package com.metamatrix.common.net;

import com.metamatrix.common.comm.platform.socket.SocketUtil;
import com.metamatrix.common.config.CurrentConfiguration;
import com.metamatrix.common.config.api.exceptions.ConfigurationException;
import com.metamatrix.common.util.PropertiesUtils;
import com.metamatrix.common.util.crypto.CryptoException;
import com.metamatrix.common.util.crypto.CryptoUtil;
import com.metamatrix.core.MetaMatrixRuntimeException;
import com.metamatrix.core.util.Assertion;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.Properties;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;

/* loaded from: input_file:com/metamatrix/common/net/ServerSocketConfiguration.class */
public class ServerSocketConfiguration {
    private static final String SSL_ENABLED = "metamatrix.encryption.secure.sockets";
    private static final String KEYSTORE_FILENAME = "com.metamatrix.ssl.keystore.filename";
    private static final String KEYSTORE_PASSWORD = "com.metamatrix.ssl.keystore.Password";
    private static final String KEYSTORE_TYPE = "com.metamatrix.ssl.keystoretype";
    private static final String SSL_PROTOCOL = "com.metamatrix.ssl.protocol";
    private static final String KEY_MANAGER_ALGORITHM = "com.metamatrix.ssl.keymanagementalgorithm";
    private static final String TRUSTSTORE_FILENAME = "com.metamatrix.ssl.truststore.filename";
    private static final String TRUSTSTORE_PASSWORD = "com.metamatrix.ssl.truststore.Password";
    private static final String AUTHENTICATION_MODE = "com.metamatrix.ssl.authenticationMode";
    public static final String ONEWAY = "1-way";
    public static final String TWOWAY = "2-way";
    public static final String ANONYMOUS = "anonymous";
    public static final String DEFAULT_SSL_PROTOCOL = "SSLv3";
    public static final String DEFAULT_KEYSTORE_TYPE = "JKS";
    public static final String UNENCRYPTED_CIPHER_SUITE = "SSL_RSA_WITH_NULL_SHA";
    private boolean ssl_enabled;
    private String keyManagerFactoryAlgorithm;
    private String keyStoreFileName;
    private String trustStoreFileName;
    private String sslProtocol = DEFAULT_SSL_PROTOCOL;
    private String keyStoreType = DEFAULT_KEYSTORE_TYPE;
    private String keyStorePassword = "";
    private String trustStorePassword = "";
    private String authenticationMode = ONEWAY;
    boolean client_encryption_enabled = false;

    public static boolean isSSLEnabled() {
        return CryptoUtil.isEncryptionEnabled() && PropertiesUtils.getBooleanProperty(CurrentConfiguration.getInstance().getProperties(), SSL_ENABLED, false);
    }

    public void init() throws ConfigurationException {
        init(PropertiesUtils.clone(CurrentConfiguration.getInstance().getResourceProperties("SSL"), CurrentConfiguration.getInstance().getProperties(), true));
    }

    public void init(Properties properties) {
        this.ssl_enabled = PropertiesUtils.getBooleanProperty(properties, SSL_ENABLED, false);
        this.client_encryption_enabled = PropertiesUtils.getBooleanProperty(properties, "metamatrix.encryption.client.encryption", true);
        this.keyStoreFileName = properties.getProperty(KEYSTORE_FILENAME);
        try {
            this.keyStorePassword = CryptoUtil.stringDecrypt(properties.getProperty(KEYSTORE_PASSWORD, ""));
            this.keyStoreType = properties.getProperty(KEYSTORE_TYPE, DEFAULT_KEYSTORE_TYPE);
            this.keyManagerFactoryAlgorithm = properties.getProperty(KEY_MANAGER_ALGORITHM, KeyManagerFactory.getDefaultAlgorithm());
            this.authenticationMode = properties.getProperty(AUTHENTICATION_MODE);
            this.trustStoreFileName = properties.getProperty(TRUSTSTORE_FILENAME);
            try {
                this.trustStorePassword = CryptoUtil.stringDecrypt(properties.getProperty(TRUSTSTORE_PASSWORD, ""));
                this.sslProtocol = properties.getProperty(SSL_PROTOCOL, DEFAULT_SSL_PROTOCOL);
            } catch (CryptoException e) {
                throw new MetaMatrixRuntimeException(e);
            }
        } catch (CryptoException e2) {
            throw new MetaMatrixRuntimeException(e2);
        }
    }

    public SSLEngine getServerSSLEngine() throws IOException, GeneralSecurityException {
        if (!isServerSSLEnabled()) {
            return null;
        }
        SSLEngine createSSLEngine = (ANONYMOUS.equals(this.authenticationMode) ? SocketUtil.getAnonSSLContext() : SocketUtil.getSSLContext(this.keyStoreFileName, this.keyStorePassword, this.trustStoreFileName, this.trustStorePassword, this.keyManagerFactoryAlgorithm, this.keyStoreType, this.sslProtocol)).createSSLEngine();
        createSSLEngine.setUseClientMode(false);
        if (ANONYMOUS.equals(this.authenticationMode)) {
            Assertion.assertTrue(Arrays.asList(createSSLEngine.getSupportedCipherSuites()).contains("TLS_DH_anon_WITH_AES_128_CBC_SHA"));
            createSSLEngine.setEnabledCipherSuites(new String[]{"TLS_DH_anon_WITH_AES_128_CBC_SHA"});
        }
        createSSLEngine.setNeedClientAuth(TWOWAY.equals(this.authenticationMode));
        return createSSLEngine;
    }

    public boolean isServerSSLEnabled() {
        return this.ssl_enabled && CryptoUtil.isEncryptionEnabled();
    }

    public boolean isClientEncryptionEnabled() {
        return CryptoUtil.isEncryptionEnabled() && this.client_encryption_enabled;
    }
}
