package org.apache.solr.util;

import java.net.MalformedURLException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.SecureRandomSpi;
import java.security.UnrecoverableKeyException;
import java.util.Random;
import javax.net.ssl.SSLContext;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.solr.client.solrj.embedded.SSLConfig;
import org.apache.solr.client.solrj.impl.HttpClientUtil;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.security.CertificateUtils;
import org.eclipse.jetty.util.ssl.SslContextFactory;

/* loaded from: input_file:org/apache/solr/util/SSLTestConfig.class */
public class SSLTestConfig extends SSLConfig {
    private static final String TEST_KEYSTORE_RESOURCE = "SSLTestConfig.testing.keystore";
    private static final String TEST_KEYSTORE_PASSWORD = "secret";
    private final Resource keyStore;
    private final Resource trustStore;
    private static final HttpClientUtil.SchemaRegistryProvider HTTP_ONLY_SCHEMA_PROVIDER;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/solr/util/SSLTestConfig$NotSecurePsuedoRandom.class */
    public static class NotSecurePsuedoRandom extends SecureRandom {
        public static final SecureRandom INSTANCE = new NotSecurePsuedoRandom();
        private static final Random RAND = new Random(42);
        private static final SecureRandomSpi NOT_SECURE_SPI = new SecureRandomSpi() { // from class: org.apache.solr.util.SSLTestConfig.NotSecurePsuedoRandom.1
            @Override // java.security.SecureRandomSpi
            public byte[] engineGenerateSeed(int i) {
                return NotSecurePsuedoRandom.fillData(new byte[i]);
            }

            @Override // java.security.SecureRandomSpi
            public void engineNextBytes(byte[] bArr) {
                NotSecurePsuedoRandom.fillData(bArr);
            }

            @Override // java.security.SecureRandomSpi
            public void engineSetSeed(byte[] bArr) {
            }
        };

        /* JADX INFO: Access modifiers changed from: private */
        public static final byte[] fillData(byte[] bArr) {
            RAND.nextBytes(bArr);
            return bArr;
        }

        private NotSecurePsuedoRandom() {
            super(NOT_SECURE_SPI, null);
        }

        @Override // java.security.SecureRandom
        public byte[] generateSeed(int i) {
            return fillData(new byte[i]);
        }

        @Override // java.security.SecureRandom, java.util.Random
        public synchronized void nextBytes(byte[] bArr) {
            fillData(bArr);
        }

        @Override // java.security.SecureRandom
        public synchronized void setSeed(byte[] bArr) {
        }

        @Override // java.security.SecureRandom, java.util.Random
        public synchronized void setSeed(long j) {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/solr/util/SSLTestConfig$SSLSchemaRegistryProvider.class */
    public static class SSLSchemaRegistryProvider extends HttpClientUtil.SchemaRegistryProvider {
        private final SSLConnectionSocketFactory sslConnectionFactory;

        public SSLSchemaRegistryProvider(SSLConnectionSocketFactory sSLConnectionSocketFactory) {
            this.sslConnectionFactory = sSLConnectionSocketFactory;
        }

        @Override // org.apache.solr.client.solrj.impl.HttpClientUtil.SchemaRegistryProvider
        public Registry<ConnectionSocketFactory> getSchemaRegistry() {
            return RegistryBuilder.create().register("https", this.sslConnectionFactory).build();
        }
    }

    public SSLTestConfig() {
        this(false, false);
    }

    public SSLTestConfig(boolean z, boolean z2) {
        super(z, z2, null, TEST_KEYSTORE_PASSWORD, null, TEST_KEYSTORE_PASSWORD);
        Resource newClassPathResource = Resource.newClassPathResource(TEST_KEYSTORE_RESOURCE);
        this.keyStore = newClassPathResource;
        this.trustStore = newClassPathResource;
        if (null == this.keyStore || !this.keyStore.exists()) {
            throw new IllegalStateException("Unable to locate keystore resource file in classpath: SSLTestConfig.testing.keystore");
        }
    }

    private static final Resource tryNewResource(String str, String str2) {
        if (null == str) {
            return null;
        }
        try {
            Resource newResource = Resource.newResource(str);
            if (newResource.exists()) {
                return newResource;
            }
            throw new IllegalArgumentException(str2 + " Resource does not exist " + newResource.getName());
        } catch (MalformedURLException e) {
            throw new IllegalArgumentException("Can't build " + str2 + " Resource: " + e.getMessage(), e);
        }
    }

    @Override // org.apache.solr.client.solrj.embedded.SSLConfig
    public String getKeyStore() {
        return null;
    }

    @Override // org.apache.solr.client.solrj.embedded.SSLConfig
    public String getTrustStore() {
        return null;
    }

    public HttpClientUtil.SchemaRegistryProvider buildClientSchemaRegistryProvider() {
        if (!isSSLMode()) {
            return HTTP_ONLY_SCHEMA_PROVIDER;
        }
        SSLConnectionSocketFactory buildClientSSLConnectionSocketFactory = buildClientSSLConnectionSocketFactory();
        if ($assertionsDisabled || null != buildClientSSLConnectionSocketFactory) {
            return new SSLSchemaRegistryProvider(buildClientSSLConnectionSocketFactory);
        }
        throw new AssertionError();
    }

    public SSLContext buildClientSSLContext() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
        if (!$assertionsDisabled && !isSSLMode()) {
            throw new AssertionError();
        }
        SSLContextBuilder custom = SSLContexts.custom();
        custom.setSecureRandom(NotSecurePsuedoRandom.INSTANCE);
        custom.loadTrustMaterial(buildKeyStore(this.keyStore, getKeyStorePassword()), new TrustSelfSignedStrategy()).build();
        if (isClientAuthMode()) {
            custom.loadKeyMaterial(buildKeyStore(this.trustStore, getTrustStorePassword()), getTrustStorePassword().toCharArray());
        }
        return custom.build();
    }

    public SSLContext buildServerSSLContext() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
        if (!$assertionsDisabled && !isSSLMode()) {
            throw new AssertionError();
        }
        SSLContextBuilder custom = SSLContexts.custom();
        custom.setSecureRandom(NotSecurePsuedoRandom.INSTANCE);
        custom.loadKeyMaterial(buildKeyStore(this.keyStore, getKeyStorePassword()), getKeyStorePassword().toCharArray());
        if (isClientAuthMode()) {
            custom.loadTrustMaterial(buildKeyStore(this.trustStore, getTrustStorePassword()), new TrustSelfSignedStrategy()).build();
        }
        return custom.build();
    }

    @Override // org.apache.solr.client.solrj.embedded.SSLConfig
    public SslContextFactory createContextFactory() {
        if (!isSSLMode()) {
            return null;
        }
        SslContextFactory sslContextFactory = new SslContextFactory(false);
        try {
            sslContextFactory.setSslContext(buildServerSSLContext());
            sslContextFactory.setNeedClientAuth(isClientAuthMode());
            return sslContextFactory;
        } catch (Exception e) {
            throw new RuntimeException("ssl context init failure: " + e.getMessage(), e);
        }
    }

    protected static KeyStore buildKeyStore(Resource resource, String str) {
        try {
            return CertificateUtils.getKeyStore(resource, "JKS", null, str);
        } catch (Exception e) {
            throw new IllegalStateException("Unable to build KeyStore from resource: " + resource.getName(), e);
        }
    }

    public SSLConnectionSocketFactory buildClientSSLConnectionSocketFactory() {
        if (!isSSLMode()) {
            return null;
        }
        try {
            boolean booleanDefaultIfNull = toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), true);
            SSLContext buildClientSSLContext = buildClientSSLContext();
            return !booleanDefaultIfNull ? new SSLConnectionSocketFactory(buildClientSSLContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER) : new SSLConnectionSocketFactory(buildClientSSLContext);
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new IllegalStateException("Unable to setup https scheme for HTTPClient to test SSL.", e);
        }
    }

    public static boolean toBooleanDefaultIfNull(Boolean bool, boolean z) {
        return bool == null ? z : bool.booleanValue();
    }

    public static Boolean toBooleanObject(String str) {
        if ("true".equalsIgnoreCase(str)) {
            return Boolean.TRUE;
        }
        if ("false".equalsIgnoreCase(str)) {
            return Boolean.FALSE;
        }
        return null;
    }

    static {
        $assertionsDisabled = !SSLTestConfig.class.desiredAssertionStatus();
        HTTP_ONLY_SCHEMA_PROVIDER = new HttpClientUtil.SchemaRegistryProvider() { // from class: org.apache.solr.util.SSLTestConfig.1
            @Override // org.apache.solr.client.solrj.impl.HttpClientUtil.SchemaRegistryProvider
            public Registry<ConnectionSocketFactory> getSchemaRegistry() {
                return RegistryBuilder.create().register("http", PlainConnectionSocketFactory.getSocketFactory()).build();
            }
        };
    }
}
