package org.eclipse.scada.core.net;

import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.filter.codec.ProtocolCodecFilter;
import org.apache.mina.filter.compression.CompressionFilter;
import org.apache.mina.filter.logging.LoggingFilter;
import org.apache.mina.filter.ssl.SslFilter;
import org.eclipse.scada.core.ConnectionInformation;
import org.eclipse.scada.net.mina.GMPPProtocolDecoder;
import org.eclipse.scada.net.mina.GMPPProtocolEncoder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/scada/core/net/ConnectionHelper.class */
public class ConnectionHelper {
    private static final Logger logger = LoggerFactory.getLogger(ConnectionHelper.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/scada/core/net/ConnectionHelper$X509TrustManagerImplementation.class */
    public static final class X509TrustManagerImplementation implements X509TrustManager {
        private X509TrustManagerImplementation() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            ConnectionHelper.logger.info("checkClientTrusted: " + x509CertificateArr + "/" + str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            ConnectionHelper.logger.info("checkServerTrusted: " + x509CertificateArr + "/" + str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            ConnectionHelper.logger.info("getAcceptedIssuers");
            return new X509Certificate[0];
        }

        /* synthetic */ X509TrustManagerImplementation(X509TrustManagerImplementation x509TrustManagerImplementation) {
            this();
        }
    }

    public static void injectCompression(IoSession ioSession, String str) {
        logger.debug("Prepare for compression filter injection: {}", str);
        CompressionFilter createCompressionFilter = createCompressionFilter(str);
        if (createCompressionFilter == null || ioSession.getFilterChain().contains("compress")) {
            return;
        }
        logger.debug("Injecting compression filter: {}", createCompressionFilter);
        ioSession.getFilterChain().addFirst("compress", createCompressionFilter);
    }

    private static CompressionFilter createCompressionFilter(String str) {
        if (str == null) {
            return null;
        }
        logger.debug("Compression mode {}", str);
        int i = -1;
        try {
            i = Integer.parseInt(str);
        } catch (Exception e) {
            logger.warn("Failed to parse 'compress' property", e);
        }
        if (i < -1 || i > 9) {
            logger.warn("Compression ({}) outside of valid range. Setting to default", Integer.valueOf(i));
            i = -1;
        }
        logger.debug("Creating filter with compression mode: {}", Integer.valueOf(i));
        return new CompressionFilter(i);
    }

    public static void setupFilterChain(ConnectionInformation connectionInformation, DefaultIoFilterChainBuilder defaultIoFilterChainBuilder, boolean z) {
        CompressionFilter createCompressionFilter = createCompressionFilter((String) connectionInformation.getProperties().get("compress"));
        if (createCompressionFilter != null) {
            defaultIoFilterChainBuilder.addLast("compress", createCompressionFilter);
        }
        if (((String) connectionInformation.getProperties().get("ssl")) != null) {
            initSsl(connectionInformation, defaultIoFilterChainBuilder, z);
        }
        if (((String) connectionInformation.getProperties().get("trace")) != null) {
            defaultIoFilterChainBuilder.addLast("logging", new LoggingFilter());
        }
        defaultIoFilterChainBuilder.addLast("codec", new ProtocolCodecFilter(new GMPPProtocolEncoder(), new GMPPProtocolDecoder()));
    }

    protected static void initSsl(ConnectionInformation connectionInformation, DefaultIoFilterChainBuilder defaultIoFilterChainBuilder, boolean z) {
        SSLContext sSLContext = null;
        try {
            sSLContext = createContext(connectionInformation);
            sSLContext.init(getKeyManagers(connectionInformation, z), getTrustManagers(connectionInformation), getRandom(connectionInformation));
        } catch (Throwable th) {
            logger.warn("Failed to enable SSL", th);
        }
        if (sSLContext != null) {
            SslFilter sslFilter = new SslFilter(sSLContext);
            sslFilter.setUseClientMode(z);
            defaultIoFilterChainBuilder.addFirst("sslFilter", sslFilter);
        }
    }

    private static SSLContext createContext(ConnectionInformation connectionInformation) throws NoSuchAlgorithmException {
        String str = (String) connectionInformation.getProperties().get("sslProtocol");
        if (str == null || str.length() == 0) {
            str = "SSLv3";
        }
        return SSLContext.getInstance(str);
    }

    private static SecureRandom getRandom(ConnectionInformation connectionInformation) throws NoSuchAlgorithmException {
        String str = (String) connectionInformation.getProperties().get("sslRandom");
        if (str == null || str.length() <= 0) {
            return null;
        }
        return SecureRandom.getInstance(str);
    }

    private static TrustManager[] getTrustManagers(ConnectionInformation connectionInformation) {
        return new TrustManager[]{new X509TrustManagerImplementation(null)};
    }

    private static KeyManager[] getKeyManagers(ConnectionInformation connectionInformation, boolean z) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, CertificateException, IOException {
        if (z) {
            return null;
        }
        KeyStore createKeyStore = createKeyStore(connectionInformation);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(createKeyStore, getPassword(connectionInformation, "sslCertPassword"));
        return keyManagerFactory.getKeyManagers();
    }

    private static KeyStore createKeyStore(ConnectionInformation connectionInformation) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        String str = (String) connectionInformation.getProperties().get("sslKeyStoreType");
        KeyStore keyStore = str != null ? KeyStore.getInstance(str) : KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(getKeyStoreStream(connectionInformation), getPassword(connectionInformation, "sslKeyStorePassword"));
        return keyStore;
    }

    private static InputStream getKeyStoreStream(ConnectionInformation connectionInformation) throws IOException {
        return new URL((String) connectionInformation.getProperties().get("sslKeyStoreUri")).openStream();
    }

    private static char[] getPassword(ConnectionInformation connectionInformation, String str) {
        String str2 = (String) connectionInformation.getProperties().get(str);
        return str2 != null ? str2.toCharArray() : null;
    }
}
