package org.apache.tomcat.util.net.openssl;

import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.atomic.AtomicInteger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.util.codec.binary.Base64;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.Constants;
import org.apache.tomcat.util.net.SSLContext;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.jsse.JSSEKeyManager;
import org.apache.tomcat.util.res.StringManager;

/* loaded from: classes3.dex */
public class OpenSSLContext implements SSLContext {
    private static final String BEGIN_KEY = "-----BEGIN RSA PRIVATE KEY-----\n";
    static final CertificateFactory X509_CERT_FACTORY;
    private static final String defaultProtocol = "TLS";
    private final SSLHostConfigCertificate certificate;
    protected final long ctx;
    private String enabledProtocol;
    private final List<String> negotiableProtocols;
    private OpenSSLSessionContext sessionContext;
    private final SSLHostConfig sslHostConfig;
    private static final Base64 BASE64_ENCODER = new Base64(64, new byte[]{10});
    private static final Log log = LogFactory.getLog((Class<?>) OpenSSLContext.class);
    private static final StringManager netSm = StringManager.getManager((Class<?>) AbstractEndpoint.class);
    private static final StringManager sm = StringManager.getManager((Class<?>) OpenSSLContext.class);
    private static final Object END_KEY = "\n-----END RSA PRIVATE KEY-----";
    private List<String> jsseCipherNames = new ArrayList();
    private final AtomicInteger aprPoolDestroyed = new AtomicInteger(0);
    private boolean initialized = false;
    private final long aprPool = Pool.create(0);

    /* renamed from: org.apache.tomcat.util.net.openssl.OpenSSLContext$2, reason: invalid class name */
    /* loaded from: classes3.dex */
    static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$tomcat$util$net$SSLHostConfig$CertificateVerification = new int[SSLHostConfig.CertificateVerification.values().length];

        static {
            try {
                $SwitchMap$org$apache$tomcat$util$net$SSLHostConfig$CertificateVerification[SSLHostConfig.CertificateVerification.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$apache$tomcat$util$net$SSLHostConfig$CertificateVerification[SSLHostConfig.CertificateVerification.OPTIONAL.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$org$apache$tomcat$util$net$SSLHostConfig$CertificateVerification[SSLHostConfig.CertificateVerification.OPTIONAL_NO_CA.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$org$apache$tomcat$util$net$SSLHostConfig$CertificateVerification[SSLHostConfig.CertificateVerification.REQUIRED.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    static {
        try {
            X509_CERT_FACTORY = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            throw new IllegalStateException(sm.getString("openssl.X509FactoryError"), e);
        }
    }

    public OpenSSLContext(SSLHostConfigCertificate sSLHostConfigCertificate, List<String> list) throws SSLException {
        int i;
        this.sslHostConfig = sSLHostConfigCertificate.getSSLHostConfig();
        this.certificate = sSLHostConfigCertificate;
        try {
            try {
                if (this.sslHostConfig.getProtocols().size() == 0) {
                    i = 28;
                } else {
                    int i2 = 0;
                    for (String str : this.sslHostConfig.getEnabledProtocols()) {
                        if (!Constants.SSL_PROTO_SSLv2Hello.equalsIgnoreCase(str)) {
                            if (Constants.SSL_PROTO_SSLv2.equalsIgnoreCase(str)) {
                                i2 |= 1;
                            } else if (Constants.SSL_PROTO_SSLv3.equalsIgnoreCase(str)) {
                                i2 |= 2;
                            } else if (Constants.SSL_PROTO_TLSv1.equalsIgnoreCase(str)) {
                                i2 |= 4;
                            } else if (Constants.SSL_PROTO_TLSv1_1.equalsIgnoreCase(str)) {
                                i2 |= 8;
                            } else if (Constants.SSL_PROTO_TLSv1_2.equalsIgnoreCase(str)) {
                                i2 |= 16;
                            } else {
                                if (!Constants.SSL_PROTO_ALL.equalsIgnoreCase(str)) {
                                    throw new Exception(netSm.getString("endpoint.apr.invalidSslProtocol", str));
                                }
                                i2 |= 28;
                            }
                        }
                    }
                    i = i2;
                }
                try {
                    this.ctx = org.apache.tomcat.jni.SSLContext.make(this.aprPool, i, 1);
                    this.negotiableProtocols = list;
                } catch (Exception e) {
                    throw new Exception(netSm.getString("endpoint.apr.failSslContextMake"), e);
                }
            } catch (Exception e2) {
                throw new SSLException(sm.getString("openssl.errorSSLCtxInit"), e2);
            }
        } catch (Throwable th) {
            destroy();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static X509Certificate[] certificates(byte[][] bArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[bArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            x509CertificateArr[i] = new OpenSslX509Certificate(bArr[i]);
        }
        return x509CertificateArr;
    }

    private static X509KeyManager chooseKeyManager(KeyManager[] keyManagerArr) throws Exception {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof JSSEKeyManager) {
                return (JSSEKeyManager) keyManager;
            }
        }
        for (KeyManager keyManager2 : keyManagerArr) {
            if (keyManager2 instanceof X509KeyManager) {
                return (X509KeyManager) keyManager2;
            }
        }
        throw new IllegalStateException(sm.getString("openssl.keyManagerMissing"));
    }

    private static X509TrustManager chooseTrustManager(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException(sm.getString("openssl.trustManagerMissing"));
    }

    private static String findAlias(X509KeyManager x509KeyManager, SSLHostConfigCertificate sSLHostConfigCertificate) {
        SSLHostConfigCertificate.Type type = sSLHostConfigCertificate.getType();
        ArrayList arrayList = new ArrayList();
        if (SSLHostConfigCertificate.Type.UNDEFINED.equals(type)) {
            arrayList.addAll(Arrays.asList(SSLHostConfigCertificate.Type.values()));
            arrayList.remove(SSLHostConfigCertificate.Type.UNDEFINED);
        } else {
            arrayList.add(type);
        }
        Iterator it2 = arrayList.iterator();
        String str = null;
        while (str == null && it2.hasNext()) {
            str = x509KeyManager.chooseServerAlias(((SSLHostConfigCertificate.Type) it2.next()).toString(), null, null);
        }
        return str;
    }

    @Override // org.apache.tomcat.util.net.SSLContext
    public SSLEngine createSSLEngine() {
        long j = this.ctx;
        OpenSSLSessionContext openSSLSessionContext = this.sessionContext;
        List<String> list = this.negotiableProtocols;
        return new OpenSSLEngine(j, "TLS", false, openSSLSessionContext, list != null && list.size() > 0);
    }

    @Override // org.apache.tomcat.util.net.SSLContext
    public synchronized void destroy() {
        if (this.aprPoolDestroyed.compareAndSet(0, 1)) {
            if (this.ctx != 0) {
                org.apache.tomcat.jni.SSLContext.free(this.ctx);
            }
            if (this.aprPool != 0) {
                Pool.destroy(this.aprPool);
            }
        }
    }

    public String getEnabledProtocol() {
        return this.enabledProtocol;
    }

    public List<String> getJsseCipherNames() {
        return this.jsseCipherNames;
    }

    @Override // org.apache.tomcat.util.net.SSLContext
    public SSLSessionContext getServerSessionContext() {
        return this.sessionContext;
    }

    @Override // org.apache.tomcat.util.net.SSLContext
    public SSLServerSocketFactory getServerSocketFactory() {
        throw new UnsupportedOperationException();
    }

    @Override // org.apache.tomcat.util.net.SSLContext
    public SSLParameters getSupportedSSLParameters() {
        throw new UnsupportedOperationException();
    }

    /* JADX WARN: Removed duplicated region for block: B:43:0x01cd A[Catch: Exception -> 0x021f, all -> 0x0232, TryCatch #0 {Exception -> 0x021f, blocks: (B:10:0x0014, B:12:0x001e, B:13:0x0029, B:15:0x0031, B:17:0x0039, B:18:0x003f, B:19:0x0044, B:21:0x004e, B:22:0x0059, B:24:0x0063, B:25:0x006e, B:27:0x0076, B:28:0x0090, B:30:0x0098, B:31:0x00b2, B:33:0x00cd, B:34:0x01a2, B:41:0x01c0, B:43:0x01cd, B:44:0x01db, B:46:0x01df, B:48:0x01e7, B:49:0x0208, B:55:0x012f, B:58:0x013d, B:60:0x0143, B:61:0x014d, B:63:0x016a, B:64:0x0173, B:65:0x0191, B:67:0x0194, B:69:0x00a5, B:70:0x0083, B:71:0x0069, B:72:0x0054, B:73:0x0024), top: B:9:0x0014, outer: #1 }] */
    @Override // org.apache.tomcat.util.net.SSLContext
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized void init(javax.net.ssl.KeyManager[] r9, javax.net.ssl.TrustManager[] r10, java.security.SecureRandom r11) {
        /*
            Method dump skipped, instructions count: 567
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.tomcat.util.net.openssl.OpenSSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], java.security.SecureRandom):void");
    }

    public void setEnabledProtocol(String str) {
        if (str == null) {
            str = "TLS";
        }
        this.enabledProtocol = str;
    }
}
