package com.unboundid.util.ssl;

import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.util.Debug;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.Validator;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;

@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
/* loaded from: input_file:com/unboundid/util/ssl/SSLUtil.class */
public final class SSLUtil {
    public static final String PROPERTY_DEFAULT_SSL_PROTOCOL = "com.unboundid.util.SSLUtil.defaultSSLProtocol";
    public static final String PROPERTY_ENABLED_SSL_PROTOCOLS = "com.unboundid.util.SSLUtil.enabledSSLProtocols";
    private static final AtomicReference<String> DEFAULT_SSL_PROTOCOL = new AtomicReference<>("TLSv1");
    private static final AtomicReference<Set<String>> ENABLED_SSL_PROTOCOLS = new AtomicReference<>();
    private static final AtomicReference<Set<String>> LOWER_ENABLED_SSL_PROTOCOLS = new AtomicReference<>();
    private final KeyManager[] keyManagers;
    private final TrustManager[] trustManagers;

    public SSLUtil() {
        this.keyManagers = null;
        this.trustManagers = null;
    }

    public SSLUtil(TrustManager trustManager) {
        this.keyManagers = null;
        if (trustManager == null) {
            this.trustManagers = null;
        } else {
            this.trustManagers = new TrustManager[]{trustManager};
        }
    }

    public SSLUtil(TrustManager[] trustManagerArr) {
        this.keyManagers = null;
        if (trustManagerArr == null || trustManagerArr.length == 0) {
            this.trustManagers = null;
        } else {
            this.trustManagers = trustManagerArr;
        }
    }

    public SSLUtil(KeyManager keyManager, TrustManager trustManager) {
        if (keyManager == null) {
            this.keyManagers = null;
        } else {
            this.keyManagers = new KeyManager[]{keyManager};
        }
        if (trustManager == null) {
            this.trustManagers = null;
        } else {
            this.trustManagers = new TrustManager[]{trustManager};
        }
    }

    public SSLUtil(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) {
        if (keyManagerArr == null || keyManagerArr.length == 0) {
            this.keyManagers = null;
        } else {
            this.keyManagers = keyManagerArr;
        }
        if (trustManagerArr == null || trustManagerArr.length == 0) {
            this.trustManagers = null;
        } else {
            this.trustManagers = trustManagerArr;
        }
    }

    public KeyManager[] getKeyManagers() {
        return this.keyManagers;
    }

    public TrustManager[] getTrustManagers() {
        return this.trustManagers;
    }

    public SSLContext createSSLContext() throws GeneralSecurityException {
        return createSSLContext(DEFAULT_SSL_PROTOCOL.get());
    }

    public SSLContext createSSLContext(String str) throws GeneralSecurityException {
        Validator.ensureNotNull(str);
        SSLContext sSLContext = SSLContext.getInstance(str);
        sSLContext.init(this.keyManagers, this.trustManagers, null);
        return sSLContext;
    }

    public SSLContext createSSLContext(String str, String str2) throws GeneralSecurityException {
        Validator.ensureNotNull(str, str2);
        SSLContext sSLContext = SSLContext.getInstance(str, str2);
        sSLContext.init(this.keyManagers, this.trustManagers, null);
        return sSLContext;
    }

    public SSLSocketFactory createSSLSocketFactory() throws GeneralSecurityException {
        return createSSLContext().getSocketFactory();
    }

    public SSLSocketFactory createSSLSocketFactory(String str) throws GeneralSecurityException {
        return createSSLContext(str).getSocketFactory();
    }

    public SSLSocketFactory createSSLSocketFactory(String str, String str2) throws GeneralSecurityException {
        return createSSLContext(str, str2).getSocketFactory();
    }

    public SSLServerSocketFactory createSSLServerSocketFactory() throws GeneralSecurityException {
        return createSSLContext().getServerSocketFactory();
    }

    public SSLServerSocketFactory createSSLServerSocketFactory(String str) throws GeneralSecurityException {
        return createSSLContext(str).getServerSocketFactory();
    }

    public SSLServerSocketFactory createSSLServerSocketFactory(String str, String str2) throws GeneralSecurityException {
        return createSSLContext(str, str2).getServerSocketFactory();
    }

    public static String getDefaultSSLProtocol() {
        return DEFAULT_SSL_PROTOCOL.get();
    }

    public static void setDefaultSSLProtocol(String str) {
        Validator.ensureNotNull(str);
        DEFAULT_SSL_PROTOCOL.set(str);
    }

    public static Set<String> getEnabledSSLProtocols() {
        return ENABLED_SSL_PROTOCOLS.get();
    }

    public static void setEnabledSSLProtocols(Collection<String> collection) {
        if (collection == null) {
            ENABLED_SSL_PROTOCOLS.set(Collections.emptySet());
            LOWER_ENABLED_SSL_PROTOCOLS.set(Collections.emptySet());
            return;
        }
        HashSet hashSet = new HashSet(collection.size());
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            hashSet.add(StaticUtils.toLowerCase(it.next()));
        }
        ENABLED_SSL_PROTOCOLS.set(Collections.unmodifiableSet(new HashSet(collection)));
        LOWER_ENABLED_SSL_PROTOCOLS.set(Collections.unmodifiableSet(new HashSet(hashSet)));
    }

    public static void applyEnabledSSLProtocols(Socket socket) throws LDAPException {
        if (socket == null || !(socket instanceof SSLSocket)) {
            return;
        }
        Set<String> set = LOWER_ENABLED_SSL_PROTOCOLS.get();
        if (set.isEmpty()) {
            return;
        }
        SSLSocket sSLSocket = (SSLSocket) socket;
        String[] supportedProtocols = sSLSocket.getSupportedProtocols();
        ArrayList arrayList = new ArrayList(supportedProtocols.length);
        for (String str : supportedProtocols) {
            if (set.contains(StaticUtils.toLowerCase(str))) {
                arrayList.add(str);
            }
        }
        if (!arrayList.isEmpty()) {
            sSLSocket.setEnabledProtocols((String[]) arrayList.toArray(new String[arrayList.size()]));
            return;
        }
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = ENABLED_SSL_PROTOCOLS.get().iterator();
        while (it.hasNext()) {
            sb.append('\'');
            sb.append(it.next());
            sb.append('\'');
            if (it.hasNext()) {
                sb.append(", ");
            }
        }
        StringBuilder sb2 = new StringBuilder();
        for (int i = 0; i < supportedProtocols.length; i++) {
            if (i > 0) {
                sb2.append(", ");
            }
            sb2.append('\'');
            sb2.append(supportedProtocols[i]);
            sb2.append('\'');
        }
        throw new LDAPException(ResultCode.CONNECT_ERROR, SSLMessages.ERR_NO_ENABLED_SSL_PROTOCOLS_AVAILABLE_FOR_SOCKET.get(sb.toString(), sb2.toString(), PROPERTY_ENABLED_SSL_PROTOCOLS, SSLUtil.class.getName() + ".setEnabledSSLProtocols"));
    }

    static void configureSSLDefaults() {
        String property = System.getProperty(PROPERTY_DEFAULT_SSL_PROTOCOL);
        if (property == null || property.length() <= 0) {
            try {
                HashSet hashSet = new HashSet(Arrays.asList((String[]) Class.forName("javax.net.ssl.SSLParameters").getMethod("getProtocols", new Class[0]).invoke(SSLContext.class.getMethod("getSupportedSSLParameters", new Class[0]).invoke((SSLContext) SSLContext.class.getMethod("getDefault", new Class[0]).invoke(null, new Object[0]), new Object[0]), new Object[0])));
                if (hashSet.contains("TLSv1.2")) {
                    DEFAULT_SSL_PROTOCOL.set("TLSv1.2");
                } else if (hashSet.contains("TLSv1.1")) {
                    DEFAULT_SSL_PROTOCOL.set("TLSv1.1");
                } else if (hashSet.contains("TLSv1")) {
                    DEFAULT_SSL_PROTOCOL.set("TLSv1");
                }
            } catch (Exception e) {
                Debug.debugException(e);
            }
        } else {
            DEFAULT_SSL_PROTOCOL.set(property);
        }
        HashSet hashSet2 = new HashSet(10);
        hashSet2.add("TLSv1");
        if (DEFAULT_SSL_PROTOCOL.get().equals("TLSv1.2")) {
            hashSet2.add("TLSv1.1");
            hashSet2.add("TLSv1.2");
        } else if (DEFAULT_SSL_PROTOCOL.get().equals("TLSv1.1")) {
            hashSet2.add("TLSv1.1");
        }
        String property2 = System.getProperty(PROPERTY_ENABLED_SSL_PROTOCOLS);
        if (property2 != null && property2.length() > 0) {
            hashSet2.clear();
            StringTokenizer stringTokenizer = new StringTokenizer(property2, ", ", false);
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                if (nextToken.length() > 0) {
                    hashSet2.add(nextToken);
                }
            }
        }
        HashSet hashSet3 = new HashSet(hashSet2.size());
        Iterator it = hashSet2.iterator();
        while (it.hasNext()) {
            hashSet3.add(StaticUtils.toLowerCase((String) it.next()));
        }
        ENABLED_SSL_PROTOCOLS.set(Collections.unmodifiableSet(hashSet2));
        LOWER_ENABLED_SSL_PROTOCOLS.set(Collections.unmodifiableSet(hashSet3));
    }

    static {
        configureSSLDefaults();
    }
}
