package org.apache.tomcat.util.net.jsse;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CRLException;
import java.security.cert.CertPathParameters;
import java.security.cert.CertStore;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.util.Vector;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import org.apache.hadoop.fs.http.client.HttpFSFileSystem;
import org.apache.hadoop.fs.http.server.HttpFSParams;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.net.ServerSocketFactory;
import org.apache.tomcat.util.res.StringManager;

/* loaded from: input_file:hadoop-hdfs-httpfs-0.23.5/share/hadoop/httpfs/tomcat/lib/tomcat-coyote.jar:org/apache/tomcat/util/net/jsse/JSSESocketFactory.class */
public class JSSESocketFactory extends ServerSocketFactory {
    private static final boolean RFC_5746_SUPPORTED;
    private static final String defaultKeyPass = "changeit";
    private static final int defaultSessionCacheSize = 0;
    private static final int defaultSessionTimeout = 86400;
    protected boolean initialized;
    protected String[] enabledCiphers;
    private static StringManager sm = StringManager.getManager("org.apache.tomcat.util.net.jsse.res");
    static String defaultProtocol = "TLS";
    static boolean defaultClientAuth = false;
    static String defaultKeystoreType = "JKS";
    private static final String defaultKeystoreFile = System.getProperty("user.home") + "/.keystore";
    static Log log = LogFactory.getLog(JSSESocketFactory.class);
    protected String clientAuth = "false";
    protected SSLServerSocketFactory sslProxy = null;
    protected boolean allowUnsafeLegacyRenegotiation = false;
    protected boolean requireClientAuth = false;
    protected boolean wantClientAuth = false;

    @Override // org.apache.tomcat.util.net.ServerSocketFactory
    public ServerSocket createSocket(int i) throws IOException {
        if (!this.initialized) {
            init();
        }
        ServerSocket createServerSocket = this.sslProxy.createServerSocket(i);
        initServerSocket(createServerSocket);
        return createServerSocket;
    }

    @Override // org.apache.tomcat.util.net.ServerSocketFactory
    public ServerSocket createSocket(int i, int i2) throws IOException {
        if (!this.initialized) {
            init();
        }
        ServerSocket createServerSocket = this.sslProxy.createServerSocket(i, i2);
        initServerSocket(createServerSocket);
        return createServerSocket;
    }

    @Override // org.apache.tomcat.util.net.ServerSocketFactory
    public ServerSocket createSocket(int i, int i2, InetAddress inetAddress) throws IOException {
        if (!this.initialized) {
            init();
        }
        ServerSocket createServerSocket = this.sslProxy.createServerSocket(i, i2, inetAddress);
        initServerSocket(createServerSocket);
        return createServerSocket;
    }

    @Override // org.apache.tomcat.util.net.ServerSocketFactory
    public Socket acceptSocket(ServerSocket serverSocket) throws IOException {
        try {
            SSLSocket sSLSocket = (SSLSocket) serverSocket.accept();
            configureClientAuth(sSLSocket);
            return sSLSocket;
        } catch (SSLException e) {
            throw new SocketException("SSL handshake error" + e.toString());
        }
    }

    @Override // org.apache.tomcat.util.net.ServerSocketFactory
    public void handshake(Socket socket) throws IOException {
        ((SSLSocket) socket).startHandshake();
        if (this.allowUnsafeLegacyRenegotiation || RFC_5746_SUPPORTED) {
            return;
        }
        ((SSLSocket) socket).setEnabledCipherSuites(new String[0]);
    }

    protected String[] getEnabledCiphers(String str, String[] strArr) {
        String[] strArr2 = null;
        if (str != null) {
            Vector vector = null;
            String str2 = str;
            int indexOf = str.indexOf(44);
            if (indexOf != -1) {
                int i = 0;
                while (indexOf != -1) {
                    String trim = str.substring(i, indexOf).trim();
                    if (trim.length() > 0) {
                        int i2 = 0;
                        while (true) {
                            if (strArr != null && i2 < strArr.length) {
                                if (strArr[i2].equals(trim)) {
                                    if (vector == null) {
                                        vector = new Vector();
                                    }
                                    vector.addElement(trim);
                                } else {
                                    i2++;
                                }
                            }
                        }
                    }
                    i = indexOf + 1;
                    indexOf = str.indexOf(44, i);
                }
                str2 = str.substring(i);
            }
            if (str2 != null) {
                String trim2 = str2.trim();
                if (trim2.length() > 0) {
                    int i3 = 0;
                    while (true) {
                        if (strArr == null || i3 >= strArr.length) {
                            break;
                        }
                        if (strArr[i3].equals(trim2)) {
                            if (vector == null) {
                                vector = new Vector();
                            }
                            vector.addElement(trim2);
                        } else {
                            i3++;
                        }
                    }
                }
            }
            if (vector != null) {
                strArr2 = new String[vector.size()];
                vector.copyInto(strArr2);
            }
        } else {
            strArr2 = this.sslProxy.getDefaultCipherSuites();
        }
        return strArr2;
    }

    protected String getKeystorePassword() {
        String str = (String) this.attributes.get("keypass");
        if (str == null) {
            str = defaultKeyPass;
        }
        String str2 = (String) this.attributes.get("keystorePass");
        if (str2 == null) {
            str2 = str;
        }
        return str2;
    }

    protected KeyStore getKeystore(String str, String str2, String str3) throws IOException {
        String str4 = (String) this.attributes.get("keystore");
        if (str4 == null) {
            str4 = defaultKeystoreFile;
        }
        try {
            return getStore(str, str2, str4, str3);
        } catch (FileNotFoundException e) {
            throw e;
        } catch (IOException e2) {
            log.error(sm.getString("jsse.keystore_load_failed", str, str4, e2.getMessage()), e2);
            throw e2;
        }
    }

    protected KeyStore getTrustStore(String str, String str2) throws IOException {
        KeyStore keyStore = null;
        String str3 = (String) this.attributes.get("truststoreFile");
        if (str3 == null) {
            str3 = System.getProperty("javax.net.ssl.trustStore");
        }
        if (log.isDebugEnabled()) {
            log.debug("Truststore = " + str3);
        }
        String str4 = (String) this.attributes.get("truststorePass");
        if (str4 == null) {
            str4 = System.getProperty("javax.net.ssl.trustStorePassword");
        }
        if (str4 == null) {
            str4 = getKeystorePassword();
        }
        if (log.isDebugEnabled()) {
            log.debug("TrustPass = " + str4);
        }
        String str5 = (String) this.attributes.get("truststoreType");
        if (str5 == null) {
            str5 = System.getProperty("javax.net.ssl.trustStoreType");
        }
        if (str5 == null) {
            str5 = str;
        }
        if (log.isDebugEnabled()) {
            log.debug("trustType = " + str5);
        }
        String str6 = (String) this.attributes.get("truststoreProvider");
        if (str6 == null) {
            str6 = System.getProperty("javax.net.ssl.trustStoreProvider");
        }
        if (str6 == null) {
            str6 = str2;
        }
        if (log.isDebugEnabled()) {
            log.debug("trustProvider = " + str6);
        }
        if (str3 != null) {
            try {
                keyStore = getStore(str5, str6, str3, str4);
            } catch (FileNotFoundException e) {
                throw e;
            } catch (IOException e2) {
                e = e2;
                if (str4 != null) {
                    log.warn(sm.getString("jsse.invalid_truststore_password"), e);
                    try {
                        keyStore = getStore(str5, str6, str3, null);
                        e = null;
                    } catch (IOException e3) {
                        e = e3;
                    }
                }
                if (e != null) {
                    log.error(sm.getString("jsse.keystore_load_failed", str5, str3, e.getMessage()), e);
                    throw e;
                }
            }
        }
        return keyStore;
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:22:0x00fd
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private java.security.KeyStore getStore(java.lang.String r9, java.lang.String r10, java.lang.String r11, java.lang.String r12) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 260
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(java.lang.String, java.lang.String, java.lang.String, java.lang.String):java.security.KeyStore");
    }

    void init() throws IOException {
        try {
            String str = (String) this.attributes.get("clientauth");
            if (HttpFSParams.OverwriteParam.DEFAULT.equalsIgnoreCase(str) || "yes".equalsIgnoreCase(str)) {
                this.requireClientAuth = true;
            } else if ("want".equalsIgnoreCase(str)) {
                this.wantClientAuth = true;
            }
            String str2 = (String) this.attributes.get("protocol");
            if (str2 == null) {
                str2 = defaultProtocol;
            }
            String str3 = (String) this.attributes.get(HttpFSFileSystem.CHECKSUM_ALGORITHM_JSON);
            if (str3 == null) {
                str3 = KeyManagerFactory.getDefaultAlgorithm();
            }
            String str4 = (String) this.attributes.get("keystoreType");
            if (str4 == null) {
                str4 = defaultKeystoreType;
            }
            String str5 = (String) this.attributes.get("keystoreProvider");
            String str6 = (String) this.attributes.get("truststoreAlgorithm");
            if (str6 == null) {
                str6 = TrustManagerFactory.getDefaultAlgorithm();
            }
            SSLContext sSLContext = SSLContext.getInstance(str2);
            sSLContext.init(getKeyManagers(str4, str5, str3, (String) this.attributes.get("keyAlias")), getTrustManagers(str4, str5, str6), new SecureRandom());
            int parseInt = this.attributes.get("sessionCacheSize") != null ? Integer.parseInt((String) this.attributes.get("sessionCacheSize")) : 0;
            int parseInt2 = this.attributes.get("sessionTimeout") != null ? Integer.parseInt((String) this.attributes.get("sessionTimeout")) : defaultSessionTimeout;
            SSLSessionContext serverSessionContext = sSLContext.getServerSessionContext();
            if (serverSessionContext != null) {
                serverSessionContext.setSessionCacheSize(parseInt);
                serverSessionContext.setSessionTimeout(parseInt2);
            }
            this.sslProxy = sSLContext.getServerSocketFactory();
            this.enabledCiphers = getEnabledCiphers((String) this.attributes.get("ciphers"), this.sslProxy.getSupportedCipherSuites());
            this.allowUnsafeLegacyRenegotiation = HttpFSParams.OverwriteParam.DEFAULT.equals(this.attributes.get("allowUnsafeLegacyRenegotiation"));
            checkConfig();
        } catch (Exception e) {
            if (!(e instanceof IOException)) {
                throw new IOException(e.getMessage());
            }
            throw ((IOException) e);
        }
    }

    protected KeyManager[] getKeyManagers(String str, String str2, String str3, String str4) throws Exception {
        String keystorePassword = getKeystorePassword();
        KeyStore keystore = getKeystore(str, str2, keystorePassword);
        if (str4 != null && !keystore.isKeyEntry(str4)) {
            throw new IOException(sm.getString("jsse.alias_no_key_entry", str4));
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str3);
        keyManagerFactory.init(keystore, keystorePassword.toCharArray());
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (str4 != null) {
            if (defaultKeystoreType.equals(str)) {
                str4 = str4.toLowerCase();
            }
            for (int i = 0; i < keyManagers.length; i++) {
                keyManagers[i] = new JSSEKeyManager((X509KeyManager) keyManagers[i], str4);
            }
        }
        return keyManagers;
    }

    protected TrustManager[] getTrustManagers(String str, String str2, String str3) throws Exception {
        String str4 = (String) this.attributes.get("crlFile");
        TrustManager[] trustManagerArr = null;
        KeyStore trustStore = getTrustStore(str, str2);
        if (trustStore != null) {
            if (str4 == null) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str3);
                trustManagerFactory.init(trustStore);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } else {
                TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(str3);
                trustManagerFactory2.init(new CertPathTrustManagerParameters(getParameters(str3, str4, trustStore)));
                trustManagerArr = trustManagerFactory2.getTrustManagers();
            }
        }
        return trustManagerArr;
    }

    protected CertPathParameters getParameters(String str, String str2, KeyStore keyStore) throws Exception {
        if (!"PKIX".equalsIgnoreCase(str)) {
            throw new CRLException("CRLs not supported for type: " + str);
        }
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(getCRLs(str2))));
        pKIXBuilderParameters.setRevocationEnabled(true);
        String str3 = (String) this.attributes.get("trustMaxCertLength");
        if (str3 != null) {
            try {
                pKIXBuilderParameters.setMaxPathLength(Integer.parseInt(str3));
            } catch (Exception e) {
                log.warn("Bad maxCertLength: " + str3);
            }
        }
        return pKIXBuilderParameters;
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:9:0x0068
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    protected java.util.Collection<? extends java.security.cert.CRL> getCRLs(java.lang.String r6) throws java.io.IOException, java.security.cert.CRLException, java.security.cert.CertificateException {
        /*
            r5 = this;
            java.io.File r0 = new java.io.File
            r1 = r0
            r2 = r6
            r1.<init>(r2)
            r7 = r0
            r0 = r7
            boolean r0 = r0.isAbsolute()
            if (r0 != 0) goto L1e
            java.io.File r0 = new java.io.File
            r1 = r0
            java.lang.String r2 = "catalina.base"
            java.lang.String r2 = java.lang.System.getProperty(r2)
            r3 = r6
            r1.<init>(r2, r3)
            r7 = r0
        L1e:
            r0 = 0
            r8 = r0
            r0 = 0
            r9 = r0
            java.lang.String r0 = "X.509"
            java.security.cert.CertificateFactory r0 = java.security.cert.CertificateFactory.getInstance(r0)     // Catch: java.io.IOException -> L42 java.security.cert.CRLException -> L47 java.security.cert.CertificateException -> L4c java.lang.Throwable -> L51
            r10 = r0
            java.io.FileInputStream r0 = new java.io.FileInputStream     // Catch: java.io.IOException -> L42 java.security.cert.CRLException -> L47 java.security.cert.CertificateException -> L4c java.lang.Throwable -> L51
            r1 = r0
            r2 = r7
            r1.<init>(r2)     // Catch: java.io.IOException -> L42 java.security.cert.CRLException -> L47 java.security.cert.CertificateException -> L4c java.lang.Throwable -> L51
            r9 = r0
            r0 = r10
            r1 = r9
            java.util.Collection r0 = r0.generateCRLs(r1)     // Catch: java.io.IOException -> L42 java.security.cert.CRLException -> L47 java.security.cert.CertificateException -> L4c java.lang.Throwable -> L51
            r8 = r0
            r0 = jsr -> L59
        L3f:
            goto L6c
        L42:
            r10 = move-exception
            r0 = r10
            throw r0     // Catch: java.lang.Throwable -> L51
        L47:
            r10 = move-exception
            r0 = r10
            throw r0     // Catch: java.lang.Throwable -> L51
        L4c:
            r10 = move-exception
            r0 = r10
            throw r0     // Catch: java.lang.Throwable -> L51
        L51:
            r11 = move-exception
            r0 = jsr -> L59
        L56:
            r1 = r11
            throw r1
        L59:
            r12 = r0
            r0 = r9
            if (r0 == 0) goto L6a
            r0 = r9
            r0.close()     // Catch: java.lang.Exception -> L68
            goto L6a
        L68:
            r13 = move-exception
        L6a:
            ret r12
        L6c:
            r1 = r8
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.tomcat.util.net.jsse.JSSESocketFactory.getCRLs(java.lang.String):java.util.Collection");
    }

    protected void setEnabledProtocols(SSLServerSocket sSLServerSocket, String[] strArr) {
        if (strArr != null) {
            sSLServerSocket.setEnabledProtocols(strArr);
        }
    }

    protected String[] getEnabledProtocols(SSLServerSocket sSLServerSocket, String str) {
        String[] supportedProtocols = sSLServerSocket.getSupportedProtocols();
        String[] strArr = null;
        if (str != null) {
            Vector vector = null;
            String str2 = str;
            int indexOf = str.indexOf(44);
            if (indexOf != -1) {
                int i = 0;
                while (indexOf != -1) {
                    String trim = str.substring(i, indexOf).trim();
                    if (trim.length() > 0) {
                        int i2 = 0;
                        while (true) {
                            if (supportedProtocols != null && i2 < supportedProtocols.length) {
                                if (supportedProtocols[i2].equals(trim)) {
                                    if (vector == null) {
                                        vector = new Vector();
                                    }
                                    vector.addElement(trim);
                                } else {
                                    i2++;
                                }
                            }
                        }
                    }
                    i = indexOf + 1;
                    indexOf = str.indexOf(44, i);
                }
                str2 = str.substring(i);
            }
            if (str2 != null) {
                String trim2 = str2.trim();
                if (trim2.length() > 0) {
                    int i3 = 0;
                    while (true) {
                        if (supportedProtocols == null || i3 >= supportedProtocols.length) {
                            break;
                        }
                        if (supportedProtocols[i3].equals(trim2)) {
                            if (vector == null) {
                                vector = new Vector();
                            }
                            vector.addElement(trim2);
                        } else {
                            i3++;
                        }
                    }
                }
            }
            if (vector != null) {
                strArr = new String[vector.size()];
                vector.copyInto(strArr);
            }
        }
        return strArr;
    }

    protected void configureClientAuth(SSLServerSocket sSLServerSocket) {
        if (this.wantClientAuth) {
            sSLServerSocket.setWantClientAuth(this.wantClientAuth);
        } else {
            sSLServerSocket.setNeedClientAuth(this.requireClientAuth);
        }
    }

    protected void configureClientAuth(SSLSocket sSLSocket) {
    }

    private void initServerSocket(ServerSocket serverSocket) {
        SSLServerSocket sSLServerSocket = (SSLServerSocket) serverSocket;
        if (this.enabledCiphers != null) {
            sSLServerSocket.setEnabledCipherSuites(this.enabledCiphers);
        }
        setEnabledProtocols(sSLServerSocket, getEnabledProtocols(sSLServerSocket, (String) this.attributes.get("protocols")));
        configureClientAuth(sSLServerSocket);
    }

    /*  JADX ERROR: NullPointerException in pass: RegionMakerVisitor
        java.lang.NullPointerException
        */
    private void checkConfig() throws java.io.IOException {
        /*
            r9 = this;
            r0 = r9
            javax.net.ssl.SSLServerSocketFactory r0 = r0.sslProxy
            java.net.ServerSocket r0 = r0.createServerSocket()
            r10 = r0
            r0 = r9
            r1 = r10
            r0.initServerSocket(r1)
            r0 = r10
            r1 = 1
            r0.setSoTimeout(r1)     // Catch: javax.net.ssl.SSLException -> L1d java.lang.Exception -> L41 java.lang.Throwable -> L48
            r0 = r10
            java.net.Socket r0 = r0.accept()     // Catch: javax.net.ssl.SSLException -> L1d java.lang.Exception -> L41 java.lang.Throwable -> L48
            r0 = jsr -> L50
        L1a:
            goto L5f
        L1d:
            r11 = move-exception
            java.io.IOException r0 = new java.io.IOException     // Catch: java.lang.Throwable -> L48
            r1 = r0
            org.apache.tomcat.util.res.StringManager r2 = org.apache.tomcat.util.net.jsse.JSSESocketFactory.sm     // Catch: java.lang.Throwable -> L48
            java.lang.String r3 = "jsse.invalid_ssl_conf"
            r4 = 1
            java.lang.Object[] r4 = new java.lang.Object[r4]     // Catch: java.lang.Throwable -> L48
            r5 = r4
            r6 = 0
            r7 = r11
            java.lang.String r7 = r7.getMessage()     // Catch: java.lang.Throwable -> L48
            r5[r6] = r7     // Catch: java.lang.Throwable -> L48
            java.lang.String r2 = r2.getString(r3, r4)     // Catch: java.lang.Throwable -> L48
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L48
            r12 = r0
            r0 = r12
            r1 = r11
            java.lang.Throwable r0 = r0.initCause(r1)     // Catch: java.lang.Throwable -> L48
            r0 = r12
            throw r0     // Catch: java.lang.Throwable -> L48
        L41:
            r11 = move-exception
            r0 = jsr -> L50
        L45:
            goto L5f
        L48:
            r13 = move-exception
            r0 = jsr -> L50
        L4d:
            r1 = r13
            throw r1
        L50:
            r14 = r0
            r0 = r10
            boolean r0 = r0.isClosed()
            if (r0 != 0) goto L5d
            r0 = r10
            r0.close()
        L5d:
            ret r14
        L5f:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig():void");
    }

    static {
        boolean z = false;
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, null, new SecureRandom());
            String[] supportedCipherSuites = sSLContext.getServerSocketFactory().getSupportedCipherSuites();
            int length = supportedCipherSuites.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if ("TLS_EMPTY_RENEGOTIATION_INFO_SCSV".equals(supportedCipherSuites[i])) {
                    z = true;
                    break;
                }
                i++;
            }
        } catch (KeyManagementException e) {
        } catch (NoSuchAlgorithmException e2) {
        }
        RFC_5746_SUPPORTED = z;
    }
}
