package org.apache.tomcat.util.net.openssl;

import java.nio.charset.StandardCharsets;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.atomic.AtomicInteger;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLConf;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.Constants;
import org.apache.tomcat.util.net.SSLContext;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.res.StringManager;

/* loaded from: classes3.dex */
public class OpenSSLContext implements SSLContext {
    private static final String BEGIN_KEY = "-----BEGIN PRIVATE KEY-----\n";
    static final CertificateFactory X509_CERT_FACTORY;
    private static final String defaultProtocol = "TLS";
    private final long aprPool;
    protected final long cctx;
    private final SSLHostConfigCertificate certificate;
    protected final long ctx;
    private String enabledProtocol;
    private final List<String> negotiableProtocols;
    private OpenSSLSessionContext sessionContext;
    private final SSLHostConfig sslHostConfig;
    private X509TrustManager x509TrustManager;
    private static final Log log = LogFactory.getLog((Class<?>) OpenSSLContext.class);
    private static final StringManager netSm = StringManager.getManager((Class<?>) AbstractEndpoint.class);
    private static final StringManager sm = StringManager.getManager((Class<?>) OpenSSLContext.class);
    private static final Object END_KEY = "\n-----END PRIVATE KEY-----";
    private final AtomicInteger aprPoolDestroyed = new AtomicInteger(0);
    private boolean initialized = false;

    /* renamed from: org.apache.tomcat.util.net.openssl.OpenSSLContext$2, reason: invalid class name */
    /* loaded from: classes3.dex */
    static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$tomcat$util$net$SSLHostConfig$CertificateVerification;

        static {
            int[] iArr = new int[SSLHostConfig.CertificateVerification.values().length];
            $SwitchMap$org$apache$tomcat$util$net$SSLHostConfig$CertificateVerification = iArr;
            try {
                iArr[SSLHostConfig.CertificateVerification.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$apache$tomcat$util$net$SSLHostConfig$CertificateVerification[SSLHostConfig.CertificateVerification.OPTIONAL.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$org$apache$tomcat$util$net$SSLHostConfig$CertificateVerification[SSLHostConfig.CertificateVerification.OPTIONAL_NO_CA.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$org$apache$tomcat$util$net$SSLHostConfig$CertificateVerification[SSLHostConfig.CertificateVerification.REQUIRED.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    static {
        try {
            X509_CERT_FACTORY = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            throw new IllegalStateException(sm.getString("openssl.X509FactoryError"), e);
        }
    }

    public OpenSSLContext(SSLHostConfigCertificate sSLHostConfigCertificate, List<String> list) throws SSLException {
        SSLHostConfig sSLHostConfig = sSLHostConfigCertificate.getSSLHostConfig();
        this.sslHostConfig = sSLHostConfig;
        this.certificate = sSLHostConfigCertificate;
        long create = Pool.create(0L);
        this.aprPool = create;
        try {
            try {
                if (sSLHostConfig.getOpenSslConf() != null) {
                    try {
                        Log log2 = log;
                        if (log2.isDebugEnabled()) {
                            log2.debug(sm.getString("openssl.makeConf"));
                        }
                        this.cctx = SSLConf.make(create, 58);
                    } catch (Exception e) {
                        throw new SSLException(sm.getString("openssl.errMakeConf"), e);
                    }
                } else {
                    this.cctx = 0L;
                }
                sSLHostConfig.setOpenSslConfContext(Long.valueOf(this.cctx));
                int i = 0;
                for (String str : sSLHostConfig.getEnabledProtocols()) {
                    if (!Constants.SSL_PROTO_SSLv2Hello.equalsIgnoreCase(str)) {
                        if (Constants.SSL_PROTO_SSLv2.equalsIgnoreCase(str)) {
                            i |= 1;
                        } else if (Constants.SSL_PROTO_SSLv3.equalsIgnoreCase(str)) {
                            i |= 2;
                        } else if (Constants.SSL_PROTO_TLSv1.equalsIgnoreCase(str)) {
                            i |= 4;
                        } else if (Constants.SSL_PROTO_TLSv1_1.equalsIgnoreCase(str)) {
                            i |= 8;
                        } else if (Constants.SSL_PROTO_TLSv1_2.equalsIgnoreCase(str)) {
                            i |= 16;
                        } else if (Constants.SSL_PROTO_TLSv1_3.equalsIgnoreCase(str)) {
                            i |= 32;
                        } else {
                            if (!Constants.SSL_PROTO_ALL.equalsIgnoreCase(str)) {
                                throw new Exception(netSm.getString("endpoint.apr.invalidSslProtocol", str));
                            }
                            i |= SSL.SSL_PROTOCOL_ALL;
                        }
                    }
                }
                try {
                    this.ctx = org.apache.tomcat.jni.SSLContext.make(this.aprPool, i, 1);
                    this.negotiableProtocols = list;
                } catch (Exception e2) {
                    throw new Exception(netSm.getString("endpoint.apr.failSslContextMake"), e2);
                }
            } catch (Exception e3) {
                throw new SSLException(sm.getString("openssl.errorSSLCtxInit"), e3);
            }
        } catch (Throwable th) {
            destroy();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static X509Certificate[] certificates(byte[][] bArr) {
        int length = bArr.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i = 0; i < length; i++) {
            x509CertificateArr[i] = new OpenSSLX509Certificate(bArr[i]);
        }
        return x509CertificateArr;
    }

    private static X509TrustManager chooseTrustManager(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException(sm.getString("openssl.trustManagerMissing"));
    }

    private static String findAlias(X509KeyManager x509KeyManager, SSLHostConfigCertificate sSLHostConfigCertificate) {
        SSLHostConfigCertificate.Type type = sSLHostConfigCertificate.getType();
        ArrayList arrayList = new ArrayList();
        if (SSLHostConfigCertificate.Type.UNDEFINED.equals(type)) {
            arrayList.addAll(Arrays.asList(SSLHostConfigCertificate.Type.values()));
            arrayList.remove(SSLHostConfigCertificate.Type.UNDEFINED);
        } else {
            arrayList.add(type);
        }
        Iterator it = arrayList.iterator();
        String str = null;
        while (str == null && it.hasNext()) {
            str = x509KeyManager.chooseServerAlias(((SSLHostConfigCertificate.Type) it.next()).toString(), null, null);
        }
        return str;
    }

    private static int getCertificateIndex(SSLHostConfigCertificate sSLHostConfigCertificate) {
        if (sSLHostConfigCertificate.getType() == SSLHostConfigCertificate.Type.RSA || sSLHostConfigCertificate.getType() == SSLHostConfigCertificate.Type.UNDEFINED) {
            return 0;
        }
        if (sSLHostConfigCertificate.getType() == SSLHostConfigCertificate.Type.EC) {
            return 3;
        }
        return sSLHostConfigCertificate.getType() == SSLHostConfigCertificate.Type.DSA ? 1 : 4;
    }

    public void addCertificate(SSLHostConfigCertificate sSLHostConfigCertificate) throws Exception {
        if (sSLHostConfigCertificate.getCertificateFile() != null) {
            org.apache.tomcat.jni.SSLContext.setCertificate(this.ctx, SSLHostConfig.adjustRelativePath(sSLHostConfigCertificate.getCertificateFile()), SSLHostConfig.adjustRelativePath(sSLHostConfigCertificate.getCertificateKeyFile()), sSLHostConfigCertificate.getCertificateKeyPassword(), getCertificateIndex(sSLHostConfigCertificate));
            org.apache.tomcat.jni.SSLContext.setCertificateChainFile(this.ctx, SSLHostConfig.adjustRelativePath(sSLHostConfigCertificate.getCertificateChainFile()), false);
            org.apache.tomcat.jni.SSLContext.setCARevocation(this.ctx, SSLHostConfig.adjustRelativePath(this.sslHostConfig.getCertificateRevocationListFile()), SSLHostConfig.adjustRelativePath(this.sslHostConfig.getCertificateRevocationListPath()));
            return;
        }
        String certificateKeyAlias = sSLHostConfigCertificate.getCertificateKeyAlias();
        X509KeyManager certificateKeyManager = sSLHostConfigCertificate.getCertificateKeyManager();
        if (certificateKeyAlias == null) {
            certificateKeyAlias = "tomcat";
        }
        X509Certificate[] certificateChain = certificateKeyManager.getCertificateChain(certificateKeyAlias);
        if (certificateChain == null) {
            certificateKeyAlias = findAlias(certificateKeyManager, sSLHostConfigCertificate);
            certificateChain = certificateKeyManager.getCertificateChain(certificateKeyAlias);
        }
        PrivateKey privateKey = certificateKeyManager.getPrivateKey(certificateKeyAlias);
        StringBuilder sb = new StringBuilder(BEGIN_KEY);
        sb.append(Base64.getMimeEncoder(64, new byte[]{10}).encodeToString(privateKey.getEncoded()));
        sb.append(END_KEY);
        org.apache.tomcat.jni.SSLContext.setCertificateRaw(this.ctx, certificateChain[0].getEncoded(), sb.toString().getBytes(StandardCharsets.US_ASCII), getCertificateIndex(sSLHostConfigCertificate));
        for (int i = 1; i < certificateChain.length; i++) {
            org.apache.tomcat.jni.SSLContext.addChainCertificateRaw(this.ctx, certificateChain[i].getEncoded());
        }
    }

    @Override // org.apache.tomcat.util.net.SSLContext
    public SSLEngine createSSLEngine() {
        long j = this.ctx;
        OpenSSLSessionContext openSSLSessionContext = this.sessionContext;
        List<String> list = this.negotiableProtocols;
        return new OpenSSLEngine(j, "TLS", false, openSSLSessionContext, list != null && list.size() > 0, this.initialized, this.sslHostConfig.getCertificateVerificationDepth(), this.sslHostConfig.getCertificateVerification() == SSLHostConfig.CertificateVerification.OPTIONAL_NO_CA);
    }

    @Override // org.apache.tomcat.util.net.SSLContext
    public synchronized void destroy() {
        if (this.aprPoolDestroyed.compareAndSet(0, 1)) {
            long j = this.ctx;
            if (j != 0) {
                org.apache.tomcat.jni.SSLContext.free(j);
            }
            long j2 = this.cctx;
            if (j2 != 0) {
                SSLConf.free(j2);
            }
            long j3 = this.aprPool;
            if (j3 != 0) {
                Pool.destroy(j3);
            }
        }
    }

    protected void finalize() throws Throwable {
        try {
            destroy();
        } finally {
            super.finalize();
        }
    }

    @Override // org.apache.tomcat.util.net.SSLContext
    public X509Certificate[] getAcceptedIssuers() {
        X509TrustManager x509TrustManager = this.x509TrustManager;
        if (x509TrustManager != null) {
            return x509TrustManager.getAcceptedIssuers();
        }
        return null;
    }

    @Override // org.apache.tomcat.util.net.SSLContext
    public X509Certificate[] getCertificateChain(String str) {
        X509KeyManager certificateKeyManager = this.certificate.getCertificateKeyManager();
        if (certificateKeyManager == null) {
            return null;
        }
        if (str == null) {
            str = "tomcat";
        }
        X509Certificate[] certificateChain = certificateKeyManager.getCertificateChain(str);
        return certificateChain == null ? certificateKeyManager.getCertificateChain(findAlias(certificateKeyManager, this.certificate)) : certificateChain;
    }

    public String getEnabledProtocol() {
        return this.enabledProtocol;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long getSSLContextID() {
        return this.ctx;
    }

    @Override // org.apache.tomcat.util.net.SSLContext
    public SSLSessionContext getServerSessionContext() {
        return this.sessionContext;
    }

    @Override // org.apache.tomcat.util.net.SSLContext
    public SSLServerSocketFactory getServerSocketFactory() {
        throw new UnsupportedOperationException();
    }

    @Override // org.apache.tomcat.util.net.SSLContext
    public SSLParameters getSupportedSSLParameters() {
        throw new UnsupportedOperationException();
    }

    /* JADX WARN: Removed duplicated region for block: B:34:0x00b6 A[Catch: Exception -> 0x0241, all -> 0x0254, TryCatch #3 {Exception -> 0x0241, blocks: (B:10:0x0014, B:12:0x001e, B:13:0x0029, B:15:0x0033, B:16:0x003e, B:18:0x0048, B:19:0x0053, B:21:0x005d, B:22:0x0068, B:24:0x007b, B:25:0x0084, B:32:0x00a9, B:34:0x00b6, B:36:0x00d0, B:38:0x00e3, B:40:0x00f6, B:43:0x0112, B:45:0x0116, B:47:0x011c, B:48:0x013a, B:50:0x0142, B:52:0x014a, B:54:0x0152, B:58:0x0165, B:60:0x016b, B:64:0x0180, B:66:0x0195, B:67:0x019a, B:69:0x019f, B:70:0x01a4, B:72:0x01a9, B:73:0x01ae, B:75:0x01b3, B:76:0x01b8, B:78:0x01bd, B:79:0x01c2, B:84:0x01f3, B:85:0x0200, B:90:0x0219, B:91:0x0226, B:92:0x0227, B:95:0x00f9, B:98:0x0063, B:99:0x004e, B:100:0x0039, B:101:0x0024), top: B:9:0x0014, outer: #0 }] */
    /* JADX WARN: Removed duplicated region for block: B:54:0x0152 A[Catch: Exception -> 0x0241, all -> 0x0254, TRY_LEAVE, TryCatch #3 {Exception -> 0x0241, blocks: (B:10:0x0014, B:12:0x001e, B:13:0x0029, B:15:0x0033, B:16:0x003e, B:18:0x0048, B:19:0x0053, B:21:0x005d, B:22:0x0068, B:24:0x007b, B:25:0x0084, B:32:0x00a9, B:34:0x00b6, B:36:0x00d0, B:38:0x00e3, B:40:0x00f6, B:43:0x0112, B:45:0x0116, B:47:0x011c, B:48:0x013a, B:50:0x0142, B:52:0x014a, B:54:0x0152, B:58:0x0165, B:60:0x016b, B:64:0x0180, B:66:0x0195, B:67:0x019a, B:69:0x019f, B:70:0x01a4, B:72:0x01a9, B:73:0x01ae, B:75:0x01b3, B:76:0x01b8, B:78:0x01bd, B:79:0x01c2, B:84:0x01f3, B:85:0x0200, B:90:0x0219, B:91:0x0226, B:92:0x0227, B:95:0x00f9, B:98:0x0063, B:99:0x004e, B:100:0x0039, B:101:0x0024), top: B:9:0x0014, outer: #0 }] */
    /* JADX WARN: Removed duplicated region for block: B:58:0x0165 A[Catch: Exception -> 0x0241, all -> 0x0254, TRY_ENTER, TryCatch #3 {Exception -> 0x0241, blocks: (B:10:0x0014, B:12:0x001e, B:13:0x0029, B:15:0x0033, B:16:0x003e, B:18:0x0048, B:19:0x0053, B:21:0x005d, B:22:0x0068, B:24:0x007b, B:25:0x0084, B:32:0x00a9, B:34:0x00b6, B:36:0x00d0, B:38:0x00e3, B:40:0x00f6, B:43:0x0112, B:45:0x0116, B:47:0x011c, B:48:0x013a, B:50:0x0142, B:52:0x014a, B:54:0x0152, B:58:0x0165, B:60:0x016b, B:64:0x0180, B:66:0x0195, B:67:0x019a, B:69:0x019f, B:70:0x01a4, B:72:0x01a9, B:73:0x01ae, B:75:0x01b3, B:76:0x01b8, B:78:0x01bd, B:79:0x01c2, B:84:0x01f3, B:85:0x0200, B:90:0x0219, B:91:0x0226, B:92:0x0227, B:95:0x00f9, B:98:0x0063, B:99:0x004e, B:100:0x0039, B:101:0x0024), top: B:9:0x0014, outer: #0 }] */
    /* JADX WARN: Removed duplicated region for block: B:86:0x0201 A[Catch: Exception -> 0x0218, all -> 0x0254, TRY_ENTER, TryCatch #0 {, blocks: (B:3:0x0001, B:5:0x0005, B:10:0x0014, B:12:0x001e, B:13:0x0029, B:15:0x0033, B:16:0x003e, B:18:0x0048, B:19:0x0053, B:21:0x005d, B:22:0x0068, B:24:0x007b, B:25:0x0084, B:32:0x00a9, B:34:0x00b6, B:36:0x00d0, B:38:0x00e3, B:40:0x00f6, B:43:0x0112, B:45:0x0116, B:47:0x011c, B:48:0x013a, B:50:0x0142, B:52:0x014a, B:54:0x0152, B:56:0x015d, B:58:0x0165, B:60:0x016b, B:62:0x0176, B:64:0x0180, B:66:0x0195, B:67:0x019a, B:69:0x019f, B:70:0x01a4, B:72:0x01a9, B:73:0x01ae, B:75:0x01b3, B:76:0x01b8, B:78:0x01bd, B:79:0x01c2, B:80:0x01db, B:81:0x01f1, B:84:0x01f3, B:85:0x0200, B:86:0x0201, B:87:0x0217, B:90:0x0219, B:91:0x0226, B:92:0x0227, B:95:0x00f9, B:98:0x0063, B:99:0x004e, B:100:0x0039, B:101:0x0024, B:103:0x0242), top: B:2:0x0001, inners: #3 }] */
    /* JADX WARN: Removed duplicated region for block: B:95:0x00f9 A[Catch: Exception -> 0x0241, all -> 0x0254, TryCatch #3 {Exception -> 0x0241, blocks: (B:10:0x0014, B:12:0x001e, B:13:0x0029, B:15:0x0033, B:16:0x003e, B:18:0x0048, B:19:0x0053, B:21:0x005d, B:22:0x0068, B:24:0x007b, B:25:0x0084, B:32:0x00a9, B:34:0x00b6, B:36:0x00d0, B:38:0x00e3, B:40:0x00f6, B:43:0x0112, B:45:0x0116, B:47:0x011c, B:48:0x013a, B:50:0x0142, B:52:0x014a, B:54:0x0152, B:58:0x0165, B:60:0x016b, B:64:0x0180, B:66:0x0195, B:67:0x019a, B:69:0x019f, B:70:0x01a4, B:72:0x01a9, B:73:0x01ae, B:75:0x01b3, B:76:0x01b8, B:78:0x01bd, B:79:0x01c2, B:84:0x01f3, B:85:0x0200, B:90:0x0219, B:91:0x0226, B:92:0x0227, B:95:0x00f9, B:98:0x0063, B:99:0x004e, B:100:0x0039, B:101:0x0024), top: B:9:0x0014, outer: #0 }] */
    @Override // org.apache.tomcat.util.net.SSLContext
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized void init(javax.net.ssl.KeyManager[] r8, javax.net.ssl.TrustManager[] r9, java.security.SecureRandom r10) {
        /*
            Method dump skipped, instructions count: 599
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.tomcat.util.net.openssl.OpenSSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], java.security.SecureRandom):void");
    }

    public void setEnabledProtocol(String str) {
        if (str == null) {
            str = "TLS";
        }
        this.enabledProtocol = str;
    }
}
