package fr.in2p3.lavoisier.security;

import eu.emi.security.authn.x509.CommonX509TrustManager;
import eu.emi.security.authn.x509.impl.OpensslCertChainValidator;
import fr.in2p3.lavoisier.service.ServerProperties;
import fr.in2p3.lavoisier.service.ServerProperty;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.glassfish.grizzly.ssl.SSLEngineConfigurator;

/* loaded from: input_file:fr/in2p3/lavoisier/security/SecurityConfiguration.class */
public class SecurityConfiguration {
    private ServerProperties m_conf;

    public SecurityConfiguration(ServerProperties serverProperties) throws IOException {
        this.m_conf = serverProperties;
    }

    public boolean isSSLEnabled() {
        return (this.m_conf.getString(ServerProperty.LAVOISIER_SSL_KEYSTORE) == null || this.m_conf.getString(ServerProperty.LAVOISIER_SSL_KEYSTORE_PASSWORD) == null || this.m_conf.getString(ServerProperty.LAVOISIER_SSL_TRUSTSTORE) == null) ? false : true;
    }

    public SSLEngineConfigurator getSSLEngineConfigurator() throws IOException {
        KeyStore keyStore;
        TrustManager[] trustManagerArr;
        if (!isSSLEnabled()) {
            return null;
        }
        try {
            String string = this.m_conf.getString(ServerProperty.LAVOISIER_SSL_KEYSTORE);
            String string2 = this.m_conf.getString(ServerProperty.LAVOISIER_SSL_KEYSTORE_PASSWORD);
            File file = new File(string);
            if (!file.isFile()) {
                throw new IOException("Not a file: " + file.getAbsolutePath());
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            try {
                keyStore = KeyStore.getInstance("JKS");
                keyStore.load(new FileInputStream(string), string2.toCharArray());
            } catch (IOException e) {
                keyStore = KeyStore.getInstance("PKCS12");
                keyStore.load(new FileInputStream(string), string2.toCharArray());
            }
            keyManagerFactory.init(keyStore, string2.toCharArray());
            String string3 = this.m_conf.getString(ServerProperty.LAVOISIER_SSL_TRUSTSTORE);
            File file2 = new File(string3);
            if (file2.isFile()) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                KeyStore keyStore2 = KeyStore.getInstance("JKS");
                keyStore2.load(new FileInputStream(string3), null);
                trustManagerFactory.init(keyStore2);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } else {
                if (!file2.isDirectory()) {
                    throw new IOException("Neither a file, nor a directory: " + file2.getAbsolutePath());
                }
                trustManagerArr = new TrustManager[]{new CommonX509TrustManager(new OpensslCertChainValidator(string3))};
            }
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerArr, new SecureRandom());
            return new SSLEngineConfigurator(sSLContext).setClientMode(false).setNeedClientAuth(true);
        } catch (KeyManagementException e2) {
            throw new IOException(e2);
        } catch (KeyStoreException e3) {
            throw new IOException(e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new IOException(e4);
        } catch (UnrecoverableKeyException e5) {
            throw new IOException(e5);
        } catch (CertificateException e6) {
            throw new IOException(e6);
        }
    }
}
