package org.apache.geode.internal.net;

import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.geode.GemFireConfigException;
import org.apache.geode.distributed.internal.DistributionConfig;
import org.apache.geode.distributed.internal.DistributionConfigImpl;
import org.apache.geode.internal.admin.SSLConfig;
import org.apache.geode.internal.security.SecurableCommunicationChannel;

/* loaded from: input_file:org/apache/geode/internal/net/SSLConfigurationFactory.class */
public class SSLConfigurationFactory {
    public static final String JAVAX_KEYSTORE = "javax.net.ssl.keyStore";
    public static final String JAVAX_KEYSTORE_TYPE = "javax.net.ssl.keyStoreType";
    public static final String JAVAX_KEYSTORE_PASSWORD = "javax.net.ssl.keyStorePassword";
    public static final String JAVAX_TRUSTSTORE = "javax.net.ssl.trustStore";
    public static final String JAVAX_TRUSTSTORE_PASSWORD = "javax.net.ssl.trustStorePassword";
    public static final String JAVAX_TRUSTSTORE_TYPE = "javax.net.ssl.trustStoreType";
    private static SSLConfigurationFactory instance = new SSLConfigurationFactory();
    private DistributionConfig distributionConfig = null;
    private Map<SecurableCommunicationChannel, SSLConfig> registeredSSLConfig = new HashMap();

    private SSLConfigurationFactory() {
    }

    private static synchronized SSLConfigurationFactory getInstance() {
        if (instance == null) {
            instance = new SSLConfigurationFactory();
        }
        return instance;
    }

    private DistributionConfig getDistributionConfig() {
        if (this.distributionConfig == null) {
            throw new GemFireConfigException("SSL Configuration requires a valid distribution config.");
        }
        return this.distributionConfig;
    }

    public static void setDistributionConfig(DistributionConfig distributionConfig) {
        if (distributionConfig == null) {
            throw new GemFireConfigException("SSL Configuration requires a valid distribution config.");
        }
        getInstance().distributionConfig = distributionConfig;
    }

    @Deprecated
    public static SSLConfig getSSLConfigForComponent(SecurableCommunicationChannel securableCommunicationChannel) {
        SSLConfig registeredSSLConfigForComponent = getInstance().getRegisteredSSLConfigForComponent(securableCommunicationChannel);
        if (registeredSSLConfigForComponent == null) {
            registeredSSLConfigForComponent = getInstance().createSSLConfigForComponent(securableCommunicationChannel);
            getInstance().registeredSSLConfigForComponent(securableCommunicationChannel, registeredSSLConfigForComponent);
        }
        return registeredSSLConfigForComponent;
    }

    private synchronized void registeredSSLConfigForComponent(SecurableCommunicationChannel securableCommunicationChannel, SSLConfig sSLConfig) {
        this.registeredSSLConfig.put(securableCommunicationChannel, sSLConfig);
    }

    private SSLConfig createSSLConfigForComponent(SecurableCommunicationChannel securableCommunicationChannel) {
        return createSSLConfigForComponent(getDistributionConfig(), securableCommunicationChannel);
    }

    private SSLConfig createSSLConfigForComponent(DistributionConfig distributionConfig, SecurableCommunicationChannel securableCommunicationChannel) {
        SSLConfig createSSLConfig = createSSLConfig(distributionConfig, securableCommunicationChannel);
        SecurableCommunicationChannel[] securableCommunicationChannels = distributionConfig.getSecurableCommunicationChannels();
        if (securableCommunicationChannels.length == 0) {
            createSSLConfig = configureLegacyClusterSSL(distributionConfig, createSSLConfig);
        }
        createSSLConfig.setSecurableCommunicationChannel(securableCommunicationChannel);
        switch (securableCommunicationChannel) {
            case ALL:
                createSSLConfigForComponent(distributionConfig, SecurableCommunicationChannel.WEB);
                break;
            case CLUSTER:
                if (securableCommunicationChannels.length <= 0) {
                    createSSLConfig = configureLegacyClusterSSL(distributionConfig, createSSLConfig);
                    break;
                } else {
                    createSSLConfig = setAliasForComponent(createSSLConfig, distributionConfig.getClusterSSLAlias());
                    break;
                }
            case LOCATOR:
                if (securableCommunicationChannels.length > 0) {
                    createSSLConfig = setAliasForComponent(createSSLConfig, distributionConfig.getLocatorSSLAlias());
                    break;
                }
                break;
            case SERVER:
                if (securableCommunicationChannels.length <= 0) {
                    createSSLConfig = configureLegacyServerSSL(distributionConfig, createSSLConfig);
                    break;
                } else {
                    createSSLConfig = setAliasForComponent(createSSLConfig, distributionConfig.getServerSSLAlias());
                    break;
                }
            case GATEWAY:
                if (securableCommunicationChannels.length <= 0) {
                    createSSLConfig = configureLegacyGatewaySSL(distributionConfig, createSSLConfig);
                    break;
                } else {
                    createSSLConfig = setAliasForComponent(createSSLConfig, distributionConfig.getGatewaySSLAlias());
                    break;
                }
            case WEB:
                if (securableCommunicationChannels.length <= 0) {
                    createSSLConfig = configureLegacyHttpServiceSSL(distributionConfig, createSSLConfig);
                    break;
                } else {
                    createSSLConfig = setAliasForComponent(createSSLConfig, distributionConfig.getHTTPServiceSSLAlias());
                    createSSLConfig.setRequireAuth(distributionConfig.getSSLWebRequireAuthentication());
                    break;
                }
            case JMX:
                if (securableCommunicationChannels.length <= 0) {
                    createSSLConfig = configureLegacyJMXSSL(distributionConfig, createSSLConfig);
                    break;
                } else {
                    createSSLConfig = setAliasForComponent(createSSLConfig, distributionConfig.getJMXSSLAlias());
                    break;
                }
        }
        configureSSLPropertiesFromSystemProperties(createSSLConfig);
        return createSSLConfig;
    }

    private SSLConfig setAliasForComponent(SSLConfig sSLConfig, String str) {
        if (!StringUtils.isEmpty(str)) {
            sSLConfig.setAlias(str);
        }
        return sSLConfig;
    }

    private SSLConfig createSSLConfig(DistributionConfig distributionConfig, SecurableCommunicationChannel securableCommunicationChannel) {
        SSLConfig sSLConfig = new SSLConfig();
        sSLConfig.setCiphers(distributionConfig.getSSLCiphers());
        sSLConfig.setEndpointIdentificationEnabled(distributionConfig.getSSLEndPointIdentificationEnabled());
        sSLConfig.setEnabled(determineIfSSLEnabledForSSLComponent(distributionConfig, securableCommunicationChannel));
        sSLConfig.setKeystore(distributionConfig.getSSLKeyStore());
        sSLConfig.setKeystorePassword(distributionConfig.getSSLKeyStorePassword());
        sSLConfig.setKeystoreType(distributionConfig.getSSLKeyStoreType());
        sSLConfig.setTruststore(distributionConfig.getSSLTrustStore());
        sSLConfig.setTruststorePassword(distributionConfig.getSSLTrustStorePassword());
        sSLConfig.setTruststoreType(distributionConfig.getSSLTrustStoreType());
        sSLConfig.setProtocols(distributionConfig.getSSLProtocols());
        sSLConfig.setRequireAuth(distributionConfig.getSSLRequireAuthentication());
        sSLConfig.setAlias(distributionConfig.getSSLDefaultAlias());
        sSLConfig.setUseDefaultSSLContext(distributionConfig.getSSLUseDefaultContext());
        return sSLConfig;
    }

    private boolean determineIfSSLEnabledForSSLComponent(DistributionConfig distributionConfig, SecurableCommunicationChannel securableCommunicationChannel) {
        if (ArrayUtils.contains(distributionConfig.getSecurableCommunicationChannels(), SecurableCommunicationChannel.ALL)) {
            return true;
        }
        return ArrayUtils.contains(distributionConfig.getSecurableCommunicationChannels(), securableCommunicationChannel);
    }

    private SSLConfig configureLegacyClusterSSL(DistributionConfig distributionConfig, SSLConfig sSLConfig) {
        sSLConfig.setCiphers(distributionConfig.getClusterSSLCiphers());
        sSLConfig.setEnabled(distributionConfig.getClusterSSLEnabled());
        sSLConfig.setKeystore(distributionConfig.getClusterSSLKeyStore());
        sSLConfig.setKeystorePassword(distributionConfig.getClusterSSLKeyStorePassword());
        sSLConfig.setKeystoreType(distributionConfig.getClusterSSLKeyStoreType());
        sSLConfig.setTruststore(distributionConfig.getClusterSSLTrustStore());
        sSLConfig.setTruststorePassword(distributionConfig.getClusterSSLTrustStorePassword());
        sSLConfig.setTruststoreType(distributionConfig.getClusterSSLKeyStoreType());
        sSLConfig.setProtocols(distributionConfig.getClusterSSLProtocols());
        sSLConfig.setRequireAuth(distributionConfig.getClusterSSLRequireAuthentication());
        return sSLConfig;
    }

    private SSLConfig configureLegacyServerSSL(DistributionConfig distributionConfig, SSLConfig sSLConfig) {
        sSLConfig.setCiphers(distributionConfig.getServerSSLCiphers());
        sSLConfig.setEnabled(distributionConfig.getServerSSLEnabled());
        sSLConfig.setKeystore(distributionConfig.getServerSSLKeyStore());
        sSLConfig.setKeystorePassword(distributionConfig.getServerSSLKeyStorePassword());
        sSLConfig.setKeystoreType(distributionConfig.getServerSSLKeyStoreType());
        sSLConfig.setTruststore(distributionConfig.getServerSSLTrustStore());
        sSLConfig.setTruststorePassword(distributionConfig.getServerSSLTrustStorePassword());
        sSLConfig.setTruststoreType(distributionConfig.getServerSSLKeyStoreType());
        sSLConfig.setProtocols(distributionConfig.getServerSSLProtocols());
        sSLConfig.setRequireAuth(distributionConfig.getServerSSLRequireAuthentication());
        return sSLConfig;
    }

    private SSLConfig configureLegacyJMXSSL(DistributionConfig distributionConfig, SSLConfig sSLConfig) {
        sSLConfig.setCiphers(distributionConfig.getJmxManagerSSLCiphers());
        sSLConfig.setEnabled(distributionConfig.getJmxManagerSSLEnabled());
        sSLConfig.setKeystore(distributionConfig.getJmxManagerSSLKeyStore());
        sSLConfig.setKeystorePassword(distributionConfig.getJmxManagerSSLKeyStorePassword());
        sSLConfig.setKeystoreType(distributionConfig.getJmxManagerSSLKeyStoreType());
        sSLConfig.setTruststore(distributionConfig.getJmxManagerSSLTrustStore());
        sSLConfig.setTruststorePassword(distributionConfig.getJmxManagerSSLTrustStorePassword());
        sSLConfig.setTruststoreType(distributionConfig.getJmxManagerSSLKeyStoreType());
        sSLConfig.setProtocols(distributionConfig.getJmxManagerSSLProtocols());
        sSLConfig.setRequireAuth(distributionConfig.getJmxManagerSSLRequireAuthentication());
        return sSLConfig;
    }

    private SSLConfig configureLegacyGatewaySSL(DistributionConfig distributionConfig, SSLConfig sSLConfig) {
        sSLConfig.setCiphers(distributionConfig.getGatewaySSLCiphers());
        sSLConfig.setEnabled(distributionConfig.getGatewaySSLEnabled());
        sSLConfig.setKeystore(distributionConfig.getGatewaySSLKeyStore());
        sSLConfig.setKeystorePassword(distributionConfig.getGatewaySSLKeyStorePassword());
        sSLConfig.setKeystoreType(distributionConfig.getGatewaySSLKeyStoreType());
        sSLConfig.setTruststore(distributionConfig.getGatewaySSLTrustStore());
        sSLConfig.setTruststorePassword(distributionConfig.getGatewaySSLTrustStorePassword());
        sSLConfig.setProtocols(distributionConfig.getGatewaySSLProtocols());
        sSLConfig.setRequireAuth(distributionConfig.getGatewaySSLRequireAuthentication());
        return sSLConfig;
    }

    private SSLConfig configureLegacyHttpServiceSSL(DistributionConfig distributionConfig, SSLConfig sSLConfig) {
        sSLConfig.setCiphers(distributionConfig.getHttpServiceSSLCiphers());
        sSLConfig.setEnabled(distributionConfig.getHttpServiceSSLEnabled());
        sSLConfig.setKeystore(distributionConfig.getHttpServiceSSLKeyStore());
        sSLConfig.setKeystorePassword(distributionConfig.getHttpServiceSSLKeyStorePassword());
        sSLConfig.setKeystoreType(distributionConfig.getHttpServiceSSLKeyStoreType());
        sSLConfig.setTruststore(distributionConfig.getHttpServiceSSLTrustStore());
        sSLConfig.setTruststorePassword(distributionConfig.getHttpServiceSSLTrustStorePassword());
        sSLConfig.setTruststoreType(distributionConfig.getHttpServiceSSLKeyStoreType());
        sSLConfig.setProtocols(distributionConfig.getHttpServiceSSLProtocols());
        sSLConfig.setRequireAuth(distributionConfig.getHttpServiceSSLRequireAuthentication());
        return sSLConfig;
    }

    private SSLConfig configureSSLPropertiesFromSystemProperties(SSLConfig sSLConfig) {
        return configureSSLPropertiesFromSystemProperties(sSLConfig, null);
    }

    private SSLConfig configureSSLPropertiesFromSystemProperties(SSLConfig sSLConfig, Properties properties) {
        if (StringUtils.isEmpty(sSLConfig.getKeystore())) {
            sSLConfig.setKeystore(getValueFromSystemProperties(properties, JAVAX_KEYSTORE));
        }
        if (StringUtils.isEmpty(sSLConfig.getKeystoreType())) {
            sSLConfig.setKeystoreType(getValueFromSystemProperties(properties, JAVAX_KEYSTORE_TYPE));
        }
        if (StringUtils.isEmpty(sSLConfig.getKeystorePassword())) {
            sSLConfig.setKeystorePassword(getValueFromSystemProperties(properties, JAVAX_KEYSTORE_PASSWORD));
        }
        if (StringUtils.isEmpty(sSLConfig.getTruststore())) {
            sSLConfig.setTruststore(getValueFromSystemProperties(properties, JAVAX_TRUSTSTORE));
        }
        if (StringUtils.isEmpty(sSLConfig.getTruststorePassword())) {
            sSLConfig.setTruststorePassword(getValueFromSystemProperties(properties, JAVAX_TRUSTSTORE_PASSWORD));
        }
        if (StringUtils.isEmpty(sSLConfig.getTruststoreType())) {
            sSLConfig.setTruststoreType(getValueFromSystemProperties(properties, JAVAX_TRUSTSTORE_TYPE));
        }
        return sSLConfig;
    }

    private String getValueFromSystemProperties(Properties properties, String str) {
        String str2 = null;
        if (properties != null) {
            str2 = properties.getProperty(str);
        }
        if (str != null) {
            str2 = System.getProperty(str);
            if (str2 != null && str2.trim().equals("")) {
                str2 = System.getenv(str);
            }
        }
        return str2;
    }

    private SSLConfig getRegisteredSSLConfigForComponent(SecurableCommunicationChannel securableCommunicationChannel) {
        return this.registeredSSLConfig.get(securableCommunicationChannel);
    }

    public static void close() {
        getInstance().clearSSLConfigForAllComponents();
        getInstance().distributionConfig = null;
    }

    private void clearSSLConfigForAllComponents() {
        this.registeredSSLConfig.clear();
    }

    @Deprecated
    public static SSLConfig getSSLConfigForComponent(boolean z, boolean z2, String str, String str2, Properties properties, String str3) {
        SSLConfig sSLConfig = new SSLConfig();
        sSLConfig.setAlias(str3);
        sSLConfig.setCiphers(str2);
        sSLConfig.setProtocols(str);
        sSLConfig.setRequireAuth(z2);
        sSLConfig.setEnabled(z);
        return getInstance().configureSSLPropertiesFromSystemProperties(sSLConfig, properties);
    }

    public static SSLConfig getSSLConfigForComponent(DistributionConfig distributionConfig, SecurableCommunicationChannel securableCommunicationChannel) {
        return getInstance().createSSLConfigForComponent(distributionConfig, securableCommunicationChannel);
    }

    public static SSLConfig getSSLConfigForComponent(Properties properties, SecurableCommunicationChannel securableCommunicationChannel) {
        return getInstance().createSSLConfigForComponent(new DistributionConfigImpl(properties), securableCommunicationChannel);
    }
}
