package org.mule.api.security.tls;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.Enumeration;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.lang.BooleanUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.mule.api.lifecycle.CreateException;
import org.mule.api.security.TlsDirectKeyStore;
import org.mule.api.security.TlsDirectTrustStore;
import org.mule.api.security.TlsIndirectKeyStore;
import org.mule.config.i18n.CoreMessages;
import org.mule.util.ArrayUtils;
import org.mule.util.FileUtils;
import org.mule.util.IOUtils;
import org.mule.util.SecurityUtils;
import org.mule.util.StringUtils;

/* loaded from: input_file:mule/lib/mule/mule-core-3.7.1.jar:org/mule/api/security/tls/TlsConfiguration.class */
public final class TlsConfiguration implements TlsDirectTrustStore, TlsDirectKeyStore, TlsIndirectKeyStore {
    public static final String DEFAULT_KEYSTORE = ".keystore";
    public static final String DEFAULT_KEYSTORE_TYPE = KeyStore.getDefaultType();
    public static final String DEFAULT_KEYMANAGER_ALGORITHM = KeyManagerFactory.getDefaultAlgorithm();
    public static final String DEFAULT_SSL_TYPE = "TLSv1";
    public static final String JSSE_NAMESPACE = "javax.net";
    public static final String PROPERTIES_FILE_PATTERN = "tls-%s.conf";
    public static final String DEFAULT_SECURITY_MODEL = "default";
    public static final String FIPS_SECURITY_MODEL = "fips140-2";
    public static final String DISABLE_SYSTEM_PROPERTIES_MAPPING_PROPERTY = "mule.tls.disableSystemPropertiesMapping";
    private String keyStoreName;
    private boolean disableSystemPropertiesMapping;
    private Log logger = LogFactory.getLog(getClass());
    private String sslType = "TLSv1";
    private String keyAlias = null;
    private String keyPassword = null;
    private String keyStorePassword = null;
    private String keystoreType = DEFAULT_KEYSTORE_TYPE;
    private String keyManagerAlgorithm = DEFAULT_KEYMANAGER_ALGORITHM;
    private KeyManagerFactory keyManagerFactory = null;
    private String clientKeyStoreName = null;
    private String clientKeyStorePassword = null;
    private String clientKeyStoreType = DEFAULT_KEYSTORE_TYPE;
    private String trustStoreName = null;
    private String trustStorePassword = null;
    private String trustStoreType = DEFAULT_KEYSTORE_TYPE;
    private String trustManagerAlgorithm = DEFAULT_KEYMANAGER_ALGORITHM;
    private TrustManagerFactory trustManagerFactory = null;
    private boolean explicitTrustStoreOnly = false;
    private boolean requireClientAuthentication = false;
    private TlsProperties tlsProperties = new TlsProperties();

    public TlsConfiguration(String str) {
        this.keyStoreName = DEFAULT_KEYSTORE;
        this.disableSystemPropertiesMapping = true;
        this.keyStoreName = str;
        String property = System.getProperty(DISABLE_SYSTEM_PROPERTIES_MAPPING_PROPERTY);
        if (property != null) {
            this.disableSystemPropertiesMapping = BooleanUtils.toBoolean(property);
        }
    }

    public void initialise(boolean z, String str) throws CreateException {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("initialising: anon " + z);
        }
        validate(z);
        if (!z) {
            initKeyManagerFactory();
        }
        initTrustManagerFactory();
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("TLS system properties mapping is " + (this.disableSystemPropertiesMapping ? "disabled" : "enabled"));
        }
        if (null != str && !this.disableSystemPropertiesMapping) {
            new TlsPropertiesMapper(str).writeToProperties(System.getProperties(), this);
        }
        this.tlsProperties.load(String.format(PROPERTIES_FILE_PATTERN, SecurityUtils.getSecurityModel()));
    }

    private void validate(boolean z) throws CreateException {
        if (z) {
            return;
        }
        assertNotNull(getKeyStore(), "The KeyStore location cannot be null");
        assertNotNull(getKeyPassword(), "The Key password cannot be null");
        assertNotNull(getKeyStorePassword(), "The KeyStore password cannot be null");
        assertNotNull(getKeyManagerAlgorithm(), "The Key Manager Algorithm cannot be null");
    }

    private void initKeyManagerFactory() throws CreateException {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("initialising key manager factory from keystore data");
        }
        try {
            KeyStore loadKeyStore = loadKeyStore();
            checkKeyStoreContainsAlias(loadKeyStore);
            try {
                this.keyManagerFactory = KeyManagerFactory.getInstance(getKeyManagerAlgorithm());
                this.keyManagerFactory.init(loadKeyStore, this.keyPassword.toCharArray());
            } catch (Exception e) {
                throw new CreateException(CoreMessages.failedToLoad("Key Manager"), e, this);
            }
        } catch (Exception e2) {
            throw new CreateException(CoreMessages.failedToLoad("KeyStore: " + this.keyStoreName), e2, this);
        }
    }

    protected KeyStore loadKeyStore() throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(this.keystoreType);
        InputStream resourceAsStream = IOUtils.getResourceAsStream(this.keyStoreName, getClass());
        if (null == resourceAsStream) {
            throw new FileNotFoundException(CoreMessages.cannotLoadFromClasspath("Keystore: " + this.keyStoreName).getMessage());
        }
        keyStore.load(resourceAsStream, this.keyStorePassword.toCharArray());
        return keyStore;
    }

    protected void checkKeyStoreContainsAlias(KeyStore keyStore) throws KeyStoreException {
        if (StringUtils.isNotBlank(this.keyAlias)) {
            boolean z = false;
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (nextElement.equals(this.keyAlias)) {
                    z = true;
                } else {
                    keyStore.deleteEntry(nextElement);
                }
            }
            if (!z) {
                throw new IllegalStateException("Key with alias \"" + this.keyAlias + "\" was not found");
            }
        }
    }

    private void initTrustManagerFactory() throws CreateException {
        if (null != this.trustStoreName) {
            this.trustStorePassword = null == this.trustStorePassword ? "" : this.trustStorePassword;
            try {
                KeyStore keyStore = KeyStore.getInstance(this.trustStoreType);
                InputStream resourceAsStream = IOUtils.getResourceAsStream(this.trustStoreName, getClass());
                if (null == resourceAsStream) {
                    throw new FileNotFoundException("Failed to load truststore from classpath or local file: " + this.trustStoreName);
                }
                keyStore.load(resourceAsStream, this.trustStorePassword.toCharArray());
                try {
                    this.trustManagerFactory = TrustManagerFactory.getInstance(this.trustManagerAlgorithm);
                    this.trustManagerFactory.init(keyStore);
                } catch (Exception e) {
                    throw new CreateException(CoreMessages.failedToLoad("Trust Manager (" + this.trustManagerAlgorithm + ")"), e, this);
                }
            } catch (Exception e2) {
                throw new CreateException(CoreMessages.failedToLoad("TrustStore: " + this.trustStoreName), e2, this);
            }
        }
    }

    private static void assertNotNull(Object obj, String str) {
        if (null == obj) {
            throw new IllegalArgumentException(str);
        }
    }

    private static String defaultForNull(String str, String str2) {
        return null == str ? str2 : str;
    }

    public SSLSocketFactory getSocketFactory() throws NoSuchAlgorithmException, KeyManagementException {
        return new RestrictedSSLSocketFactory(getSslContext(), getEnabledCipherSuites(), getEnabledProtocols());
    }

    public SSLServerSocketFactory getServerSocketFactory() throws NoSuchAlgorithmException, KeyManagementException {
        return new RestrictedSSLServerSocketFactory(getSslContext(), getEnabledCipherSuites(), getEnabledProtocols());
    }

    public String[] getEnabledCipherSuites() {
        return this.tlsProperties.getEnabledCipherSuites();
    }

    public String[] getEnabledProtocols() {
        return this.tlsProperties.getEnabledProtocols();
    }

    public SSLContext getSslContext() throws NoSuchAlgorithmException, KeyManagementException {
        KeyManager[] keyManagers = null == getKeyManagerFactory() ? null : getKeyManagerFactory().getKeyManagers();
        TrustManager[] trustManagers = null == getTrustManagerFactory() ? null : getTrustManagerFactory().getTrustManagers();
        SSLContext sSLContext = SSLContext.getInstance(getSslType());
        sSLContext.init(keyManagers, trustManagers, null);
        return sSLContext;
    }

    public String getSslType() {
        return this.sslType;
    }

    public void setSslType(String str) {
        String[] enabledProtocols = this.tlsProperties.getEnabledProtocols();
        if (enabledProtocols != null && !ArrayUtils.contains(enabledProtocols, str)) {
            throw new IllegalArgumentException(String.format("Protocol %s is not allowed in current configuration", str));
        }
        this.sslType = str;
    }

    @Override // org.mule.api.security.TlsDirectKeyStore
    public String getKeyStore() {
        return this.keyStoreName;
    }

    @Override // org.mule.api.security.TlsDirectKeyStore
    public void setKeyStore(String str) throws IOException {
        this.keyStoreName = str;
        if (null != this.keyStoreName) {
            this.keyStoreName = FileUtils.getResourcePath(this.keyStoreName, getClass());
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Normalised keyStore path to: " + this.keyStoreName);
            }
        }
    }

    @Override // org.mule.api.security.TlsDirectKeyStore
    public String getKeyPassword() {
        return this.keyPassword;
    }

    @Override // org.mule.api.security.TlsDirectKeyStore
    public void setKeyPassword(String str) {
        this.keyPassword = str;
    }

    @Override // org.mule.api.security.TlsDirectKeyStore
    public String getKeyStorePassword() {
        return this.keyStorePassword;
    }

    @Override // org.mule.api.security.TlsDirectKeyStore
    public void setKeyStorePassword(String str) {
        this.keyStorePassword = str;
    }

    @Override // org.mule.api.security.TlsDirectKeyStore
    public String getKeyStoreType() {
        return this.keystoreType;
    }

    @Override // org.mule.api.security.TlsDirectKeyStore
    public void setKeyStoreType(String str) {
        this.keystoreType = str;
    }

    @Override // org.mule.api.security.TlsDirectKeyStore
    public String getKeyManagerAlgorithm() {
        return this.keyManagerAlgorithm;
    }

    @Override // org.mule.api.security.TlsDirectKeyStore
    public void setKeyManagerAlgorithm(String str) {
        this.keyManagerAlgorithm = str;
    }

    @Override // org.mule.api.security.TlsDirectKeyStore
    public KeyManagerFactory getKeyManagerFactory() {
        return this.keyManagerFactory;
    }

    @Override // org.mule.api.security.TlsIndirectKeyStore
    public String getClientKeyStore() {
        return this.clientKeyStoreName;
    }

    @Override // org.mule.api.security.TlsIndirectKeyStore
    public void setClientKeyStore(String str) throws IOException {
        this.clientKeyStoreName = str;
        if (null != this.clientKeyStoreName) {
            this.clientKeyStoreName = FileUtils.getResourcePath(this.clientKeyStoreName, getClass());
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Normalised clientKeyStore path to: " + this.clientKeyStoreName);
            }
        }
    }

    @Override // org.mule.api.security.TlsIndirectKeyStore
    public String getClientKeyStorePassword() {
        return this.clientKeyStorePassword;
    }

    @Override // org.mule.api.security.TlsIndirectKeyStore
    public void setClientKeyStorePassword(String str) {
        this.clientKeyStorePassword = str;
    }

    @Override // org.mule.api.security.TlsIndirectKeyStore
    public void setClientKeyStoreType(String str) {
        this.clientKeyStoreType = str;
    }

    @Override // org.mule.api.security.TlsIndirectKeyStore
    public String getClientKeyStoreType() {
        return this.clientKeyStoreType;
    }

    @Override // org.mule.api.security.TlsIndirectTrustStore
    public String getTrustStore() {
        return this.trustStoreName;
    }

    @Override // org.mule.api.security.TlsIndirectTrustStore
    public void setTrustStore(String str) throws IOException {
        this.trustStoreName = str;
        if (null != this.trustStoreName) {
            this.trustStoreName = FileUtils.getResourcePath(this.trustStoreName, getClass());
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Normalised trustStore path to: " + this.trustStoreName);
            }
        }
    }

    @Override // org.mule.api.security.TlsIndirectTrustStore
    public String getTrustStorePassword() {
        return this.trustStorePassword;
    }

    @Override // org.mule.api.security.TlsIndirectTrustStore
    public void setTrustStorePassword(String str) {
        this.trustStorePassword = str;
    }

    @Override // org.mule.api.security.TlsDirectTrustStore
    public String getTrustStoreType() {
        return this.trustStoreType;
    }

    @Override // org.mule.api.security.TlsDirectTrustStore
    public void setTrustStoreType(String str) {
        this.trustStoreType = str;
    }

    @Override // org.mule.api.security.TlsDirectTrustStore
    public String getTrustManagerAlgorithm() {
        return this.trustManagerAlgorithm;
    }

    @Override // org.mule.api.security.TlsDirectTrustStore
    public void setTrustManagerAlgorithm(String str) {
        this.trustManagerAlgorithm = defaultForNull(str, DEFAULT_KEYMANAGER_ALGORITHM);
    }

    @Override // org.mule.api.security.TlsDirectTrustStore
    public TrustManagerFactory getTrustManagerFactory() {
        return this.trustManagerFactory;
    }

    @Override // org.mule.api.security.TlsDirectTrustStore
    public void setTrustManagerFactory(TrustManagerFactory trustManagerFactory) {
        this.trustManagerFactory = trustManagerFactory;
    }

    @Override // org.mule.api.security.TlsDirectTrustStore
    public boolean isExplicitTrustStoreOnly() {
        return this.explicitTrustStoreOnly;
    }

    @Override // org.mule.api.security.TlsDirectTrustStore
    public void setExplicitTrustStoreOnly(boolean z) {
        this.explicitTrustStoreOnly = z;
    }

    @Override // org.mule.api.security.TlsDirectTrustStore
    public boolean isRequireClientAuthentication() {
        return this.requireClientAuthentication;
    }

    @Override // org.mule.api.security.TlsDirectTrustStore
    public void setRequireClientAuthentication(boolean z) {
        this.requireClientAuthentication = z;
    }

    @Override // org.mule.api.security.TlsDirectKeyStore
    public String getKeyAlias() {
        return this.keyAlias;
    }

    @Override // org.mule.api.security.TlsDirectKeyStore
    public void setKeyAlias(String str) {
        this.keyAlias = str;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof TlsConfiguration)) {
            return false;
        }
        TlsConfiguration tlsConfiguration = (TlsConfiguration) obj;
        if (this.explicitTrustStoreOnly != tlsConfiguration.explicitTrustStoreOnly || this.requireClientAuthentication != tlsConfiguration.requireClientAuthentication) {
            return false;
        }
        if (this.clientKeyStoreName != null) {
            if (!this.clientKeyStoreName.equals(tlsConfiguration.clientKeyStoreName)) {
                return false;
            }
        } else if (tlsConfiguration.clientKeyStoreName != null) {
            return false;
        }
        if (this.clientKeyStorePassword != null) {
            if (!this.clientKeyStorePassword.equals(tlsConfiguration.clientKeyStorePassword)) {
                return false;
            }
        } else if (tlsConfiguration.clientKeyStorePassword != null) {
            return false;
        }
        if (this.clientKeyStoreType != null) {
            if (!this.clientKeyStoreType.equals(tlsConfiguration.clientKeyStoreType)) {
                return false;
            }
        } else if (tlsConfiguration.clientKeyStoreType != null) {
            return false;
        }
        if (this.keyAlias != null) {
            if (!this.keyAlias.equals(tlsConfiguration.keyAlias)) {
                return false;
            }
        } else if (tlsConfiguration.keyAlias != null) {
            return false;
        }
        if (this.keyManagerAlgorithm != null) {
            if (!this.keyManagerAlgorithm.equals(tlsConfiguration.keyManagerAlgorithm)) {
                return false;
            }
        } else if (tlsConfiguration.keyManagerAlgorithm != null) {
            return false;
        }
        if (this.keyManagerFactory != null) {
            if (!this.keyManagerFactory.equals(tlsConfiguration.keyManagerFactory)) {
                return false;
            }
        } else if (tlsConfiguration.keyManagerFactory != null) {
            return false;
        }
        if (this.keyPassword != null) {
            if (!this.keyPassword.equals(tlsConfiguration.keyPassword)) {
                return false;
            }
        } else if (tlsConfiguration.keyPassword != null) {
            return false;
        }
        if (this.keyStoreName != null) {
            if (!this.keyStoreName.equals(tlsConfiguration.keyStoreName)) {
                return false;
            }
        } else if (tlsConfiguration.keyStoreName != null) {
            return false;
        }
        if (this.keyStorePassword != null) {
            if (!this.keyStorePassword.equals(tlsConfiguration.keyStorePassword)) {
                return false;
            }
        } else if (tlsConfiguration.keyStorePassword != null) {
            return false;
        }
        if (this.keystoreType != null) {
            if (!this.keystoreType.equals(tlsConfiguration.keystoreType)) {
                return false;
            }
        } else if (tlsConfiguration.keystoreType != null) {
            return false;
        }
        if (this.sslType != null) {
            if (!this.sslType.equals(tlsConfiguration.sslType)) {
                return false;
            }
        } else if (tlsConfiguration.sslType != null) {
            return false;
        }
        if (this.tlsProperties != null) {
            if (!this.tlsProperties.equals(tlsConfiguration.tlsProperties)) {
                return false;
            }
        } else if (tlsConfiguration.tlsProperties != null) {
            return false;
        }
        if (this.trustManagerAlgorithm != null) {
            if (!this.trustManagerAlgorithm.equals(tlsConfiguration.trustManagerAlgorithm)) {
                return false;
            }
        } else if (tlsConfiguration.trustManagerAlgorithm != null) {
            return false;
        }
        if (this.trustManagerFactory != null) {
            if (!this.trustManagerFactory.equals(tlsConfiguration.trustManagerFactory)) {
                return false;
            }
        } else if (tlsConfiguration.trustManagerFactory != null) {
            return false;
        }
        if (this.trustStoreName != null) {
            if (!this.trustStoreName.equals(tlsConfiguration.trustStoreName)) {
                return false;
            }
        } else if (tlsConfiguration.trustStoreName != null) {
            return false;
        }
        if (this.trustStorePassword != null) {
            if (!this.trustStorePassword.equals(tlsConfiguration.trustStorePassword)) {
                return false;
            }
        } else if (tlsConfiguration.trustStorePassword != null) {
            return false;
        }
        return this.trustStoreType != null ? this.trustStoreType.equals(tlsConfiguration.trustStoreType) : tlsConfiguration.trustStoreType == null;
    }

    public int hashCode() {
        return (31 * ((31 * ((31 * ((31 * ((31 * ((31 * ((31 * ((31 * ((31 * ((31 * ((31 * ((31 * ((31 * ((31 * ((31 * ((31 * ((31 * ((31 * (this.sslType != null ? this.sslType.hashCode() : 0)) + (this.keyStoreName != null ? this.keyStoreName.hashCode() : 0))) + (this.keyAlias != null ? this.keyAlias.hashCode() : 0))) + (this.keyPassword != null ? this.keyPassword.hashCode() : 0))) + (this.keyStorePassword != null ? this.keyStorePassword.hashCode() : 0))) + (this.keystoreType != null ? this.keystoreType.hashCode() : 0))) + (this.keyManagerAlgorithm != null ? this.keyManagerAlgorithm.hashCode() : 0))) + (this.keyManagerFactory != null ? this.keyManagerFactory.hashCode() : 0))) + (this.clientKeyStoreName != null ? this.clientKeyStoreName.hashCode() : 0))) + (this.clientKeyStorePassword != null ? this.clientKeyStorePassword.hashCode() : 0))) + (this.clientKeyStoreType != null ? this.clientKeyStoreType.hashCode() : 0))) + (this.trustStoreName != null ? this.trustStoreName.hashCode() : 0))) + (this.trustStorePassword != null ? this.trustStorePassword.hashCode() : 0))) + (this.trustStoreType != null ? this.trustStoreType.hashCode() : 0))) + (this.trustManagerAlgorithm != null ? this.trustManagerAlgorithm.hashCode() : 0))) + (this.trustManagerFactory != null ? this.trustManagerFactory.hashCode() : 0))) + (this.explicitTrustStoreOnly ? 1 : 0))) + (this.requireClientAuthentication ? 1 : 0))) + (this.tlsProperties != null ? this.tlsProperties.hashCode() : 0);
    }
}
