package org.apache.logging.log4j.core.net.ssl;

import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.util.Objects;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.logging.log4j.core.config.plugins.Plugin;
import org.apache.logging.log4j.core.config.plugins.PluginAttribute;
import org.apache.logging.log4j.core.config.plugins.PluginElement;
import org.apache.logging.log4j.core.config.plugins.PluginFactory;
import org.apache.logging.log4j.status.StatusLogger;

@Plugin(name = "Ssl", category = "Core", printObject = true)
/* loaded from: input_file:org/apache/logging/log4j/core/net/ssl/SslConfiguration.class */
public class SslConfiguration {
    private static final StatusLogger LOGGER = StatusLogger.getLogger();
    private final KeyStoreConfiguration keyStoreConfig;
    private final TrustStoreConfiguration trustStoreConfig;
    private final SSLContext sslContext;
    private final String protocol;
    private final boolean verifyHostName;

    private SslConfiguration(String str, KeyStoreConfiguration keyStoreConfiguration, TrustStoreConfiguration trustStoreConfiguration, boolean z) {
        this.keyStoreConfig = keyStoreConfiguration;
        this.trustStoreConfig = trustStoreConfiguration;
        this.protocol = str == null ? SslConfigurationDefaults.PROTOCOL : str;
        this.sslContext = createSslContext();
        this.verifyHostName = z;
    }

    public void clearSecrets() {
        if (this.keyStoreConfig != null) {
            this.keyStoreConfig.clearSecrets();
        }
        if (this.trustStoreConfig != null) {
            this.trustStoreConfig.clearSecrets();
        }
    }

    public SSLSocketFactory getSslSocketFactory() {
        return this.sslContext.getSocketFactory();
    }

    public SSLServerSocketFactory getSslServerSocketFactory() {
        return this.sslContext.getServerSocketFactory();
    }

    private SSLContext createSslContext() {
        SSLContext createSslContextWithTrustStoreFailure;
        try {
            createSslContextWithTrustStoreFailure = createSslContextBasedOnConfiguration();
            LOGGER.debug("Creating SSLContext with the given parameters");
        } catch (KeyStoreConfigurationException e) {
            createSslContextWithTrustStoreFailure = createSslContextWithKeyStoreFailure();
        } catch (TrustStoreConfigurationException e2) {
            createSslContextWithTrustStoreFailure = createSslContextWithTrustStoreFailure();
        }
        return createSslContextWithTrustStoreFailure;
    }

    private SSLContext createSslContextWithTrustStoreFailure() {
        SSLContext createDefaultSslContext;
        try {
            createDefaultSslContext = createSslContextWithDefaultTrustManagerFactory();
            LOGGER.debug("Creating SSLContext with default truststore");
        } catch (KeyStoreConfigurationException e) {
            createDefaultSslContext = createDefaultSslContext();
            LOGGER.debug("Creating SSLContext with default configuration");
        }
        return createDefaultSslContext;
    }

    private SSLContext createSslContextWithKeyStoreFailure() {
        SSLContext createDefaultSslContext;
        try {
            createDefaultSslContext = createSslContextWithDefaultKeyManagerFactory();
            LOGGER.debug("Creating SSLContext with default keystore");
        } catch (TrustStoreConfigurationException e) {
            createDefaultSslContext = createDefaultSslContext();
            LOGGER.debug("Creating SSLContext with default configuration");
        }
        return createDefaultSslContext;
    }

    private SSLContext createSslContextBasedOnConfiguration() throws KeyStoreConfigurationException, TrustStoreConfigurationException {
        return createSslContext(false, false);
    }

    private SSLContext createSslContextWithDefaultKeyManagerFactory() throws TrustStoreConfigurationException {
        try {
            return createSslContext(true, false);
        } catch (KeyStoreConfigurationException e) {
            LOGGER.debug("Exception occurred while using default keystore. This should be a BUG");
            return null;
        }
    }

    private SSLContext createSslContextWithDefaultTrustManagerFactory() throws KeyStoreConfigurationException {
        try {
            return createSslContext(false, true);
        } catch (TrustStoreConfigurationException e) {
            LOGGER.debug("Exception occurred while using default truststore. This should be a BUG");
            return null;
        }
    }

    private SSLContext createDefaultSslContext() {
        try {
            return SSLContext.getDefault();
        } catch (NoSuchAlgorithmException e) {
            LOGGER.error("Failed to create an SSLContext with default configuration", e);
            return null;
        }
    }

    private SSLContext createSslContext(boolean z, boolean z2) throws KeyStoreConfigurationException, TrustStoreConfigurationException {
        try {
            KeyManager[] keyManagerArr = null;
            TrustManager[] trustManagerArr = null;
            SSLContext sSLContext = SSLContext.getInstance(this.protocol);
            if (!z) {
                keyManagerArr = loadKeyManagerFactory().getKeyManagers();
            }
            if (!z2) {
                trustManagerArr = loadTrustManagerFactory().getTrustManagers();
            }
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            return sSLContext;
        } catch (KeyManagementException e) {
            LOGGER.error("Failed to initialize the SSLContext", e);
            throw new KeyStoreConfigurationException(e);
        } catch (NoSuchAlgorithmException e2) {
            LOGGER.error("No Provider supports a TrustManagerFactorySpi implementation for the specified protocol", e2);
            throw new TrustStoreConfigurationException(e2);
        }
    }

    private TrustManagerFactory loadTrustManagerFactory() throws TrustStoreConfigurationException {
        if (this.trustStoreConfig == null) {
            throw new TrustStoreConfigurationException(new Exception("The trustStoreConfiguration is null"));
        }
        try {
            return this.trustStoreConfig.initTrustManagerFactory();
        } catch (KeyStoreException e) {
            LOGGER.error("Failed to initialize the TrustManagerFactory", e);
            throw new TrustStoreConfigurationException(e);
        } catch (NoSuchAlgorithmException e2) {
            LOGGER.error("The specified algorithm is not available from the specified provider", e2);
            throw new TrustStoreConfigurationException(e2);
        }
    }

    private KeyManagerFactory loadKeyManagerFactory() throws KeyStoreConfigurationException {
        if (this.keyStoreConfig == null) {
            throw new KeyStoreConfigurationException(new Exception("The keyStoreConfiguration is null"));
        }
        try {
            return this.keyStoreConfig.initKeyManagerFactory();
        } catch (KeyStoreException e) {
            LOGGER.error("Failed to initialize the TrustManagerFactory", e);
            throw new KeyStoreConfigurationException(e);
        } catch (NoSuchAlgorithmException e2) {
            LOGGER.error("The specified algorithm is not available from the specified provider", e2);
            throw new KeyStoreConfigurationException(e2);
        } catch (UnrecoverableKeyException e3) {
            LOGGER.error("The key cannot be recovered (e.g. the given password is wrong)", e3);
            throw new KeyStoreConfigurationException(e3);
        }
    }

    @PluginFactory
    public static SslConfiguration createSSLConfiguration(@PluginAttribute("protocol") String str, @PluginElement("KeyStore") KeyStoreConfiguration keyStoreConfiguration, @PluginElement("TrustStore") TrustStoreConfiguration trustStoreConfiguration) {
        return new SslConfiguration(str, keyStoreConfiguration, trustStoreConfiguration, false);
    }

    public static SslConfiguration createSSLConfiguration(@PluginAttribute("protocol") String str, @PluginElement("KeyStore") KeyStoreConfiguration keyStoreConfiguration, @PluginElement("TrustStore") TrustStoreConfiguration trustStoreConfiguration, @PluginAttribute("verifyHostName") boolean z) {
        return new SslConfiguration(str, keyStoreConfiguration, trustStoreConfiguration, z);
    }

    public int hashCode() {
        return Objects.hash(this.keyStoreConfig, this.protocol, this.sslContext, this.trustStoreConfig);
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        SslConfiguration sslConfiguration = (SslConfiguration) obj;
        return Objects.equals(this.keyStoreConfig, sslConfiguration.keyStoreConfig) && Objects.equals(this.protocol, sslConfiguration.protocol) && Objects.equals(this.sslContext, sslConfiguration.sslContext) && Objects.equals(this.trustStoreConfig, sslConfiguration.trustStoreConfig);
    }

    public KeyStoreConfiguration getKeyStoreConfig() {
        return this.keyStoreConfig;
    }

    public TrustStoreConfiguration getTrustStoreConfig() {
        return this.trustStoreConfig;
    }

    public SSLContext getSslContext() {
        return this.sslContext;
    }

    public String getProtocol() {
        return this.protocol;
    }

    public boolean isVerifyHostName() {
        return this.verifyHostName;
    }
}
