package org.apache.nifi.web.util.ssl;

import java.io.File;
import java.security.Security;
import javax.net.ssl.SSLContext;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.security.util.KeystoreType;
import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/web/util/ssl/SslContextUtils.class */
public class SslContextUtils {
    private static final Logger LOGGER = LoggerFactory.getLogger(SslContextUtils.class);
    private static final String TLS_DISABLED_ALGORITHMS_PROPERTY = "jdk.tls.disabledAlgorithms";
    private static final String DISABLED_ALGORITHMS = "SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, include jdk.disabled.namedCurves";
    private static final String KEYSTORE_PATH = "src/test/resources/keystore.jks";
    private static final String KEYSTORE_AND_TRUSTSTORE_PASSWORD = "passwordpassword";
    private static final String TRUSTSTORE_PATH = "src/test/resources/truststore.jks";
    private static final TlsConfiguration KEYSTORE_TLS_CONFIGURATION;
    private static final TlsConfiguration TRUSTSTORE_TLS_CONFIGURATION;

    public static SSLContext createKeyStoreSslContext() throws TlsException {
        return SslContextFactory.createSslContext(KEYSTORE_TLS_CONFIGURATION);
    }

    public static SSLContext createTrustStoreSslContext() throws TlsException {
        return SslContextFactory.createSslContext(TRUSTSTORE_TLS_CONFIGURATION);
    }

    public static SSLContext createSslContext(TlsConfiguration tlsConfiguration) throws TlsException {
        String keystorePath = tlsConfiguration.getKeystorePath();
        if (StringUtils.isNotBlank(keystorePath)) {
            new File(keystorePath).deleteOnExit();
        }
        String truststorePath = tlsConfiguration.getTruststorePath();
        if (StringUtils.isNotBlank(truststorePath)) {
            new File(truststorePath).deleteOnExit();
        }
        SSLContext createSslContext = SslContextFactory.createSslContext(tlsConfiguration);
        if (createSslContext == null) {
            throw new TlsException(String.format("Failed to create SSLContext from Configuration %s", tlsConfiguration));
        }
        return createSslContext;
    }

    static {
        String property = Security.getProperty(TLS_DISABLED_ALGORITHMS_PROPERTY);
        if (DISABLED_ALGORITHMS.equals(property)) {
            LOGGER.debug("Found Expected Default TLS Disabled Algorithms: {}", DISABLED_ALGORITHMS);
        } else {
            LOGGER.warn("Found System Default TLS Disabled Algorithms: {}", property);
            LOGGER.warn("Setting TLS Disabled Algorithms: {}", DISABLED_ALGORITHMS);
            Security.setProperty(TLS_DISABLED_ALGORITHMS_PROPERTY, DISABLED_ALGORITHMS);
        }
        KEYSTORE_TLS_CONFIGURATION = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_AND_TRUSTSTORE_PASSWORD, KEYSTORE_AND_TRUSTSTORE_PASSWORD, KeystoreType.JKS, TRUSTSTORE_PATH, KEYSTORE_AND_TRUSTSTORE_PASSWORD, KeystoreType.JKS, "TLSv1.2");
        TRUSTSTORE_TLS_CONFIGURATION = new StandardTlsConfiguration((String) null, (String) null, (String) null, (KeystoreType) null, TRUSTSTORE_PATH, KEYSTORE_AND_TRUSTSTORE_PASSWORD, KeystoreType.JKS, "TLSv1.2");
    }
}
