package org.objectweb.proactive.extensions.pnpssl;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.LinkedList;
import javax.net.ssl.TrustManager;
import org.apache.log4j.Logger;
import org.objectweb.proactive.core.util.log.ProActiveLogger;
import org.objectweb.proactive.extensions.pnp.PNPConfig;
import org.objectweb.proactive.extensions.pnp.PNPRemoteObjectFactoryAbstract;
import org.objectweb.proactive.extensions.pnp.PNPRemoteObjectFactoryBackend;
import org.objectweb.proactive.extensions.pnpssl.PNPSslConfig;
import org.objectweb.proactive.extensions.ssl.CertificateGenerator;
import org.objectweb.proactive.extensions.ssl.PermissiveTrustManager;
import org.objectweb.proactive.extensions.ssl.SameCertTrustManager;
import org.objectweb.proactive.extensions.ssl.SecureMode;
import org.objectweb.proactive.extensions.ssl.SslException;
import org.objectweb.proactive.extensions.ssl.SslHelpers;

/* loaded from: input_file:org/objectweb/proactive/extensions/pnpssl/PNPSslRemoteObjectFactory.class */
public class PNPSslRemoteObjectFactory extends PNPRemoteObjectFactoryAbstract {
    static final Logger logger = ProActiveLogger.getLogger(PNPSslConfig.Loggers.PNPSSL);
    public static final String PROTO_ID = "pnps";

    public PNPSslRemoteObjectFactory() throws PNPSslException {
        SslHelpers.insertBouncyCastle();
        PNPConfig pNPConfig = new PNPConfig();
        pNPConfig.setPort(PNPSslConfig.PA_PNPSSL_PORT.getValue());
        pNPConfig.setIdleTimeout(PNPSslConfig.PA_PNPSSL_IDLE_TIMEOUT.getValue());
        pNPConfig.setDefaultHeartbeat(PNPSslConfig.PA_PNPSSL_DEFAULT_HEARTBEAT.getValue());
        if (PNPSslConfig.PA_PNPSSL_AUTHENTICATE.isTrue() && !PNPSslConfig.PA_PNPSSL_KEYSTORE.isSet()) {
            throw new PNPSslConfigurationException(PNPSslConfig.PA_PNPSSL_KEYSTORE.getName() + " property must be set when " + PNPSslConfig.PA_PNPSSL_AUTHENTICATE.getName() + " is true");
        }
        KeyStore keystore = getKeystore();
        setBackendRemoteObjectFactory(new PNPRemoteObjectFactoryBackend(PROTO_ID, pNPConfig, new PNPSslExtraHandlers(getSecureMode(), keystore, getTrustManager(keystore))));
    }

    private SecureMode getSecureMode() {
        return PNPSslConfig.PA_PNPSSL_AUTHENTICATE.isTrue() ? SecureMode.AUTH_AND_CIPHERED : SecureMode.CIPHERED_ONLY;
    }

    private TrustManager getTrustManager(KeyStore keyStore) throws PNPSslException {
        if (!PNPSslConfig.PA_PNPSSL_AUTHENTICATE.isTrue()) {
            return new PermissiveTrustManager();
        }
        try {
            Enumeration<String> aliases = keyStore.aliases();
            LinkedList linkedList = new LinkedList();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (nextElement.matches(SslHelpers.DEFAULT_ALIAS_PATTERN)) {
                    linkedList.add(keyStore.getCertificate(nextElement));
                }
            }
            if (linkedList.size() == 0) {
                throw new PNPSslException("No certificate matching \"" + SslHelpers.DEFAULT_ALIAS_PATTERN + "\" found in the keystore " + keyStore + ". Cannot enable authenticate mode");
            }
            return new SameCertTrustManager((X509Certificate[]) linkedList.toArray(new X509Certificate[linkedList.size()]));
        } catch (KeyStoreException e) {
            throw new PNPSslException("Failed to list certificates in the keystore " + keyStore, e);
        }
    }

    private KeyStore getKeystore() throws PNPSslException {
        if (PNPSslConfig.PA_PNPSSL_KEYSTORE.isSet()) {
            return readKeystoreFromDisk(PNPSslConfig.PA_PNPSSL_KEYSTORE.getValue());
        }
        if (PNPSslConfig.PA_PNPSSL_AUTHENTICATE.isTrue()) {
            logger.error("pnps configured to authenticate remote runtimes but keystore is not set. pnpswill not work");
        }
        return createKeystore();
    }

    private KeyStore readKeystoreFromDisk(String str) throws PNPSslConfigurationException {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(new FileInputStream(new File(PNPSslConfig.PA_PNPSSL_KEYSTORE.getValue())), SslHelpers.DEFAULT_KS_PASSWD.toCharArray());
            return keyStore;
        } catch (FileNotFoundException e) {
            throw new PNPSslConfigurationException("Failed to read user specifed keystore for pnps", e);
        } catch (IOException e2) {
            throw new PNPSslConfigurationException("Failed to load user specified keystore for pnps", e2);
        } catch (KeyStoreException e3) {
            throw new PNPSslConfigurationException("Failed to create keystore", e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new PNPSslConfigurationException("Failed to load user specified keystore for pnps", e4);
        } catch (CertificateException e5) {
            throw new PNPSslConfigurationException("Failed to load a certificate in the user specified keystore for pnps", e5);
        }
    }

    private KeyStore createKeystore() throws PNPSslException {
        try {
            CertificateGenerator certificateGenerator = new CertificateGenerator();
            KeyPair generateRSAKeyPair = certificateGenerator.generateRSAKeyPair();
            X509Certificate generateCertificate = certificateGenerator.generateCertificate(SslHelpers.DEFAULT_SUBJET_DN, generateRSAKeyPair);
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null, null);
            keyStore.setKeyEntry(SslHelpers.DEFAULT_SUBJET_DN, generateRSAKeyPair.getPrivate(), SslHelpers.DEFAULT_KS_PASSWD.toCharArray(), new X509Certificate[]{generateCertificate});
            return keyStore;
        } catch (IOException e) {
            throw new PNPSslConfigurationException("Failed to load user specified keystore for pnps", e);
        } catch (KeyStoreException e2) {
            throw new PNPSslConfigurationException("Failed to create or fill the keystore for pnps", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new PNPSslConfigurationException("Failed to create the keystore for pnps", e3);
        } catch (CertificateException e4) {
            throw new PNPSslException("Failed to load a certificate in the user specified keystore for pnps", e4);
        } catch (SslException e5) {
            throw new PNPSslConfigurationException("Failed to create a certificate for pnps", e5);
        }
    }
}
