package hd;

import gd.n;
import gd.s;
import java.io.IOException;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPathParameters;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.res.StringManager;

/* loaded from: classes2.dex */
public class e extends s {

    /* renamed from: g, reason: collision with root package name */
    public static final cc.b f7742g = cc.c.d(e.class);

    /* renamed from: h, reason: collision with root package name */
    public static final StringManager f7743h = StringManager.c(e.class);

    /* renamed from: i, reason: collision with root package name */
    public static final Set<String> f7744i;

    /* renamed from: j, reason: collision with root package name */
    public static final Set<String> f7745j;

    /* renamed from: f, reason: collision with root package name */
    public final SSLHostConfig f7746f;

    static {
        try {
            c cVar = new c("TLS");
            cVar.b(null, null, null);
            String[] protocols = cVar.c().getProtocols();
            f7744i = new HashSet(protocols.length);
            for (String str : protocols) {
                String upperCase = str.toUpperCase(Locale.ENGLISH);
                if ("SSLV2HELLO".equals(upperCase) || "SSLV3".equals(upperCase) || !upperCase.contains("SSL")) {
                    f7744i.add(str);
                } else {
                    f7742g.a(f7743h.h("jsse.excludeProtocol", str));
                }
            }
            if (f7744i.size() == 0) {
                f7742g.n(f7743h.g("jsse.noDefaultProtocols"));
            }
            String[] cipherSuites = cVar.c().getCipherSuites();
            if (!oc.d.b) {
                HashSet hashSet = new HashSet(cipherSuites.length);
                f7745j = hashSet;
                hashSet.addAll(Arrays.asList(cipherSuites));
                return;
            }
            f7745j = new HashSet(cipherSuites.length * 2);
            for (String str2 : cipherSuites) {
                f7745j.add(str2);
                if (str2.startsWith("SSL")) {
                    f7745j.add("TLS" + str2.substring(3));
                }
            }
        } catch (KeyManagementException | NoSuchAlgorithmException e10) {
            throw new IllegalArgumentException(e10);
        }
    }

    public e(SSLHostConfigCertificate sSLHostConfigCertificate) {
        this(sSLHostConfigCertificate, true);
    }

    public e(SSLHostConfigCertificate sSLHostConfigCertificate, boolean z10) {
        super(sSLHostConfigCertificate, z10);
        this.f7746f = sSLHostConfigCertificate.getSSLHostConfig();
    }

    private void n(KeyStore keyStore) throws Exception {
        Enumeration<String> aliases = keyStore.aliases();
        if (aliases != null) {
            Date date = new Date();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement)) {
                    Certificate certificate = keyStore.getCertificate(nextElement);
                    if (certificate instanceof X509Certificate) {
                        try {
                            ((X509Certificate) certificate).checkValidity(date);
                        } catch (CertificateExpiredException | CertificateNotYetValidException e10) {
                            String h10 = f7743h.h("jsseUtil.trustedCertNotValid", nextElement, ((X509Certificate) certificate).getSubjectDN(), e10.getMessage());
                            if (f7742g.e()) {
                                f7742g.b(h10, e10);
                            } else {
                                f7742g.n(h10);
                            }
                        }
                    } else if (f7742g.e()) {
                        f7742g.a(f7743h.h("jsseUtil.trustedCertNotChecked", nextElement));
                    }
                }
            }
        }
    }

    @Override // gd.r
    public n a(List<String> list) throws NoSuchAlgorithmException {
        return new c(this.f7746f.getSslProtocol());
    }

    @Override // gd.r
    public KeyManager[] b() throws Exception {
        KeyStore keyStore;
        String certificateKeyAlias = this.a.getCertificateKeyAlias();
        String keyManagerAlgorithm = this.f7746f.getKeyManagerAlgorithm();
        String certificateKeyPassword = this.a.getCertificateKeyPassword();
        if (certificateKeyPassword == null) {
            certificateKeyPassword = this.a.getCertificateKeystorePassword();
        }
        KeyStore certificateKeystore = this.a.getCertificateKeystore();
        char[] charArray = certificateKeyPassword.toCharArray();
        if (certificateKeystore == null) {
            if (this.a.getCertificateFile() == null) {
                throw new IOException(f7743h.g("jsse.noCertFile"));
            }
            f fVar = new f(SSLHostConfig.adjustRelativePath(this.a.getCertificateKeyFile() != null ? this.a.getCertificateKeyFile() : this.a.getCertificateFile()), certificateKeyPassword);
            f fVar2 = new f(SSLHostConfig.adjustRelativePath(this.a.getCertificateFile()));
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(fVar2.c());
            if (this.a.getCertificateChainFile() != null) {
                arrayList.addAll(new f(SSLHostConfig.adjustRelativePath(this.a.getCertificateChainFile())).c());
            }
            if (certificateKeyAlias == null) {
                certificateKeyAlias = "tomcat";
            }
            keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null, null);
            keyStore.setKeyEntry(certificateKeyAlias, fVar.d(), certificateKeyPassword.toCharArray(), (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]));
        } else {
            if (certificateKeyAlias != null && !certificateKeystore.isKeyEntry(certificateKeyAlias)) {
                throw new IOException(f7743h.h("jsse.alias_no_key_entry", certificateKeyAlias));
            }
            if (certificateKeyAlias == null) {
                Enumeration<String> aliases = certificateKeystore.aliases();
                if (!aliases.hasMoreElements()) {
                    throw new IOException(f7743h.g("jsse.noKeys"));
                }
                while (aliases.hasMoreElements() && certificateKeyAlias == null) {
                    certificateKeyAlias = aliases.nextElement();
                    if (!certificateKeystore.isKeyEntry(certificateKeyAlias)) {
                        certificateKeyAlias = null;
                    }
                }
                if (certificateKeyAlias == null) {
                    throw new IOException(f7743h.h("jsse.alias_no_key_entry", null));
                }
            }
            Key key = certificateKeystore.getKey(certificateKeyAlias, charArray);
            if (key == null || "DKS".equalsIgnoreCase(this.a.getCertificateKeystoreType()) || !"PKCS#8".equalsIgnoreCase(key.getFormat())) {
                keyStore = certificateKeystore;
            } else {
                String certificateKeystoreProvider = this.a.getCertificateKeystoreProvider();
                keyStore = certificateKeystoreProvider == null ? KeyStore.getInstance(this.a.getCertificateKeystoreType()) : KeyStore.getInstance(this.a.getCertificateKeystoreType(), certificateKeystoreProvider);
                keyStore.load(null, null);
                keyStore.setKeyEntry(certificateKeyAlias, key, charArray, certificateKeystore.getCertificateChain(certificateKeyAlias));
            }
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(keyManagerAlgorithm);
        keyManagerFactory.init(keyStore, charArray);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (keyManagers != null && keyStore == certificateKeystore) {
            if ("JKS".equals(this.a.getCertificateKeystoreType())) {
                certificateKeyAlias = certificateKeyAlias.toLowerCase(Locale.ENGLISH);
            }
            for (int i10 = 0; i10 < keyManagers.length; i10++) {
                keyManagers[i10] = new b((X509KeyManager) keyManagers[i10], certificateKeyAlias);
            }
        }
        return keyManagers;
    }

    @Override // gd.r
    public TrustManager[] c() throws Exception {
        String trustManagerClassName = this.f7746f.getTrustManagerClassName();
        if (trustManagerClassName != null && trustManagerClassName.length() > 0) {
            Class<?> loadClass = e.class.getClassLoader().loadClass(trustManagerClassName);
            if (TrustManager.class.isAssignableFrom(loadClass)) {
                return new TrustManager[]{(TrustManager) loadClass.getConstructor(new Class[0]).newInstance(new Object[0])};
            }
            throw new InstantiationException(f7743h.h("jsse.invalidTrustManagerClassName", trustManagerClassName));
        }
        KeyStore truststore = this.f7746f.getTruststore();
        if (truststore == null) {
            return null;
        }
        n(truststore);
        String truststoreAlgorithm = this.f7746f.getTruststoreAlgorithm();
        String certificateRevocationListFile = this.f7746f.getCertificateRevocationListFile();
        boolean revocationEnabled = this.f7746f.getRevocationEnabled();
        if ("PKIX".equalsIgnoreCase(truststoreAlgorithm)) {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(truststoreAlgorithm);
            trustManagerFactory.init(new CertPathTrustManagerParameters(p(certificateRevocationListFile, truststore, revocationEnabled)));
            return trustManagerFactory.getTrustManagers();
        }
        TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(truststoreAlgorithm);
        trustManagerFactory2.init(truststore);
        TrustManager[] trustManagers = trustManagerFactory2.getTrustManagers();
        if (certificateRevocationListFile != null && certificateRevocationListFile.length() > 0) {
            throw new CRLException(f7743h.h("jsseUtil.noCrlSupport", truststoreAlgorithm));
        }
        if (this.f7746f.isCertificateVerificationDepthConfigured()) {
            f7742g.n(f7743h.h("jsseUtil.noVerificationDepth", truststoreAlgorithm));
        }
        return trustManagers;
    }

    @Override // gd.r
    public void d(SSLSessionContext sSLSessionContext) {
        sSLSessionContext.setSessionCacheSize(this.f7746f.getSessionCacheSize());
        sSLSessionContext.setSessionTimeout(this.f7746f.getSessionTimeout());
    }

    @Override // gd.s
    public Set<String> h() {
        return f7745j;
    }

    @Override // gd.s
    public Set<String> i() {
        return f7744i;
    }

    @Override // gd.s
    public cc.b j() {
        return f7742g;
    }

    @Override // gd.s
    public boolean l() {
        return oc.e.a();
    }

    @Override // gd.s
    public boolean m() {
        return false;
    }

    public Collection<? extends CRL> o(String str) throws IOException, CRLException, CertificateException {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            InputStream a = uc.a.a(str);
            try {
                Collection<? extends CRL> generateCRLs = certificateFactory.generateCRLs(a);
                if (a != null) {
                    a.close();
                }
                return generateCRLs;
            } finally {
            }
        } catch (IOException e10) {
            throw e10;
        } catch (CRLException e11) {
            throw e11;
        } catch (CertificateException e12) {
            throw e12;
        }
    }

    public CertPathParameters p(String str, KeyStore keyStore, boolean z10) throws Exception {
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        if (str == null || str.length() <= 0) {
            pKIXBuilderParameters.setRevocationEnabled(z10);
        } else {
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(o(str))));
            pKIXBuilderParameters.setRevocationEnabled(true);
        }
        pKIXBuilderParameters.setMaxPathLength(this.f7746f.getCertificateVerificationDepth());
        return pKIXBuilderParameters;
    }
}
