package org.apache.directory.server.ldap.handlers.ssl;

import java.security.SecureRandom;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.NoVerificationTrustManager;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.server.ldap.LdapServer;
import org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder;
import org.apache.mina.core.filterchain.IoFilterChainBuilder;
import org.apache.mina.filter.ssl.SslFilter;

/* loaded from: input_file:org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.class */
public class LdapsInitializer {
    public static IoFilterChainBuilder init(LdapServer ldapServer) throws LdapException {
        try {
            SSLContext sSLContext = SSLContext.getInstance(LdapConnectionConfig.DEFAULT_SSL_PROTOCOL);
            sSLContext.init(ldapServer.getKeyManagerFactory().getKeyManagers(), new TrustManager[]{new NoVerificationTrustManager()}, new SecureRandom());
            DefaultIoFilterChainBuilder defaultIoFilterChainBuilder = new DefaultIoFilterChainBuilder();
            SslFilter sslFilter = new SslFilter(sSLContext);
            List<String> enabledCipherSuites = ldapServer.getEnabledCipherSuites();
            if (enabledCipherSuites != null && !enabledCipherSuites.isEmpty()) {
                sslFilter.setEnabledCipherSuites((String[]) enabledCipherSuites.toArray(new String[enabledCipherSuites.size()]));
            }
            sslFilter.setEnabledProtocols(new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"});
            sslFilter.setWantClientAuth(true);
            defaultIoFilterChainBuilder.addLast("sslFilter", sslFilter);
            return defaultIoFilterChainBuilder;
        } catch (Exception e) {
            throw new LdapException(I18n.err(I18n.ERR_683, new Object[0]), e);
        }
    }
}
