package org.apache.logging.log4j.core.net.ssl;

import java.security.NoSuchAlgorithmException;
import java.util.Objects;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.logging.log4j.core.config.plugins.Plugin;
import org.apache.logging.log4j.core.config.plugins.PluginAttribute;
import org.apache.logging.log4j.core.config.plugins.PluginElement;
import org.apache.logging.log4j.core.config.plugins.PluginFactory;
import org.apache.logging.log4j.status.StatusLogger;
import org.jspecify.annotations.NullMarked;
import org.jspecify.annotations.NullUnmarked;

@NullMarked
@Plugin(name = "Ssl", category = "Core", printObject = true)
/* loaded from: input_file:WEB-INF/lib/log4j-core-2.25.0.jar:org/apache/logging/log4j/core/net/ssl/SslConfiguration.class */
public class SslConfiguration {
    private static final StatusLogger LOGGER = StatusLogger.getLogger();
    private final String protocol;
    private final boolean verifyHostName;
    private final KeyStoreConfiguration keyStoreConfig;
    private final TrustStoreConfiguration trustStoreConfig;
    private final transient SSLContext sslContext;

    private SslConfiguration(String str, boolean z, KeyStoreConfiguration keyStoreConfiguration, TrustStoreConfiguration trustStoreConfiguration) {
        this.keyStoreConfig = keyStoreConfiguration;
        this.trustStoreConfig = trustStoreConfiguration;
        String str2 = str == null ? "TLS" : str;
        this.protocol = str2;
        this.verifyHostName = z;
        this.sslContext = createSslContext(str2, keyStoreConfiguration, trustStoreConfiguration);
    }

    public void clearSecrets() {
        if (this.keyStoreConfig != null) {
            this.keyStoreConfig.clearSecrets();
        }
        if (this.trustStoreConfig != null) {
            this.trustStoreConfig.clearSecrets();
        }
    }

    @Deprecated
    public SSLSocketFactory getSslSocketFactory() {
        return this.sslContext.getSocketFactory();
    }

    @Deprecated
    public SSLServerSocketFactory getSslServerSocketFactory() {
        return this.sslContext.getServerSocketFactory();
    }

    private static SSLContext createDefaultSslContext(String str) {
        try {
            return SSLContext.getDefault();
        } catch (NoSuchAlgorithmException e) {
            LOGGER.error("Failed to create an `SSLContext` using the default configuration, falling back to creating an empty one", (Throwable) e);
            try {
                SSLContext sSLContext = SSLContext.getInstance(str);
                sSLContext.init(new KeyManager[0], new TrustManager[0], null);
                return sSLContext;
            } catch (Exception e2) {
                LOGGER.error("Failed to create an empty `SSLContext`", (Throwable) e2);
                return null;
            }
        }
    }

    private static SSLContext createSslContext(String str, KeyStoreConfiguration keyStoreConfiguration, TrustStoreConfiguration trustStoreConfiguration) {
        try {
            SSLContext sSLContext = SSLContext.getInstance(str);
            sSLContext.init(loadKeyManagers(keyStoreConfiguration), loadTrustManagers(trustStoreConfiguration), null);
            return sSLContext;
        } catch (Exception e) {
            LOGGER.error("Failed to create an `SSLContext` using the provided configuration, falling back to a default instance", (Throwable) e);
            return createDefaultSslContext(str);
        }
    }

    private static KeyManager[] loadKeyManagers(KeyStoreConfiguration keyStoreConfiguration) throws Exception {
        if (keyStoreConfiguration == null) {
            return new KeyManager[0];
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(keyStoreConfiguration.getKeyManagerFactoryAlgorithm());
        try {
            keyManagerFactory.init(keyStoreConfiguration.getKeyStore(), keyStoreConfiguration.getPasswordAsCharArray());
            return keyManagerFactory.getKeyManagers();
        } finally {
            keyStoreConfiguration.clearSecrets();
        }
    }

    private static TrustManager[] loadTrustManagers(TrustStoreConfiguration trustStoreConfiguration) throws Exception {
        if (trustStoreConfiguration == null) {
            return new TrustManager[0];
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(trustStoreConfiguration.getTrustManagerFactoryAlgorithm());
        trustManagerFactory.init(trustStoreConfiguration.getKeyStore());
        return trustManagerFactory.getTrustManagers();
    }

    @NullUnmarked
    @PluginFactory
    public static SslConfiguration createSSLConfiguration(@PluginAttribute("protocol") String str, @PluginElement("KeyStore") KeyStoreConfiguration keyStoreConfiguration, @PluginElement("TrustStore") TrustStoreConfiguration trustStoreConfiguration) {
        return new SslConfiguration(str, false, keyStoreConfiguration, trustStoreConfiguration);
    }

    @NullUnmarked
    public static SslConfiguration createSSLConfiguration(@PluginAttribute("protocol") String str, @PluginElement("KeyStore") KeyStoreConfiguration keyStoreConfiguration, @PluginElement("TrustStore") TrustStoreConfiguration trustStoreConfiguration, @PluginAttribute("verifyHostName") boolean z) {
        return new SslConfiguration(str, z, keyStoreConfiguration, trustStoreConfiguration);
    }

    public int hashCode() {
        return Objects.hash(this.keyStoreConfig, this.protocol, this.sslContext, this.trustStoreConfig);
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        SslConfiguration sslConfiguration = (SslConfiguration) obj;
        return Objects.equals(this.protocol, sslConfiguration.protocol) && Objects.equals(Boolean.valueOf(this.verifyHostName), Boolean.valueOf(sslConfiguration.verifyHostName)) && Objects.equals(this.keyStoreConfig, sslConfiguration.keyStoreConfig) && Objects.equals(this.trustStoreConfig, sslConfiguration.trustStoreConfig);
    }

    public String getProtocol() {
        return this.protocol;
    }

    public boolean isVerifyHostName() {
        return this.verifyHostName;
    }

    public KeyStoreConfiguration getKeyStoreConfig() {
        return this.keyStoreConfig;
    }

    public TrustStoreConfiguration getTrustStoreConfig() {
        return this.trustStoreConfig;
    }

    public SSLContext getSslContext() {
        return this.sslContext;
    }
}
