package org.eclipse.jetty.util.ssl;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.LinkedHashSet;
import java.util.Properties;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.eclipse.jetty.util.IO;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.security.CertificateUtils;

/* loaded from: classes.dex */
public final class SslContextFactory extends AbstractLifeCycle {
    public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM;
    public static final String DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM;
    public static final Logger LOG;
    public static final TrustManager[] TRUST_ALL_CERTS = {new X509TrustManager() { // from class: org.eclipse.jetty.util.ssl.SslContextFactory.1
        @Override // javax.net.ssl.X509TrustManager
        public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public final X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }};
    public SSLContext _context;
    public ByteArrayInputStream _keyStoreInputStream;
    public InputStream _trustStoreInputStream;
    public final LinkedHashSet _excludeProtocols = new LinkedHashSet();
    public final LinkedHashSet _excludeCipherSuites = new LinkedHashSet();
    public final String _keyStoreType = "JKS";
    public String _trustStoreType = "JKS";
    public final String _sslProtocol = "TLS";
    public final String _keyManagerFactoryAlgorithm = DEFAULT_KEYMANAGERFACTORY_ALGORITHM;
    public String _trustManagerFactoryAlgorithm = DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM;
    public final boolean _sessionCachingEnabled = true;
    public final boolean _trustAll = true;

    static {
        Properties properties = Log.__props;
        LOG = Log.getLogger(SslContextFactory.class.getName());
        DEFAULT_KEYMANAGERFACTORY_ALGORITHM = Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ? "SunX509" : Security.getProperty("ssl.KeyManagerFactory.algorithm");
        DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM = Security.getProperty("ssl.TrustManagerFactory.algorithm") != null ? Security.getProperty("ssl.TrustManagerFactory.algorithm") : "SunX509";
        System.getProperty("user.home");
        String str = File.separator;
    }

    public final void customize(SSLEngine sSLEngine) {
        String[] enabledCipherSuites = sSLEngine.getEnabledCipherSuites();
        sSLEngine.getSupportedCipherSuites();
        sSLEngine.setEnabledCipherSuites(selectCipherSuites(enabledCipherSuites));
        String[] enabledProtocols = sSLEngine.getEnabledProtocols();
        sSLEngine.getSupportedProtocols();
        sSLEngine.setEnabledProtocols(selectProtocols(enabledProtocols));
    }

    @Override // org.eclipse.jetty.util.component.AbstractLifeCycle
    public final void doStart() throws Exception {
        KeyManager[] keyManagerArr;
        TrustManager[] trustManagerArr;
        TrustManager[] trustManagerArr2;
        SSLContext sSLContext = this._context;
        if (sSLContext == null) {
            ByteArrayInputStream byteArrayInputStream = this._keyStoreInputStream;
            Logger logger = LOG;
            String str = this._sslProtocol;
            if (byteArrayInputStream == null && this._trustStoreInputStream == null) {
                if (this._trustAll) {
                    logger.debug("No keystore or trust store configured.  ACCEPTING UNTRUSTED CERTIFICATES!!!!!", new Object[0]);
                    trustManagerArr2 = TRUST_ALL_CERTS;
                } else {
                    trustManagerArr2 = null;
                }
                SSLContext sSLContext2 = SSLContext.getInstance(str);
                this._context = sSLContext2;
                sSLContext2.init(null, trustManagerArr2, null);
                return;
            }
            String str2 = this._keyManagerFactoryAlgorithm;
            String str3 = this._keyStoreType;
            if (sSLContext == null) {
                if (byteArrayInputStream == null) {
                    throw new IllegalStateException("SSL doesn't have a valid keystore");
                }
                if (this._trustStoreInputStream == null) {
                    this._trustStoreInputStream = byteArrayInputStream;
                    this._trustStoreType = str3;
                    this._trustManagerFactoryAlgorithm = str2;
                }
                if (byteArrayInputStream == this._trustStoreInputStream) {
                    try {
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        ByteArrayInputStream byteArrayInputStream2 = this._keyStoreInputStream;
                        int i = IO.bufferSize;
                        byte[] bArr = new byte[i];
                        while (true) {
                            int read = byteArrayInputStream2.read(bArr, 0, i);
                            if (read < 0) {
                                break;
                            } else {
                                byteArrayOutputStream.write(bArr, 0, read);
                            }
                        }
                        this._keyStoreInputStream.close();
                        this._keyStoreInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
                        this._trustStoreInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
                    } catch (Exception e) {
                        throw new IllegalStateException(e);
                    }
                }
            }
            KeyStore keyStore = CertificateUtils.getKeyStore(this._keyStoreInputStream, str3);
            KeyStore keyStore2 = CertificateUtils.getKeyStore(this._trustStoreInputStream, this._trustStoreType);
            if (keyStore != null) {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str2);
                keyManagerFactory.init(keyStore, null);
                keyManagerArr = keyManagerFactory.getKeyManagers();
            } else {
                keyManagerArr = null;
            }
            if (keyStore2 != null) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this._trustManagerFactoryAlgorithm);
                trustManagerFactory.init(keyStore2);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } else {
                trustManagerArr = null;
            }
            SSLContext sSLContext3 = SSLContext.getInstance(str);
            this._context = sSLContext3;
            sSLContext3.init(keyManagerArr, trustManagerArr, null);
            SSLEngine newSslEngine$1 = newSslEngine$1();
            logger.info("Enabled Protocols {} of {}", Arrays.asList(newSslEngine$1.getEnabledProtocols()), Arrays.asList(newSslEngine$1.getSupportedProtocols()));
            if (logger.isDebugEnabled()) {
                logger.debug("Enabled Ciphers   {} of {}", Arrays.asList(newSslEngine$1.getEnabledCipherSuites()), Arrays.asList(newSslEngine$1.getSupportedCipherSuites()));
            }
        }
    }

    public final SSLEngine newSslEngine$1() {
        SSLEngine createSSLEngine = this._context.createSSLEngine();
        customize(createSSLEngine);
        return createSSLEngine;
    }

    public final String[] selectCipherSuites(String[] strArr) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.addAll(Arrays.asList(strArr));
        LinkedHashSet linkedHashSet2 = this._excludeCipherSuites;
        if (linkedHashSet2 != null) {
            linkedHashSet.removeAll(linkedHashSet2);
        }
        return (String[]) linkedHashSet.toArray(new String[linkedHashSet.size()]);
    }

    public final String[] selectProtocols(String[] strArr) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.addAll(Arrays.asList(strArr));
        LinkedHashSet linkedHashSet2 = this._excludeProtocols;
        if (linkedHashSet2 != null) {
            linkedHashSet.removeAll(linkedHashSet2);
        }
        return (String[]) linkedHashSet.toArray(new String[linkedHashSet.size()]);
    }

    public final String toString() {
        return String.format("%s@%x(%s,%s)", "SslContextFactory", Integer.valueOf(hashCode()), null, null);
    }
}
