package org.apache.directory.server.ldap.handlers.ssl;

import java.security.SecureRandom;
import java.util.List;
import javax.net.ssl.SSLContext;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.server.protocol.shared.transport.TcpTransport;
import org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder;
import org.apache.mina.core.filterchain.IoFilterChainBuilder;
import org.apache.mina.filter.ssl.SslFilter;

/* loaded from: input_file:apacheds-protocol-ldap-2.0.0.AM27.jar:org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.class */
public final class LdapsInitializer {
    private LdapsInitializer() {
    }

    public static IoFilterChainBuilder init(LdapServer ldapServer, TcpTransport tcpTransport) throws LdapException {
        try {
            SSLContext sSLContext = SSLContext.getInstance(LdapConnectionConfig.DEFAULT_SSL_PROTOCOL);
            sSLContext.init(ldapServer.getKeyManagerFactory().getKeyManagers(), ldapServer.getTrustManagers(), new SecureRandom());
            DefaultIoFilterChainBuilder defaultIoFilterChainBuilder = new DefaultIoFilterChainBuilder();
            SslFilter sslFilter = new SslFilter(sSLContext);
            List<String> cipherSuite = tcpTransport.getCipherSuite();
            if (cipherSuite != null && !cipherSuite.isEmpty()) {
                sslFilter.setEnabledCipherSuites((String[]) cipherSuite.toArray(new String[cipherSuite.size()]));
            }
            List<String> enabledProtocols = tcpTransport.getEnabledProtocols();
            if (enabledProtocols == null || enabledProtocols.isEmpty()) {
                sslFilter.setEnabledProtocols(new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"});
            } else {
                sslFilter.setEnabledProtocols((String[]) enabledProtocols.toArray(new String[enabledProtocols.size()]));
            }
            sslFilter.setNeedClientAuth(tcpTransport.isNeedClientAuth());
            sslFilter.setWantClientAuth(tcpTransport.isWantClientAuth());
            defaultIoFilterChainBuilder.addLast("sslFilter", sslFilter);
            return defaultIoFilterChainBuilder;
        } catch (Exception e) {
            throw new LdapException(I18n.err(I18n.ERR_683, new Object[0]), e);
        }
    }
}
