package org.jruby.ext.openssl.x509store;

import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import org.apache.batik.util.SVGConstants;
import org.jruby.Ruby;
import org.jruby.RubyHash;
import org.jruby.ext.openssl.SecurityHelper;
import org.jruby.ext.openssl.util.Cache;
import org.jruby.ext.openssl.x509store.CertificateFile;
import org.jruby.ext.openssl.x509store.CertificateHashDir;
import org.jruby.ext.openssl.x509store.LookupMethod;
import org.jruby.util.JRubyFile;
import org.jruby.util.SafePropertyAccessor;
import org.jruby.util.io.ChannelDescriptor;
import org.jruby.util.io.ChannelStream;
import org.jruby.util.io.FileExistsException;
import org.jruby.util.io.InvalidValueException;
import org.jruby.util.io.ModeFlags;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-329-05.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.26.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/x509store/Lookup.class */
public class Lookup {
    boolean init = false;
    boolean skip = false;
    final LookupMethod method;
    private final Ruby runtime;
    Object methodData;
    Store store;
    private static final Cache<String, Object[]> certCache;
    private static final LookupMethod x509FileLookup;
    private static final LookupMethod x509DirectoryLookup;

    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-329-05.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.26.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/x509store/Lookup$ByFile.class */
    private static class ByFile implements LookupMethod.ControlFunction {
        private ByFile() {
        }

        @Override // org.jruby.ext.openssl.x509store.Function5
        public int call(Lookup lookup, Integer num, String str, Number number, String[] strArr) throws Exception {
            int i = 0;
            String str2 = null;
            int intValue = number.intValue();
            switch (num.intValue()) {
                case 1:
                    if (intValue != 3) {
                        if (intValue != 1) {
                            i = lookup.loadCertificateFile(str, intValue) != 0 ? 1 : 0;
                            break;
                        } else {
                            i = lookup.loadCertificateOrCRLFile(str, 1) != 0 ? 1 : 0;
                            break;
                        }
                    } else {
                        try {
                            str2 = lookup.envEntry(X509Utils.getDefaultCertificateFileEnvironment());
                        } catch (RuntimeException e) {
                        }
                        if (str2 == null) {
                            str2 = X509Utils.X509_CERT_FILE.replace('/', File.separatorChar);
                        }
                        if (!str2.matches(".*\\.(crt|cer|pem)$")) {
                            i = lookup.loadDefaultJavaCACertsFile(str2) != 0 ? 1 : 0;
                            break;
                        } else {
                            i = lookup.loadCertificateOrCRLFile(str2, 1) != 0 ? 1 : 0;
                            break;
                        }
                    }
            }
            return i;
        }
    }

    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-329-05.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.26.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/x509store/Lookup$FreeLookupDir.class */
    private static class FreeLookupDir implements LookupMethod.FreeFunction {
        private FreeLookupDir() {
        }

        @Override // org.jruby.ext.openssl.x509store.Function1
        public int call(Lookup lookup) {
            LookupDir lookupDir = (LookupDir) lookup.methodData;
            lookupDir.dirs = null;
            lookupDir.dirsType = null;
            lookup.methodData = null;
            return -1;
        }
    }

    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-329-05.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.26.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/x509store/Lookup$GetCertificateBySubject.class */
    private static class GetCertificateBySubject implements LookupMethod.BySubjectFunction {
        private GetCertificateBySubject() {
        }

        @Override // org.jruby.ext.openssl.x509store.Function4
        public int call(Lookup lookup, Integer num, Name name, X509Object[] x509ObjectArr) throws Exception {
            String str;
            if (name == null) {
                return 0;
            }
            int i = 0;
            if (num.intValue() == 1) {
                str = "";
            } else {
                if (num.intValue() != 2) {
                    X509Error.addError(112);
                    return 0;
                }
                str = SVGConstants.SVG_R_ATTRIBUTE;
            }
            LookupDir lookupDir = (LookupDir) lookup.methodData;
            String format = String.format("%08x", Integer.valueOf(name.hash()));
            StringBuilder sb = new StringBuilder(48);
            Iterator<Integer> it = lookupDir.dirsType.iterator();
            Iterator<String> it2 = lookupDir.dirs.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                String next = it2.next();
                int intValue = it.next().intValue();
                int i2 = 0;
                while (true) {
                    sb.setLength(0);
                    sb.append(next).append(File.separatorChar);
                    sb.append(format);
                    sb.append('.').append(str).append(i2);
                    String sb2 = sb.toString();
                    if (!new File(sb2).exists()) {
                        break;
                    }
                    if (num.intValue() != 1) {
                        if (num.intValue() == 2 && lookup.loadCRLFile(sb2, intValue) == 0) {
                            break;
                        }
                        i2++;
                    } else {
                        if (lookup.loadCertificateFile(sb2, intValue) == 0) {
                            break;
                        }
                        i2++;
                    }
                }
                X509Object x509Object = null;
                Iterator<X509Object> it3 = lookup.store.getObjects().iterator();
                while (true) {
                    if (!it3.hasNext()) {
                        break;
                    }
                    X509Object next2 = it3.next();
                    if (next2.type() == num.intValue() && next2.isName(name)) {
                        x509Object = next2;
                        break;
                    }
                }
                if (x509Object != null) {
                    i = 1;
                    x509ObjectArr[0] = x509Object;
                    break;
                }
            }
            return i;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-329-05.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.26.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/x509store/Lookup$LookupDir.class */
    public static class LookupDir {
        Collection<String> dirs;
        Collection<Integer> dirsType;

        private LookupDir() {
        }
    }

    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-329-05.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.26.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/x509store/Lookup$LookupDirControl.class */
    private static class LookupDirControl implements LookupMethod.ControlFunction {
        private LookupDirControl() {
        }

        @Override // org.jruby.ext.openssl.x509store.Function5
        public int call(Lookup lookup, Integer num, String str, Number number, String[] strArr) {
            int i = 0;
            LookupDir lookupDir = (LookupDir) lookup.methodData;
            switch (num.intValue()) {
                case 2:
                    if (number.intValue() != 3) {
                        i = addCertificateDirectory(lookupDir, str, number.intValue());
                        break;
                    } else {
                        String str2 = null;
                        try {
                            str2 = getDefaultCertificateDirectory(lookup);
                        } catch (RuntimeException e) {
                        }
                        i = str2 != null ? addCertificateDirectory(lookupDir, str2, 1) : addCertificateDirectory(lookupDir, X509Utils.X509_CERT_DIR, 1);
                        if (i == 0) {
                            X509Error.addError(103);
                            break;
                        }
                    }
                    break;
            }
            return i;
        }

        private static String getDefaultCertificateDirectory(Lookup lookup) {
            return lookup.envEntry(X509Utils.getDefaultCertificateDirectoryEnvironment());
        }

        private int addCertificateDirectory(LookupDir lookupDir, String str, int i) {
            if (str == null || str.isEmpty()) {
                X509Error.addError(113);
                return 0;
            }
            String[] split = str.split(File.pathSeparator);
            for (int i2 = 0; i2 < split.length; i2++) {
                if (split[i2].length() != 0 && !lookupDir.dirs.contains(split[i2])) {
                    lookupDir.dirsType.add(Integer.valueOf(i));
                    lookupDir.dirs.add(split[i2]);
                }
            }
            return 1;
        }
    }

    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-329-05.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.26.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/x509store/Lookup$NewLookupDir.class */
    private static class NewLookupDir implements LookupMethod.NewItemFunction {
        private NewLookupDir() {
        }

        @Override // org.jruby.ext.openssl.x509store.Function1
        public int call(Lookup lookup) {
            LookupDir lookupDir = new LookupDir();
            lookupDir.dirs = new ArrayList();
            lookupDir.dirsType = new ArrayList();
            lookup.methodData = lookupDir;
            return 1;
        }
    }

    public Lookup(Ruby ruby, LookupMethod lookupMethod) {
        if (lookupMethod == null) {
            throw new IllegalArgumentException("null method");
        }
        this.method = lookupMethod;
        this.runtime = ruby;
        LookupMethod.NewItemFunction newItemFunction = lookupMethod.newItem;
        if (newItemFunction == null || newItemFunction == Function1.EMPTY) {
            return;
        }
        try {
            if (newItemFunction.call(this) == 0) {
                throw new IllegalArgumentException("invalid lookup method");
            }
        } catch (Exception e) {
            if (!(e instanceof RuntimeException)) {
                throw new IllegalArgumentException("invalid lookup method", e);
            }
            throw ((RuntimeException) e);
        }
    }

    public int loadFile(CertificateFile.Path path) throws Exception {
        return control(1, path.name, path.type, null);
    }

    public int addDir(CertificateHashDir.Dir dir) throws Exception {
        return control(2, dir.name, dir.type, null);
    }

    public static LookupMethod hashDirLookup() {
        return x509DirectoryLookup;
    }

    public static LookupMethod fileLookup() {
        return x509FileLookup;
    }

    public int control(int i, String str, long j, String[] strArr) throws Exception {
        if (this.method == null) {
            return -1;
        }
        if (this.method.control == null || this.method.control == Function5.EMPTY) {
            return 1;
        }
        return this.method.control.call(this, Integer.valueOf(i), str, Long.valueOf(j), strArr);
    }

    public int loadCertificateFile(String str, int i) throws IOException, CertificateException {
        X509AuxCertificate x509AuxCertificate;
        if (str == null) {
            return 1;
        }
        Object[] objArr = certCache.get(str);
        BufferedReader bufferedReader = null;
        try {
            if (i != 1) {
                if (i != 2) {
                    X509Error.addError(100);
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Exception e) {
                        }
                    }
                    return 0;
                }
                if (objArr != null) {
                    x509AuxCertificate = buildAuxFromCached((X509Certificate) objArr[0]);
                } else {
                    x509AuxCertificate = new X509AuxCertificate((X509Certificate) SecurityHelper.getCertificateFactory("X.509").generateCertificate(wrapJRubyNormalizedInputStream(str)));
                    certCache.put(str, new Object[]{x509AuxCertificate.cloneForCache()});
                }
                int addCertificate = this.store.addCertificate(x509AuxCertificate);
                if (0 != 0) {
                    try {
                        bufferedReader.close();
                    } catch (Exception e2) {
                    }
                }
                return addCertificate;
            }
            int i2 = 0;
            if (objArr != null) {
                boolean z = false;
                for (Object obj : objArr) {
                    X509AuxCertificate buildAuxFromCached = buildAuxFromCached((X509Certificate) obj);
                    if (!z) {
                        if (this.store.addCertificate(buildAuxFromCached) != 0) {
                            i2++;
                        } else {
                            z = true;
                            i2 = 0;
                        }
                    }
                }
            } else {
                bufferedReader = new BufferedReader(new InputStreamReader(wrapJRubyNormalizedInputStream(str)));
                ArrayList arrayList = new ArrayList(8);
                boolean z2 = false;
                while (true) {
                    X509AuxCertificate readX509Aux = PEMInputOutput.readX509Aux(bufferedReader, (char[]) null);
                    if (readX509Aux == null) {
                        break;
                    }
                    arrayList.add(readX509Aux.cloneForCache());
                    if (!z2) {
                        if (this.store.addCertificate(readX509Aux) != 0) {
                            i2++;
                        } else {
                            z2 = true;
                            i2 = 0;
                        }
                    }
                }
                certCache.put(str, arrayList.toArray(new Object[arrayList.size()]));
            }
            int i3 = i2;
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (Exception e3) {
                }
            }
            return i3;
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    bufferedReader.close();
                } catch (Exception e4) {
                }
            }
            throw th;
        }
    }

    private static X509AuxCertificate buildAuxFromCached(X509Certificate x509Certificate) {
        X509AuxCertificate ensureAux = StoreContext.ensureAux(x509Certificate);
        if (x509Certificate == ensureAux) {
            ensureAux = ensureAux.m13639clone();
        }
        return ensureAux;
    }

    public int loadCRLFile(String str, int i) throws Exception {
        if (str == null) {
            return 1;
        }
        BufferedReader bufferedReader = null;
        try {
            InputStream wrapJRubyNormalizedInputStream = wrapJRubyNormalizedInputStream(str);
            if (i != 1) {
                if (i != 2) {
                    X509Error.addError(100);
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Exception e) {
                        }
                    }
                    return 0;
                }
                int addCRL = this.store.addCRL(SecurityHelper.getCertificateFactory("X.509").generateCRL(wrapJRubyNormalizedInputStream));
                if (0 != 0) {
                    try {
                        bufferedReader.close();
                    } catch (Exception e2) {
                    }
                }
                return addCRL;
            }
            BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(wrapJRubyNormalizedInputStream));
            int i2 = 0;
            while (true) {
                X509CRL readX509CRL = PEMInputOutput.readX509CRL(bufferedReader2, (char[]) null);
                if (readX509CRL == null) {
                    int i3 = i2;
                    if (bufferedReader2 != null) {
                        try {
                            bufferedReader2.close();
                        } catch (Exception e3) {
                        }
                    }
                    return i3;
                }
                if (this.store.addCRL(readX509CRL) == 0) {
                    if (bufferedReader2 != null) {
                        try {
                            bufferedReader2.close();
                        } catch (Exception e4) {
                        }
                    }
                    return 0;
                }
                i2++;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    bufferedReader.close();
                } catch (Exception e5) {
                }
            }
            throw th;
        }
    }

    public int loadCertificateOrCRLFile(String str, int i) throws IOException, CertificateException {
        if (i != 1) {
            return loadCertificateFile(str, i);
        }
        Object[] objArr = certCache.get(str);
        BufferedReader bufferedReader = null;
        int i2 = 0;
        try {
            if (objArr != null) {
                for (Object obj : objArr) {
                    if (obj instanceof X509Certificate) {
                        this.store.addCertificate(buildAuxFromCached((X509Certificate) obj));
                        i2++;
                    } else if (obj instanceof java.security.cert.CRL) {
                        this.store.addCRL((java.security.cert.CRL) obj);
                        i2++;
                    }
                }
            } else {
                bufferedReader = new BufferedReader(new InputStreamReader(wrapJRubyNormalizedInputStream(str)));
                ArrayList arrayList = new ArrayList(8);
                while (true) {
                    Object readPEM = PEMInputOutput.readPEM(bufferedReader, (char[]) null);
                    if (readPEM == null) {
                        break;
                    }
                    if (readPEM instanceof X509Certificate) {
                        X509AuxCertificate ensureAux = StoreContext.ensureAux((X509Certificate) readPEM);
                        this.store.addCertificate(ensureAux);
                        i2++;
                        readPEM = ensureAux.cloneForCache();
                    } else if (readPEM instanceof java.security.cert.CRL) {
                        this.store.addCRL((java.security.cert.CRL) readPEM);
                        i2++;
                    }
                    arrayList.add(readPEM);
                }
                certCache.put(str, arrayList.toArray(new Object[arrayList.size()]));
            }
            int i3 = i2;
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (Exception e) {
                }
            }
            return i3;
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    bufferedReader.close();
                } catch (Exception e2) {
                }
            }
            throw th;
        }
    }

    public int loadDefaultJavaCACertsFile(String str) throws IOException, GeneralSecurityException {
        FileInputStream fileInputStream = new FileInputStream(str);
        int i = 0;
        try {
            KeyStore keyStore = SecurityHelper.getKeyStore("jks");
            keyStore.load(fileInputStream, null);
            Iterator<TrustAnchor> it = new PKIXParameters(keyStore).getTrustAnchors().iterator();
            while (it.hasNext()) {
                this.store.addCertificate(it.next().getTrustedCert());
                i++;
            }
            return i;
        } finally {
            try {
                fileInputStream.close();
            } catch (Exception e) {
            }
        }
    }

    private InputStream wrapJRubyNormalizedInputStream(String str) throws IOException {
        try {
            return JRubyFile.createResource(this.runtime, str).inputStream();
        } catch (NoSuchMethodError e) {
            try {
                return ChannelStream.open(this.runtime, ChannelDescriptor.open(this.runtime.getCurrentDirectory(), str, new ModeFlags(ModeFlags.RDONLY))).newInputStream();
            } catch (NoSuchMethodError e2) {
                File file = new File(str);
                if (!file.isAbsolute()) {
                    file = new File(this.runtime.getCurrentDirectory(), str);
                }
                return new BufferedInputStream(new FileInputStream(file));
            } catch (FileExistsException e3) {
                e3.printStackTrace(System.err);
                throw new IllegalStateException(e3.getMessage(), e3);
            } catch (InvalidValueException e4) {
                e4.printStackTrace(System.err);
                throw new IllegalStateException(e4.getMessage(), e4);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String envEntry(String str) {
        return (String) ((RubyHash) this.runtime.getObject().getConstant("ENV")).get(this.runtime.newString(str));
    }

    public void free() throws Exception {
        if (this.method == null || this.method.free == null || this.method.free == Function1.EMPTY) {
            return;
        }
        this.method.free.call(this);
    }

    public int init() throws Exception {
        if (this.method == null) {
            return 0;
        }
        if (this.method.init == null || this.method.init == Function1.EMPTY) {
            return 1;
        }
        return this.method.init.call(this);
    }

    public int bySubject(int i, Name name, X509Object[] x509ObjectArr) throws Exception {
        if (this.method == null || this.method.getBySubject == null || this.method.getBySubject == Function4.EMPTY || this.skip) {
            return 0;
        }
        return this.method.getBySubject.call(this, Integer.valueOf(i), name, x509ObjectArr);
    }

    public int byIssuerSerialNumber(int i, Name name, BigInteger bigInteger, X509Object[] x509ObjectArr) throws Exception {
        if (this.method == null || this.method.getByIssuerSerialNumber == null || this.method.getByIssuerSerialNumber == Function5.EMPTY) {
            return 0;
        }
        return this.method.getByIssuerSerialNumber.call(this, Integer.valueOf(i), name, bigInteger, x509ObjectArr);
    }

    public int byFingerprint(int i, String str, X509Object[] x509ObjectArr) throws Exception {
        if (this.method == null || this.method.getByFingerprint == null || this.method.getByFingerprint == Function4.EMPTY) {
            return 0;
        }
        return this.method.getByFingerprint.call(this, Integer.valueOf(i), str, x509ObjectArr);
    }

    public int byAlias(int i, String str, X509Object[] x509ObjectArr) throws Exception {
        if (this.method == null || this.method.getByAlias == null || this.method.getByAlias == Function4.EMPTY) {
            return 0;
        }
        return this.method.getByAlias.call(this, Integer.valueOf(i), str, x509ObjectArr);
    }

    public int shutdown() throws Exception {
        if (this.method == null) {
            return 0;
        }
        if (this.method.shutdown == null || this.method.shutdown == Function1.EMPTY) {
            return 1;
        }
        return this.method.shutdown.call(this);
    }

    static {
        String property = SafePropertyAccessor.getProperty("jruby.openssl.x509.lookup.cache");
        Cache<String, Object[]> cache = null;
        if (property != null) {
            try {
                cache = Cache.newStrongSoftCache(Integer.parseInt(property));
            } catch (NumberFormatException e) {
                if (Boolean.parseBoolean(property)) {
                    cache = Cache.newSoftCache();
                }
            }
        }
        if (cache == null) {
            cache = Cache.getNullCache();
        }
        certCache = cache;
        x509FileLookup = new LookupMethod();
        x509FileLookup.name = "Load file into cache";
        x509FileLookup.control = new ByFile();
        x509DirectoryLookup = new LookupMethod();
        x509DirectoryLookup.name = "Load certs from files in a directory";
        x509DirectoryLookup.newItem = new NewLookupDir();
        x509DirectoryLookup.free = new FreeLookupDir();
        x509DirectoryLookup.control = new LookupDirControl();
        x509DirectoryLookup.getBySubject = new GetCertificateBySubject();
    }
}
