package org.waarp.common.crypto.ssl;

import java.security.NoSuchAlgorithmException;
import java.security.Security;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext;
import org.waarp.common.digest.WaarpBC;
import org.waarp.common.logging.WaarpLogger;
import org.waarp.common.logging.WaarpLoggerFactory;

/* loaded from: input_file:org/waarp/common/crypto/ssl/WaarpSslContextFactory.class */
public class WaarpSslContextFactory {
    protected static final int DEFAULT_SESSIONCACHE_TIMEOUTSEC = 60;
    protected static final int DEFAULT_SESSIONCACHE_SIZE = 1024;
    private static final WaarpLogger logger = WaarpLoggerFactory.getLogger((Class<?>) WaarpSslContextFactory.class);
    private final SSLContext serverContext;
    private final SSLContext clientContext;
    private boolean needClientAuthentication;

    public WaarpSslContextFactory(WaarpSecureKeyStore waarpSecureKeyStore) {
        this.serverContext = initSslContextFactory(waarpSecureKeyStore, true);
        this.clientContext = initSslContextFactory(waarpSecureKeyStore, false);
    }

    public WaarpSslContextFactory(WaarpSecureKeyStore waarpSecureKeyStore, boolean z) {
        if (z) {
            this.serverContext = initSslContextFactory(waarpSecureKeyStore, z);
            this.clientContext = null;
        } else {
            this.clientContext = initSslContextFactory(waarpSecureKeyStore, z);
            this.serverContext = null;
        }
    }

    public void setSessionCacheTime(int i, int i2) {
        SSLSessionContext serverSessionContext;
        if (this.serverContext == null || (serverSessionContext = this.serverContext.getServerSessionContext()) == null) {
            return;
        }
        serverSessionContext.setSessionCacheSize(i);
        serverSessionContext.setSessionTimeout(i2);
    }

    private SSLContext initSslContextFactory(WaarpSecureKeyStore waarpSecureKeyStore, boolean z) {
        if (Security.getProperty("ssl.KeyManagerFactory.algorithm") == null) {
            try {
                if (KeyManagerFactory.getInstance("“X509") == null) {
                }
            } catch (NoSuchAlgorithmException e) {
            }
        }
        if (z) {
            try {
                SSLContext waarpBC = WaarpBC.getInstance();
                WaarpSecureTrustManagerFactory secureTrustManagerFactory = waarpSecureKeyStore.getSecureTrustManagerFactory();
                this.needClientAuthentication = secureTrustManagerFactory.needAuthentication();
                if (secureTrustManagerFactory.hasTrustStore()) {
                    logger.debug("Has TrustManager");
                    waarpBC.init(waarpSecureKeyStore.getKeyManagerFactory().getKeyManagers(), secureTrustManagerFactory.getTrustManagers(), WaarpBC.getSecureRandom());
                } else {
                    logger.debug("No TrustManager");
                    waarpBC.init(waarpSecureKeyStore.getKeyManagerFactory().getKeyManagers(), null, WaarpBC.getSecureRandom());
                }
                SSLSessionContext serverSessionContext = waarpBC.getServerSessionContext();
                if (serverSessionContext != null) {
                    serverSessionContext.setSessionCacheSize(1024);
                    serverSessionContext.setSessionTimeout(60);
                }
                return waarpBC;
            } catch (Throwable th) {
                logger.error("Failed to initialize the server-side SSLContext", th);
                throw new Error("Failed to initialize the server-side SSLContext", th);
            }
        }
        try {
            SSLContext waarpBC2 = WaarpBC.getInstance();
            WaarpSecureTrustManagerFactory secureTrustManagerFactory2 = waarpSecureKeyStore.getSecureTrustManagerFactory();
            this.needClientAuthentication = secureTrustManagerFactory2.needAuthentication();
            if (secureTrustManagerFactory2.hasTrustStore()) {
                logger.debug("Has TrustManager");
                waarpBC2.init(waarpSecureKeyStore.getKeyManagerFactory().getKeyManagers(), secureTrustManagerFactory2.getTrustManagers(), WaarpBC.getSecureRandom());
            } else {
                logger.debug("No TrustManager");
                waarpBC2.init(waarpSecureKeyStore.getKeyManagerFactory().getKeyManagers(), null, WaarpBC.getSecureRandom());
            }
            SSLSessionContext serverSessionContext2 = waarpBC2.getServerSessionContext();
            if (serverSessionContext2 != null) {
                serverSessionContext2.setSessionCacheSize(1024);
                serverSessionContext2.setSessionTimeout(60);
            }
            return waarpBC2;
        } catch (Throwable th2) {
            logger.error("Failed to initialize the client-side SSLContext", th2);
            throw new Error("Failed to initialize the client-side SSLContext", th2);
        }
    }

    public SSLContext getServerContext() {
        return this.serverContext;
    }

    public SSLContext getClientContext() {
        return this.clientContext;
    }

    public WaarpSslHandler initInitializer(boolean z, boolean z2) {
        SSLEngine createSSLEngine;
        logger.debug("Has TrustManager? " + z2 + " Is ServerMode? " + z);
        if (z) {
            createSSLEngine = getServerContext().createSSLEngine();
            createSSLEngine.setUseClientMode(false);
            createSSLEngine.setNeedClientAuth(z2);
        } else {
            createSSLEngine = getClientContext().createSSLEngine();
            createSSLEngine.setUseClientMode(true);
        }
        return new WaarpSslHandler(createSSLEngine);
    }

    public WaarpSslHandler initInitializer(boolean z, boolean z2, String str, int i) {
        SSLEngine createSSLEngine;
        logger.debug("Has TrustManager? " + z2 + " Is ServerMode? " + z);
        if (z) {
            createSSLEngine = getServerContext().createSSLEngine(str, i);
            createSSLEngine.setUseClientMode(false);
            createSSLEngine.setNeedClientAuth(z2);
        } else {
            createSSLEngine = getClientContext().createSSLEngine(str, i);
            createSSLEngine.setUseClientMode(true);
        }
        return new WaarpSslHandler(createSSLEngine);
    }

    public boolean needClientAuthentication() {
        return this.needClientAuthentication;
    }

    static {
        WaarpBC.initializedTlsContext();
    }
}
