package org.wildfly.openssl;

import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.LinkedHashSet;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContextSpi;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:org/wildfly/openssl/OpenSSLContextSPI.class */
public abstract class OpenSSLContextSPI extends SSLContextSpi {
    public static final int DEFAULT_SESSION_CACHE_SIZE = 1000;
    private static final String BEGIN_CERT = "-----BEGIN RSA PRIVATE KEY-----\n";
    private static final String END_CERT = "\n-----END RSA PRIVATE KEY-----";
    private OpenSSLServerSessionContext serverSessionContext;
    private OpenSSLClientSessionContext clientSessionContext;
    private static volatile String[] allAvailableCiphers;
    protected final long ctx;
    private volatile String[] ciphers;
    static final CertificateFactory X509_CERT_FACTORY;
    private boolean initialized = false;
    private static final Logger LOG = Logger.getLogger(OpenSSLContextSPI.class.getName());
    private static final String[] ALGORITHMS = {"RSA"};

    /* loaded from: input_file:org/wildfly/openssl/OpenSSLContextSPI$OpenSSLTLSContextSpi.class */
    public static final class OpenSSLTLSContextSpi extends OpenSSLContextSPI {
        public OpenSSLTLSContextSpi() throws SSLException {
            super(28);
        }

        @Override // org.wildfly.openssl.OpenSSLContextSPI, javax.net.ssl.SSLContextSpi
        protected /* bridge */ /* synthetic */ SSLSessionContext engineGetClientSessionContext() {
            return super.engineGetClientSessionContext();
        }

        @Override // org.wildfly.openssl.OpenSSLContextSPI, javax.net.ssl.SSLContextSpi
        protected /* bridge */ /* synthetic */ SSLSessionContext engineGetServerSessionContext() {
            return super.engineGetServerSessionContext();
        }
    }

    /* loaded from: input_file:org/wildfly/openssl/OpenSSLContextSPI$OpenSSLTLS_1_0_ContextSpi.class */
    public static final class OpenSSLTLS_1_0_ContextSpi extends OpenSSLContextSPI {
        public OpenSSLTLS_1_0_ContextSpi() throws SSLException {
            super(4);
        }

        @Override // org.wildfly.openssl.OpenSSLContextSPI, javax.net.ssl.SSLContextSpi
        protected /* bridge */ /* synthetic */ SSLSessionContext engineGetClientSessionContext() {
            return super.engineGetClientSessionContext();
        }

        @Override // org.wildfly.openssl.OpenSSLContextSPI, javax.net.ssl.SSLContextSpi
        protected /* bridge */ /* synthetic */ SSLSessionContext engineGetServerSessionContext() {
            return super.engineGetServerSessionContext();
        }
    }

    /* loaded from: input_file:org/wildfly/openssl/OpenSSLContextSPI$OpenSSLTLS_1_1_ContextSpi.class */
    public static final class OpenSSLTLS_1_1_ContextSpi extends OpenSSLContextSPI {
        public OpenSSLTLS_1_1_ContextSpi() throws SSLException {
            super(8);
        }

        @Override // org.wildfly.openssl.OpenSSLContextSPI, javax.net.ssl.SSLContextSpi
        protected /* bridge */ /* synthetic */ SSLSessionContext engineGetClientSessionContext() {
            return super.engineGetClientSessionContext();
        }

        @Override // org.wildfly.openssl.OpenSSLContextSPI, javax.net.ssl.SSLContextSpi
        protected /* bridge */ /* synthetic */ SSLSessionContext engineGetServerSessionContext() {
            return super.engineGetServerSessionContext();
        }
    }

    /* loaded from: input_file:org/wildfly/openssl/OpenSSLContextSPI$OpenSSLTLS_1_2_ContextSpi.class */
    public static final class OpenSSLTLS_1_2_ContextSpi extends OpenSSLContextSPI {
        public OpenSSLTLS_1_2_ContextSpi() throws SSLException {
            super(16);
        }

        @Override // org.wildfly.openssl.OpenSSLContextSPI, javax.net.ssl.SSLContextSpi
        protected /* bridge */ /* synthetic */ SSLSessionContext engineGetClientSessionContext() {
            return super.engineGetClientSessionContext();
        }

        @Override // org.wildfly.openssl.OpenSSLContextSPI, javax.net.ssl.SSLContextSpi
        protected /* bridge */ /* synthetic */ SSLSessionContext engineGetServerSessionContext() {
            return super.engineGetServerSessionContext();
        }
    }

    public static String[] getAvailableCipherSuites() {
        long makeSSLContext;
        long newSSL;
        if (allAvailableCiphers == null) {
            synchronized (OpenSSLContextSPI.class) {
                if (allAvailableCiphers == null) {
                    LinkedHashSet linkedHashSet = new LinkedHashSet(128);
                    try {
                        makeSSLContext = SSL.getInstance().makeSSLContext(28, 1);
                        try {
                            SSL.getInstance().setSSLContextOptions(makeSSLContext, 4095);
                            SSL.getInstance().setCipherSuite(makeSSLContext, "ALL");
                            newSSL = SSL.getInstance().newSSL(makeSSLContext, true);
                        } catch (Throwable th) {
                            SSL.getInstance().freeSSLContext(makeSSLContext);
                            throw th;
                        }
                    } catch (Exception e) {
                        LOG.log(Level.WARNING, Messages.MESSAGES.failedToInitializeCiphers(), (Throwable) e);
                    }
                    try {
                        for (String str : SSL.getInstance().getCiphers(newSSL)) {
                            if (str != null && str.length() != 0 && !linkedHashSet.contains(str)) {
                                linkedHashSet.add(CipherSuiteConverter.toJava(str, "TLS"));
                            }
                        }
                        SSL.getInstance().freeSSL(newSSL);
                        SSL.getInstance().freeSSLContext(makeSSLContext);
                        allAvailableCiphers = (String[]) linkedHashSet.toArray(new String[linkedHashSet.size()]);
                    } catch (Throwable th2) {
                        SSL.getInstance().freeSSL(newSSL);
                        throw th2;
                    }
                }
            }
        }
        return allAvailableCiphers;
    }

    OpenSSLContextSPI(int i) throws SSLException {
        SSL.init();
        try {
            try {
                this.ctx = SSL.getInstance().makeSSLContext(i, 2);
                try {
                    SSL.getInstance().clearSSLContextOptions(this.ctx, 262144);
                } catch (UnsatisfiedLinkError e) {
                }
                boolean z = false;
                try {
                    z = SSL.getInstance().hasOp(131072);
                    if (z) {
                        SSL.getInstance().setSSLContextOptions(this.ctx, 131072);
                    }
                } catch (UnsatisfiedLinkError e2) {
                }
                if (!z) {
                    LOG.fine("The version of SSL in use does not support disabling compression");
                }
                boolean z2 = false;
                try {
                    z2 = SSL.getInstance().hasOp(16384);
                    if (z2) {
                        SSL.getInstance().setSSLContextOptions(this.ctx, 16384);
                    }
                } catch (UnsatisfiedLinkError e3) {
                }
                if (!z2) {
                    LOG.fine("The version of SSL in use does not support disabling session tickets");
                }
            } catch (Exception e4) {
                throw new SSLException(Messages.MESSAGES.failedToMakeSslContext(), e4);
            }
        } catch (Exception e5) {
            throw new RuntimeException(Messages.MESSAGES.failedToInitializeSslContext(), e5);
        }
    }

    private synchronized void init(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) throws KeyManagementException {
        if (this.initialized) {
            LOG.warning(Messages.MESSAGES.ignoringSecondInit());
            return;
        }
        try {
            X509KeyManager chooseKeyManager = chooseKeyManager(keyManagerArr);
            if (chooseKeyManager == null) {
                throw new IllegalArgumentException(Messages.MESSAGES.couldNotFileSuitableKeyManager());
            }
            boolean z = false;
            for (String str : ALGORITHMS) {
                String[] serverAliases = chooseKeyManager.getServerAliases(str, null);
                if (serverAliases != null && serverAliases.length != 0) {
                    z = true;
                    String str2 = serverAliases[0];
                    if (LOG.isLoggable(Level.FINE)) {
                        LOG.fine("Using alias " + str2);
                    }
                    SSL.getInstance().setCertificate(this.ctx, chooseKeyManager.getCertificateChain(str2)[0].getEncoded(), (BEGIN_CERT + Base64.getMimeEncoder(64, new byte[]{10}).encodeToString(chooseKeyManager.getPrivateKey(str2).getEncoded()) + END_CERT).getBytes(StandardCharsets.US_ASCII), str.equals("RSA") ? 0 : 1);
                }
            }
            if (!z) {
                throw new IllegalStateException(Messages.MESSAGES.keyManagerDoesNotContainValidCertificates());
            }
            SSL.getInstance().setSessionCacheSize(this.ctx, 1000L);
            if (trustManagerArr != null) {
                X509TrustManager chooseTrustManager = chooseTrustManager(trustManagerArr);
                SSL.getInstance().setCertVerifyCallback(this.ctx, (j, bArr, i) -> {
                    X509Certificate[] certificates = certificates(bArr);
                    Cipher valueOf = Cipher.valueOf(i);
                    try {
                        chooseTrustManager.checkClientTrusted(certificates, valueOf == null ? "RSA" : valueOf.getAu().toString());
                        return true;
                    } catch (Exception e) {
                        if (!LOG.isLoggable(Level.FINE)) {
                            return false;
                        }
                        LOG.log(Level.FINE, "Certificate verification failed", (Throwable) e);
                        return false;
                    }
                });
            }
            this.serverSessionContext = new OpenSSLServerSessionContext(this.ctx);
            this.serverSessionContext.setSessionIdContext("test".getBytes(StandardCharsets.US_ASCII));
            this.clientSessionContext = new OpenSSLClientSessionContext(this.ctx);
            this.initialized = true;
            SSL.getInstance().enableAlpn(this.ctx);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private X509KeyManager chooseKeyManager(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException(Messages.MESSAGES.keyManagerIsMissing());
    }

    static X509TrustManager chooseTrustManager(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException(Messages.MESSAGES.trustManagerIsMissing());
    }

    private static X509Certificate[] certificates(byte[][] bArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[bArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            x509CertificateArr[i] = new OpenSslX509Certificate(bArr[i]);
        }
        return x509CertificateArr;
    }

    public SSLSessionContext getServerSessionContext() {
        return this.serverSessionContext;
    }

    public SSLEngine createSSLEngine() {
        return new OpenSSLEngine(this.ctx, false, this);
    }

    public SSLEngine createSSLEngine(String str, int i) {
        return new OpenSSLEngine(this.ctx, false, this, str, i);
    }

    public String[] getCiphers() {
        if (this.ciphers == null) {
            synchronized (this) {
                if (this.ciphers == null) {
                    this.ciphers = createSSLEngine().getEnabledCipherSuites();
                }
            }
        }
        return (String[]) this.ciphers.clone();
    }

    protected final void finalize() throws Throwable {
        super.finalize();
        synchronized (OpenSSLContextSPI.class) {
            if (this.ctx != 0) {
                SSL.getInstance().freeSSLContext(this.ctx);
            }
        }
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws KeyManagementException {
        init(keyManagerArr, trustManagerArr);
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLSocketFactory engineGetSocketFactory() {
        return new SSLSocketFactory() { // from class: org.wildfly.openssl.OpenSSLContextSPI.1
            @Override // javax.net.ssl.SSLSocketFactory
            public String[] getDefaultCipherSuites() {
                throw new UnsupportedOperationException();
            }

            @Override // javax.net.ssl.SSLSocketFactory
            public String[] getSupportedCipherSuites() {
                return (String[]) OpenSSLContextSPI.this.getCiphers().clone();
            }

            @Override // javax.net.SocketFactory
            public Socket createSocket() throws IOException {
                return new OpenSSLSocket(new OpenSSLEngine(OpenSSLContextSPI.this.ctx, true, OpenSSLContextSPI.this));
            }

            @Override // javax.net.ssl.SSLSocketFactory
            public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
                return new OpenSSLSocket(socket, z, str, i, new OpenSSLEngine(OpenSSLContextSPI.this.ctx, true, OpenSSLContextSPI.this, str, i));
            }

            @Override // javax.net.SocketFactory
            public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
                return new OpenSSLSocket(str, i, new OpenSSLEngine(OpenSSLContextSPI.this.ctx, true, OpenSSLContextSPI.this, str, i));
            }

            @Override // javax.net.SocketFactory
            public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
                return new OpenSSLSocket(str, i, inetAddress, i2, new OpenSSLEngine(OpenSSLContextSPI.this.ctx, true, OpenSSLContextSPI.this, str, i));
            }

            @Override // javax.net.SocketFactory
            public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
                return new OpenSSLSocket(inetAddress, i, new OpenSSLEngine(OpenSSLContextSPI.this.ctx, true, OpenSSLContextSPI.this, inetAddress.getHostName(), i));
            }

            @Override // javax.net.SocketFactory
            public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
                return new OpenSSLSocket(inetAddress, i, inetAddress2, i2, new OpenSSLEngine(OpenSSLContextSPI.this.ctx, true, OpenSSLContextSPI.this, inetAddress.getHostName(), i));
            }
        };
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLServerSocketFactory engineGetServerSocketFactory() {
        return new SSLServerSocketFactory() { // from class: org.wildfly.openssl.OpenSSLContextSPI.2
            @Override // javax.net.ssl.SSLServerSocketFactory
            public String[] getDefaultCipherSuites() {
                throw new UnsupportedOperationException();
            }

            @Override // javax.net.ssl.SSLServerSocketFactory
            public String[] getSupportedCipherSuites() {
                return (String[]) OpenSSLContextSPI.this.getCiphers().clone();
            }

            @Override // javax.net.ServerSocketFactory
            public ServerSocket createServerSocket(int i) throws IOException {
                return new OpenSSLServerSocket(i, OpenSSLContextSPI.this);
            }

            @Override // javax.net.ServerSocketFactory
            public ServerSocket createServerSocket(int i, int i2) throws IOException {
                return new OpenSSLServerSocket(i, i2, OpenSSLContextSPI.this);
            }

            @Override // javax.net.ServerSocketFactory
            public ServerSocket createServerSocket(int i, int i2, InetAddress inetAddress) throws IOException {
                return new OpenSSLServerSocket(i, i2, inetAddress, OpenSSLContextSPI.this);
            }
        };
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLEngine engineCreateSSLEngine() {
        return createSSLEngine();
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLEngine engineCreateSSLEngine(String str, int i) {
        return createSSLEngine(str, i);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.SSLContextSpi
    public OpenSSLServerSessionContext engineGetServerSessionContext() {
        return this.serverSessionContext;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.SSLContextSpi
    public OpenSSLClientSessionContext engineGetClientSessionContext() {
        return this.clientSessionContext;
    }

    public void sessionRemoved(byte[] bArr) {
        this.serverSessionContext.remove(bArr);
    }

    static {
        try {
            X509_CERT_FACTORY = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            throw new IllegalStateException(e);
        }
    }
}
