package org.apache.tomcat.util.net.jsse;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPathParameters;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.util.Collection;
import java.util.Vector;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import org.apache.tomcat.util.res.StringManager;

/* loaded from: input_file:org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.class */
public class JSSE14SocketFactory extends JSSESocketFactory {
    private static StringManager sm = StringManager.getManager("org.apache.tomcat.util.net.jsse.res");

    @Override // org.apache.tomcat.util.net.jsse.JSSESocketFactory, org.apache.tomcat.util.net.ServerSocketFactory
    public void init() throws IOException {
        try {
            String str = (String) this.attributes.get("clientauth");
            if (str != null) {
                this.clientAuth = Boolean.valueOf(str).booleanValue();
            }
            String str2 = (String) this.attributes.get("protocol");
            if (str2 == null) {
                str2 = defaultProtocol;
            }
            String str3 = (String) this.attributes.get("algorithm");
            if (str3 == null) {
                str3 = defaultAlgorithm;
            }
            this.context = SSLContext.getInstance(str2);
            configureSSLSessionContext(this.context.getServerSessionContext());
            String str4 = (String) this.attributes.get("truststoreAlgorithm");
            if (str4 == null) {
                str4 = TrustManagerFactory.getDefaultAlgorithm();
            }
            this.context.init(getKeyManagers(str3, (String) this.attributes.get("keyAlias")), getTrustManagers(str4), new SecureRandom());
            this.sslProxy = this.context.getServerSocketFactory();
            String str5 = (String) this.attributes.get("ciphers");
            if (str5 != null) {
                this.enabledCiphers = getEnabledCiphers(str5, this.sslProxy.getSupportedCipherSuites());
            }
        } catch (Exception e) {
            if (!(e instanceof IOException)) {
                throw new IOException(e.getMessage());
            }
            throw ((IOException) e);
        }
    }

    protected KeyManager[] getKeyManagers(String str, String str2) throws Exception {
        String keystorePassword = getKeystorePassword();
        KeyStore keystore = getKeystore(keystorePassword);
        if (str2 != null && !keystore.isKeyEntry(str2)) {
            throw new IOException(sm.getString("jsse.alias_no_key_entry", str2));
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
        keyManagerFactory.init(keystore, keystorePassword.toCharArray());
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (str2 != null) {
            for (int i = 0; i < keyManagers.length; i++) {
                keyManagers[i] = new JSSEKeyManager((X509KeyManager) keyManagers[i], str2);
            }
        }
        return keyManagers;
    }

    protected TrustManager[] getTrustManagers(String str) throws Exception {
        String str2 = (String) this.attributes.get("crlFile");
        TrustManager[] trustManagerArr = null;
        KeyStore trustStore = getTrustStore();
        if (trustStore != null) {
            if (str2 == null) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
                trustManagerFactory.init(trustStore);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } else {
                TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(str);
                trustManagerFactory2.init(new CertPathTrustManagerParameters(getParameters(str, str2, trustStore)));
                trustManagerArr = trustManagerFactory2.getTrustManagers();
            }
        }
        return trustManagerArr;
    }

    protected CertPathParameters getParameters(String str, String str2, KeyStore keyStore) throws Exception {
        if (!"PKIX".equalsIgnoreCase(str)) {
            throw new CRLException("CRLs not supported for type: " + str);
        }
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(getCRLs(str2))));
        pKIXBuilderParameters.setRevocationEnabled(true);
        String str3 = (String) this.attributes.get("trustMaxCertLength");
        if (str3 != null) {
            try {
                pKIXBuilderParameters.setMaxPathLength(Integer.parseInt(str3));
            } catch (Exception e) {
                log.warn("Bad maxCertLength: " + str3);
            }
        }
        return pKIXBuilderParameters;
    }

    protected Collection<? extends CRL> getCRLs(String str) throws IOException, CRLException, CertificateException {
        File file = new File(str);
        if (!file.isAbsolute()) {
            file = new File(System.getProperty("catalina.base"), str);
        }
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    fileInputStream = new FileInputStream(file);
                    Collection<? extends CRL> generateCRLs = certificateFactory.generateCRLs(fileInputStream);
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (Exception e) {
                        }
                    }
                    return generateCRLs;
                } catch (IOException e2) {
                    throw e2;
                }
            } catch (CRLException e3) {
                throw e3;
            } catch (CertificateException e4) {
                throw e4;
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (Exception e5) {
                }
            }
            throw th;
        }
    }

    @Override // org.apache.tomcat.util.net.jsse.JSSESocketFactory
    protected void setEnabledProtocols(SSLServerSocket sSLServerSocket, String[] strArr) {
        if (strArr != null) {
            sSLServerSocket.setEnabledProtocols(strArr);
        }
    }

    @Override // org.apache.tomcat.util.net.jsse.JSSESocketFactory
    protected String[] getEnabledProtocols(SSLServerSocket sSLServerSocket, String str) {
        String[] supportedProtocols = sSLServerSocket.getSupportedProtocols();
        String[] strArr = null;
        if (str != null) {
            Vector vector = null;
            String str2 = str;
            int indexOf = str.indexOf(44);
            if (indexOf != -1) {
                int i = 0;
                while (indexOf != -1) {
                    String trim = str.substring(i, indexOf).trim();
                    if (trim.length() > 0) {
                        int i2 = 0;
                        while (true) {
                            if (supportedProtocols != null && i2 < supportedProtocols.length) {
                                if (supportedProtocols[i2].equals(trim)) {
                                    if (vector == null) {
                                        vector = new Vector();
                                    }
                                    vector.addElement(trim);
                                } else {
                                    i2++;
                                }
                            }
                        }
                    }
                    i = indexOf + 1;
                    indexOf = str.indexOf(44, i);
                }
                str2 = str.substring(i);
            }
            if (str2 != null) {
                String trim2 = str2.trim();
                if (trim2.length() > 0) {
                    int i3 = 0;
                    while (true) {
                        if (supportedProtocols == null || i3 >= supportedProtocols.length) {
                            break;
                        }
                        if (supportedProtocols[i3].equals(trim2)) {
                            if (vector == null) {
                                vector = new Vector();
                            }
                            vector.addElement(trim2);
                        } else {
                            i3++;
                        }
                    }
                }
            }
            if (vector != null) {
                strArr = new String[vector.size()];
                vector.copyInto(strArr);
            }
        }
        return strArr;
    }

    private void configureSSLSessionContext(SSLSessionContext sSLSessionContext) {
        String str = (String) this.attributes.get("sslSessionTimeout");
        if (str != null) {
            sSLSessionContext.setSessionTimeout(Integer.valueOf(str).intValue());
        }
        String str2 = (String) this.attributes.get("ssl3SessionTimeout");
        if (str2 != null) {
            sSLSessionContext.setSessionTimeout(Integer.valueOf(str2).intValue());
        }
        String str3 = (String) this.attributes.get("sslSessionCacheSize");
        if (str3 != null) {
            sSLSessionContext.setSessionCacheSize(Integer.valueOf(str3).intValue());
        }
    }
}
