package org.eclipse.jetty.http.ssl;

import defpackage.ca0;
import defpackage.d60;
import defpackage.e60;
import defpackage.eb0;
import defpackage.gb0;
import defpackage.ih;
import defpackage.pk;
import defpackage.ra0;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CRL;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class SslContextFactory extends ra0 {
    public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM;
    public static final String DEFAULT_KEYSTORE_PATH;
    public static final String DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM;
    public static final String KEYPASSWORD_PROPERTY = "org.eclipse.jetty.ssl.keypassword";
    public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password";
    public String A;
    public String C;
    public boolean F;
    public boolean G;
    public String I;
    public String L;
    public KeyStore M;
    public KeyStore N;
    public int P;
    public int Q;
    public SSLContext R;
    public String l;
    public String m;
    public InputStream o;
    public String p;
    public String q;
    public String r;
    public InputStream t;
    public transient d60 x;
    public transient d60 y;
    public transient d60 z;
    public Set<String> j = null;
    public Set<String> k = null;
    public String n = "JKS";
    public String s = "JKS";
    public boolean u = false;
    public boolean v = false;
    public boolean w = true;
    public String B = "TLS";
    public String D = DEFAULT_KEYMANAGERFACTORY_ALGORITHM;
    public String E = DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM;
    public int H = -1;
    public boolean J = false;
    public boolean K = false;
    public boolean O = true;

    static {
        DEFAULT_KEYMANAGERFACTORY_ALGORITHM = Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ? "SunX509" : Security.getProperty("ssl.KeyManagerFactory.algorithm");
        DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM = Security.getProperty("ssl.TrustManagerFactory.algorithm") != null ? Security.getProperty("ssl.TrustManagerFactory.algorithm") : "SunX509";
        StringBuilder sb = new StringBuilder();
        sb.append(System.getProperty("user.home"));
        DEFAULT_KEYSTORE_PATH = pk.s(sb, File.separator, ".keystore");
    }

    public SslContextFactory() {
    }

    public SslContextFactory(String str) {
        this.l = str;
    }

    public boolean checkConfig() {
        boolean z;
        KeyStore keyStore = this.M;
        if (keyStore == null && this.o == null && this.l == null) {
            z = false;
        } else {
            if (this.N == null && this.t == null && this.q == null) {
                this.N = keyStore;
                this.q = this.l;
                this.t = this.o;
                this.s = this.n;
                this.r = this.m;
                this.z = this.x;
                this.E = this.D;
            }
            z = true;
        }
        InputStream inputStream = this.o;
        if (inputStream != null && inputStream == this.t) {
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                ca0.a(this.o, byteArrayOutputStream, -1L);
                this.o.close();
                this.o = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
                this.t = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        return z;
    }

    public String getCertAlias() {
        return this.p;
    }

    public String getCrlPath() {
        return this.I;
    }

    public String[] getExcludeCipherSuites() {
        Set<String> set = this.j;
        return (String[]) set.toArray(new String[set.size()]);
    }

    public String[] getIncludeCipherSuites() {
        Set<String> set = this.k;
        return (String[]) set.toArray(new String[set.size()]);
    }

    public String getKeyStore() {
        return this.l;
    }

    @Deprecated
    public InputStream getKeyStoreInputStream() {
        checkConfig();
        return this.o;
    }

    public String getKeyStoreProvider() {
        return this.m;
    }

    public String getKeyStoreType() {
        return this.n;
    }

    public int getMaxCertPathLength() {
        return this.H;
    }

    public boolean getNeedClientAuth() {
        return this.u;
    }

    public String getOcspResponderURL() {
        return this.L;
    }

    public String getProtocol() {
        return this.B;
    }

    public String getProvider() {
        return this.A;
    }

    public String getSecureRandomAlgorithm() {
        return this.C;
    }

    public SSLContext getSslContext() {
        return this.R;
    }

    public String getSslKeyManagerFactoryAlgorithm() {
        return this.D;
    }

    public int getSslSessionCacheSize() {
        return this.P;
    }

    public int getSslSessionTimeout() {
        return this.Q;
    }

    public String getTrustManagerFactoryAlgorithm() {
        return this.E;
    }

    public String getTrustStore() {
        return this.q;
    }

    @Deprecated
    public InputStream getTrustStoreInputStream() {
        checkConfig();
        return this.t;
    }

    public String getTrustStoreProvider() {
        return this.r;
    }

    public String getTrustStoreType() {
        return this.s;
    }

    @Deprecated
    public boolean getValidateCerts() {
        return this.F;
    }

    public boolean getWantClientAuth() {
        return this.v;
    }

    public boolean isAllowRenegotiate() {
        return this.w;
    }

    public boolean isEnableCRLDP() {
        return this.J;
    }

    public boolean isEnableOCSP() {
        return this.K;
    }

    public boolean isSessionCachingEnabled() {
        return this.O;
    }

    public boolean isValidateCerts() {
        return this.F;
    }

    public boolean isValidatePeerCerts() {
        return this.G;
    }

    @Override // defpackage.ra0
    public void n() {
        KeyManager[] keyManagerArr;
        TrustManager[] trustManagerArr;
        String str;
        if (this.R == null) {
            String str2 = null;
            if (this.o == null && this.l == null && this.t == null && this.q == null) {
                X509TrustManager x509TrustManager = new X509TrustManager(this) { // from class: org.eclipse.jetty.http.ssl.SslContextFactory.1
                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str3) {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str3) {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }
                };
                SSLContext sSLContext = SSLContext.getInstance(this.B);
                this.R = sSLContext;
                sSLContext.init(null, new TrustManager[]{x509TrustManager}, null);
                return;
            }
            checkConfig();
            KeyStore keyStore = this.M;
            if (keyStore == null) {
                InputStream inputStream = this.o;
                String str3 = this.l;
                String str4 = this.n;
                String str5 = this.m;
                d60 d60Var = this.x;
                keyStore = ih.M(inputStream, str3, str4, str5, d60Var == null ? null : d60Var.g);
            }
            KeyStore keyStore2 = this.N;
            if (keyStore2 == null) {
                InputStream inputStream2 = this.t;
                String str6 = this.q;
                String str7 = this.s;
                String str8 = this.r;
                d60 d60Var2 = this.z;
                keyStore2 = ih.M(inputStream2, str6, str7, str8, d60Var2 == null ? null : d60Var2.g);
            }
            Collection<? extends CRL> a0 = ih.a0(this.I);
            if (this.F && keyStore != null) {
                if (this.p == null) {
                    ArrayList list = Collections.list(keyStore.aliases());
                    this.p = list.size() == 1 ? (String) list.get(0) : null;
                }
                String str9 = this.p;
                Certificate certificate = str9 == null ? null : keyStore.getCertificate(str9);
                str = "";
                if (certificate == null) {
                    StringBuilder C = pk.C("No certificate found in the keystore");
                    if (this.p != null) {
                        StringBuilder C2 = pk.C(" for alias ");
                        C2.append(this.p);
                        str = C2.toString();
                    }
                    C.append(str);
                    throw new Exception(C.toString());
                }
                gb0 gb0Var = new gb0(keyStore2, a0);
                gb0Var.c = this.H;
                if (certificate instanceof X509Certificate) {
                    ((X509Certificate) certificate).checkValidity();
                    try {
                        String certificateAlias = keyStore.getCertificateAlias((X509Certificate) certificate);
                        if (certificateAlias == null) {
                            try {
                                certificateAlias = "JETTY" + String.format("%016X", Long.valueOf(gb0.e.incrementAndGet()));
                                keyStore.setCertificateEntry(certificateAlias, certificate);
                            } catch (KeyStoreException e) {
                                e = e;
                                str2 = certificateAlias;
                                gb0.d.f(e);
                                StringBuilder C3 = pk.C("Unable to validate certificate");
                                C3.append(str2 != null ? pk.o(" for alias [", str2, "]") : "");
                                C3.append(": ");
                                C3.append(e.getMessage());
                                throw new CertificateException(C3.toString(), e);
                            }
                        }
                        Certificate[] certificateChain = keyStore.getCertificateChain(certificateAlias);
                        if (certificateChain == null || certificateChain.length == 0) {
                            throw new IllegalStateException("Unable to retrieve certificate chain");
                        }
                        gb0Var.a(certificateChain);
                    } catch (KeyStoreException e2) {
                        e = e2;
                    }
                }
            }
            if (keyStore != null) {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.D);
                d60 d60Var3 = this.y;
                keyManagerFactory.init(keyStore, (d60Var3 == null && (d60Var3 = this.x) == null) ? null : d60Var3.g.toCharArray());
                keyManagerArr = keyManagerFactory.getKeyManagers();
                if (this.p != null) {
                    for (int i = 0; i < keyManagerArr.length; i++) {
                        if (keyManagerArr[i] instanceof X509KeyManager) {
                            keyManagerArr[i] = new e60(this.p, (X509KeyManager) keyManagerArr[i]);
                        }
                    }
                }
            } else {
                keyManagerArr = null;
            }
            if (keyStore2 == null) {
                trustManagerArr = null;
            } else if (this.G && this.E.equalsIgnoreCase("PKIX")) {
                PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore2, new X509CertSelector());
                pKIXBuilderParameters.setMaxPathLength(this.H);
                pKIXBuilderParameters.setRevocationEnabled(true);
                if (a0 != null && !a0.isEmpty()) {
                    pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(a0)));
                }
                if (this.J) {
                    System.setProperty("com.sun.security.enableCRLDP", "true");
                }
                if (this.K) {
                    Security.setProperty("ocsp.enable", "true");
                    String str10 = this.L;
                    if (str10 != null) {
                        Security.setProperty("ocsp.responderURL", str10);
                    }
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this.E);
                trustManagerFactory.init(new CertPathTrustManagerParameters(pKIXBuilderParameters));
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } else {
                TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(this.E);
                trustManagerFactory2.init(keyStore2);
                trustManagerArr = trustManagerFactory2.getTrustManagers();
            }
            String str11 = this.C;
            SecureRandom secureRandom = str11 != null ? SecureRandom.getInstance(str11) : null;
            String str12 = this.A;
            SSLContext sSLContext2 = str12 == null ? SSLContext.getInstance(this.B) : SSLContext.getInstance(this.B, str12);
            this.R = sSLContext2;
            sSLContext2.init(keyManagerArr, trustManagerArr, secureRandom);
            SSLSessionContext serverSessionContext = this.R.getServerSessionContext();
            serverSessionContext.setSessionCacheSize(this.P);
            serverSessionContext.setSessionTimeout(this.Q);
        }
    }

    public String[] selectCipherSuites(String[] strArr, String[] strArr2) {
        Set<String> set;
        HashSet hashSet = strArr != null ? new HashSet(Arrays.asList(strArr)) : new HashSet();
        if (strArr2 != null && strArr2.length > 0 && (set = this.k) != null && set.size() > 0) {
            HashSet hashSet2 = new HashSet(Arrays.asList(strArr2));
            for (String str : this.k) {
                if (!hashSet.contains(str) && hashSet2.contains(str)) {
                    hashSet.add(str);
                }
            }
        }
        Set<String> set2 = this.j;
        if (set2 != null && set2.size() > 0) {
            for (String str2 : this.j) {
                if (hashSet.contains(str2)) {
                    hashSet.remove(str2);
                }
            }
        }
        return (String[]) hashSet.toArray(new String[hashSet.size()]);
    }

    public void setAllowRenegotiate(boolean z) {
        u();
        this.w = z;
    }

    public void setCertAlias(String str) {
        u();
        this.p = str;
    }

    public void setCrlPath(String str) {
        u();
        this.I = str;
    }

    public void setEnableCRLDP(boolean z) {
        u();
        this.J = z;
    }

    public void setEnableOCSP(boolean z) {
        u();
        this.K = z;
    }

    public void setExcludeCipherSuites(String[] strArr) {
        u();
        this.j = new HashSet(Arrays.asList(strArr));
    }

    public void setIncludeCipherSuites(String[] strArr) {
        u();
        this.k = new HashSet(Arrays.asList(strArr));
    }

    public void setKeyManagerPassword(String str) {
        u();
        this.y = d60.a(KEYPASSWORD_PROPERTY, str, null);
    }

    public void setKeyStore(String str) {
        u();
        this.l = str;
    }

    public void setKeyStore(KeyStore keyStore) {
        u();
        this.M = keyStore;
    }

    @Deprecated
    public void setKeyStoreInputStream(InputStream inputStream) {
        u();
        this.o = inputStream;
    }

    public void setKeyStorePassword(String str) {
        u();
        this.x = d60.a(PASSWORD_PROPERTY, str, null);
    }

    public void setKeyStoreProvider(String str) {
        u();
        this.m = str;
    }

    public void setKeyStoreResource(eb0 eb0Var) {
        u();
        try {
            this.o = eb0Var.d();
        } catch (IOException unused) {
            StringBuilder C = pk.C("Unable to get resource input stream for resource ");
            C.append(eb0Var.toString());
            throw new InvalidParameterException(C.toString());
        }
    }

    public void setKeyStoreType(String str) {
        u();
        this.n = str;
    }

    public void setMaxCertPathLength(int i) {
        u();
        this.H = i;
    }

    public void setNeedClientAuth(boolean z) {
        u();
        this.u = z;
    }

    public void setOcspResponderURL(String str) {
        u();
        this.L = str;
    }

    public void setProtocol(String str) {
        u();
        this.B = str;
    }

    public void setProvider(String str) {
        u();
        this.A = str;
    }

    public void setSecureRandomAlgorithm(String str) {
        u();
        this.C = str;
    }

    public void setSessionCachingEnabled(boolean z) {
        this.O = z;
    }

    public void setSslContext(SSLContext sSLContext) {
        u();
        this.R = sSLContext;
    }

    public void setSslKeyManagerFactoryAlgorithm(String str) {
        u();
        this.D = str;
    }

    public void setSslSessionCacheSize(int i) {
        this.P = i;
    }

    public void setSslSessionTimeout(int i) {
        this.Q = i;
    }

    public void setTrustManagerFactoryAlgorithm(String str) {
        u();
        this.E = str;
    }

    public void setTrustStore(eb0 eb0Var) {
        u();
        try {
            this.t = eb0Var.d();
        } catch (IOException unused) {
            StringBuilder C = pk.C("Unable to get resource input stream for resource ");
            C.append(eb0Var.toString());
            throw new InvalidParameterException(C.toString());
        }
    }

    public void setTrustStore(String str) {
        u();
        this.q = str;
    }

    public void setTrustStore(KeyStore keyStore) {
        u();
        this.N = keyStore;
    }

    @Deprecated
    public void setTrustStoreInputStream(InputStream inputStream) {
        u();
        this.t = inputStream;
    }

    public void setTrustStorePassword(String str) {
        u();
        this.z = d60.a(PASSWORD_PROPERTY, str, null);
    }

    public void setTrustStoreProvider(String str) {
        u();
        this.r = str;
    }

    public void setTrustStoreType(String str) {
        u();
        this.s = str;
    }

    public void setValidateCerts(boolean z) {
        u();
        this.F = z;
    }

    public void setValidatePeerCerts(boolean z) {
        u();
        this.G = z;
    }

    public void setWantClientAuth(boolean z) {
        u();
        this.v = z;
    }

    public void u() {
        if (isStarted()) {
            throw new IllegalStateException("Cannot modify configuration after SslContextFactory was started");
        }
    }
}
