package net.officefloor.server.ssl;

import java.io.InputStream;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import net.officefloor.frame.api.source.SourceContext;

/* loaded from: input_file:officeserver-3.38.0.jar:net/officefloor/server/ssl/OfficeFloorDefaultSslContextSource.class */
public class OfficeFloorDefaultSslContextSource implements SslContextSource {
    public static final String PROPERTY_SSL_PROTOCOL = "ssl.protocol";
    private static final Logger LOGGER = Logger.getLogger(OfficeFloorDefaultSslContextSource.class.getName());
    private static String protocolUsed = null;

    public static SSLContext createServerSslContext(String str) throws Exception {
        KeyStore createOfficeFloorDefaultKeyStore = createOfficeFloorDefaultKeyStore();
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(createOfficeFloorDefaultKeyStore, "Changeit".toCharArray());
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        SSLContext createSslContext = createSslContext(str);
        createSslContext.init(keyManagers, null, null);
        return createSslContext;
    }

    public static SSLContext createClientSslContext(String str) throws Exception {
        KeyStore createOfficeFloorDefaultKeyStore = createOfficeFloorDefaultKeyStore();
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(createOfficeFloorDefaultKeyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        SSLContext createSslContext = createSslContext(str);
        createSslContext.init(null, trustManagers, null);
        return createSslContext;
    }

    private static SSLContext createSslContext(String str) throws Exception {
        if (str != null) {
            return SSLContext.getInstance(str);
        }
        synchronized (OfficeFloorDefaultSslContextSource.class) {
            if (protocolUsed != null) {
                return SSLContext.getInstance(protocolUsed);
            }
            String[] protocols = SSLContext.getDefault().getSupportedSSLParameters().getProtocols();
            Arrays.sort(protocols, (str2, str3) -> {
                return (-1) * String.CASE_INSENSITIVE_ORDER.compare(str2, str3);
            });
            if (protocols != null) {
                for (String str4 : protocols) {
                    try {
                        SSLContext sSLContext = SSLContext.getInstance(str4);
                        protocolUsed = str4;
                        return sSLContext;
                    } catch (Throwable th) {
                    }
                }
            }
            throw new IllegalStateException("No SSL protocols available");
        }
    }

    private static KeyStore createOfficeFloorDefaultKeyStore() throws Exception {
        String str = OfficeFloorDefaultSslContextSource.class.getPackage().getName().replace('.', '/') + "/OfficeFloorDefault.jks";
        InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(str);
        if (resourceAsStream == null) {
            throw new IllegalStateException("Unable to locate default OfficeFloor key/trust store " + str);
        }
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(resourceAsStream, "Changeit".toCharArray());
        return keyStore;
    }

    @Override // net.officefloor.server.ssl.SslContextSource
    public SSLContext createSslContext(SourceContext sourceContext) throws Exception {
        SSLContext createServerSslContext = createServerSslContext(sourceContext.getProperty(PROPERTY_SSL_PROTOCOL, (String) null));
        if (!sourceContext.isLoadingType() && LOGGER.isLoggable(Level.INFO)) {
            LOGGER.log(Level.WARNING, "Using default OfficeFloor Key Store. This should only be used for testing and NEVER in production.");
            LOGGER.log(Level.INFO, "Using SSL protocol " + createServerSslContext.getProtocol());
        }
        return createServerSslContext;
    }
}
