package io.netty.handler.ssl;

import com.alipay.sdk.encrypt.d;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufInputStream;
import io.netty.util.internal.ObjectUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.io.File;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.tomcat.jni.CertificateVerifier;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;

/* loaded from: classes3.dex */
public final class OpenSslServerContext extends OpenSslContext {
    private static final InternalLogger logger = InternalLoggerFactory.getInstance((Class<?>) OpenSslServerContext.class);
    private final OpenSslServerSessionContext sessionContext;

    public OpenSslServerContext(File file, File file2) throws SSLException {
        this(file, file2, null);
    }

    public OpenSslServerContext(File file, File file2, String str) throws SSLException {
        this(file, file2, str, (TrustManagerFactory) null, (Iterable<String>) null, OpenSslDefaultApplicationProtocolNegotiator.INSTANCE, 0L, 0L);
    }

    public OpenSslServerContext(File file, File file2, String str, Iterable<String> iterable, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2) throws SSLException {
        this(file, file2, str, (TrustManagerFactory) null, iterable, toNegotiator(applicationProtocolConfig, false), j, j2);
    }

    public OpenSslServerContext(File file, File file2, String str, TrustManagerFactory trustManagerFactory, Iterable<String> iterable, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2) throws SSLException {
        this(file, file2, str, trustManagerFactory, iterable, toNegotiator(applicationProtocolConfig, true), j, j2);
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public OpenSslServerContext(File file, File file2, String str, TrustManagerFactory trustManagerFactory, Iterable<String> iterable, OpenSslApplicationProtocolNegotiator openSslApplicationProtocolNegotiator, long j, long j2) throws SSLException {
        super(iterable, openSslApplicationProtocolNegotiator, j, j2, 1);
        PrivateKey generatePrivate;
        TrustManagerFactory trustManagerFactory2 = trustManagerFactory;
        OpenSsl.ensureAvailability();
        ObjectUtil.checkNotNull(file, "certChainFile");
        if (!file.isFile()) {
            throw new IllegalArgumentException("certChainFile is not a file: " + file);
        }
        ObjectUtil.checkNotNull(file2, "keyFile");
        if (!file2.isFile()) {
            throw new IllegalArgumentException("keyPath is not a file: " + file2);
        }
        String str2 = str == null ? "" : str;
        try {
            synchronized (OpenSslContext.class) {
                int i = 0;
                SSLContext.setVerify(this.ctx, 0, 10);
                if (!SSLContext.setCertificateChainFile(this.ctx, file.getPath(), true)) {
                    long lastErrorNumber = SSL.getLastErrorNumber();
                    if (OpenSsl.isError(lastErrorNumber)) {
                        throw new SSLException("failed to set certificate chain: " + file + " (" + SSL.getErrorString(lastErrorNumber) + ')');
                    }
                }
                try {
                    if (!SSLContext.setCertificate(this.ctx, file.getPath(), file2.getPath(), str2, 0)) {
                        long lastErrorNumber2 = SSL.getLastErrorNumber();
                        if (OpenSsl.isError(lastErrorNumber2)) {
                            throw new SSLException("failed to set certificate: " + file + " and " + file2 + " (" + SSL.getErrorString(lastErrorNumber2) + ')');
                        }
                    }
                    try {
                        KeyStore keyStore = KeyStore.getInstance("JKS");
                        keyStore.load(null, null);
                        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                        KeyFactory keyFactory = KeyFactory.getInstance(d.a);
                        KeyFactory keyFactory2 = KeyFactory.getInstance("DSA");
                        ByteBuf readPrivateKey = PemReader.readPrivateKey(file2);
                        byte[] bArr = new byte[readPrivateKey.readableBytes()];
                        readPrivateKey.readBytes(bArr).release();
                        char[] charArray = str2.toCharArray();
                        PKCS8EncodedKeySpec generateKeySpec = generateKeySpec(charArray, bArr);
                        try {
                            generatePrivate = keyFactory.generatePrivate(generateKeySpec);
                        } catch (InvalidKeySpecException unused) {
                            generatePrivate = keyFactory2.generatePrivate(generateKeySpec);
                        }
                        ArrayList arrayList = new ArrayList();
                        ByteBuf[] readCertificates = PemReader.readCertificates(file);
                        try {
                            for (ByteBuf byteBuf : readCertificates) {
                                arrayList.add(certificateFactory.generateCertificate(new ByteBufInputStream(byteBuf)));
                            }
                            keyStore.setKeyEntry("key", generatePrivate, charArray, (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]));
                            if (trustManagerFactory2 == null) {
                                trustManagerFactory2 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                                trustManagerFactory2.init((KeyStore) null);
                            } else {
                                trustManagerFactory2.init(keyStore);
                            }
                            final X509TrustManager chooseTrustManager = chooseTrustManager(trustManagerFactory2.getTrustManagers());
                            SSLContext.setCertVerifyCallback(this.ctx, new CertificateVerifier() { // from class: io.netty.handler.ssl.OpenSslServerContext.1
                                public boolean verify(long j3, byte[][] bArr2, String str3) {
                                    try {
                                        chooseTrustManager.checkClientTrusted(OpenSslContext.certificates(bArr2), str3);
                                        return true;
                                    } catch (Exception e) {
                                        OpenSslServerContext.logger.debug("verification of certificate failed", (Throwable) e);
                                        return false;
                                    }
                                }
                            });
                        } finally {
                            int length = readCertificates.length;
                            while (i < length) {
                                readCertificates[i].release();
                                i++;
                            }
                        }
                    } catch (Exception e) {
                        throw new SSLException("unable to setup trustmanager", e);
                    }
                } catch (SSLException e2) {
                    throw e2;
                } catch (Exception e3) {
                    throw new SSLException("failed to set certificate: " + file + " and " + file2, e3);
                }
            }
            this.sessionContext = new OpenSslServerSessionContext(this.ctx);
        } catch (Throwable th) {
            destroyPools();
            throw th;
        }
    }

    @Override // io.netty.handler.ssl.OpenSslContext, io.netty.handler.ssl.SslContext
    public OpenSslServerSessionContext sessionContext() {
        return this.sessionContext;
    }
}
