package org.apache.geode.internal.net;

import java.util.Properties;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.geode.annotations.Immutable;
import org.apache.geode.distributed.internal.DistributionConfig;
import org.apache.geode.distributed.internal.DistributionConfigImpl;
import org.apache.geode.internal.net.SSLConfig;
import org.apache.geode.internal.security.SecurableCommunicationChannel;

/* loaded from: input_file:org/apache/geode/internal/net/SSLConfigurationFactory.class */
public class SSLConfigurationFactory {
    public static final String JAVAX_KEYSTORE = "javax.net.ssl.keyStore";
    public static final String JAVAX_KEYSTORE_TYPE = "javax.net.ssl.keyStoreType";
    public static final String JAVAX_KEYSTORE_PASSWORD = "javax.net.ssl.keyStorePassword";
    public static final String JAVAX_TRUSTSTORE = "javax.net.ssl.trustStore";
    public static final String JAVAX_TRUSTSTORE_TYPE = "javax.net.ssl.trustStoreType";
    public static final String JAVAX_TRUSTSTORE_PASSWORD = "javax.net.ssl.trustStorePassword";
    public static final String GEODE_SSL_CONFIG_PROPERTIES = "org.apache.geode.internal.net.ssl.config";

    @Immutable
    private static final SSLConfigurationFactory instance = new SSLConfigurationFactory();

    private SSLConfigurationFactory() {
    }

    private SSLConfig createSSLConfigForComponent(DistributionConfig distributionConfig, SecurableCommunicationChannel securableCommunicationChannel) {
        SSLConfig.Builder createSSLConfigBuilder = createSSLConfigBuilder(distributionConfig, securableCommunicationChannel);
        SecurableCommunicationChannel[] securableCommunicationChannels = distributionConfig.getSecurableCommunicationChannels();
        if (securableCommunicationChannels.length == 0) {
            configureLegacyClusterSSL(distributionConfig, createSSLConfigBuilder);
        }
        createSSLConfigBuilder.setSecurableCommunicationChannel(securableCommunicationChannel);
        switch (securableCommunicationChannel) {
            case CLUSTER:
                if (securableCommunicationChannels.length <= 0) {
                    configureLegacyClusterSSL(distributionConfig, createSSLConfigBuilder);
                    break;
                } else {
                    setAliasForComponent(createSSLConfigBuilder, distributionConfig.getClusterSSLAlias());
                    break;
                }
            case LOCATOR:
                if (securableCommunicationChannels.length > 0) {
                    setAliasForComponent(createSSLConfigBuilder, distributionConfig.getLocatorSSLAlias());
                    break;
                }
                break;
            case SERVER:
                if (securableCommunicationChannels.length <= 0) {
                    configureLegacyServerSSL(distributionConfig, createSSLConfigBuilder);
                    break;
                } else {
                    setAliasForComponent(createSSLConfigBuilder, distributionConfig.getServerSSLAlias());
                    break;
                }
            case GATEWAY:
                if (securableCommunicationChannels.length <= 0) {
                    configureLegacyGatewaySSL(distributionConfig, createSSLConfigBuilder);
                    break;
                } else {
                    setAliasForComponent(createSSLConfigBuilder, distributionConfig.getGatewaySSLAlias());
                    break;
                }
            case WEB:
                if (securableCommunicationChannels.length <= 0) {
                    configureLegacyHttpServiceSSL(distributionConfig, createSSLConfigBuilder);
                    break;
                } else {
                    setAliasForComponent(createSSLConfigBuilder, distributionConfig.getHTTPServiceSSLAlias());
                    createSSLConfigBuilder.setRequireAuth(distributionConfig.getSSLWebRequireAuthentication());
                    break;
                }
            case JMX:
                if (securableCommunicationChannels.length <= 0) {
                    configureLegacyJMXSSL(distributionConfig, createSSLConfigBuilder);
                    break;
                } else {
                    setAliasForComponent(createSSLConfigBuilder, distributionConfig.getJMXSSLAlias());
                    break;
                }
        }
        configureSSLPropertiesFromSystemProperties(createSSLConfigBuilder);
        return createSSLConfigBuilder.build();
    }

    private SSLConfig.Builder setAliasForComponent(SSLConfig.Builder builder, String str) {
        if (!StringUtils.isEmpty(str)) {
            builder.setAlias(str);
        }
        return builder;
    }

    private SSLConfig.Builder createSSLConfigBuilder(DistributionConfig distributionConfig, SecurableCommunicationChannel securableCommunicationChannel) {
        SSLConfig.Builder builder = new SSLConfig.Builder();
        builder.setCiphers(distributionConfig.getSSLCiphers());
        builder.setEndpointIdentificationEnabled(distributionConfig.getSSLEndPointIdentificationEnabled());
        builder.setEnabled(determineIfSSLEnabledForSSLComponent(distributionConfig, securableCommunicationChannel));
        builder.setKeystore(distributionConfig.getSSLKeyStore());
        builder.setKeystorePassword(distributionConfig.getSSLKeyStorePassword());
        builder.setKeystoreType(distributionConfig.getSSLKeyStoreType());
        builder.setTruststore(distributionConfig.getSSLTrustStore());
        builder.setTruststorePassword(distributionConfig.getSSLTrustStorePassword());
        builder.setTruststoreType(distributionConfig.getSSLTrustStoreType());
        builder.setProtocols(distributionConfig.getSSLProtocols());
        builder.setClientProtocols(distributionConfig.getSSLClientProtocols());
        builder.setServerProtocols(distributionConfig.getSSLServerProtocols());
        builder.setRequireAuth(distributionConfig.getSSLRequireAuthentication());
        builder.setAlias(distributionConfig.getSSLDefaultAlias());
        builder.setUseDefaultSSLContext(distributionConfig.getSSLUseDefaultContext());
        builder.setSSLParameterExtension(distributionConfig.getSSLParameterExtension());
        return builder;
    }

    private boolean determineIfSSLEnabledForSSLComponent(DistributionConfig distributionConfig, SecurableCommunicationChannel securableCommunicationChannel) {
        if (ArrayUtils.contains(distributionConfig.getSecurableCommunicationChannels(), SecurableCommunicationChannel.ALL)) {
            return true;
        }
        return ArrayUtils.contains(distributionConfig.getSecurableCommunicationChannels(), securableCommunicationChannel);
    }

    @Deprecated
    private SSLConfig.Builder configureLegacyClusterSSL(DistributionConfig distributionConfig, SSLConfig.Builder builder) {
        builder.setCiphers(distributionConfig.getClusterSSLCiphers());
        builder.setEnabled(distributionConfig.getClusterSSLEnabled());
        builder.setKeystore(distributionConfig.getClusterSSLKeyStore());
        builder.setKeystorePassword(distributionConfig.getClusterSSLKeyStorePassword());
        builder.setKeystoreType(distributionConfig.getClusterSSLKeyStoreType());
        builder.setTruststore(distributionConfig.getClusterSSLTrustStore());
        builder.setTruststorePassword(distributionConfig.getClusterSSLTrustStorePassword());
        builder.setTruststoreType(distributionConfig.getClusterSSLKeyStoreType());
        builder.setProtocols(distributionConfig.getClusterSSLProtocols());
        builder.setRequireAuth(distributionConfig.getClusterSSLRequireAuthentication());
        return builder;
    }

    @Deprecated
    private SSLConfig.Builder configureLegacyServerSSL(DistributionConfig distributionConfig, SSLConfig.Builder builder) {
        builder.setCiphers(distributionConfig.getServerSSLCiphers());
        builder.setEnabled(distributionConfig.getServerSSLEnabled());
        builder.setKeystore(distributionConfig.getServerSSLKeyStore());
        builder.setKeystorePassword(distributionConfig.getServerSSLKeyStorePassword());
        builder.setKeystoreType(distributionConfig.getServerSSLKeyStoreType());
        builder.setTruststore(distributionConfig.getServerSSLTrustStore());
        builder.setTruststorePassword(distributionConfig.getServerSSLTrustStorePassword());
        builder.setTruststoreType(distributionConfig.getServerSSLKeyStoreType());
        builder.setProtocols(distributionConfig.getServerSSLProtocols());
        builder.setRequireAuth(distributionConfig.getServerSSLRequireAuthentication());
        return builder;
    }

    @Deprecated
    private SSLConfig.Builder configureLegacyJMXSSL(DistributionConfig distributionConfig, SSLConfig.Builder builder) {
        builder.setCiphers(distributionConfig.getJmxManagerSSLCiphers());
        builder.setEnabled(distributionConfig.getJmxManagerSSLEnabled());
        builder.setKeystore(distributionConfig.getJmxManagerSSLKeyStore());
        builder.setKeystorePassword(distributionConfig.getJmxManagerSSLKeyStorePassword());
        builder.setKeystoreType(distributionConfig.getJmxManagerSSLKeyStoreType());
        builder.setTruststore(distributionConfig.getJmxManagerSSLTrustStore());
        builder.setTruststorePassword(distributionConfig.getJmxManagerSSLTrustStorePassword());
        builder.setTruststoreType(distributionConfig.getJmxManagerSSLKeyStoreType());
        builder.setProtocols(distributionConfig.getJmxManagerSSLProtocols());
        builder.setRequireAuth(distributionConfig.getJmxManagerSSLRequireAuthentication());
        return builder;
    }

    @Deprecated
    private SSLConfig.Builder configureLegacyGatewaySSL(DistributionConfig distributionConfig, SSLConfig.Builder builder) {
        builder.setCiphers(distributionConfig.getGatewaySSLCiphers());
        builder.setEnabled(distributionConfig.getGatewaySSLEnabled());
        builder.setKeystore(distributionConfig.getGatewaySSLKeyStore());
        builder.setEndpointIdentificationEnabled(distributionConfig.getSSLEndPointIdentificationEnabled());
        builder.setKeystorePassword(distributionConfig.getGatewaySSLKeyStorePassword());
        builder.setKeystoreType(distributionConfig.getGatewaySSLKeyStoreType());
        builder.setTruststore(distributionConfig.getGatewaySSLTrustStore());
        builder.setTruststorePassword(distributionConfig.getGatewaySSLTrustStorePassword());
        builder.setProtocols(distributionConfig.getGatewaySSLProtocols());
        builder.setRequireAuth(distributionConfig.getGatewaySSLRequireAuthentication());
        return builder;
    }

    @Deprecated
    private SSLConfig.Builder configureLegacyHttpServiceSSL(DistributionConfig distributionConfig, SSLConfig.Builder builder) {
        builder.setCiphers(distributionConfig.getHttpServiceSSLCiphers());
        builder.setEnabled(distributionConfig.getHttpServiceSSLEnabled());
        builder.setKeystore(distributionConfig.getHttpServiceSSLKeyStore());
        builder.setKeystorePassword(distributionConfig.getHttpServiceSSLKeyStorePassword());
        builder.setKeystoreType(distributionConfig.getHttpServiceSSLKeyStoreType());
        builder.setTruststore(distributionConfig.getHttpServiceSSLTrustStore());
        builder.setTruststorePassword(distributionConfig.getHttpServiceSSLTrustStorePassword());
        builder.setTruststoreType(distributionConfig.getHttpServiceSSLKeyStoreType());
        builder.setProtocols(distributionConfig.getHttpServiceSSLProtocols());
        builder.setRequireAuth(distributionConfig.getHttpServiceSSLRequireAuthentication());
        return builder;
    }

    private SSLConfig.Builder configureSSLPropertiesFromSystemProperties(SSLConfig.Builder builder) {
        return configureSSLPropertiesFromSystemProperties(builder, null);
    }

    private SSLConfig.Builder configureSSLPropertiesFromSystemProperties(SSLConfig.Builder builder, Properties properties) {
        if (StringUtils.isEmpty(builder.getKeystore())) {
            builder.setKeystore(getValueFromSystemProperties(properties, JAVAX_KEYSTORE));
        }
        if (StringUtils.isEmpty(builder.getKeystoreType())) {
            builder.setKeystoreType(getValueFromSystemProperties(properties, JAVAX_KEYSTORE_TYPE));
        }
        if (StringUtils.isEmpty(builder.getKeystorePassword())) {
            builder.setKeystorePassword(getValueFromSystemProperties(properties, JAVAX_KEYSTORE_PASSWORD));
        }
        if (StringUtils.isEmpty(builder.getTruststore())) {
            builder.setTruststore(getValueFromSystemProperties(properties, JAVAX_TRUSTSTORE));
        }
        if (StringUtils.isEmpty(builder.getTruststorePassword())) {
            builder.setTruststorePassword(getValueFromSystemProperties(properties, JAVAX_TRUSTSTORE_PASSWORD));
        }
        if (StringUtils.isEmpty(builder.getTruststoreType())) {
            builder.setTruststoreType(getValueFromSystemProperties(properties, JAVAX_TRUSTSTORE_TYPE));
        }
        return builder;
    }

    private String getValueFromSystemProperties(Properties properties, String str) {
        String str2 = null;
        if (properties != null) {
            str2 = properties.getProperty(str);
        }
        if (str != null) {
            str2 = System.getProperty(str);
            if (str2 != null && str2.trim().equals("")) {
                str2 = System.getenv(str);
            }
        }
        return str2;
    }

    @Deprecated
    public static SSLConfig getSSLConfigForComponent(boolean z, boolean z2, String str, String str2, Properties properties, String str3) {
        SSLConfig.Builder builder = new SSLConfig.Builder();
        builder.setAlias(str3);
        builder.setCiphers(str2);
        builder.setProtocols(str);
        builder.setRequireAuth(z2);
        builder.setEnabled(z);
        instance.configureSSLPropertiesFromSystemProperties(builder, properties);
        return builder.build();
    }

    public static SSLConfig getSSLConfigForComponent(DistributionConfig distributionConfig, SecurableCommunicationChannel securableCommunicationChannel) {
        return instance.createSSLConfigForComponent(distributionConfig, securableCommunicationChannel);
    }

    public static SSLConfig getSSLConfigForComponent(Properties properties, SecurableCommunicationChannel securableCommunicationChannel) {
        return instance.createSSLConfigForComponent(new DistributionConfigImpl(properties), securableCommunicationChannel);
    }
}
