package org.snmp4j.transport.tls;

import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import org.snmp4j.TransportStateReference;
import org.snmp4j.log.LogAdapter;
import org.snmp4j.log.LogFactory;

/* loaded from: input_file:org/snmp4j/transport/tls/DefaultSSLEngineConfiguration.class */
public class DefaultSSLEngineConfiguration implements SSLEngineConfigurator {
    private static final LogAdapter logger = LogFactory.getLogger((Class<?>) DefaultSSLEngineConfiguration.class);
    private TlsTransportMappingConfig<X509Certificate> tlsTransportMappingConfig;
    private TLSTMTrustManagerFactory trustManagerFactory;
    private String defaultProtocolVersion;

    public DefaultSSLEngineConfiguration(TlsTransportMappingConfig<X509Certificate> tlsTransportMappingConfig, TLSTMTrustManagerFactory tLSTMTrustManagerFactory, String str) {
        this.tlsTransportMappingConfig = tlsTransportMappingConfig;
        this.trustManagerFactory = tLSTMTrustManagerFactory;
        this.defaultProtocolVersion = str;
    }

    public String getDefaultProtocolVersion() {
        return this.defaultProtocolVersion;
    }

    public TlsTransportMappingConfig<X509Certificate> getTlsTransportMappingConfig() {
        return this.tlsTransportMappingConfig;
    }

    public TLSTMTrustManagerFactory getTrustManagerFactory() {
        return this.trustManagerFactory;
    }

    @Override // org.snmp4j.transport.tls.SSLEngineConfigurator
    public void configure(SSLEngine sSLEngine) {
        logger.debug("Configuring SSL engine, supported protocols are " + Arrays.asList(sSLEngine.getSupportedProtocols()) + ", supported ciphers are " + Arrays.asList(sSLEngine.getSupportedCipherSuites()) + ", https defaults are " + System.getProperty("https.cipherSuites"));
        String[] enabledCipherSuites = sSLEngine.getEnabledCipherSuites();
        ArrayList arrayList = new ArrayList(enabledCipherSuites.length);
        for (String str : enabledCipherSuites) {
            if (!str.contains("_anon_") && !str.contains("_NULL_")) {
                arrayList.add(str);
            }
        }
        sSLEngine.setEnabledCipherSuites((String[]) arrayList.toArray(new String[0]));
        sSLEngine.setEnabledProtocols(this.tlsTransportMappingConfig.getProtocolVersions());
        if (!sSLEngine.getUseClientMode()) {
            sSLEngine.setNeedClientAuth(true);
            sSLEngine.setWantClientAuth(true);
            logger.info("Need client authentication set to true");
        }
        if (logger.isInfoEnabled()) {
            logger.info("Configured SSL engine, enabled protocols are " + Arrays.asList(sSLEngine.getEnabledProtocols()) + ", enabled ciphers are " + Arrays.asList(sSLEngine.getEnabledCipherSuites()) + ", supported ciphers are " + Arrays.asList(sSLEngine.getSupportedCipherSuites()));
        }
    }

    @Override // org.snmp4j.transport.tls.SSLEngineConfigurator
    public SSLContext getSSLContext(boolean z, TransportStateReference transportStateReference) throws GeneralSecurityException {
        try {
            String str = this.defaultProtocolVersion;
            if (this.tlsTransportMappingConfig.getProtocolVersions() != null && this.tlsTransportMappingConfig.getProtocolVersions().length > 0) {
                str = this.tlsTransportMappingConfig.getProtocolVersions()[0];
            }
            return TLSTMUtil.createSSLContext(str, this.tlsTransportMappingConfig.getKeyStore(), this.tlsTransportMappingConfig.getKeyStorePassword(), this.tlsTransportMappingConfig.getTrustStore(), this.tlsTransportMappingConfig.getTrustStorePassword(), transportStateReference, this.trustManagerFactory, z, this.tlsTransportMappingConfig.getSecurityCallback(), this.tlsTransportMappingConfig.getLocalCertificateAlias());
        } catch (NoSuchAlgorithmException e) {
            logger.error("Failed to initialize SSLContext because of an NoSuchAlgorithmException: " + e.getMessage(), e);
            return null;
        }
    }
}
