package org.apache.synapse.transport.nhttp.config;

import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axis2.AxisFault;
import org.apache.axis2.clustering.tribes.TribesConstants;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.description.TransportInDescription;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpHost;
import org.apache.http.params.HttpParams;
import org.apache.synapse.transport.certificatevalidation.RevocationVerificationManager;
import org.apache.synapse.transport.http.conn.SSLClientAuth;
import org.apache.synapse.transport.http.conn.SSLContextDetails;
import org.apache.synapse.transport.http.conn.ServerConnFactory;
import org.apache.synapse.transport.http.conn.ServerSSLSetupHandler;
import org.apache.synapse.transport.nhttp.NhttpConstants;
import org.apache.ws.security.WSConstants;

/* loaded from: input_file:WEB-INF/lib/synapse-nhttp-transport-2.1.7-wso2v48.jar:org/apache/synapse/transport/nhttp/config/ServerConnFactoryBuilder.class */
public class ServerConnFactoryBuilder {
    private final TransportInDescription transportIn;
    private final HttpHost host;
    private final String name;
    protected SSLContextDetails ssl;
    private final Log log = LogFactory.getLog(ServerConnFactoryBuilder.class);
    private Map<InetSocketAddress, SSLContextDetails> sslByIPMap = null;

    public ServerConnFactoryBuilder(TransportInDescription transportInDescription, HttpHost httpHost) {
        this.transportIn = transportInDescription;
        this.host = httpHost;
        this.name = transportInDescription.getName().toUpperCase(Locale.US);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SSLContextDetails createSSLContext(OMElement oMElement, OMElement oMElement2, OMElement oMElement3, OMElement oMElement4, OMElement oMElement5, RevocationVerificationManager revocationVerificationManager, String str) throws AxisFault {
        KeyManager[] keyManagerArr = null;
        TrustManager[] trustManagerArr = null;
        if (oMElement != null) {
            String valueOfElementWithLocalName = getValueOfElementWithLocalName(oMElement, "Location");
            String valueOfElementWithLocalName2 = getValueOfElementWithLocalName(oMElement, "Type");
            String valueOfElementWithLocalName3 = getValueOfElementWithLocalName(oMElement, WSConstants.PASSWORD_LN);
            String valueOfElementWithLocalName4 = getValueOfElementWithLocalName(oMElement, "KeyPassword");
            FileInputStream fileInputStream = null;
            try {
                try {
                    KeyStore keyStore = KeyStore.getInstance(valueOfElementWithLocalName2);
                    fileInputStream = new FileInputStream(valueOfElementWithLocalName);
                    if (this.log.isInfoEnabled()) {
                        this.log.debug(this.name + " Loading Identity Keystore from : " + valueOfElementWithLocalName);
                    }
                    keyStore.load(fileInputStream, valueOfElementWithLocalName3.toCharArray());
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore, valueOfElementWithLocalName4.toCharArray());
                    keyManagerArr = keyManagerFactory.getKeyManagers();
                    if (this.log.isInfoEnabled() && keyManagerArr != null) {
                        for (KeyManager keyManager : keyManagerArr) {
                            if (keyManager instanceof X509KeyManager) {
                                X509KeyManager x509KeyManager = (X509KeyManager) keyManager;
                                Enumeration<String> aliases = keyStore.aliases();
                                while (aliases.hasMoreElements()) {
                                    X509Certificate[] certificateChain = x509KeyManager.getCertificateChain(aliases.nextElement());
                                    if (certificateChain != null) {
                                        for (X509Certificate x509Certificate : certificateChain) {
                                            this.log.debug(this.name + " Subject DN: " + x509Certificate.getSubjectDN());
                                            this.log.debug(this.name + " Issuer DN: " + x509Certificate.getIssuerDN());
                                        }
                                    }
                                }
                            }
                        }
                    }
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e) {
                        }
                    }
                } finally {
                }
            } catch (IOException e2) {
                this.log.error(this.name + " Error opening Key store : " + valueOfElementWithLocalName, e2);
                throw new AxisFault("Error opening Key store : " + valueOfElementWithLocalName, e2);
            } catch (GeneralSecurityException e3) {
                this.log.error(this.name + " Error loading Key store : " + valueOfElementWithLocalName, e3);
                throw new AxisFault("Error loading Key store : " + valueOfElementWithLocalName, e3);
            }
        }
        if (oMElement2 != null) {
            String valueOfElementWithLocalName5 = getValueOfElementWithLocalName(oMElement2, "Location");
            String valueOfElementWithLocalName6 = getValueOfElementWithLocalName(oMElement2, "Type");
            String valueOfElementWithLocalName7 = getValueOfElementWithLocalName(oMElement2, WSConstants.PASSWORD_LN);
            FileInputStream fileInputStream2 = null;
            try {
                try {
                    try {
                        KeyStore keyStore2 = KeyStore.getInstance(valueOfElementWithLocalName6);
                        fileInputStream2 = new FileInputStream(valueOfElementWithLocalName5);
                        if (this.log.isInfoEnabled()) {
                            this.log.debug(this.name + " Loading Trust Keystore from : " + valueOfElementWithLocalName5);
                        }
                        keyStore2.load(fileInputStream2, valueOfElementWithLocalName7.toCharArray());
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory.init(keyStore2);
                        trustManagerArr = trustManagerFactory.getTrustManagers();
                        if (fileInputStream2 != null) {
                            try {
                                fileInputStream2.close();
                            } catch (IOException e4) {
                            }
                        }
                    } catch (GeneralSecurityException e5) {
                        this.log.error(this.name + " Error loading Key store : " + valueOfElementWithLocalName5, e5);
                        throw new AxisFault("Error loading Key store : " + valueOfElementWithLocalName5, e5);
                    }
                } finally {
                }
            } catch (IOException e6) {
                this.log.error(this.name + " Error opening Key store : " + valueOfElementWithLocalName5, e6);
                throw new AxisFault("Error opening Key store : " + valueOfElementWithLocalName5, e6);
            }
        }
        String text = oMElement3 != null ? oMElement3.getText() : null;
        SSLClientAuth sSLClientAuth = "optional".equalsIgnoreCase(text) ? SSLClientAuth.OPTIONAL : "require".equalsIgnoreCase(text) ? SSLClientAuth.REQUIRED : null;
        String[] strArr = null;
        String text2 = oMElement4 != null ? oMElement4.getText() : null;
        if (text2 != null && text2.trim().length() != 0) {
            String[] split = text2.trim().split(",");
            ArrayList arrayList = new ArrayList(split.length);
            for (String str2 : split) {
                if (!str2.trim().isEmpty()) {
                    arrayList.add(str2.trim());
                }
            }
            strArr = (String[]) arrayList.toArray(new String[arrayList.size()]);
        }
        String[] strArr2 = null;
        String text3 = oMElement5 != null ? oMElement5.getText() : null;
        if (text3 != null && text3.trim().length() != 0) {
            String[] split2 = text3.trim().split(",");
            ArrayList arrayList2 = new ArrayList(split2.length);
            for (String str3 : split2) {
                String trim = str3.trim();
                if (!trim.isEmpty()) {
                    arrayList2.add(trim);
                }
            }
            strArr2 = (String[]) arrayList2.toArray(new String[arrayList2.size()]);
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance(str != null ? str : "TLS");
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            return new SSLContextDetails(sSLContext, (sSLClientAuth == null && strArr == null && strArr2 == null) ? null : new ServerSSLSetupHandler(sSLClientAuth, strArr, revocationVerificationManager, strArr2));
        } catch (GeneralSecurityException e7) {
            this.log.error(this.name + " Unable to create SSL context with the given configuration", e7);
            throw new AxisFault("Unable to create SSL context with the given configuration", e7);
        }
    }

    public ServerConnFactoryBuilder parseSSL() throws AxisFault {
        Parameter parameter = this.transportIn.getParameter("keystore");
        Parameter parameter2 = this.transportIn.getParameter("truststore");
        Parameter parameter3 = this.transportIn.getParameter(NhttpConstants.SSL_VERIFY_CLIENT);
        Parameter parameter4 = this.transportIn.getParameter("HttpsProtocols");
        Parameter parameter5 = this.transportIn.getParameter("SSLProtocol");
        Parameter parameter6 = this.transportIn.getParameter(NhttpConstants.PREFERRED_CIPHERS);
        String obj = parameter5 != null ? parameter5.getValue().toString() : "TLS";
        OMElement firstElement = parameter != null ? parameter.getParameterElement().getFirstElement() : null;
        OMElement firstElement2 = parameter2 != null ? parameter2.getParameterElement().getFirstElement() : null;
        OMElement parameterElement = parameter3 != null ? parameter3.getParameterElement() : null;
        OMElement parameterElement2 = parameter4 != null ? parameter4.getParameterElement() : null;
        OMElement parameterElement3 = parameter6 != null ? parameter6.getParameterElement() : null;
        Parameter parameter7 = this.transportIn.getParameter("CertificateRevocationVerifier");
        RevocationVerificationManager revocationVerificationManager = null;
        if ("true".equalsIgnoreCase(parameter7 != null ? parameter7.getParameterElement().getAttribute(new QName("enable")).getAttributeValue() : null)) {
            String text = parameter7.getParameterElement().getFirstChildWithName(new QName("CacheSize")).getText();
            String text2 = parameter7.getParameterElement().getFirstChildWithName(new QName("CacheDelay")).getText();
            Integer num = null;
            Integer num2 = null;
            try {
                num = new Integer(text);
                num2 = new Integer(text2);
            } catch (NumberFormatException e) {
            }
            revocationVerificationManager = new RevocationVerificationManager(num, num2);
        }
        this.ssl = createSSLContext(firstElement, firstElement2, parameterElement, parameterElement2, parameterElement3, revocationVerificationManager, obj);
        return this;
    }

    public ServerConnFactoryBuilder parseMultiProfileSSL() throws AxisFault {
        if (loadMultiProfileSSLConfig() == null) {
            return this;
        }
        Iterator childrenWithName = this.transportIn.getParameter("SSLProfiles").getParameterElement().getChildrenWithName(new QName("profile"));
        while (childrenWithName.hasNext()) {
            OMElement oMElement = (OMElement) childrenWithName.next();
            OMElement firstChildWithName = oMElement.getFirstChildWithName(new QName(TribesConstants.BIND_ADDRESS));
            if (firstChildWithName == null) {
                this.log.error(this.name + " SSL profile must define a bind address");
                throw new AxisFault("SSL profile must define a bind address");
            }
            InetSocketAddress inetSocketAddress = new InetSocketAddress(firstChildWithName.getText(), this.host.getPort());
            OMElement firstChildWithName2 = oMElement.getFirstChildWithName(new QName("KeyStore"));
            OMElement firstChildWithName3 = oMElement.getFirstChildWithName(new QName("TrustStore"));
            OMElement firstChildWithName4 = oMElement.getFirstChildWithName(new QName(NhttpConstants.SSL_VERIFY_CLIENT));
            OMElement firstChildWithName5 = oMElement.getFirstChildWithName(new QName("HttpsProtocols"));
            OMElement firstChildWithName6 = oMElement.getFirstChildWithName(new QName(NhttpConstants.PREFERRED_CIPHERS));
            Parameter parameter = this.transportIn.getParameter("SSLProtocol");
            SSLContextDetails createSSLContext = createSSLContext(firstChildWithName2, firstChildWithName3, firstChildWithName4, firstChildWithName5, firstChildWithName6, null, parameter != null ? parameter.getValue().toString() : "TLS");
            if (this.sslByIPMap == null) {
                this.sslByIPMap = new HashMap();
            }
            this.sslByIPMap.put(inetSocketAddress, createSSLContext);
        }
        return this;
    }

    public TransportInDescription loadMultiProfileSSLConfig() {
        Parameter parameter = this.transportIn.getParameter("dynamicSSLProfilesConfig");
        if (parameter == null) {
            if (this.transportIn.getParameter("SSLProfiles") != null) {
                return this.transportIn;
            }
            return null;
        }
        String text = parameter.getParameterElement().getFirstChildWithName(new QName("filePath")).getText();
        if (text == null) {
            return null;
        }
        try {
            String str = System.getProperty("user.dir") + (text.startsWith(System.getProperty("file.separator")) ? "" : System.getProperty("file.separator")) + text;
            OMElement documentElement = new StAXOMBuilder(str).getDocumentElement();
            Parameter parameter2 = new Parameter();
            parameter2.setParameterElement(documentElement);
            parameter2.setName("SSLProfiles");
            parameter2.setValue(documentElement);
            this.transportIn.addParameter(parameter2);
            this.log.info("SSLProfile configuration is loaded from path: " + str);
            return this.transportIn;
        } catch (Exception e) {
            this.log.error("Could not load SSLProfileConfig from file path: " + text, e);
            return null;
        }
    }

    public ServerConnFactory build(HttpParams httpParams) throws AxisFault {
        return (this.ssl == null && this.sslByIPMap == null) ? new ServerConnFactory(httpParams) : new ServerConnFactory(this.ssl, this.sslByIPMap, httpParams);
    }

    private String getValueOfElementWithLocalName(OMElement oMElement, String str) {
        String str2 = null;
        Object next = oMElement.getChildrenWithLocalName(str).next();
        if (next instanceof OMElement) {
            str2 = ((OMElement) next).getText();
        }
        return str2;
    }
}
