package com.adobe.cq.dam.aod.replication.transport_config;

import com.adobe.cq.dam.aod.replication.Util;
import com.adobe.cq.dam.aod.replication.transport_config.TokenProvider;
import com.adobe.granite.crypto.CryptoSupport;
import com.adobe.granite.keystore.KeyStoreNotInitialisedException;
import com.adobe.granite.keystore.KeyStoreService;
import com.day.cq.replication.AgentConfig;
import com.day.cq.replication.ReplicationLog;
import com.scene7.is.util.callbacks.Func1;
import com.scene7.is.util.callbacks.Option;
import java.security.KeyStore;
import java.util.Iterator;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.sling.api.SlingIOException;
import org.apache.sling.api.resource.ResourceResolver;
import org.jetbrains.annotations.NotNull;

@Service({SslProtocolProvider.class})
@Component
/* loaded from: input_file:com/adobe/cq/dam/aod/replication/transport_config/SslProtocolProvider.class */
public final class SslProtocolProvider {

    @Reference
    private ResourceResolverProvider resolverProvider;

    @Reference
    private KeyStoreService keyStoreService;

    @Reference
    @NotNull
    private CryptoSupport cryptoSupport;

    @NotNull
    private final String[] disabledSuites;

    @NotNull
    private final String[] enabledSuites;

    public static SslProtocolProvider sslProtocolProvider(ResourceResolverProvider resourceResolverProvider, KeyStoreService keyStoreService) {
        return new SslProtocolProvider(resourceResolverProvider, keyStoreService);
    }

    public SSLConnectionSocketFactory getProtocol(final AgentConfig agentConfig, final ReplicationLog replicationLog) {
        return (SSLConnectionSocketFactory) this.resolverProvider.withResolver(new Func1<ResourceResolver, SSLConnectionSocketFactory>() { // from class: com.adobe.cq.dam.aod.replication.transport_config.SslProtocolProvider.1
            @Override // com.scene7.is.util.callbacks.Func1
            public SSLConnectionSocketFactory call(ResourceResolver resourceResolver) {
                Iterator it = SslProtocolProvider.this.getSocketFactory(resourceResolver, agentConfig, replicationLog).iterator();
                if (it.hasNext()) {
                    return (SSLConnectionSocketFactory) it.next();
                }
                return null;
            }
        });
    }

    public SslProtocolProvider() {
        this.disabledSuites = new String[0];
        this.enabledSuites = new String[0];
        this.resolverProvider = (ResourceResolverProvider) Util.initRef();
        this.keyStoreService = (KeyStoreService) Util.initRef();
    }

    private SslProtocolProvider(ResourceResolverProvider resourceResolverProvider, KeyStoreService keyStoreService) {
        this.disabledSuites = new String[0];
        this.enabledSuites = new String[0];
        this.resolverProvider = resourceResolverProvider;
        this.keyStoreService = keyStoreService;
    }

    private KeyManager getKeyManager(ResourceResolver resourceResolver, AgentConfig agentConfig) throws SlingIOException, SecurityException, KeyStoreNotInitialisedException {
        KeyStore keyStore = this.keyStoreService.getKeyStore(resourceResolver, agentConfig.getAgentUserId());
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, TokenProvider.getTransportPassword(agentConfig, this.cryptoSupport));
            for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
                if (keyManager instanceof X509KeyManager) {
                    return keyManager;
                }
            }
            return null;
        } catch (SecurityException e) {
            throw e;
        } catch (Exception e2) {
            throw new SecurityException(e2);
        }
    }

    private TrustManager getTrustManager() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (int i = 0; i < trustManagers.length; i++) {
                if (trustManagers[i] instanceof X509TrustManager) {
                    return trustManagers[i];
                }
            }
            throw new SecurityException("Failed to get default TrustStore");
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Option<? extends SSLConnectionSocketFactory> getSocketFactory(ResourceResolver resourceResolver, AgentConfig agentConfig, ReplicationLog replicationLog) {
        String str = (String) agentConfig.getProperties().get(TokenProvider.KeyStoreConstants.keystoreAlias.name(), String.class);
        if (str != null) {
            replicationLog.info("* Using Client Auth SSL alias - " + str + " *");
            return Option.some(new AuthSSLProtocolSocketFactory(getKeyManager(resourceResolver, agentConfig), getTrustManager(), this.disabledSuites, this.enabledSuites).getSSLConnectionSF());
        }
        String sSLConfig = agentConfig.getSSLConfig();
        boolean z = -1;
        switch (sSLConfig.hashCode()) {
            case 1090497327:
                if (sSLConfig.equals("relaxed")) {
                    z = false;
                    break;
                }
                break;
            case 1102836723:
                if (sSLConfig.equals("clientauth")) {
                    z = true;
                    break;
                }
                break;
            case 1544803905:
                if (sSLConfig.equals("default")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                replicationLog.debug("* Using Relaxed SSL configuration *");
                boolean allowsExpiredCertificates = agentConfig.allowsExpiredCertificates();
                replicationLog.debug("* Accept expired SSL certificates: %s", new Object[]{Boolean.valueOf(allowsExpiredCertificates)});
                return Option.some(new EasySSLProtocolSocketFactory(allowsExpiredCertificates, this.disabledSuites, this.enabledSuites).getSSLConnectionSF());
            case true:
                replicationLog.info("* Using Client Auth SSL configuration *");
                return Option.some(new AuthSSLProtocolSocketFactory(this.keyStoreService.getKeyManager(resourceResolver), this.keyStoreService.getTrustManager(resourceResolver), this.disabledSuites, this.enabledSuites).getSSLConnectionSF());
            case true:
                return Option.none();
            default:
                throw new UnsupportedOperationException("Unsupported SSL configuration: '" + agentConfig.getSSLConfig() + '\'');
        }
    }

    protected void bindResolverProvider(ResourceResolverProvider resourceResolverProvider) {
        this.resolverProvider = resourceResolverProvider;
    }

    protected void unbindResolverProvider(ResourceResolverProvider resourceResolverProvider) {
        if (this.resolverProvider == resourceResolverProvider) {
            this.resolverProvider = null;
        }
    }

    protected void bindKeyStoreService(KeyStoreService keyStoreService) {
        this.keyStoreService = keyStoreService;
    }

    protected void unbindKeyStoreService(KeyStoreService keyStoreService) {
        if (this.keyStoreService == keyStoreService) {
            this.keyStoreService = null;
        }
    }

    protected void bindCryptoSupport(CryptoSupport cryptoSupport) {
        this.cryptoSupport = cryptoSupport;
    }

    protected void unbindCryptoSupport(CryptoSupport cryptoSupport) {
        if (this.cryptoSupport == cryptoSupport) {
            this.cryptoSupport = null;
        }
    }
}
