package org.mule.runtime.module.tls.internal;

import com.google.common.base.Joiner;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.xml.namespace.QName;
import org.mule.runtime.api.component.AbstractComponent;
import org.mule.runtime.api.i18n.I18nMessageFactory;
import org.mule.runtime.api.lifecycle.CreateException;
import org.mule.runtime.api.lifecycle.Initialisable;
import org.mule.runtime.api.lifecycle.InitialisationException;
import org.mule.runtime.api.tls.TlsContextFactory;
import org.mule.runtime.api.tls.TlsContextKeyStoreConfiguration;
import org.mule.runtime.api.tls.TlsContextTrustStoreConfiguration;
import org.mule.runtime.core.api.util.FileUtils;
import org.mule.runtime.core.api.util.StringUtils;
import org.mule.runtime.core.internal.security.tls.RestrictedSSLServerSocketFactory;
import org.mule.runtime.core.internal.security.tls.RestrictedSSLSocketFactory;
import org.mule.runtime.core.internal.util.ArrayUtils;
import org.mule.runtime.core.privileged.security.RevocationCheck;
import org.mule.runtime.core.privileged.security.tls.TlsConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/mule/runtime/module/tls/internal/DefaultTlsContextFactory.class */
public class DefaultTlsContextFactory extends AbstractComponent implements TlsContextFactory, Initialisable {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) DefaultTlsContextFactory.class);
    private static final String DEFAULT = "default";
    private String name;
    private String[] enabledProtocols;
    private String[] enabledCipherSuites;
    private AtomicBoolean initialized = new AtomicBoolean(false);
    private boolean trustStoreInsecure = false;
    private final TlsConfiguration tlsConfiguration = new TlsConfiguration(null);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/mule/runtime/module/tls/internal/DefaultTlsContextFactory$InsecureTrustManager.class */
    public static class InsecureTrustManager implements X509TrustManager {
        private InsecureTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }
    }

    public DefaultTlsContextFactory(Map<QName, Object> map) {
        this.tlsConfiguration.setAnnotations(map);
    }

    @Override // org.mule.runtime.api.lifecycle.Initialisable
    public void initialise() throws InitialisationException {
        String[] enabledCipherSuites;
        String[] enabledProtocols;
        if (this.initialized.getAndSet(true)) {
            return;
        }
        try {
            this.tlsConfiguration.initialise(null == getKeyStorePath(), null);
            if (!isUseDefaults(this.enabledProtocols) && (enabledProtocols = this.tlsConfiguration.getEnabledProtocols()) != null && ArrayUtils.intersection(this.enabledProtocols, enabledProtocols).length < this.enabledProtocols.length) {
                globalConfigNotHonored("protocols", enabledProtocols);
            }
            if (isUseDefaults(this.enabledCipherSuites) || (enabledCipherSuites = this.tlsConfiguration.getEnabledCipherSuites()) == null || ArrayUtils.intersection(this.enabledCipherSuites, enabledCipherSuites).length >= this.enabledCipherSuites.length) {
                return;
            }
            globalConfigNotHonored("cipher suites", enabledCipherSuites);
        } catch (CreateException e) {
            throw new InitialisationException(I18nMessageFactory.createStaticMessage("Unable to initialise TLS configuration"), e, this);
        }
    }

    private boolean isUseDefaults(String[] strArr) {
        return strArr == null || (strArr.length == 1 && "default".equalsIgnoreCase(strArr[0]));
    }

    private void globalConfigNotHonored(String str, String[] strArr) throws InitialisationException {
        throw new InitialisationException(I18nMessageFactory.createStaticMessage(String.format("Some selected %1$s are invalid. Valid %1$s according to your TLS configuration file are: %2$s", str, Joiner.on(", ").join(strArr))), this);
    }

    public String getName() {
        return this.name;
    }

    public void setName(String str) {
        this.name = str;
    }

    public String getKeyStorePath() {
        return this.tlsConfiguration.getKeyStore();
    }

    public void setKeyStorePath(String str) throws IOException {
        this.tlsConfiguration.setKeyStore(str);
    }

    public String getKeyStoreType() {
        return this.tlsConfiguration.getKeyStoreType();
    }

    public void setKeyStoreType(String str) {
        this.tlsConfiguration.setKeyStoreType(str);
    }

    public String getKeyAlias() {
        return this.tlsConfiguration.getKeyAlias();
    }

    public void setKeyAlias(String str) {
        this.tlsConfiguration.setKeyAlias(str);
    }

    public String getKeyStorePassword() {
        return this.tlsConfiguration.getKeyStorePassword();
    }

    public void setKeyStorePassword(String str) {
        this.tlsConfiguration.setKeyStorePassword(str);
    }

    public String getKeyPassword() {
        return this.tlsConfiguration.getKeyPassword();
    }

    public void setKeyPassword(String str) {
        this.tlsConfiguration.setKeyPassword(str);
    }

    public String getKeyManagerAlgorithm() {
        return this.tlsConfiguration.getKeyManagerAlgorithm();
    }

    public void setKeyManagerAlgorithm(String str) {
        this.tlsConfiguration.setKeyManagerAlgorithm(str);
    }

    public String getTrustStorePath() {
        return this.tlsConfiguration.getTrustStore();
    }

    public void setTrustStorePath(String str) throws IOException {
        if (FileUtils.getResourcePath(str, getClass()) == null) {
            throw new IOException(String.format("Resource %s could not be found", str));
        }
        this.tlsConfiguration.setTrustStore(str);
    }

    public String getTrustStoreType() {
        return this.tlsConfiguration.getTrustStoreType();
    }

    public void setTrustStoreType(String str) {
        this.tlsConfiguration.setTrustStoreType(str);
    }

    public String getTrustStorePassword() {
        return this.tlsConfiguration.getTrustStorePassword();
    }

    public void setTrustStorePassword(String str) {
        this.tlsConfiguration.setTrustStorePassword(str);
    }

    public String getTrustManagerAlgorithm() {
        return this.tlsConfiguration.getTrustManagerAlgorithm();
    }

    public void setTrustManagerAlgorithm(String str) {
        this.tlsConfiguration.setTrustManagerAlgorithm(str);
    }

    public boolean isTrustStoreInsecure() {
        return this.trustStoreInsecure;
    }

    public void setTrustStoreInsecure(boolean z) {
        if (z) {
            Logger logger2 = logger;
            Object[] objArr = new Object[1];
            objArr[0] = this.name == null ? "" : this.name;
            logger2.warn(String.format("TLS context %s trust store set as insecure. No certificate validations will be performed, rendering connections vulnerable to attacks. Use at own risk.", objArr));
        }
        this.trustStoreInsecure = z;
    }

    public void setRevocationCheck(RevocationCheck revocationCheck) {
        this.tlsConfiguration.setRevocationCheck(revocationCheck);
    }

    @Override // org.mule.runtime.api.tls.TlsContextFactory
    public SSLContext createSslContext() throws KeyManagementException, NoSuchAlgorithmException {
        return this.trustStoreInsecure ? this.tlsConfiguration.getSslContext(new TrustManager[]{new InsecureTrustManager()}) : this.tlsConfiguration.getSslContext();
    }

    @Override // org.mule.runtime.api.tls.TlsContextFactory
    public SSLSocketFactory createSocketFactory() throws KeyManagementException, NoSuchAlgorithmException {
        return new RestrictedSSLSocketFactory(createSslContext(), getEnabledCipherSuites(), getEnabledProtocols());
    }

    @Override // org.mule.runtime.api.tls.TlsContextFactory
    public SSLServerSocketFactory createServerSocketFactory() throws KeyManagementException, NoSuchAlgorithmException {
        return new RestrictedSSLServerSocketFactory(createSslContext(), getEnabledCipherSuites(), getEnabledProtocols());
    }

    @Override // org.mule.runtime.api.tls.TlsContextFactory
    public String[] getEnabledCipherSuites() {
        String[] enabledCipherSuites = isUseDefaults(this.enabledCipherSuites) ? this.tlsConfiguration.getEnabledCipherSuites() : this.enabledCipherSuites;
        if (enabledCipherSuites != null) {
            return (String[]) Arrays.copyOf(enabledCipherSuites, enabledCipherSuites.length);
        }
        return null;
    }

    public void setEnabledCipherSuites(String str) {
        this.enabledCipherSuites = StringUtils.splitAndTrim(str, ",");
    }

    @Override // org.mule.runtime.api.tls.TlsContextFactory
    public String[] getEnabledProtocols() {
        String[] enabledProtocols = isUseDefaults(this.enabledProtocols) ? this.tlsConfiguration.getEnabledProtocols() : this.enabledProtocols;
        if (enabledProtocols != null) {
            return (String[]) Arrays.copyOf(enabledProtocols, enabledProtocols.length);
        }
        return null;
    }

    public void setEnabledProtocols(String str) {
        this.enabledProtocols = StringUtils.splitAndTrim(str, ",");
    }

    @Override // org.mule.runtime.api.tls.TlsContextFactory
    public boolean isKeyStoreConfigured() {
        return this.tlsConfiguration.getKeyStore() != null;
    }

    @Override // org.mule.runtime.api.tls.TlsContextFactory
    public boolean isTrustStoreConfigured() {
        return this.tlsConfiguration.getTrustStore() != null;
    }

    @Override // org.mule.runtime.api.tls.TlsContextFactory
    public TlsContextKeyStoreConfiguration getKeyStoreConfiguration() {
        return new TlsContextKeyStoreConfiguration() { // from class: org.mule.runtime.module.tls.internal.DefaultTlsContextFactory.1
            @Override // org.mule.runtime.api.tls.TlsContextKeyStoreConfiguration
            public String getAlias() {
                return DefaultTlsContextFactory.this.getKeyAlias();
            }

            @Override // org.mule.runtime.api.tls.TlsContextKeyStoreConfiguration
            public String getKeyPassword() {
                return DefaultTlsContextFactory.this.getKeyPassword();
            }

            @Override // org.mule.runtime.api.tls.TlsContextStoreConfiguration
            public String getPath() {
                return DefaultTlsContextFactory.this.getKeyStorePath();
            }

            @Override // org.mule.runtime.api.tls.TlsContextStoreConfiguration
            public String getPassword() {
                return DefaultTlsContextFactory.this.getKeyStorePassword();
            }

            @Override // org.mule.runtime.api.tls.TlsContextStoreConfiguration
            public String getType() {
                return DefaultTlsContextFactory.this.getKeyStoreType();
            }

            @Override // org.mule.runtime.api.tls.TlsContextStoreConfiguration
            public String getAlgorithm() {
                return DefaultTlsContextFactory.this.getKeyManagerAlgorithm();
            }
        };
    }

    @Override // org.mule.runtime.api.tls.TlsContextFactory
    public TlsContextTrustStoreConfiguration getTrustStoreConfiguration() {
        return new TlsContextTrustStoreConfiguration() { // from class: org.mule.runtime.module.tls.internal.DefaultTlsContextFactory.2
            @Override // org.mule.runtime.api.tls.TlsContextStoreConfiguration
            public String getPath() {
                return DefaultTlsContextFactory.this.getTrustStorePath();
            }

            @Override // org.mule.runtime.api.tls.TlsContextStoreConfiguration
            public String getPassword() {
                return DefaultTlsContextFactory.this.getTrustStorePassword();
            }

            @Override // org.mule.runtime.api.tls.TlsContextStoreConfiguration
            public String getType() {
                return DefaultTlsContextFactory.this.getTrustStoreType();
            }

            @Override // org.mule.runtime.api.tls.TlsContextStoreConfiguration
            public String getAlgorithm() {
                return DefaultTlsContextFactory.this.getTrustManagerAlgorithm();
            }

            @Override // org.mule.runtime.api.tls.TlsContextTrustStoreConfiguration
            public boolean isInsecure() {
                return DefaultTlsContextFactory.this.isTrustStoreInsecure();
            }
        };
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        return (obj instanceof DefaultTlsContextFactory) && this.tlsConfiguration.equals(((DefaultTlsContextFactory) obj).tlsConfiguration);
    }

    public int hashCode() {
        return this.tlsConfiguration.hashCode();
    }
}
