package com.zimbra.cs.nio;

import com.zimbra.common.localconfig.LC;
import com.zimbra.cs.server.ServerConfig;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:com/zimbra/cs/nio/SSLInfo.class */
public final class SSLInfo {
    private final SSLContext context;
    private final String[] enabledCipherSuites;
    private static SSLContext defaultContext;

    public SSLInfo(ServerConfig serverConfig) {
        try {
            this.context = getDefaultSSLContext();
            this.enabledCipherSuites = getEnabledCipherSuites(this.context, serverConfig);
        } catch (Exception e) {
            throw new IllegalStateException("Unable to initialize SSLContext", e);
        }
    }

    public SSLContext getSSLContext() {
        return this.context;
    }

    public String[] getEnabledCipherSuites() {
        return this.enabledCipherSuites;
    }

    private static synchronized SSLContext getDefaultSSLContext() throws IOException, GeneralSecurityException {
        if (defaultContext == null) {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            char[] charArray = LC.mailboxd_keystore_password.value().toCharArray();
            keyStore.load(new FileInputStream(LC.mailboxd_keystore.value()), charArray);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
            keyManagerFactory.init(keyStore, charArray);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
            trustManagerFactory.init(keyStore);
            defaultContext = SSLContext.getInstance("TLS");
            defaultContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
        }
        return defaultContext;
    }

    private static String[] getEnabledCipherSuites(SSLContext sSLContext, ServerConfig serverConfig) {
        String[] enabledCipherSuites;
        String[] sslExcludedCiphers = serverConfig.getSslExcludedCiphers();
        if (sslExcludedCiphers == null || sslExcludedCiphers.length <= 0 || (enabledCipherSuites = sSLContext.createSSLEngine().getEnabledCipherSuites()) == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList(Arrays.asList(enabledCipherSuites));
        arrayList.removeAll(Arrays.asList(sslExcludedCiphers));
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }
}
