package org.apache.qpid.transport.network.security;

import java.util.List;
import java.util.Properties;
import java.util.regex.Pattern;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import org.apache.qpid.configuration.CommonProperties;
import org.apache.qpid.ssl.SSLContextFactory;
import org.apache.qpid.transport.ByteBufferSender;
import org.apache.qpid.transport.ConnectionSettings;
import org.apache.qpid.transport.ExceptionHandlingByteBufferReceiver;
import org.apache.qpid.transport.TransportException;
import org.apache.qpid.transport.network.security.sasl.SASLReceiver;
import org.apache.qpid.transport.network.security.sasl.SASLSender;
import org.apache.qpid.transport.network.security.ssl.SSLReceiver;
import org.apache.qpid.transport.network.security.ssl.SSLSender;
import org.apache.qpid.transport.network.security.ssl.SSLUtil;
import org.apache.qpid.util.Strings;

/* loaded from: input_file:org/apache/qpid/transport/network/security/SecurityLayerFactory.class */
public class SecurityLayerFactory {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/qpid/transport/network/security/SecurityLayerFactory$NullSecurityLayer.class */
    public static class NullSecurityLayer implements SecurityLayer {
        private static final NullSecurityLayer INSTANCE = new NullSecurityLayer();

        private NullSecurityLayer() {
        }

        @Override // org.apache.qpid.transport.network.security.SecurityLayer
        public ByteBufferSender sender(ByteBufferSender byteBufferSender) {
            return byteBufferSender;
        }

        @Override // org.apache.qpid.transport.network.security.SecurityLayer
        public ExceptionHandlingByteBufferReceiver receiver(ExceptionHandlingByteBufferReceiver exceptionHandlingByteBufferReceiver) {
            return exceptionHandlingByteBufferReceiver;
        }

        @Override // org.apache.qpid.transport.network.security.SecurityLayer
        public String getUserID() {
            return null;
        }

        public static NullSecurityLayer getInstance() {
            return INSTANCE;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/qpid/transport/network/security/SecurityLayerFactory$SASLSecurityLayer.class */
    public static class SASLSecurityLayer implements SecurityLayer {
        private SecurityLayer _layer;

        SASLSecurityLayer(SecurityLayer securityLayer) {
            this._layer = securityLayer;
        }

        @Override // org.apache.qpid.transport.network.security.SecurityLayer
        public SASLSender sender(ByteBufferSender byteBufferSender) {
            return new SASLSender(this._layer.sender(byteBufferSender));
        }

        @Override // org.apache.qpid.transport.network.security.SecurityLayer
        public SASLReceiver receiver(ExceptionHandlingByteBufferReceiver exceptionHandlingByteBufferReceiver) {
            return new SASLReceiver(this._layer.receiver(exceptionHandlingByteBufferReceiver));
        }

        @Override // org.apache.qpid.transport.network.security.SecurityLayer
        public String getUserID() {
            return this._layer.getUserID();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/qpid/transport/network/security/SecurityLayerFactory$SSLSecurityLayer.class */
    public static class SSLSecurityLayer implements SecurityLayer {
        private static final Pattern JSON_ARRAY_PATTERN = Pattern.compile("\\s*\\[(\\s|.)*\\]\\s*");
        private final SSLEngine _engine;
        private final SSLStatus _sslStatus = new SSLStatus();
        private String _hostname;
        private SecurityLayer _layer;

        public SSLSecurityLayer(ConnectionSettings connectionSettings, SecurityLayer securityLayer) {
            this._layer = securityLayer;
            try {
                SSLContext buildClientContext = SSLContextFactory.buildClientContext(connectionSettings.getTrustManagers(), connectionSettings.getKeyManagers());
                if (connectionSettings.isVerifyHostname()) {
                    this._hostname = connectionSettings.getHost();
                }
                List<String> systemPropertyAsList = getSystemPropertyAsList(CommonProperties.QPID_CLIENT_SECURITY_TLS_PROTOCOL_WHITE_LIST, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST_DEFAULT);
                List<String> systemPropertyAsList2 = getSystemPropertyAsList(CommonProperties.QPID_CLIENT_SECURITY_TLS_PROTOCOL_BLACK_LIST, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST_DEFAULT);
                List<String> systemPropertyAsList3 = getSystemPropertyAsList(CommonProperties.QPID_CLIENT_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST, "");
                List<String> systemPropertyAsList4 = getSystemPropertyAsList(CommonProperties.QPID_CLIENT_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST, "");
                try {
                    this._engine = buildClientContext.createSSLEngine();
                    this._engine.setUseClientMode(true);
                    SSLUtil.updateEnabledTlsProtocols(this._engine, systemPropertyAsList, systemPropertyAsList2);
                    SSLUtil.updateEnabledCipherSuites(this._engine, systemPropertyAsList3, systemPropertyAsList4);
                } catch (Exception e) {
                    throw new TransportException("Error creating SSL Engine", e);
                }
            } catch (Exception e2) {
                throw new TransportException("Error creating SSL Context", e2);
            }
        }

        private List<String> getSystemPropertyAsList(String str, String str2, String str3) {
            Properties properties = System.getProperties();
            return Strings.split(properties.containsKey(str) ? properties.getProperty(str) : (!properties.containsKey(str2) || JSON_ARRAY_PATTERN.matcher(properties.getProperty(str2)).matches()) ? str3 : properties.getProperty(str2));
        }

        @Override // org.apache.qpid.transport.network.security.SecurityLayer
        public ByteBufferSender sender(ByteBufferSender byteBufferSender) {
            SSLSender sSLSender = new SSLSender(this._engine, this._layer.sender(byteBufferSender), this._sslStatus);
            sSLSender.setHostname(this._hostname);
            return sSLSender;
        }

        @Override // org.apache.qpid.transport.network.security.SecurityLayer
        public ExceptionHandlingByteBufferReceiver receiver(ExceptionHandlingByteBufferReceiver exceptionHandlingByteBufferReceiver) {
            SSLReceiver sSLReceiver = new SSLReceiver(this._engine, this._layer.receiver(exceptionHandlingByteBufferReceiver), this._sslStatus);
            sSLReceiver.setHostname(this._hostname);
            return sSLReceiver;
        }

        @Override // org.apache.qpid.transport.network.security.SecurityLayer
        public String getUserID() {
            return SSLUtil.retrieveIdentity(this._engine);
        }
    }

    private SecurityLayerFactory() {
    }

    public static SecurityLayer newInstance(ConnectionSettings connectionSettings) {
        SecurityLayer nullSecurityLayer = NullSecurityLayer.getInstance();
        if (connectionSettings.isUseSSL()) {
            nullSecurityLayer = new SSLSecurityLayer(connectionSettings, nullSecurityLayer);
        }
        if (connectionSettings.isUseSASLEncryption()) {
            nullSecurityLayer = new SASLSecurityLayer(nullSecurityLayer);
        }
        return nullSecurityLayer;
    }
}
