package org.apache.james.protocols.lib;

import org.apache.commons.configuration2.HierarchicalConfiguration;
import org.apache.commons.configuration2.ex.ConfigurationException;
import org.apache.commons.configuration2.tree.ImmutableNode;
import org.apache.james.protocols.api.ClientAuth;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/james/protocols/lib/SslConfig.class */
public class SslConfig {
    private static final Logger LOGGER = LoggerFactory.getLogger(SslConfig.class);
    private final boolean useStartTLS;
    private final boolean useSSL;
    private final ClientAuth clientAuth;
    private final String keystore;
    private final String keystoreType;
    private final String privateKey;
    private final String certificates;
    private final String secret;
    private final String truststore;
    private final String truststoreType;
    private final String[] enabledCipherSuites;
    private final String[] enabledProtocols;
    private final char[] truststoreSecret;
    private final boolean enableOCSPCRLChecks;

    public static SslConfig parse(HierarchicalConfiguration<ImmutableNode> hierarchicalConfiguration) throws ConfigurationException {
        boolean z = hierarchicalConfiguration.getBoolean("tls.[@startTLS]", false);
        boolean z2 = hierarchicalConfiguration.getBoolean("tls.[@socketTLS]", false);
        ClientAuth clientAuth = (hierarchicalConfiguration.getProperty("tls.clientAuth") != null || hierarchicalConfiguration.getKeys("tls.clientAuth").hasNext()) ? ClientAuth.NEED : ClientAuth.NONE;
        if (z2 && z) {
            throw new ConfigurationException("startTLS is only supported when using plain sockets");
        }
        if (!z && !z2) {
            return new SslConfig(z, z2, clientAuth, null, null, null, null, null, null, null, null, null, null, false);
        }
        String[] stringArray = hierarchicalConfiguration.getStringArray("tls.supportedCipherSuites.cipherSuite");
        String[] stringArray2 = hierarchicalConfiguration.getStringArray("tls.supportedProtocols.protocol");
        String string = hierarchicalConfiguration.getString("tls.keystore", (String) null);
        String string2 = hierarchicalConfiguration.getString("tls.privateKey", (String) null);
        String string3 = hierarchicalConfiguration.getString("tls.certificates", (String) null);
        String string4 = hierarchicalConfiguration.getString("tls.keystoreType", "JKS");
        if (string == null && (string2 == null || string3 == null)) {
            throw new ConfigurationException("keystore or (privateKey and certificates) needs to get configured");
        }
        String string5 = hierarchicalConfiguration.getString("tls.secret", (String) null);
        String string6 = hierarchicalConfiguration.getString("tls.clientAuth.truststore", (String) null);
        String string7 = hierarchicalConfiguration.getString("tls.clientAuth.truststoreType", "JKS");
        char[] charArray = hierarchicalConfiguration.getString("tls.clientAuth.truststoreSecret", "").toCharArray();
        boolean z3 = hierarchicalConfiguration.getBoolean("tls.enableOCSPCRLChecks", false);
        if (z2) {
            LOGGER.info("SSL enabled with keystore({}) at {}, certificates {}", new Object[]{string4, string, string3});
        } else {
            LOGGER.info("TLS enabled with auth {} using truststore {}", clientAuth, string6);
        }
        return new SslConfig(z, z2, clientAuth, string, string4, string2, string3, string5, string6, string7, stringArray, stringArray2, charArray, z3);
    }

    public SslConfig(boolean z, boolean z2, ClientAuth clientAuth, String str, String str2, String str3, String str4, String str5, String str6, String str7, String[] strArr, String[] strArr2, char[] cArr, boolean z3) {
        this.useStartTLS = z;
        this.useSSL = z2;
        this.clientAuth = clientAuth;
        this.keystore = str;
        this.keystoreType = str2;
        this.privateKey = str3;
        this.certificates = str4;
        this.secret = str5;
        this.truststore = str6;
        this.truststoreType = str7;
        this.enabledCipherSuites = strArr;
        this.enabledProtocols = strArr2;
        this.truststoreSecret = cArr;
        this.enableOCSPCRLChecks = z3;
    }

    public ClientAuth getClientAuth() {
        return this.clientAuth;
    }

    public boolean useStartTLS() {
        return this.useStartTLS;
    }

    public String[] getEnabledCipherSuites() {
        return this.enabledCipherSuites;
    }

    public String[] getEnabledProtocols() {
        return this.enabledProtocols;
    }

    public boolean useSSL() {
        return this.useSSL;
    }

    public String getKeystore() {
        return this.keystore;
    }

    public String getKeystoreType() {
        return this.keystoreType;
    }

    public String getPrivateKey() {
        return this.privateKey;
    }

    public String getCertificates() {
        return this.certificates;
    }

    public String getSecret() {
        return this.secret;
    }

    public String getTruststore() {
        return this.truststore;
    }

    public String getTruststoreType() {
        return this.truststoreType;
    }

    public char[] getTruststoreSecret() {
        return this.truststoreSecret;
    }

    public boolean ocspCRLChecksEnabled() {
        return this.enableOCSPCRLChecks;
    }
}
