package com.ghc.ssl;

import com.ghc.identity.AuthenticationManager;
import com.ghc.identity.IdentityObject;
import com.ghc.identity.IdentityStoreResource;
import com.ghc.identity.gui.IdentityStoreResourcePanelEvent;
import com.ghc.security.nls.GHMessages;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLContext;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:com/ghc/ssl/SslSettingsValidation.class */
public class SslSettingsValidation {
    private final List<String> serverErrors = new ArrayList(0);
    private final List<String> serverWarnings = new ArrayList(0);
    private final List<String> clientErrors = new ArrayList(0);
    private final List<String> clientWarnings = new ArrayList(0);
    private final List<String> generalErrors = new ArrayList(0);
    private static volatile /* synthetic */ int[] $SWITCH_TABLE$com$ghc$ssl$SslSettingsValidation$ClientOrServer;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ghc/ssl/SslSettingsValidation$ClientOrServer.class */
    public enum ClientOrServer {
        CLIENT,
        SERVER;

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static ClientOrServer[] valuesCustom() {
            ClientOrServer[] valuesCustom = values();
            int length = valuesCustom.length;
            ClientOrServer[] clientOrServerArr = new ClientOrServer[length];
            System.arraycopy(valuesCustom, 0, clientOrServerArr, 0, length);
            return clientOrServerArr;
        }
    }

    public static SslSettingsValidation validate(AuthenticationManager authenticationManager, SslSettings sslSettings) {
        SslSettingsValidation sslSettingsValidation = new SslSettingsValidation();
        if (sslSettings.isUseSsl()) {
            sslSettingsValidation.validateServerSettings(authenticationManager, sslSettings);
            sslSettingsValidation.validateClientSettings(authenticationManager, sslSettings);
            sslSettingsValidation.validateGeneralSettings(sslSettings);
        }
        return sslSettingsValidation;
    }

    private SslSettingsValidation() {
    }

    private void validateServerSettings(AuthenticationManager authenticationManager, SslSettings sslSettings) {
        if (sslSettings.getServerIdentityStoreId() != null) {
            validateServerIdentity(authenticationManager, sslSettings);
        }
        if (sslSettings.getServerTrustStoreId() != null) {
            validateTrustStore(authenticationManager, sslSettings.getServerTrustStoreId(), ClientOrServer.SERVER, this.serverErrors, this.serverWarnings);
        }
    }

    private void validateClientSettings(AuthenticationManager authenticationManager, SslSettings sslSettings) {
        if (sslSettings.getClientTrustStoreId() != null) {
            validateTrustStore(authenticationManager, sslSettings.getClientTrustStoreId(), ClientOrServer.CLIENT, this.clientErrors, this.clientWarnings);
        }
        if (sslSettings.getClientIdentityStoreId() != null) {
            validateClientIdentity(authenticationManager, sslSettings);
        }
    }

    private void validateServerIdentity(AuthenticationManager authenticationManager, SslSettings sslSettings) {
        IdentityStoreResource store = SslSettingsUtils.getStore(authenticationManager, sslSettings.getServerIdentityStoreId());
        if (store == null) {
            this.serverErrors.add(GHMessages.SslSettingsValidation_stubIdentityStoreNoLongerExists);
            return;
        }
        if (StringUtils.isBlank(sslSettings.getServerKeyAlias())) {
            this.serverErrors.add(GHMessages.SslSettingsValidation_noStubAliasConfigured);
            return;
        }
        IdentityObject identityObject = store.getIdentityObject(sslSettings.getServerKeyAlias());
        if (identityObject == null) {
            this.serverErrors.add(GHMessages.SslSettingsValidation_stubIdentityDoesNotExists);
        } else if (!identityObject.entryType().equals(KeyIdObject.KEY_ENTRY)) {
            this.serverErrors.add(GHMessages.SslSettingsValidation_stubIdentityAliasInvalid);
        } else {
            if (identityObject.isPasswordCorrect()) {
                return;
            }
            this.serverErrors.add(GHMessages.SslSettingsValidation_aliasPasswordInvalid);
        }
    }

    private void validateClientIdentity(AuthenticationManager authenticationManager, SslSettings sslSettings) {
        if (SslSettingsUtils.getStore(authenticationManager, sslSettings.getClientIdentityStoreId()) == null) {
            this.serverErrors.add(GHMessages.SslSettingsValidation_identityStoreSpecifiedForClientNoLongerExists);
        }
    }

    private static void validateTrustStore(AuthenticationManager authenticationManager, String str, ClientOrServer clientOrServer, List<String> list, List<String> list2) {
        IdentityStoreResource store = SslSettingsUtils.getStore(authenticationManager, str);
        if (store == null) {
            switch ($SWITCH_TABLE$com$ghc$ssl$SslSettingsValidation$ClientOrServer()[clientOrServer.ordinal()]) {
                case 1:
                    list.add(GHMessages.SslSettingsValidation_clientTrustStoreNoLongerExists);
                    return;
                case IdentityStoreResourcePanelEvent.CONTENTS_CHANGED /* 2 */:
                    list.add(GHMessages.SslSettingsValidation_stubTrustStoreNoLongerExists);
                    return;
                default:
                    return;
            }
        }
        boolean z = false;
        Iterator<IdentityObject> identityObjects = store.getIdentityObjects();
        while (!z && identityObjects.hasNext()) {
            z = identityObjects.next().entryType().equals(KeyIdObject.TRUSTED_CERTIFICATE_ENTRY);
        }
        if (z) {
            return;
        }
        switch ($SWITCH_TABLE$com$ghc$ssl$SslSettingsValidation$ClientOrServer()[clientOrServer.ordinal()]) {
            case 1:
                list2.add(GHMessages.SslSettingsValidation_noClientTrustStoreCertificates);
                return;
            case IdentityStoreResourcePanelEvent.CONTENTS_CHANGED /* 2 */:
                list2.add(GHMessages.SslSettingsValidation_stubTrustStoreNoCertificates);
                return;
            default:
                return;
        }
    }

    private void validateGeneralSettings(SslSettings sslSettings) {
        Iterable<String> splitProtocolList = SSLUtils.splitProtocolList(sslSettings.getSslProtocolOverride(), ';');
        if (splitProtocolList.iterator().hasNext()) {
            Iterator<String> it = splitProtocolList.iterator();
            while (it.hasNext()) {
                try {
                    SSLContext.getInstance(it.next());
                    return;
                } catch (NoSuchAlgorithmException unused) {
                }
            }
            this.generalErrors.add(GHMessages.SslSettingsValidation_sslProtocolOverriedeNotValid);
        }
    }

    public boolean serverSettingsValid() {
        return this.generalErrors.isEmpty() && this.serverErrors.isEmpty();
    }

    public boolean clientSettingsValid() {
        return this.generalErrors.isEmpty() && this.clientErrors.isEmpty();
    }

    public void reportServerAndClientMessages(StringBuilder sb) {
        appendErrors(sb, this.clientErrors);
        appendWarnings(sb, this.clientWarnings);
        appendErrors(sb, this.serverErrors);
        appendWarnings(sb, this.serverWarnings);
        appendErrors(sb, this.generalErrors);
    }

    private static void appendErrors(StringBuilder sb, List<String> list) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            sb.append(it.next());
            sb.append('\n');
        }
    }

    private static void appendWarnings(StringBuilder sb, List<String> list) {
        for (String str : list) {
            sb.append(GHMessages.SslSettingsValidation_Warning);
            sb.append(str);
            sb.append('\n');
        }
    }

    static /* synthetic */ int[] $SWITCH_TABLE$com$ghc$ssl$SslSettingsValidation$ClientOrServer() {
        int[] iArr = $SWITCH_TABLE$com$ghc$ssl$SslSettingsValidation$ClientOrServer;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[ClientOrServer.valuesCustom().length];
        try {
            iArr2[ClientOrServer.CLIENT.ordinal()] = 1;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[ClientOrServer.SERVER.ordinal()] = 2;
        } catch (NoSuchFieldError unused2) {
        }
        $SWITCH_TABLE$com$ghc$ssl$SslSettingsValidation$ClientOrServer = iArr2;
        return iArr2;
    }
}
