package org.eclipse.jetty.util.ssl;

import java.io.ByteArrayInputStream;
import java.net.MalformedURLException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.regex.Pattern;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.component.ContainerLifeCycle;
import org.eclipse.jetty.util.component.Dumpable;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.security.CertificateUtils;
import org.eclipse.jetty.util.security.Password;

/* loaded from: classes.dex */
public class SslContextFactory extends AbstractLifeCycle implements Dumpable {
    public static final TrustManager[] B2 = {new X509TrustManager() { // from class: org.eclipse.jetty.util.ssl.SslContextFactory.1
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }};
    public static final Logger C2;
    public static final String D2;
    public static final String E2;
    public static final String[] F2;
    public static final String[] G2;
    public Factory A2;
    public final Set<String> b2 = new LinkedHashSet();
    public final Set<String> c2 = new LinkedHashSet();
    public final Set<String> d2;
    public final List<String> e2;
    public final Map<String, X509> f2;
    public final Map<String, X509> g2;
    public final Map<String, X509> h2;
    public String[] i2;
    public boolean j2;
    public String[] k2;
    public Resource l2;
    public String m2;
    public String n2;
    public Password o2;
    public String p2;
    public String q2;
    public String r2;
    public int s2;
    public boolean t2;
    public int u2;
    public int v2;
    public String w2;
    public boolean x2;
    public boolean y2;
    public int z2;

    /* loaded from: classes.dex */
    public class AliasSNIMatcher extends SNIMatcher {
        public String a;
        public X509 b;

        public AliasSNIMatcher() {
            super(0);
        }

        @Override // javax.net.ssl.SNIMatcher
        public boolean matches(SNIServerName sNIServerName) {
            int indexOf;
            Logger logger = SslContextFactory.C2;
            if (logger.d()) {
                logger.a("SNI matching for {}", sNIServerName);
            }
            if (sNIServerName instanceof SNIHostName) {
                String asciiName = ((SNIHostName) sNIServerName).getAsciiName();
                this.a = asciiName;
                String b = StringUtil.b(asciiName);
                X509 x509 = SslContextFactory.this.g2.get(b);
                this.b = x509;
                if (x509 == null) {
                    X509 x5092 = SslContextFactory.this.h2.get(b);
                    this.b = x5092;
                    if (x5092 == null && (indexOf = b.indexOf(46)) >= 0) {
                        this.b = SslContextFactory.this.h2.get(b.substring(indexOf + 1));
                    }
                }
                if (logger.d()) {
                    logger.a("SNI matched {}->{}", b, this.b);
                }
            } else if (logger.d()) {
                logger.a("SNI no match for {}", sNIServerName);
            }
            return true;
        }
    }

    /* loaded from: classes.dex */
    public class Factory {
        public final SSLContext a;

        public Factory(SslContextFactory sslContextFactory, KeyStore keyStore, KeyStore keyStore2, SSLContext sSLContext) {
            this.a = sSLContext;
        }
    }

    static {
        Properties properties = Log.a;
        C2 = Log.a(SslContextFactory.class.getName());
        D2 = Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ? KeyManagerFactory.getDefaultAlgorithm() : Security.getProperty("ssl.KeyManagerFactory.algorithm");
        E2 = Security.getProperty("ssl.TrustManagerFactory.algorithm") == null ? TrustManagerFactory.getDefaultAlgorithm() : Security.getProperty("ssl.TrustManagerFactory.algorithm");
        F2 = new String[]{"SSL", "SSLv2", "SSLv2Hello", "SSLv3"};
        G2 = new String[]{"^.*_(MD5|SHA|SHA1)$", "^TLS_RSA_.*$", "^SSL_.*$", "^.*_NULL_.*$", "^.*_anon_.*$"};
    }

    public SslContextFactory() {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        this.d2 = linkedHashSet;
        this.e2 = new ArrayList();
        this.f2 = new HashMap();
        this.g2 = new HashMap();
        this.h2 = new HashMap();
        this.j2 = true;
        this.m2 = "JKS";
        this.n2 = "JKS";
        this.p2 = "TLS";
        this.q2 = D2;
        this.r2 = E2;
        this.s2 = -1;
        this.t2 = true;
        this.u2 = -1;
        this.v2 = -1;
        this.w2 = null;
        this.y2 = true;
        this.z2 = 5;
        this.x2 = false;
        W3(F2);
        String[] strArr = G2;
        linkedHashSet.clear();
        linkedHashSet.addAll(Arrays.asList(strArr));
    }

    public static int Z3(String str) {
        if (str == null) {
            return 0;
        }
        if (str.contains("WITH_AES_256_")) {
            return 256;
        }
        if (str.contains("WITH_RC4_128_") || str.contains("WITH_AES_128_")) {
            return 128;
        }
        if (str.contains("WITH_RC4_40_")) {
            return 40;
        }
        if (str.contains("WITH_3DES_EDE_CBC_")) {
            return 168;
        }
        if (str.contains("WITH_IDEA_CBC_")) {
            return 128;
        }
        if (str.contains("WITH_RC2_CBC_40_") || str.contains("WITH_DES40_CBC_")) {
            return 40;
        }
        return str.contains("WITH_DES_CBC_") ? 56 : 0;
    }

    public static X509Certificate[] a4(SSLSession sSLSession) {
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            if (peerCertificates != null && peerCertificates.length != 0) {
                int length = peerCertificates.length;
                X509Certificate[] x509CertificateArr = new X509Certificate[length];
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                for (int i = 0; i < length; i++) {
                    x509CertificateArr[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(peerCertificates[i].getEncoded()));
                }
                return x509CertificateArr;
            }
            return null;
        } catch (SSLPeerUnverifiedException unused) {
            return null;
        } catch (Exception e) {
            C2.e("EXCEPTION ", e);
            return null;
        }
    }

    public void W3(String... strArr) {
        this.b2.addAll(Arrays.asList(strArr));
    }

    public final void X3() {
        if (isStarted()) {
            return;
        }
        throw new IllegalStateException("!STARTED: " + this);
    }

    public void Y3(SSLEngine sSLEngine) {
        Logger logger = C2;
        if (logger.d()) {
            logger.a("Customize {}", sSLEngine);
        }
        SSLParameters sSLParameters = sSLEngine.getSSLParameters();
        sSLParameters.setEndpointIdentificationAlgorithm(this.w2);
        sSLParameters.setUseCipherSuitesOrder(this.j2);
        if (!this.g2.isEmpty() || !this.h2.isEmpty()) {
            sSLParameters.setSNIMatchers(Collections.singletonList(new AliasSNIMatcher()));
        }
        String[] strArr = this.k2;
        if (strArr != null) {
            sSLParameters.setCipherSuites(strArr);
        }
        String[] strArr2 = this.i2;
        if (strArr2 != null) {
            sSLParameters.setProtocols(strArr2);
        }
        sSLEngine.setSSLParameters(sSLParameters);
    }

    public SSLContext b4() {
        SSLContext sSLContext;
        if (!isStarted()) {
            return null;
        }
        synchronized (this) {
            sSLContext = this.A2.a;
        }
        return sSLContext;
    }

    public final void c4() {
        KeyStore a;
        KeyManager[] keyManagerArr;
        TrustManager[] trustManagerArr;
        SSLContext sSLContext;
        TrustManager[] trustManagerArr2;
        Resource resource = this.l2;
        KeyStore keyStore = null;
        if (resource == null) {
            if (this.x2) {
                Logger logger = C2;
                if (logger.d()) {
                    logger.a("No keystore or trust store configured.  ACCEPTING UNTRUSTED CERTIFICATES!!!!!", new Object[0]);
                }
                trustManagerArr2 = B2;
            } else {
                trustManagerArr2 = null;
            }
            SSLContext sSLContext2 = SSLContext.getInstance(this.p2);
            sSLContext2.init(null, trustManagerArr2, null);
            sSLContext = sSLContext2;
            a = null;
        } else {
            Password password = this.o2;
            KeyStore a2 = CertificateUtils.a(resource, this.m2, null, password == null ? null : password.toString());
            String str = this.n2;
            Resource resource2 = this.l2;
            if (str == null) {
                str = this.m2;
            }
            Password password2 = this.o2;
            a = CertificateUtils.a(resource2, str, null, password2 == null ? null : password2.toString());
            CertificateUtils.b(null);
            if (a2 != null) {
                Iterator it = Collections.list(a2.aliases()).iterator();
                while (it.hasNext()) {
                    String str2 = (String) it.next();
                    Certificate certificate = a2.getCertificate(str2);
                    if (certificate != null && "X.509".equals(certificate.getType())) {
                        X509Certificate x509Certificate = (X509Certificate) certificate;
                        Logger logger2 = X509.d;
                        boolean[] keyUsage = x509Certificate.getKeyUsage();
                        if (keyUsage != null && keyUsage[5]) {
                            Logger logger3 = C2;
                            if (logger3.d()) {
                                logger3.a("Skipping " + x509Certificate, new Object[0]);
                            }
                        } else {
                            X509 x509 = new X509(str2, x509Certificate);
                            this.f2.put(str2, x509);
                            C2.h("x509={} for {}", x509, this);
                            Iterator it2 = new HashSet(x509.b).iterator();
                            while (it2.hasNext()) {
                                this.g2.put((String) it2.next(), x509);
                            }
                            Iterator it3 = new HashSet(x509.c).iterator();
                            while (it3.hasNext()) {
                                this.h2.put((String) it3.next(), x509);
                            }
                        }
                    }
                }
            }
            if (a2 != null) {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.q2);
                Password password3 = this.o2;
                keyManagerFactory.init(a2, password3 == null ? null : password3.toString().toCharArray());
                keyManagerArr = keyManagerFactory.getKeyManagers();
                if (keyManagerArr != null && (!this.g2.isEmpty() || !this.h2.isEmpty())) {
                    for (int i = 0; i < keyManagerArr.length; i++) {
                        if (keyManagerArr[i] instanceof X509ExtendedKeyManager) {
                            keyManagerArr[i] = new SniX509ExtendedKeyManager((X509ExtendedKeyManager) keyManagerArr[i]);
                        }
                    }
                }
            } else {
                keyManagerArr = null;
            }
            Logger logger4 = C2;
            if (logger4.d()) {
                logger4.a("managers={} for {}", keyManagerArr, this);
            }
            if (a != null) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this.r2);
                trustManagerFactory.init(a);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } else {
                trustManagerArr = null;
            }
            sSLContext = SSLContext.getInstance(this.p2);
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            keyStore = a2;
        }
        SSLSessionContext serverSessionContext = sSLContext.getServerSessionContext();
        if (serverSessionContext != null) {
            int i2 = this.u2;
            if (i2 > -1) {
                serverSessionContext.setSessionCacheSize(i2);
            }
            int i3 = this.v2;
            if (i3 > -1) {
                serverSessionContext.setSessionTimeout(i3);
            }
        }
        SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
        SSLParameters supportedSSLParameters = sSLContext.getSupportedSSLParameters();
        String[] cipherSuites = defaultSSLParameters.getCipherSuites();
        String[] cipherSuites2 = supportedSSLParameters.getCipherSuites();
        ArrayList arrayList = new ArrayList();
        if (this.e2.isEmpty()) {
            arrayList.addAll(Arrays.asList(cipherSuites));
        } else {
            for (String str3 : this.e2) {
                Pattern compile = Pattern.compile(str3);
                boolean z = false;
                for (String str4 : cipherSuites2) {
                    if (compile.matcher(str4).matches()) {
                        arrayList.add(str4);
                        z = true;
                    }
                }
                if (!z) {
                    C2.h("No Cipher matching '{}' is supported", str3);
                }
            }
        }
        Iterator<String> it4 = this.d2.iterator();
        while (it4.hasNext()) {
            Pattern compile2 = Pattern.compile(it4.next());
            Iterator it5 = arrayList.iterator();
            while (it5.hasNext()) {
                if (compile2.matcher((String) it5.next()).matches()) {
                    it5.remove();
                }
            }
        }
        if (arrayList.isEmpty()) {
            C2.g("No supported ciphers from {}", Arrays.asList(cipherSuites2));
        }
        this.k2 = (String[]) arrayList.toArray(new String[0]);
        String[] protocols = defaultSSLParameters.getProtocols();
        String[] protocols2 = supportedSSLParameters.getProtocols();
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        if (this.c2.isEmpty()) {
            linkedHashSet.addAll(Arrays.asList(protocols));
        } else {
            for (String str5 : this.c2) {
                if (Arrays.asList(protocols2).contains(str5)) {
                    linkedHashSet.add(str5);
                } else {
                    C2.h("Protocol {} not supported in {}", str5, Arrays.asList(protocols2));
                }
            }
        }
        linkedHashSet.removeAll(this.b2);
        if (linkedHashSet.isEmpty()) {
            C2.g("No selected protocols from {}", Arrays.asList(protocols2));
        }
        this.i2 = (String[]) linkedHashSet.toArray(new String[0]);
        this.A2 = new Factory(this, keyStore, a, sSLContext);
        Logger logger5 = C2;
        if (logger5.d()) {
            logger5.a("Selected Protocols {} of {}", Arrays.asList(this.i2), Arrays.asList(supportedSSLParameters.getProtocols()));
            logger5.a("Selected Ciphers   {} of {}", Arrays.asList(this.k2), Arrays.asList(supportedSSLParameters.getCipherSuites()));
        }
    }

    public SSLEngine d4(String str, int i) {
        X3();
        SSLContext b4 = b4();
        SSLEngine createSSLEngine = this.t2 ? b4.createSSLEngine(str, i) : b4.createSSLEngine();
        Y3(createSSLEngine);
        return createSSLEngine;
    }

    @Override // org.eclipse.jetty.util.component.AbstractLifeCycle
    public void doStart() {
        super.doStart();
        synchronized (this) {
            c4();
        }
    }

    @Override // org.eclipse.jetty.util.component.AbstractLifeCycle
    public void doStop() {
        synchronized (this) {
            g4();
        }
        super.doStop();
    }

    @Override // org.eclipse.jetty.util.component.Dumpable
    public void dump(Appendable appendable, String str) {
        appendable.append(String.valueOf(this)).append(" trustAll=").append(Boolean.toString(this.x2)).append(System.lineSeparator());
        try {
            SSLEngine createSSLEngine = SSLContext.getDefault().createSSLEngine();
            ArrayList arrayList = new ArrayList();
            arrayList.add(new SslSelectionDump("Protocol", createSSLEngine.getSupportedProtocols(), createSSLEngine.getEnabledProtocols(), (String[]) this.b2.toArray(new String[0]), (String[]) this.c2.toArray(new String[0])));
            arrayList.add(new SslSelectionDump("Cipher Suite", createSSLEngine.getSupportedCipherSuites(), createSSLEngine.getEnabledCipherSuites(), (String[]) this.d2.toArray(new String[0]), (String[]) this.e2.toArray(new String[0])));
            ContainerLifeCycle.dump(appendable, str, arrayList);
        } catch (NoSuchAlgorithmException e) {
            C2.m(e);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:19:0x005f, code lost:
    
        if (r1.length() != 0) goto L10;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void e4(java.lang.String r6) {
        /*
            r5 = this;
            if (r6 != 0) goto L69
            org.eclipse.jetty.util.resource.Resource r6 = r5.l2
            r0 = 0
            if (r6 == 0) goto L6e
            java.lang.String r6 = "org.eclipse.jetty.ssl.password"
            org.eclipse.jetty.util.log.Logger r1 = org.eclipse.jetty.util.security.Password.d2
            java.lang.String r1 = java.lang.System.getProperty(r6, r0)
            if (r1 == 0) goto L1a
            int r2 = r1.length()
            if (r2 != 0) goto L18
            goto L1a
        L18:
            r0 = r1
            goto L61
        L1a:
            java.io.PrintStream r2 = java.lang.System.out     // Catch: java.io.IOException -> L51
            java.lang.StringBuilder r3 = new java.lang.StringBuilder     // Catch: java.io.IOException -> L51
            r3.<init>()     // Catch: java.io.IOException -> L51
            r3.append(r6)     // Catch: java.io.IOException -> L51
            java.lang.String r6 = ""
            r3.append(r6)     // Catch: java.io.IOException -> L51
            java.lang.String r6 = " : "
            r3.append(r6)     // Catch: java.io.IOException -> L51
            java.lang.String r6 = r3.toString()     // Catch: java.io.IOException -> L51
            r2.print(r6)     // Catch: java.io.IOException -> L51
            java.io.PrintStream r6 = java.lang.System.out     // Catch: java.io.IOException -> L51
            r6.flush()     // Catch: java.io.IOException -> L51
            r6 = 512(0x200, float:7.17E-43)
            byte[] r6 = new byte[r6]     // Catch: java.io.IOException -> L51
            java.io.InputStream r2 = java.lang.System.in     // Catch: java.io.IOException -> L51
            int r2 = r2.read(r6)     // Catch: java.io.IOException -> L51
            if (r2 <= 0) goto L59
            java.lang.String r3 = new java.lang.String     // Catch: java.io.IOException -> L51
            r4 = 0
            r3.<init>(r6, r4, r2)     // Catch: java.io.IOException -> L51
            java.lang.String r1 = r3.trim()     // Catch: java.io.IOException -> L51
            goto L59
        L51:
            r6 = move-exception
            org.eclipse.jetty.util.log.Logger r2 = org.eclipse.jetty.util.security.Password.d2
            java.lang.String r3 = "EXCEPTION "
            r2.e(r3, r6)
        L59:
            if (r1 == 0) goto L61
            int r6 = r1.length()
            if (r6 != 0) goto L18
        L61:
            org.eclipse.jetty.util.security.Password r6 = new org.eclipse.jetty.util.security.Password
            r6.<init>(r0)
            r5.o2 = r6
            goto L70
        L69:
            org.eclipse.jetty.util.security.Password r0 = new org.eclipse.jetty.util.security.Password
            r0.<init>(r6)
        L6e:
            r5.o2 = r0
        L70:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.jetty.util.ssl.SslContextFactory.e4(java.lang.String):void");
    }

    public void f4(String str) {
        try {
            this.l2 = Resource.A(str);
        } catch (MalformedURLException e) {
            throw new IllegalArgumentException(e);
        }
    }

    public final void g4() {
        this.A2 = null;
        this.i2 = null;
        this.k2 = null;
        this.f2.clear();
        this.g2.clear();
        this.h2.clear();
    }

    public String toString() {
        return String.format("%s@%x(%s,%s)", getClass().getSimpleName(), Integer.valueOf(hashCode()), this.l2, null);
    }
}
