package org.apache.geode.management.internal;

import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Objects;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.lang3.StringUtils;
import org.apache.geode.internal.net.SSLConfig;

/* loaded from: input_file:org/apache/geode/management/internal/SSLUtil.class */
public class SSLUtil {
    public static SSLContext getSSLContextInstance(SSLConfig sSLConfig) {
        String[] protocolsAsStringArray = sSLConfig.getProtocolsAsStringArray();
        SSLContext sSLContext = null;
        if (protocolsAsStringArray != null && protocolsAsStringArray.length > 0) {
            for (String str : protocolsAsStringArray) {
                if (!str.equals("any")) {
                    try {
                        sSLContext = SSLContext.getInstance(str);
                        break;
                    } catch (NoSuchAlgorithmException e) {
                    }
                }
            }
        }
        if (sSLContext != null) {
            return sSLContext;
        }
        for (String str2 : new String[]{"SSL", "SSLv2", "SSLv3", "TLS", "TLSv1", "TLSv1.1", "TLSv1.2"}) {
            try {
                sSLContext = SSLContext.getInstance(str2);
                break;
            } catch (NoSuchAlgorithmException e2) {
            }
        }
        return sSLContext;
    }

    public static String[] readArray(String str) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        return str.split("[\\s,]+");
    }

    public static SSLContext createAndConfigureSSLContext(SSLConfig sSLConfig, boolean z) {
        try {
            if (sSLConfig.useDefaultSSLContext()) {
                return SSLContext.getDefault();
            }
            SSLContext sSLContextInstance = getSSLContextInstance(sSLConfig);
            sSLContextInstance.init(getKeyManagers(sSLConfig), getTrustManagers(sSLConfig, z), new SecureRandom());
            return sSLContextInstance;
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    private static KeyManager[] getKeyManagers(SSLConfig sSLConfig) throws Exception {
        FileInputStream fileInputStream = null;
        KeyManagerFactory keyManagerFactory = null;
        try {
            if (StringUtils.isNotBlank(sSLConfig.getKeystore())) {
                KeyStore keyStore = KeyStore.getInstance(Objects.toString(sSLConfig.getKeystoreType(), "JKS"));
                fileInputStream = new FileInputStream(sSLConfig.getKeystore());
                keyStore.load(fileInputStream, sSLConfig.getKeystorePassword().toCharArray());
                keyManagerFactory = KeyManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, sSLConfig.getKeystorePassword().toCharArray());
            }
            if (keyManagerFactory != null) {
                return keyManagerFactory.getKeyManagers();
            }
            return null;
        } finally {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
        }
    }

    private static TrustManager[] getTrustManagers(SSLConfig sSLConfig, boolean z) throws Exception {
        FileInputStream fileInputStream = null;
        TrustManagerFactory trustManagerFactory = null;
        if (z) {
            return new TrustManager[]{new X509TrustManager() { // from class: org.apache.geode.management.internal.SSLUtil.1
                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                }
            }};
        }
        try {
            if (StringUtils.isNotBlank(sSLConfig.getTruststore())) {
                KeyStore keyStore = KeyStore.getInstance(Objects.toString(sSLConfig.getTruststoreType(), "JKS"));
                fileInputStream = new FileInputStream(sSLConfig.getTruststore());
                keyStore.load(fileInputStream, sSLConfig.getTruststorePassword().toCharArray());
                trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
            }
            if (trustManagerFactory != null) {
                return trustManagerFactory.getTrustManagers();
            }
            return null;
        } finally {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
        }
    }
}
