package org.apache.servicecomb.foundation.ssl;

import ch.qos.logback.core.net.ssl.SSL;
import com.netflix.config.ConcurrentCompositeConfiguration;
import com.netflix.config.DynamicPropertyFactory;
import io.netty.handler.ssl.SslProtocols;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
import java.util.List;
import java.util.Properties;

/* loaded from: input_file:BOOT-INF/lib/foundation-ssl-2.7.0-SNAPSHOT.jar:org/apache/servicecomb/foundation/ssl/SSLOption.class */
public final class SSLOption {
    public static final SSLOption DEFAULT_OPTION = new SSLOption();
    public static final String DEFAULT_CIPHERS = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
    private String engine;
    private String protocols;
    private String ciphers;
    private boolean authPeer;
    private boolean checkCNHost;
    private boolean checkCNWhite;
    private String checkCNWhiteFile;
    private boolean allowRenegociate;
    private String clientAuth;
    private String storePath;
    private String trustStore;
    private String trustStoreType;
    private String trustStoreValue;
    private String keyStore;
    private String keyStoreType;
    private String keyStoreValue;
    private String crl;
    private String sslCustomClass;

    public String getEngine() {
        return this.engine;
    }

    public void setEngine(String str) {
        this.engine = str;
    }

    public void setProtocols(String str) {
        this.protocols = str;
    }

    public void setCiphers(String str) {
        this.ciphers = str;
    }

    public void setAuthPeer(boolean z) {
        this.authPeer = z;
    }

    public void setCheckCNHost(boolean z) {
        this.checkCNHost = z;
    }

    public void setCheckCNWhite(boolean z) {
        this.checkCNWhite = z;
    }

    public void setCheckCNWhiteFile(String str) {
        this.checkCNWhiteFile = str;
    }

    public void setAllowRenegociate(boolean z) {
        this.allowRenegociate = z;
    }

    public void setStorePath(String str) {
        this.storePath = str;
    }

    public void setTrustStore(String str) {
        this.trustStore = str;
    }

    public void setTrustStoreType(String str) {
        this.trustStoreType = str;
    }

    public void setTrustStoreValue(String str) {
        this.trustStoreValue = str;
    }

    public void setKeyStore(String str) {
        this.keyStore = str;
    }

    public void setKeyStoreType(String str) {
        this.keyStoreType = str;
    }

    public void setKeyStoreValue(String str) {
        this.keyStoreValue = str;
    }

    public void setCrl(String str) {
        this.crl = str;
    }

    public String getProtocols() {
        return this.protocols;
    }

    public String getCiphers() {
        return this.ciphers;
    }

    public boolean isAuthPeer() {
        return this.authPeer;
    }

    public boolean isCheckCNHost() {
        return this.checkCNHost;
    }

    public boolean isCheckCNWhite() {
        return this.checkCNWhite;
    }

    public String getCheckCNWhiteFile() {
        return this.checkCNWhiteFile;
    }

    public boolean isAllowRenegociate() {
        return this.allowRenegociate;
    }

    public String getStorePath() {
        return this.storePath;
    }

    public String getClientAuth() {
        return this.clientAuth;
    }

    public void setClientAuth(String str) {
        this.clientAuth = str;
    }

    public String getTrustStore() {
        return this.trustStore;
    }

    public String getTrustStoreType() {
        return this.trustStoreType;
    }

    public String getTrustStoreValue() {
        return this.trustStoreValue;
    }

    public String getKeyStore() {
        return this.keyStore;
    }

    public String getKeyStoreType() {
        return this.keyStoreType;
    }

    public String getKeyStoreValue() {
        return this.keyStoreValue;
    }

    public String getCrl() {
        return this.crl;
    }

    public static SSLOption build(String str) {
        File file = new File(str);
        if (!file.isFile()) {
            throw new IllegalArgumentException("Bad file name.");
        }
        try {
            SSLOption sSLOption = new SSLOption();
            sSLOption.load(file.getCanonicalPath());
            return sSLOption;
        } catch (IOException e) {
            throw new IllegalArgumentException("Bad file name.");
        }
    }

    public static SSLOption build(InputStream inputStream) {
        SSLOption sSLOption = new SSLOption();
        sSLOption.load(inputStream);
        return sSLOption;
    }

    private static String listToString(Object[] objArr) {
        StringBuilder sb = new StringBuilder();
        sb.append(objArr[0]);
        for (int i = 1; i < objArr.length; i++) {
            sb.append(",");
            sb.append(objArr[i]);
        }
        return sb.toString();
    }

    public static String getStringProperty(ConcurrentCompositeConfiguration concurrentCompositeConfiguration, String str, String... strArr) {
        String str2 = null;
        for (String str3 : strArr) {
            if (concurrentCompositeConfiguration != null) {
                Object property = concurrentCompositeConfiguration.getProperty(str3);
                str2 = property instanceof List ? listToString(((List) property).toArray()) : (String) concurrentCompositeConfiguration.getProperty(str3);
            } else {
                str2 = DynamicPropertyFactory.getInstance().getStringProperty(str3, null).get();
            }
            if (str2 != null) {
                break;
            }
        }
        return str2 != null ? str2 : str;
    }

    private static boolean getBooleanProperty(ConcurrentCompositeConfiguration concurrentCompositeConfiguration, boolean z, String... strArr) {
        String str = null;
        for (String str2 : strArr) {
            if (concurrentCompositeConfiguration == null) {
                str = DynamicPropertyFactory.getInstance().getStringProperty(str2, null).get();
            } else if (concurrentCompositeConfiguration.getProperty(str2) != null) {
                return concurrentCompositeConfiguration.getBoolean(str2);
            }
            if (str != null) {
                break;
            }
        }
        return str != null ? Boolean.parseBoolean(str) : z;
    }

    public static SSLOption buildFromYaml(String str, ConcurrentCompositeConfiguration concurrentCompositeConfiguration) {
        SSLOption sSLOption = new SSLOption();
        sSLOption.engine = getStringProperty(concurrentCompositeConfiguration, DEFAULT_OPTION.getEngine(), "ssl." + str + ".engine", "ssl.engine");
        sSLOption.protocols = getStringProperty(concurrentCompositeConfiguration, DEFAULT_OPTION.getProtocols(), "ssl." + str + ".protocols", "ssl.protocols");
        sSLOption.ciphers = getStringProperty(concurrentCompositeConfiguration, DEFAULT_OPTION.getCiphers(), "ssl." + str + ".ciphers", "ssl.ciphers");
        sSLOption.authPeer = getBooleanProperty(concurrentCompositeConfiguration, DEFAULT_OPTION.isAuthPeer(), "ssl." + str + ".authPeer", "ssl.authPeer");
        sSLOption.checkCNHost = getBooleanProperty(concurrentCompositeConfiguration, DEFAULT_OPTION.isCheckCNHost(), "ssl." + str + ".checkCN.host", "ssl.checkCN.host");
        sSLOption.checkCNWhite = getBooleanProperty(concurrentCompositeConfiguration, DEFAULT_OPTION.isCheckCNWhite(), "ssl." + str + ".checkCN.white", "ssl.checkCN.white");
        sSLOption.checkCNWhiteFile = getStringProperty(concurrentCompositeConfiguration, DEFAULT_OPTION.getCiphers(), "ssl." + str + ".checkCN.white.file", "ssl.checkCN.white.file");
        sSLOption.allowRenegociate = getBooleanProperty(concurrentCompositeConfiguration, DEFAULT_OPTION.isAllowRenegociate(), "ssl." + str + ".allowRenegociate", "ssl.allowRenegociate");
        sSLOption.storePath = getStringProperty(concurrentCompositeConfiguration, DEFAULT_OPTION.getStorePath(), "ssl." + str + ".storePath", "ssl.storePath");
        sSLOption.clientAuth = getStringProperty(concurrentCompositeConfiguration, DEFAULT_OPTION.getClientAuth(), "ssl." + str + ".storePath", "ssl.clientAuth");
        sSLOption.trustStore = getStringProperty(concurrentCompositeConfiguration, DEFAULT_OPTION.getTrustStore(), "ssl." + str + ".trustStore", "ssl.trustStore");
        sSLOption.trustStoreType = getStringProperty(concurrentCompositeConfiguration, DEFAULT_OPTION.getTrustStoreType(), "ssl." + str + ".trustStoreType", "ssl.trustStoreType");
        sSLOption.trustStoreValue = getStringProperty(concurrentCompositeConfiguration, DEFAULT_OPTION.getTrustStoreValue(), "ssl." + str + ".trustStoreValue", "ssl.trustStoreValue");
        sSLOption.keyStore = getStringProperty(concurrentCompositeConfiguration, DEFAULT_OPTION.getKeyStore(), "ssl." + str + ".keyStore", "ssl.keyStore");
        sSLOption.keyStoreType = getStringProperty(concurrentCompositeConfiguration, DEFAULT_OPTION.getKeyStoreType(), "ssl." + str + ".keyStoreType", "ssl.keyStoreType");
        sSLOption.keyStoreValue = getStringProperty(concurrentCompositeConfiguration, DEFAULT_OPTION.getKeyStoreValue(), "ssl." + str + ".keyStoreValue", "ssl.keyStoreValue");
        sSLOption.crl = getStringProperty(concurrentCompositeConfiguration, DEFAULT_OPTION.getCrl(), "ssl." + str + ".crl", "ssl.crl");
        sSLOption.sslCustomClass = getStringProperty(concurrentCompositeConfiguration, null, "ssl." + str + ".sslCustomClass", "ssl.sslCustomClass");
        return sSLOption;
    }

    public static SSLOption buildFromYaml(String str) {
        return buildFromYaml(str, null);
    }

    private void fromProperty(Properties properties) {
        this.protocols = propString(properties, "ssl.protocols");
        this.ciphers = propString(properties, "ssl.ciphers");
        this.authPeer = propBoolean(properties, "ssl.authPeer");
        this.checkCNHost = propBoolean(properties, "ssl.checkCN.host");
        this.checkCNWhite = propBoolean(properties, "ssl.checkCN.white");
        this.checkCNWhiteFile = propString(properties, "ssl.checkCN.white.file");
        this.allowRenegociate = propBoolean(properties, "ssl.allowRenegociate");
        this.storePath = propString(properties, "ssl.storePath");
        this.clientAuth = propString(properties, "ssl.clientAuth", false);
        this.trustStore = propString(properties, "ssl.trustStore");
        this.trustStoreType = propString(properties, "ssl.trustStoreType");
        this.trustStoreValue = propString(properties, "ssl.trustStoreValue");
        this.keyStore = propString(properties, "ssl.keyStore");
        this.keyStoreType = propString(properties, "ssl.keyStoreType");
        this.keyStoreValue = propString(properties, "ssl.keyStoreValue");
        this.crl = propString(properties, "ssl.crl");
        this.sslCustomClass = properties.getProperty("ssl.sslCustomClass");
    }

    private String propString(Properties properties, String str) {
        return propString(properties, str, true);
    }

    private String propString(Properties properties, String str, boolean z) {
        String property = properties.getProperty(str);
        if (property == null && z) {
            throw new IllegalArgumentException("No key :" + str);
        }
        return property;
    }

    private boolean propBoolean(Properties properties, String str) {
        String property = properties.getProperty(str);
        if (property == null) {
            throw new IllegalArgumentException("No key :" + str);
        }
        return Boolean.parseBoolean(property);
    }

    private void load(InputStream inputStream) {
        Properties properties = new Properties();
        InputStreamReader inputStreamReader = null;
        try {
            try {
                inputStreamReader = new InputStreamReader(inputStream, Charset.forName("UTF-8"));
                properties.load(inputStreamReader);
                fromProperty(properties);
                if (inputStreamReader != null) {
                    try {
                        inputStreamReader.close();
                    } catch (IOException e) {
                        ignore();
                    }
                }
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e2) {
                        ignore();
                    }
                }
            } catch (IOException e3) {
                throw new IllegalArgumentException("Can not read ssl client config file");
            }
        } catch (Throwable th) {
            if (inputStreamReader != null) {
                try {
                    inputStreamReader.close();
                } catch (IOException e4) {
                    ignore();
                }
            }
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e5) {
                    ignore();
                }
            }
            throw th;
        }
    }

    private void load(String str) {
        try {
            load(new FileInputStream(str));
        } catch (FileNotFoundException e) {
            throw new IllegalArgumentException("Can not read ssl client config file: " + str);
        }
    }

    private void ignore() {
    }

    public String getSslCustomClass() {
        return this.sslCustomClass;
    }

    public void setSslCustomClass(String str) {
        this.sslCustomClass = str;
    }

    static {
        DEFAULT_OPTION.setEngine("jdk");
        DEFAULT_OPTION.setProtocols(SslProtocols.TLS_v1_2);
        DEFAULT_OPTION.setCiphers(DEFAULT_CIPHERS);
        DEFAULT_OPTION.setAuthPeer(false);
        DEFAULT_OPTION.setCheckCNHost(false);
        DEFAULT_OPTION.setCheckCNWhite(false);
        DEFAULT_OPTION.setCheckCNWhiteFile("white.list");
        DEFAULT_OPTION.setAllowRenegociate(true);
        DEFAULT_OPTION.setStorePath("internal");
        DEFAULT_OPTION.setTrustStore("trust.jks");
        DEFAULT_OPTION.setTrustStoreType(SSL.DEFAULT_KEYSTORE_TYPE);
        DEFAULT_OPTION.setTrustStoreValue("trustStoreValue");
        DEFAULT_OPTION.setKeyStore("server.p12");
        DEFAULT_OPTION.setKeyStoreType("PKCS12");
        DEFAULT_OPTION.setKeyStoreValue("keyStoreValue");
        DEFAULT_OPTION.setCrl("revoke.crl");
    }
}
