package org.apache.tomcat.util.net;

import dc.b;
import dc.c;
import hd.f;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.Serializable;
import java.security.KeyStore;
import java.security.UnrecoverableKeyException;
import java.util.EnumMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.management.ObjectName;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import kd.a;
import org.apache.catalina.valves.AbstractAccessLogValve;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.openssl.OpenSSLConf;
import org.apache.tomcat.util.net.openssl.ciphers.Cipher;
import org.apache.tomcat.util.res.StringManager;
import r0.s;

/* loaded from: classes2.dex */
public class SSLHostConfig implements Serializable {

    /* renamed from: d, reason: collision with root package name */
    public static final b f10804d = c.d(SSLHostConfig.class);

    /* renamed from: e, reason: collision with root package name */
    public static final StringManager f10805e = StringManager.c(SSLHostConfig.class);

    /* renamed from: f, reason: collision with root package name */
    public static final String f10806f = "_default_";

    /* renamed from: g, reason: collision with root package name */
    public static final Set<String> f10807g;
    public static final long serialVersionUID = 1;
    public String caCertificateFile;
    public String caCertificatePath;
    public String certificateRevocationListFile;
    public String certificateRevocationListPath;
    public String[] enabledCiphers;
    public String[] enabledProtocols;
    public ObjectName oname;
    public String trustManagerClassName;
    public Type configType = null;
    public Type currentConfigType = null;
    public Map<Type, Set<String>> configuredProperties = new EnumMap(Type.class);
    public String hostName = f10806f;
    public transient Long a = 0L;
    public transient Long b = 0L;
    public Set<String> explicitlyRequestedProtocols = new HashSet();
    public SSLHostConfigCertificate defaultCertificate = null;
    public Set<SSLHostConfigCertificate> certificates = new HashSet(4);
    public CertificateVerification certificateVerification = CertificateVerification.NONE;
    public int certificateVerificationDepth = 10;
    public boolean certificateVerificationDepthConfigured = false;
    public String ciphers = "HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA";
    public LinkedHashSet<Cipher> cipherList = null;
    public List<String> jsseCipherNames = null;
    public boolean honorCipherOrder = false;
    public Set<String> protocols = new HashSet();
    public String keyManagerAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
    public boolean revocationEnabled = false;
    public int sessionCacheSize = 0;
    public int sessionTimeout = s.f11419d;
    public String sslProtocol = "TLS";
    public String truststoreAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
    public String truststoreFile = System.getProperty("javax.net.ssl.trustStore");
    public String truststorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
    public String truststoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider");
    public String truststoreType = System.getProperty("javax.net.ssl.trustStoreType");

    /* renamed from: c, reason: collision with root package name */
    public transient KeyStore f10808c = null;
    public boolean disableCompression = true;
    public boolean disableSessionTickets = false;
    public boolean insecureRenegotiation = false;
    public OpenSSLConf openSslConf = null;

    /* loaded from: classes2.dex */
    public enum CertificateVerification {
        NONE,
        OPTIONAL_NO_CA,
        OPTIONAL,
        REQUIRED;

        public static CertificateVerification fromString(String str) {
            if ("true".equalsIgnoreCase(str) || "yes".equalsIgnoreCase(str) || "require".equalsIgnoreCase(str) || "required".equalsIgnoreCase(str)) {
                return REQUIRED;
            }
            if ("optional".equalsIgnoreCase(str) || "want".equalsIgnoreCase(str)) {
                return OPTIONAL;
            }
            if ("optionalNoCA".equalsIgnoreCase(str) || "optional_no_ca".equalsIgnoreCase(str)) {
                return OPTIONAL_NO_CA;
            }
            if ("false".equalsIgnoreCase(str) || "no".equalsIgnoreCase(str) || "none".equalsIgnoreCase(str)) {
                return NONE;
            }
            throw new IllegalArgumentException(SSLHostConfig.f10805e.h("sslHostConfig.certificateVerificationInvalid", str));
        }
    }

    /* loaded from: classes2.dex */
    public enum Type {
        JSSE,
        OPENSSL,
        EITHER
    }

    static {
        HashSet hashSet = new HashSet();
        f10807g = hashSet;
        hashSet.add(f.f7577k);
        f10807g.add(f.f7574h);
        f10807g.add(f.f7572f);
        f10807g.add(f.f7571e);
        f10807g.add(f.f7570d);
    }

    public SSLHostConfig() {
        setProtocols(f.b);
    }

    public static String adjustRelativePath(String str) throws FileNotFoundException {
        if (str == null || str.length() == 0) {
            return str;
        }
        File file = new File(str);
        if (!file.isAbsolute()) {
            str = System.getProperty("catalina.base") + File.separator + str;
            file = new File(str);
        }
        if (file.exists()) {
            return str;
        }
        throw new FileNotFoundException(f10805e.h("sslHostConfig.fileNotFound", str));
    }

    private void c() {
        if (this.defaultCertificate == null) {
            SSLHostConfigCertificate sSLHostConfigCertificate = new SSLHostConfigCertificate(this, SSLHostConfigCertificate.Type.UNDEFINED);
            this.defaultCertificate = sSLHostConfigCertificate;
            this.certificates.add(sSLHostConfigCertificate);
        }
    }

    public void addCertificate(SSLHostConfigCertificate sSLHostConfigCertificate) {
        if (this.certificates.size() == 0) {
            this.certificates.add(sSLHostConfigCertificate);
        } else {
            if ((this.certificates.size() == 1 && this.certificates.iterator().next().getType() == SSLHostConfigCertificate.Type.UNDEFINED) || sSLHostConfigCertificate.getType() == SSLHostConfigCertificate.Type.UNDEFINED) {
                throw new IllegalArgumentException(f10805e.g("sslHostConfig.certificate.notype"));
            }
            this.certificates.add(sSLHostConfigCertificate);
        }
    }

    public boolean b(String str) {
        return this.explicitlyRequestedProtocols.contains(str);
    }

    public void d(String str, Type type) {
        Type type2 = this.configType;
        if (type2 == null) {
            Set<String> set = this.configuredProperties.get(type);
            if (set == null) {
                set = new HashSet<>();
                this.configuredProperties.put(type, set);
            }
            set.add(str);
            return;
        }
        if (type2 != Type.EITHER) {
            if (type != type2) {
                f10804d.n(f10805e.h("sslHostConfig.mismatch", str, getHostName(), type, this.configType));
                return;
            }
            return;
        }
        Type type3 = this.currentConfigType;
        if (type3 == null) {
            this.currentConfigType = type;
        } else if (type3 != type) {
            f10804d.n(f10805e.h("sslHostConfig.mismatch", str, getHostName(), type, this.currentConfigType));
        }
    }

    public String getCaCertificateFile() {
        return this.caCertificateFile;
    }

    public String getCaCertificatePath() {
        return this.caCertificatePath;
    }

    public String getCertificateChainFile() {
        c();
        return this.defaultCertificate.getCertificateChainFile();
    }

    public String getCertificateFile() {
        c();
        return this.defaultCertificate.getCertificateFile();
    }

    public String getCertificateKeyAlias() {
        c();
        return this.defaultCertificate.getCertificateKeyAlias();
    }

    public String getCertificateKeyFile() {
        c();
        return this.defaultCertificate.getCertificateKeyFile();
    }

    public String getCertificateKeyPassword() {
        c();
        return this.defaultCertificate.getCertificateKeyPassword();
    }

    public String getCertificateKeystoreFile() {
        c();
        return this.defaultCertificate.getCertificateKeystoreFile();
    }

    public String getCertificateKeystorePassword() {
        c();
        return this.defaultCertificate.getCertificateKeystorePassword();
    }

    public String getCertificateKeystoreProvider() {
        c();
        return this.defaultCertificate.getCertificateKeystoreProvider();
    }

    public String getCertificateKeystoreType() {
        c();
        return this.defaultCertificate.getCertificateKeystoreType();
    }

    public String getCertificateRevocationListFile() {
        return this.certificateRevocationListFile;
    }

    public String getCertificateRevocationListPath() {
        return this.certificateRevocationListPath;
    }

    public CertificateVerification getCertificateVerification() {
        return this.certificateVerification;
    }

    public int getCertificateVerificationDepth() {
        return this.certificateVerificationDepth;
    }

    public Set<SSLHostConfigCertificate> getCertificates() {
        return getCertificates(false);
    }

    public Set<SSLHostConfigCertificate> getCertificates(boolean z10) {
        if (this.certificates.size() == 0 && z10) {
            c();
        }
        return this.certificates;
    }

    public LinkedHashSet<Cipher> getCipherList() {
        if (this.cipherList == null) {
            this.cipherList = a.u(this.ciphers);
        }
        return this.cipherList;
    }

    public String getCiphers() {
        return this.ciphers;
    }

    public String getConfigType() {
        return this.configType.name();
    }

    public boolean getDisableCompression() {
        return this.disableCompression;
    }

    public boolean getDisableSessionTickets() {
        return this.disableSessionTickets;
    }

    public String[] getEnabledCiphers() {
        return this.enabledCiphers;
    }

    public String[] getEnabledProtocols() {
        return this.enabledProtocols;
    }

    public boolean getHonorCipherOrder() {
        return this.honorCipherOrder;
    }

    public String getHostName() {
        return this.hostName;
    }

    public boolean getInsecureRenegotiation() {
        return this.insecureRenegotiation;
    }

    public List<String> getJsseCipherNames() {
        if (this.jsseCipherNames == null) {
            this.jsseCipherNames = a.c(getCipherList());
        }
        return this.jsseCipherNames;
    }

    public String getKeyManagerAlgorithm() {
        return this.keyManagerAlgorithm;
    }

    public ObjectName getObjectName() {
        return this.oname;
    }

    public OpenSSLConf getOpenSslConf() {
        return this.openSslConf;
    }

    public Long getOpenSslConfContext() {
        return this.a;
    }

    public Long getOpenSslContext() {
        return this.b;
    }

    public Set<String> getProtocols() {
        return this.protocols;
    }

    public boolean getRevocationEnabled() {
        return this.revocationEnabled;
    }

    public int getSessionCacheSize() {
        return this.sessionCacheSize;
    }

    public int getSessionTimeout() {
        return this.sessionTimeout;
    }

    public String getSslProtocol() {
        return this.sslProtocol;
    }

    public String getTrustManagerClassName() {
        return this.trustManagerClassName;
    }

    public KeyStore getTruststore() throws IOException {
        KeyStore keyStore = this.f10808c;
        if (keyStore != null || this.truststoreFile == null) {
            return keyStore;
        }
        try {
            return hd.s.k(getTruststoreType(), getTruststoreProvider(), getTruststoreFile(), getTruststorePassword());
        } catch (IOException e10) {
            Throwable cause = e10.getCause();
            if (!(cause instanceof UnrecoverableKeyException)) {
                throw e10;
            }
            f10804d.i(f10805e.g("jsse.invalid_truststore_password"), cause);
            return hd.s.k(getTruststoreType(), getTruststoreProvider(), getTruststoreFile(), null);
        }
    }

    public String getTruststoreAlgorithm() {
        return this.truststoreAlgorithm;
    }

    public String getTruststoreFile() {
        return this.truststoreFile;
    }

    public String getTruststorePassword() {
        return this.truststorePassword;
    }

    public String getTruststoreProvider() {
        String str = this.truststoreProvider;
        if (str != null) {
            return str;
        }
        Set<SSLHostConfigCertificate> certificates = getCertificates();
        return certificates.size() == 1 ? certificates.iterator().next().getCertificateKeystoreProvider() : SSLHostConfigCertificate.f10811e;
    }

    public String getTruststoreType() {
        String str = this.truststoreType;
        if (str != null) {
            return str;
        }
        Set<SSLHostConfigCertificate> certificates = getCertificates();
        if (certificates.size() == 1) {
            String certificateKeystoreType = certificates.iterator().next().getCertificateKeystoreType();
            if (!"PKCS12".equalsIgnoreCase(certificateKeystoreType)) {
                return certificateKeystoreType;
            }
        }
        return SSLHostConfigCertificate.f10812f;
    }

    public boolean isCertificateVerificationDepthConfigured() {
        return this.certificateVerificationDepthConfigured;
    }

    public void setCaCertificateFile(String str) {
        d("caCertificateFile", Type.OPENSSL);
        this.caCertificateFile = str;
    }

    public void setCaCertificatePath(String str) {
        d("caCertificatePath", Type.OPENSSL);
        this.caCertificatePath = str;
    }

    public void setCertificateChainFile(String str) {
        c();
        this.defaultCertificate.setCertificateChainFile(str);
    }

    public void setCertificateFile(String str) {
        c();
        this.defaultCertificate.setCertificateFile(str);
    }

    public void setCertificateKeyAlias(String str) {
        c();
        this.defaultCertificate.setCertificateKeyAlias(str);
    }

    public void setCertificateKeyFile(String str) {
        c();
        this.defaultCertificate.setCertificateKeyFile(str);
    }

    public void setCertificateKeyPassword(String str) {
        c();
        this.defaultCertificate.setCertificateKeyPassword(str);
    }

    public void setCertificateKeystoreFile(String str) {
        c();
        this.defaultCertificate.setCertificateKeystoreFile(str);
    }

    public void setCertificateKeystorePassword(String str) {
        c();
        this.defaultCertificate.setCertificateKeystorePassword(str);
    }

    public void setCertificateKeystoreProvider(String str) {
        c();
        this.defaultCertificate.setCertificateKeystoreProvider(str);
    }

    public void setCertificateKeystoreType(String str) {
        c();
        this.defaultCertificate.setCertificateKeystoreType(str);
    }

    public void setCertificateRevocationListFile(String str) {
        this.certificateRevocationListFile = str;
    }

    public void setCertificateRevocationListPath(String str) {
        d("certificateRevocationListPath", Type.OPENSSL);
        this.certificateRevocationListPath = str;
    }

    public void setCertificateVerification(String str) {
        try {
            this.certificateVerification = CertificateVerification.fromString(str);
        } catch (IllegalArgumentException e10) {
            this.certificateVerification = CertificateVerification.REQUIRED;
            throw e10;
        }
    }

    public void setCertificateVerificationDepth(int i10) {
        this.certificateVerificationDepth = i10;
        this.certificateVerificationDepthConfigured = true;
    }

    public void setCiphers(String str) {
        if (str == null || str.contains(AbstractAccessLogValve.g.f10292h)) {
            this.ciphers = str;
        } else {
            StringBuilder sb2 = new StringBuilder();
            for (String str2 : str.split(",")) {
                String trim = str2.trim();
                if (trim.length() > 0) {
                    String o10 = a.o(trim);
                    if (o10 != null) {
                        trim = o10;
                    }
                    if (sb2.length() > 0) {
                        sb2.append(':');
                    }
                    sb2.append(trim);
                }
            }
            this.ciphers = sb2.toString();
        }
        this.cipherList = null;
        this.jsseCipherNames = null;
    }

    public void setConfigType(Type type) {
        this.configType = type;
        if (type != Type.EITHER) {
            this.configuredProperties.remove(type);
        } else if (this.configuredProperties.remove(Type.JSSE) == null) {
            this.configuredProperties.remove(Type.OPENSSL);
        }
        for (Map.Entry<Type, Set<String>> entry : this.configuredProperties.entrySet()) {
            Iterator<String> it = entry.getValue().iterator();
            while (it.hasNext()) {
                f10804d.n(f10805e.h("sslHostConfig.mismatch", it.next(), getHostName(), entry.getKey(), type));
            }
        }
    }

    public void setDisableCompression(boolean z10) {
        d("disableCompression", Type.OPENSSL);
        this.disableCompression = z10;
    }

    public void setDisableSessionTickets(boolean z10) {
        d("disableSessionTickets", Type.OPENSSL);
        this.disableSessionTickets = z10;
    }

    public void setEnabledCiphers(String[] strArr) {
        this.enabledCiphers = strArr;
    }

    public void setEnabledProtocols(String[] strArr) {
        this.enabledProtocols = strArr;
    }

    public void setHonorCipherOrder(boolean z10) {
        this.honorCipherOrder = z10;
    }

    public void setHostName(String str) {
        this.hostName = str;
    }

    public void setInsecureRenegotiation(boolean z10) {
        d("insecureRenegotiation", Type.OPENSSL);
        this.insecureRenegotiation = z10;
    }

    public void setKeyManagerAlgorithm(String str) {
        d("keyManagerAlgorithm", Type.JSSE);
        this.keyManagerAlgorithm = str;
    }

    public void setObjectName(ObjectName objectName) {
        this.oname = objectName;
    }

    public void setOpenSslConf(OpenSSLConf openSSLConf) {
        if (openSSLConf == null) {
            throw new IllegalArgumentException(f10805e.g("sslHostConfig.opensslconf.null"));
        }
        if (this.openSslConf != null) {
            throw new IllegalArgumentException(f10805e.g("sslHostConfig.opensslconf.alreadySet"));
        }
        d("<OpenSSLConf>", Type.OPENSSL);
        this.openSslConf = openSSLConf;
    }

    public void setOpenSslConfContext(Long l10) {
        this.a = l10;
    }

    public void setOpenSslContext(Long l10) {
        this.b = l10;
    }

    public void setProtocols(String str) {
        this.protocols.clear();
        this.explicitlyRequestedProtocols.clear();
        for (String str2 : str.split("(?=[-+,])")) {
            String trim = str2.trim();
            if (trim.length() > 1) {
                if (trim.charAt(0) == '+') {
                    String trim2 = trim.substring(1).trim();
                    if (trim2.equalsIgnoreCase(f.b)) {
                        this.protocols.addAll(f10807g);
                    } else {
                        this.protocols.add(trim2);
                        this.explicitlyRequestedProtocols.add(trim2);
                    }
                } else if (trim.charAt(0) == '-') {
                    String trim3 = trim.substring(1).trim();
                    if (trim3.equalsIgnoreCase(f.b)) {
                        this.protocols.removeAll(f10807g);
                    } else {
                        this.protocols.remove(trim3);
                        this.explicitlyRequestedProtocols.remove(trim3);
                    }
                } else {
                    if (trim.charAt(0) == ',') {
                        trim = trim.substring(1).trim();
                    }
                    if (!this.protocols.isEmpty()) {
                        f10804d.n(f10805e.h("sslHostConfig.prefix_missing", trim, getHostName()));
                    }
                    if (trim.equalsIgnoreCase(f.b)) {
                        this.protocols.addAll(f10807g);
                    } else {
                        this.protocols.add(trim);
                        this.explicitlyRequestedProtocols.add(trim);
                    }
                }
            }
        }
    }

    public void setRevocationEnabled(boolean z10) {
        d("revocationEnabled", Type.JSSE);
        this.revocationEnabled = z10;
    }

    public void setSessionCacheSize(int i10) {
        d("sessionCacheSize", Type.JSSE);
        this.sessionCacheSize = i10;
    }

    public void setSessionTimeout(int i10) {
        d("sessionTimeout", Type.JSSE);
        this.sessionTimeout = i10;
    }

    public void setSslProtocol(String str) {
        d("sslProtocol", Type.JSSE);
        this.sslProtocol = str;
    }

    public void setTrustManagerClassName(String str) {
        d("trustManagerClassName", Type.JSSE);
        this.trustManagerClassName = str;
    }

    public void setTrustStore(KeyStore keyStore) {
        this.f10808c = keyStore;
    }

    public void setTruststoreAlgorithm(String str) {
        d("truststoreAlgorithm", Type.JSSE);
        this.truststoreAlgorithm = str;
    }

    public void setTruststoreFile(String str) {
        d("truststoreFile", Type.JSSE);
        this.truststoreFile = str;
    }

    public void setTruststorePassword(String str) {
        d("truststorePassword", Type.JSSE);
        this.truststorePassword = str;
    }

    public void setTruststoreProvider(String str) {
        d("truststoreProvider", Type.JSSE);
        this.truststoreProvider = str;
    }

    public void setTruststoreType(String str) {
        d("truststoreType", Type.JSSE);
        this.truststoreType = str;
    }
}
