package com.hivemq.spi.services.configuration.validation.validators;

import com.google.common.collect.ImmutableList;
import com.hivemq.spi.services.configuration.entity.Listener;
import com.hivemq.spi.services.configuration.entity.Tls;
import com.hivemq.spi.services.configuration.entity.TlsTcpListener;
import com.hivemq.spi.services.configuration.entity.TlsWebsocketListener;
import com.hivemq.spi.services.configuration.validation.ValidationError;
import com.hivemq.spi.services.configuration.validation.Validator;
import com.hivemq.spi.util.DefaultSslEngineUtil;
import com.hivemq.spi.util.SslException;
import java.io.File;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.security.Security;
import java.util.List;

/* loaded from: input_file:com/hivemq/spi/services/configuration/validation/validators/ListenerValidator.class */
public class ListenerValidator implements Validator<Listener> {
    @Override // com.hivemq.spi.services.configuration.validation.Validator
    public List<ValidationError> validate(Listener listener, String str) {
        ImmutableList.Builder<ValidationError> builder = ImmutableList.builder();
        validatePort(Integer.valueOf(listener.getPort()), builder);
        if (listener instanceof TlsWebsocketListener) {
            validateTls(((TlsWebsocketListener) listener).getTls(), builder);
        } else if (listener instanceof TlsTcpListener) {
            validateTls(((TlsTcpListener) listener).getTls(), builder);
        }
        return builder.build();
    }

    private void validateTls(Tls tls, ImmutableList.Builder<ValidationError> builder) {
        validateHandshake(tls, builder);
        validateKeyStoreType(tls, builder);
        validateTrustStoreType(tls, builder);
        validateKeyStorePath(tls, builder);
        validateTrustStorePath(tls, builder);
        validateCipherSuites(tls, builder);
        validateProtocols(tls, builder);
    }

    private void validatePort(Integer num, ImmutableList.Builder<ValidationError> builder) {
        if (num.intValue() < 1 || num.intValue() > 65535) {
            builder.add(new ValidationError("%d is a invalid port. A valid port must have a value between 1 and 65535.", num));
        }
    }

    private void validateHandshake(Tls tls, ImmutableList.Builder<ValidationError> builder) {
        Integer valueOf = Integer.valueOf(tls.getHandshakeTimeout());
        if (valueOf.intValue() < 0) {
            builder.add(new ValidationError("%d is a invalid handshake timeout. A valid handshake timeout must be >= 0", valueOf));
        }
    }

    private void validateKeyStoreType(Tls tls, ImmutableList.Builder<ValidationError> builder) {
        if (Security.getAlgorithms("KeyStore").contains(tls.getKeystoreType())) {
            return;
        }
        builder.add(new ValidationError("Keystore Type '%s' is not supported", tls.getKeystoreType()));
    }

    private void validateTrustStoreType(Tls tls, ImmutableList.Builder<ValidationError> builder) {
        if (Security.getAlgorithms("KeyStore").contains(tls.getTruststoreType())) {
            return;
        }
        builder.add(new ValidationError("Truststore Type '%s' is not supported", tls.getTruststoreType()));
    }

    private void validateKeyStorePath(Tls tls, ImmutableList.Builder<ValidationError> builder) {
        if (tls.getKeystorePath().trim().length() > 0) {
            File file = new File(tls.getKeystorePath());
            if (!file.exists()) {
                builder.add(new ValidationError("Keystore file '%s' does not exist", tls.getKeystorePath()));
            } else {
                if (Files.isReadable(FileSystems.getDefault().getPath(file.getAbsolutePath(), new String[0]))) {
                    return;
                }
                builder.add(new ValidationError("Keystore file '%s' is not readable, please check file permissions", tls.getKeystorePath()));
            }
        }
    }

    private void validateTrustStorePath(Tls tls, ImmutableList.Builder<ValidationError> builder) {
        if (tls.getTruststorePath().trim().length() > 0) {
            File file = new File(tls.getTruststorePath());
            if (!file.exists()) {
                builder.add(new ValidationError("Truststore file '%s' does not exist", tls.getTruststorePath()));
            } else {
                if (Files.isReadable(FileSystems.getDefault().getPath(file.getAbsolutePath(), new String[0]))) {
                    return;
                }
                builder.add(new ValidationError("Truststore file '%s' is not readable, please check file permissions", tls.getTruststorePath()));
            }
        }
    }

    private void validateProtocols(Tls tls, ImmutableList.Builder<ValidationError> builder) {
        try {
            checkSupportedList(new DefaultSslEngineUtil().getSupportedProtocols(), tls.getProtocols(), builder, "the protocol '%s' is not supported by this JVM", "None of the chosen TLS protocols is supported by this JVM");
        } catch (SslException e) {
            builder.add(new ValidationError(e.getMessage(), new Object[0]));
        }
    }

    private void validateCipherSuites(Tls tls, ImmutableList.Builder<ValidationError> builder) {
        try {
            checkSupportedList(new DefaultSslEngineUtil().getSupportedCipherSuites(), tls.getCipherSuites(), builder, "the cipher suite '%s' is not supported by this JVM", "None of the chosen TLS cipher suites is supported by this JVM");
        } catch (SslException e) {
            builder.add(new ValidationError(e.getMessage(), new Object[0]));
        }
    }

    private void checkSupportedList(List list, List list2, ImmutableList.Builder<ValidationError> builder, String str, String str2) {
        int i = 0;
        if (list2.size() < 1) {
            return;
        }
        for (Object obj : list2) {
            if (list.contains(obj)) {
                i++;
            } else {
                builder.add(new ValidationError(str, obj.toString()));
            }
        }
        if (i == 0) {
            builder.add(new ValidationError(str2, new Object[0]));
        }
    }
}
