package org.jruby.ext.openssl;

import org.jruby.Ruby;
import org.jruby.RubyClass;
import org.jruby.RubyFixnum;
import org.jruby.RubyModule;
import org.jruby.anno.JRubyMethod;
import org.jruby.anno.JRubyModule;
import org.jruby.exceptions.RaiseException;
import org.jruby.internal.runtime.methods.DynamicMethod;
import org.jruby.runtime.Block;
import org.jruby.runtime.ThreadContext;
import org.jruby.runtime.builtin.IRubyObject;
import org.jruby.util.SafePropertyAccessor;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-406.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.26.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/SSL.class */
public class SSL {
    public static final int VERIFY_NONE = 0;
    public static final int VERIFY_PEER = 1;
    public static final int VERIFY_FAIL_IF_NO_PEER_CERT = 2;
    public static final int VERIFY_CLIENT_ONCE = 4;
    public static final long OP_ALL = 4095;
    public static final long OP_NO_TICKET = 16384;
    public static final long OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 65536;
    public static final long OP_SINGLE_ECDH_USE = 524288;
    public static final long OP_SINGLE_DH_USE = 1048576;
    public static final long OP_EPHEMERAL_RSA = 2097152;
    public static final long OP_CIPHER_SERVER_PREFERENCE = 4194304;
    public static final long OP_TLS_ROLLBACK_BUG = 8388608;
    public static final long OP_NO_SSLv2 = 16777216;
    public static final long OP_NO_SSLv3 = 33554432;
    public static final long OP_NO_TLSv1 = 67108864;
    public static final long OP_PKCS1_CHECK_1 = 134217728;
    public static final long OP_PKCS1_CHECK_2 = 268435456;
    public static final long OP_NETSCAPE_CA_DN_BUG = 536870912;
    public static final long OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 1073741824;
    private static final String JSSE_TLS_ephemeralDHKeySize = "jdk.tls.ephemeralDHKeySize";
    private static final String JSSE_TLS_ephemeralDHKeySize_default = "matched";
    private static final String JSSE_TLS_disabledAlgorithms = "jdk.tls.disabledAlgorithms";
    private static final String JSSE_TLS_disabledAlgorithms_default = "SSLv3, DHE";
    private static final boolean waitErrorBacktrace;

    @JRubyModule(name = {"OpenSSL::SSL::Nonblock"})
    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-406.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.26.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/SSL$Nonblock.class */
    public static class Nonblock {
        @JRubyMethod(rest = true, frame = true)
        public static IRubyObject initialize(ThreadContext threadContext, IRubyObject iRubyObject, IRubyObject[] iRubyObjectArr) {
            Ruby ruby = threadContext.runtime;
            IRubyObject constant = ruby.getFile().getConstant("NONBLOCK");
            IRubyObject constantAt = ruby.getObject().getConstantAt("Fcntl");
            if (constantAt instanceof RubyModule) {
                IRubyObject instanceVariable = iRubyObject.getInstanceVariables().getInstanceVariable("@io");
                RubyClass metaClass = iRubyObject.getMetaClass();
                DynamicMethod searchMethod = metaClass.searchMethod("fcntl");
                IRubyObject constantAt2 = ((RubyModule) constantAt).getConstantAt("F_GETFL");
                if (constantAt2 != null) {
                    constant = or(threadContext, constant, searchMethod.call(threadContext, instanceVariable, metaClass, "fcntl", constantAt2));
                }
                searchMethod.call(threadContext, instanceVariable, metaClass, "fcntl", new IRubyObject[]{((RubyModule) constantAt).getConstant("F_SETFL"), constant});
            }
            return Utils.invokeSuper(threadContext, iRubyObject, iRubyObjectArr, Block.NULL_BLOCK);
        }

        private static IRubyObject or(ThreadContext threadContext, IRubyObject iRubyObject, IRubyObject iRubyObject2) {
            if (!(iRubyObject instanceof RubyFixnum) || !(iRubyObject2 instanceof RubyFixnum)) {
                return iRubyObject.callMethod(threadContext, "|", iRubyObject2);
            }
            return RubyFixnum.newFixnum(threadContext.runtime, ((RubyFixnum) iRubyObject).getLongValue() | ((RubyFixnum) iRubyObject2).getLongValue());
        }
    }

    @JRubyModule(name = {"OpenSSL::SSL::SocketForwarder"})
    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-406.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.26.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/SSL$SocketForwarder.class */
    public static class SocketForwarder {
        @JRubyMethod
        public static IRubyObject addr(ThreadContext threadContext, IRubyObject iRubyObject) {
            return to_io(threadContext, iRubyObject).callMethod(threadContext, "addr");
        }

        @JRubyMethod
        public static IRubyObject peeraddr(ThreadContext threadContext, IRubyObject iRubyObject) {
            return to_io(threadContext, iRubyObject).callMethod(threadContext, "peeraddr");
        }

        @JRubyMethod(name = {"closed?"})
        public static IRubyObject closed_p(ThreadContext threadContext, IRubyObject iRubyObject) {
            return to_io(threadContext, iRubyObject).callMethod(threadContext, "closed?");
        }

        @JRubyMethod
        public static IRubyObject getsockopt(ThreadContext threadContext, IRubyObject iRubyObject, IRubyObject iRubyObject2, IRubyObject iRubyObject3) {
            return to_io(threadContext, iRubyObject).callMethod(threadContext, "getsockopt", new IRubyObject[]{iRubyObject2, iRubyObject3});
        }

        @JRubyMethod
        public static IRubyObject setsockopt(ThreadContext threadContext, IRubyObject iRubyObject, IRubyObject iRubyObject2, IRubyObject iRubyObject3, IRubyObject iRubyObject4) {
            return to_io(threadContext, iRubyObject).callMethod(threadContext, "setsockopt", new IRubyObject[]{iRubyObject2, iRubyObject3, iRubyObject4});
        }

        @JRubyMethod(name = {"do_not_reverse_lookup="})
        public static IRubyObject do_not_reverse_lookup_eq(ThreadContext threadContext, IRubyObject iRubyObject, IRubyObject iRubyObject2) {
            return to_io(threadContext, iRubyObject).callMethod(threadContext, "do_not_reverse_lookup=", iRubyObject2);
        }

        @JRubyMethod(rest = true)
        public static IRubyObject fcntl(ThreadContext threadContext, IRubyObject iRubyObject, IRubyObject[] iRubyObjectArr) {
            return to_io(threadContext, iRubyObject).callMethod(threadContext, "fcntl", iRubyObjectArr);
        }

        private static IRubyObject to_io(ThreadContext threadContext, IRubyObject iRubyObject) {
            return iRubyObject.callMethod(threadContext, "to_io");
        }
    }

    private static void configureJSSE() {
        if (OpenSSL.javaVersion8(true)) {
            try {
                if (System.getProperty(JSSE_TLS_ephemeralDHKeySize) == null) {
                    System.setProperty(JSSE_TLS_ephemeralDHKeySize, JSSE_TLS_ephemeralDHKeySize_default);
                }
                return;
            } catch (SecurityException e) {
                OpenSSL.debug("setting jdk.tls.ephemeralDHKeySize failed: " + e);
                return;
            }
        }
        try {
            if (System.getProperty(JSSE_TLS_disabledAlgorithms) == null) {
                System.setProperty(JSSE_TLS_disabledAlgorithms, JSSE_TLS_disabledAlgorithms_default);
            }
        } catch (SecurityException e2) {
            OpenSSL.debug("setting jdk.tls.disabledAlgorithms failed: " + e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static RaiseException handleCouldNotGenerateDHKeyPairError(Ruby ruby, RuntimeException runtimeException) {
        String message = runtimeException.getMessage();
        if (OpenSSL.javaHotSpot() || OpenSSL.javaOpenJDK()) {
            if (OpenSSL.javaVersion8(false)) {
                message = message + " (try disabling DHE using -Djdk.tls.disabledAlgorithms as only keys of size 1024/2048 are supported in Java 8)";
            } else if (!OpenSSL.javaVersion8(true)) {
                message = message + " (try disabling DHE using -Djdk.tls.disabledAlgorithms as prior to Java 8 only keys of size < 1024 are supported)";
            }
        }
        return newSSLError(ruby, message, runtimeException);
    }

    public static void createSSL(Ruby ruby, RubyModule rubyModule) {
        RubyModule defineModuleUnder = rubyModule.defineModuleUnder("SSL");
        RubyClass rubyClass = rubyModule.getClass("OpenSSLError");
        RubyClass defineClassUnder = defineModuleUnder.defineClassUnder("SSLError", rubyClass, rubyClass.getAllocator());
        IRubyObject constantAt = ruby.getIO().getConstantAt("WaitReadable");
        if (constantAt != null) {
            defineModuleUnder.defineClassUnder("SSLErrorWaitReadable", defineClassUnder, rubyClass.getAllocator()).include(new IRubyObject[]{constantAt});
        }
        IRubyObject constantAt2 = ruby.getIO().getConstantAt("WaitWritable");
        if (constantAt2 != null) {
            defineModuleUnder.defineClassUnder("SSLErrorWaitWritable", defineClassUnder, rubyClass.getAllocator()).include(new IRubyObject[]{constantAt2});
        }
        defineModuleUnder.setConstant("VERIFY_NONE", ruby.newFixnum(0));
        defineModuleUnder.setConstant("VERIFY_PEER", ruby.newFixnum(1));
        defineModuleUnder.setConstant("VERIFY_FAIL_IF_NO_PEER_CERT", ruby.newFixnum(2));
        defineModuleUnder.setConstant("VERIFY_CLIENT_ONCE", ruby.newFixnum(4));
        defineModuleUnder.setConstant("OP_ALL", ruby.newFixnum(OP_ALL));
        defineModuleUnder.setConstant("OP_NO_TICKET", ruby.newFixnum(16384L));
        defineModuleUnder.setConstant("OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION", ruby.newFixnum(65536L));
        defineModuleUnder.setConstant("OP_SINGLE_ECDH_USE", ruby.newFixnum(524288L));
        defineModuleUnder.setConstant("OP_SINGLE_DH_USE", ruby.newFixnum(1048576L));
        defineModuleUnder.setConstant("OP_EPHEMERAL_RSA", ruby.newFixnum(2097152L));
        defineModuleUnder.setConstant("OP_CIPHER_SERVER_PREFERENCE", ruby.newFixnum(4194304L));
        defineModuleUnder.setConstant("OP_TLS_ROLLBACK_BUG", ruby.newFixnum(8388608L));
        defineModuleUnder.setConstant("OP_NO_SSLv2", ruby.newFixnum(16777216L));
        defineModuleUnder.setConstant("OP_NO_SSLv3", ruby.newFixnum(33554432L));
        defineModuleUnder.setConstant("OP_NO_TLSv1", ruby.newFixnum(67108864L));
        defineModuleUnder.setConstant("OP_PKCS1_CHECK_1", ruby.newFixnum(OP_PKCS1_CHECK_1));
        defineModuleUnder.setConstant("OP_PKCS1_CHECK_2", ruby.newFixnum(OP_PKCS1_CHECK_2));
        defineModuleUnder.setConstant("OP_NETSCAPE_CA_DN_BUG", ruby.newFixnum(OP_NETSCAPE_CA_DN_BUG));
        defineModuleUnder.setConstant("OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG", ruby.newFixnum(1073741824L));
        SSLContext.createSSLContext(ruby, defineModuleUnder);
        SSLSocket.createSSLSocket(ruby, defineModuleUnder);
        SSLSession.createSession(ruby, defineModuleUnder);
        createSocketForwarder(defineModuleUnder);
        createNonblock(defineModuleUnder);
    }

    public static RaiseException newSSLError(Ruby ruby, Exception exc) {
        return Utils.newError(ruby, _SSL(ruby).getClass("SSLError"), exc);
    }

    public static RaiseException newSSLError(Ruby ruby, String str) {
        return Utils.newError(ruby, _SSL(ruby).getClass("SSLError"), str, false);
    }

    private static RaiseException newSSLError(Ruby ruby, String str, Exception exc) {
        return Utils.newError(ruby, _SSL(ruby).getClass("SSLError"), str, exc);
    }

    public static RaiseException newSSLErrorWaitReadable(Ruby ruby, String str) {
        return newWaitSSLError(ruby, "SSLErrorWaitReadable", str);
    }

    public static RaiseException newSSLErrorWaitWritable(Ruby ruby, String str) {
        return newWaitSSLError(ruby, "SSLErrorWaitWritable", str);
    }

    private static RaiseException newWaitSSLError(Ruby ruby, String str, String str2) {
        RubyClass rubyClass = _SSL(ruby).getClass(str);
        if (rubyClass == null) {
            rubyClass = _SSL(ruby).getClass("SSLError");
        }
        return waitErrorBacktrace ? Utils.newError(ruby, rubyClass, str2, false) : Utils.newErrorWithoutTrace(ruby, rubyClass, str2, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static RubyModule _SSL(Ruby ruby) {
        return (RubyModule) ruby.getModule("OpenSSL").getConstant("SSL");
    }

    private static RubyModule createSocketForwarder(RubyModule rubyModule) {
        RubyModule defineModuleUnder = rubyModule.defineModuleUnder("SocketForwarder");
        defineModuleUnder.defineAnnotatedMethods(SocketForwarder.class);
        return defineModuleUnder;
    }

    private static RubyModule createNonblock(RubyModule rubyModule) {
        RubyModule defineModuleUnder = rubyModule.defineModuleUnder("Nonblock");
        defineModuleUnder.defineAnnotatedMethods(Nonblock.class);
        return defineModuleUnder;
    }

    static {
        configureJSSE();
        String property = SafePropertyAccessor.getProperty("jruby.openssl.ssl.error_wait_nonblock.backtrace");
        if (property == null) {
            property = SafePropertyAccessor.getProperty("jruby.errno.backtrace", "false");
        }
        waitErrorBacktrace = Boolean.parseBoolean(property);
    }
}
