUTH, PARAM_CIPHERS, PARAM_KEYMGRALG, PARAM_KEYPATH, PARAM_KEYPASS, PARAM_KEYTYPE, PARAM_TRUSTMGRALG, PARAM_TRUSTPATH, PARAM_TRUSTPASS, PARAM_TRUSTTYPE, PARAM_PKEY_PATH, PARAM_PKEY_CERTS, PARAM_PKEY_PASS, PARAM_CERTS_PATH);
        public String protocol;
        public KeyStoreInfo keyStore;
        public KeyStoreInfo trustStore;
        public boolean clientAuth;
        public String keyManagerAlg;
        public String trustManagerAlg;
        public File keyFile;
        public File keyCertsFile;
        public String keyPassword;
        public File trustCertsFile;
        public String[] cipherSuites;
        private static volatile SSLParams defaultParams;

        public static SSLParams getDefault() throws IOException {
            if (defaultParams == null) {
                synchronized (SSLParams.class) {
                    if (defaultParams != null) {
                        return defaultParams;
                    }
                    String property = System.getProperty(SSL_PROPS_FILE_JVM_ARGS[0]);
                    if (property == null) {
                        property = System.getProperty(SSL_PROPS_FILE_JVM_ARGS[1]);
                    }
                    Properties properties = new Properties();
                    if (property != null) {
                        Properties properties2 = new Properties();
                        FileInputStream fileInputStream = new FileInputStream(property);
                        try {
                            properties2.load(fileInputStream);
                            fileInputStream.close();
                            for (Map.Entry entry : properties2.entrySet()) {
                                String str = (String) entry.getKey();
                                String substring = str.startsWith(PREFIX[0]) ? str.substring(PREFIX[0].length()) : str.startsWith(PREFIX[1]) ? str.substring(PREFIX[1].length()) : null;
                                if (!PARAM_LIST.contains(substring)) {
                                    throw new IOException("SSL properties file contains invalid parameter: " + entry.getKey());
                                }
                                properties.put(substring, entry.getValue());
                            }
                        } finally {
                        }
                    }
                    for (String str2 : PARAM_LIST) {
                        String str3 = System.getenv((PREFIX[0] + str2).toUpperCase().replace('.', '_'));
                        if (str3 == null) {
                            str3 = System.getProperty(PREFIX[0] + str2);
                        }
                        if (str3 == null) {
                            str3 = System.getProperty(PREFIX[1] + str2);
                        }
                        if (str3 != null) {
                            properties.put(str2, str3);
                        }
                    }
                    defaultParams = load(properties);
                    if (SSLHelper.logger.isDebugEnabled()) {
                        SSLHelper.logger.debug("Loaded SSL parameters:");
                        for (Map.Entry entry2 : properties.entrySet()) {
                            SSLHelper.logger.debug("  " + entry2.getKey() + "=" + entry2.getValue());
                        }
                    }
                }
            }
            return defaultParams;
        }

        public static SSLParams load(Properties properties) {
            SSLParams sSLParams = new SSLParams();
            sSLParams.protocol = properties.getProperty(PARAM_PROTOCOL, DEFAULT_PROTOCOL);
            sSLParams.clientAuth = "true".equals(properties.getProperty(PARAM_CLIENT_AUTH));
            sSLParams.keyManagerAlg = properties.getProperty(PARAM_KEYMGRALG, KeyManagerFactory.getDefaultAlgorithm());
            sSLParams.trustManagerAlg = properties.getProperty(PARAM_TRUSTMGRALG, TrustManagerFactory.getDefaultAlgorithm());
            String property = properties.getProperty(PARAM_CIPHERS);
            sSLParams.cipherSuites = property != null ? property.split(",") : null;
            String property2 = properties.getProperty(PARAM_TRUSTPATH);
            if (property2 != null) {
                String property3 = properties.getProperty(PARAM_TRUSTPASS);
                sSLParams.trustStore = new KeyStoreInfo(new File(property2), property3 != null ? property3.toCharArray() : null, properties.getProperty(PARAM_TRUSTTYPE, DEFAULT_STORE_TYPE));
            }
            String property4 = properties.getProperty(PARAM_KEYPATH);
            if (property4 != null) {
                String property5 = properties.getProperty(PARAM_KEYPASS);
                sSLParams.keyStore = new KeyStoreInfo(new File(property4), property5 != null ? property5.toCharArray() : null, properties.getProperty(PARAM_KEYTYPE, DEFAULT_STORE_TYPE));
            }
            String property6 = properties.getProperty(PARAM_PKEY_PATH);
            if (property6 != null) {
                sSLParams.keyFile = new File(property6);
                String property7 = properties.getProperty(PARAM_PKEY_CERTS);
                if (property7 != null) {
                    sSLParams.keyCertsFile = new File(property7);
                }
                sSLParams.keyPassword = properties.getProperty(PARAM_PKEY_PASS);
            }
            String property8 = properties.getProperty(PARAM_CERTS_PATH);
            if (property8 != null) {
                sSLParams.trustCertsFile = new File(property8);
            }
            return sSLParams;
        }

        @VisibleForTesting
        public static void resetDefaultParameters() {
            defaultParams = null;
        }
    }

    private SSLHelper() {
    }

    public static SslContext getSslContext(String str, KeyStoreInfo keyStoreInfo, KeyStoreInfo keyStoreInfo2, String str2, String str3, boolean z, boolean z2) throws IOException, GeneralSecurityException {
        Object[] objArr = new Object[11];
        objArr[0] = str;
        objArr[1] = keyStoreInfo;
        objArr[2] = keyStoreInfo2;
        objArr[3] = str2;
        objArr[4] = str3;
        objArr[5] = Boolean.valueOf(z);
        objArr[6] = Boolean.valueOf(z && z2);
        objArr[7] = null;
        objArr[8] = null;
        objArr[9] = null;
        objArr[10] = null;
        return getSslContext(objArr);
    }

    public static SslContext getSslContext(String str, boolean z, boolean z2) throws IOException, GeneralSecurityException {
        SSLParams sSLParams = SSLParams.getDefault();
        return getSslContext(str != null ? str : sSLParams.protocol, sSLParams.keyStore, sSLParams.trustStore, sSLParams.keyManagerAlg, sSLParams.trustManagerAlg, Boolean.valueOf(z), Boolean.valueOf(z && (z2 || sSLParams.clientAuth)), sSLParams.keyFile, sSLParams.keyCertsFile, sSLParams.keyPassword, sSLParams.trustCertsFile);
    }

    private static SslContext getSslContext(Object... objArr) throws IOException, GeneralSecurityException {
        try {
            return (SslContext) sslcCache.get(Arrays.asList(objArr));
        } catch (ExecutionException e) {
            Exception exc = (Exception) e.getCause();
            Throwables.throwIfInstanceOf(exc, IOException.class);
            Throwables.throwIfInstanceOf(exc, GeneralSecurityException.class);
            Throwables.throwIfUnchecked(exc);
            throw new RuntimeException(exc);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SslContext buildSslContext(List<Object> list) throws IOException, GeneralSecurityException {
        SslContextBuilder forClient;
        String str = (String) list.get(0);
        String str2 = (String) list.get(3);
        String str3 = (String) list.get(4);
        KeyStoreInfo keyStoreInfo = (KeyStoreInfo) list.get(1);
        KeyStoreInfo keyStoreInfo2 = (KeyStoreInfo) list.get(2);
        Boolean bool = (Boolean) list.get(5);
        Boolean bool2 = (Boolean) list.get(6);
        File file = (File) list.get(7);
        File file2 = (File) list.get(8);
        String str4 = (String) list.get(9);
        File file3 = (File) list.get(10);
        if (file != null) {
            if (keyStoreInfo != null) {
                throw new IOException("Cannot provide both SSL keystore and key file");
            }
            if (file2 == null) {
                throw new IOException("SSL key cert file must be provided with key file");
            }
        }
        Boolean bool3 = USE_OPEN_SSL;
        KeyManagerFactory keyManagerFactory = null;
        if (keyStoreInfo != null) {
            KeyStore loadKeyStore = loadKeyStore(keyStoreInfo);
            keyManagerFactory = getKeyManagerFactory(loadKeyStore, keyStoreInfo.getPassword(), str2);
            if (bool3 == null && containsDsaCert(loadKeyStore)) {
                logger.info("Disabling litelinks " + (bool.booleanValue() ? "server" : "client") + " use of OpenSSL for TLS due to keystore containing DSA cert: " + keyStoreInfo.getFile());
                bool3 = Boolean.FALSE;
            }
        }
        if (bool.booleanValue()) {
            forClient = keyManagerFactory != null ? SslContextBuilder.forServer(keyManagerFactory) : SslContextBuilder.forServer(file2, file, str4);
            if (bool2.booleanValue()) {
                forClient.clientAuth(ClientAuth.REQUIRE);
            }
        } else {
            forClient = SslContextBuilder.forClient();
            if (keyManagerFactory != null) {
                forClient.keyManager(keyManagerFactory);
            } else if (file != null) {
                forClient.keyManager(file2, file, str4);
            }
        }
        KeyStore keyStore = null;
        if (keyStoreInfo2 != null) {
            keyStore = loadKeyStore(keyStoreInfo2);
            if (bool3 == null && containsDsaCert(keyStore)) {
                logger.info("Disabling litelinks " + (bool.booleanValue() ? "server" : "client") + " use of OpenSSL for TLS due to truststore containing DSA cert: " + keyStoreInfo2.getFile());
                bool3 = Boolean.FALSE;
            }
        }
        configureTrustManager(forClient, keyStore, str3, file3);
        boolean z = bool3 == null || bool3.booleanValue();
        forClient.ciphers(getDefaultCiphers(bool.booleanValue(), z));
        if (str != null) {
            forClient.protocols("TLS".equals(str) ? TLS_PROTOS : new String[]{str});
        }
        return forClient.sslProvider(z ? SslProvider.OPENSSL : SslProvider.JDK).build();
    }

    private static List<String> getDefaultCiphers(boolean z, boolean z2) {
        String[] defaultCipherSuites = !z ? ((SSLSocketFactory) SSLSocketFactory.getDefault()).getDefaultCipherSuites() : ((SSLServerSocketFactory) SSLServerSocketFactory.getDefault()).getDefaultCipherSuites();
        return !z2 ? Arrays.asList(defaultCipherSuites) : (List) Arrays.stream(defaultCipherSuites).filter(OpenSsl::isCipherSuiteAvailable).collect(Collectors.toList());
    }

    private static KeyManagerFactory getKeyManagerFactory(KeyStore keyStore, char[] cArr, String str) throws IOException, GeneralSecurityException {
        if (keyStore == null) {
            return null;
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
        keyManagerFactory.init(keyStore, cArr);
        return keyManagerFactory;
    }

    private static SslContextBuilder configureTrustManager(SslContextBuilder sslContextBuilder, KeyStore keyStore, String str, File file) throws IOException, GeneralSecurityException {
        String str2;
        if (file != null && keyStore == null) {
            return !file.isDirectory() ? sslContextBuilder.trustManager(file) : sslContextBuilder.trustManager((X509Certificate[]) generateCertificates(file).toArray(new X509Certificate[0]));
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
        if (keyStore != null && file != null) {
            String name = file.getName();
            int i = 0;
            for (X509Certificate x509Certificate : generateCertificates(file)) {
                do {
                    int i2 = i;
                    i++;
                    str2 = name + '_' + i2;
                } while (keyStore.isCertificateEntry(str2));
                keyStore.setCertificateEntry(str2, x509Certificate);
            }
        }
        trustManagerFactory.init(keyStore);
        return sslContextBuilder.trustManager(trustManagerFactory);
    }

    private static Collection<X509Certificate> generateCertificates(File file) throws IOException, GeneralSecurityException {
        if (file.isDirectory()) {
            ArrayList arrayList = new ArrayList();
            for (File file2 : file.listFiles(CERT_FILES)) {
                arrayList.addAll(generateCertificates(file2));
            }
            return arrayList;
        }
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            Collection generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream);
            fileInputStream.close();
            return generateCertificates;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static KeyStore loadKeyStore(KeyStoreInfo keyStoreInfo) throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance(keyStoreInfo.getType());
        FileInputStream fileInputStream = new FileInputStream(keyStoreInfo.getFile());
        try {
            keyStore.load(fileInputStream, keyStoreInfo.getPassword());
            fileInputStream.close();
            return keyStore;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static boolean containsDsaCert(KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            if ("DSA".equals(keyStore.getCertificate(aliases.nextElement()).getPublicKey().getAlgorithm())) {
                return true;
            }
        }
        return false;
    }

    static {
        String property = System.getProperty(LitelinksSystemPropNames.USE_JDK_TLS);
        USE_OPEN_SSL = ("true".equalsIgnoreCase(property) || !OpenSsl.supportsKeyManagerFactory()) ? Boolean.FALSE : property != null ? Boolean.TRUE : null;
        logger.info("Litelinks using OpenSSL for TLS: " + (USE_OPEN_SSL != null ? USE_OPEN_SSL : "when possible"));
        TLS_PROTOS = new String[]{"TLSv1", "TLSv1.1", SSLParams.DEFAULT_PROTOCOL};
        sslcCache = CacheBuilder.newBuilder().weakValues().removalListener(new RemovalListener<List<Object>, SslContext>() { // from class: com.ibm.watson.litelinks.SSLHelper.2
            public void onRemoval(RemovalNotification<List<Object>, SslContext> removalNotification) {
                ReferenceCountUtil.release(removalNotification.getValue());
            }
        }).build(new CacheLoader<List<Object>, SslContext>() { // from class: com.ibm.watson.litelinks.SSLHelper.1
            public SslContext load(List<Object> list) throws Exception {
                return SSLHelper.buildSslContext(list);
            }
        });
        CERT_FILES = (file, str) -> {
            return str.toLowerCase().endsWith(".pem") || str.toLowerCase().endsWith(".crt");
        };
    }
}
