package org.eclipse.jetty.util.ssl;

import com.axxonsoft.utils.Args;
import defpackage.an7;
import defpackage.dq2;
import defpackage.hj6;
import defpackage.sr8;
import j$.util.DesugarCollections;
import j$.util.List;
import j$.util.Objects;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CRL;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.function.Consumer;
import java.util.regex.Pattern;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.lang3.BooleanUtils;
import org.eclipse.jetty.util.annotation.ManagedAttribute;
import org.eclipse.jetty.util.annotation.ManagedObject;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.component.Dumpable;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.security.CertificateUtils;
import org.eclipse.jetty.util.security.CertificateValidator;
import org.eclipse.jetty.util.security.Password;
import org.objectweb.asm.Opcodes;

@ManagedObject
/* loaded from: classes6.dex */
public class SslContextFactory extends AbstractLifeCycle implements Dumpable {
    public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM;
    public static final String DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM;
    public static final String KEYPASSWORD_PROPERTY = "org.eclipse.jetty.ssl.keypassword";
    public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password";
    public static final TrustManager[] TRUST_ALL_CERTS = {new Object()};
    public static final Logger j0;
    public static final Logger k0;
    public static final String[] l0;
    public static final String[] m0;
    public String A;
    public String B;
    public String C;
    public Resource D;
    public String E;
    public String F;
    public boolean G;
    public boolean H;
    public Password I;
    public Password J;
    public Password K;
    public String L;
    public String M;
    public String N;
    public String O;
    public String P;
    public boolean Q;
    public boolean R;
    public int S;
    public String T;
    public boolean U;
    public boolean V;
    public String W;
    public KeyStore X;
    public KeyStore Y;
    public boolean Z;
    public int a0;
    public int b0;
    public SSLContext c0;
    public String d0;
    public boolean e0;
    public final LinkedHashSet f;
    public boolean f0;
    public final LinkedHashSet g;
    public int g0;
    public final LinkedHashSet h;
    public sr8 h0;
    public final ArrayList i;
    public PKIXCertPathChecker i0;
    public final HashMap j;
    public final HashMap t;
    public final HashMap u;
    public String[] v;
    public boolean w;
    public Comparator x;
    public String[] y;
    public Resource z;

    /* JADX WARN: Multi-variable type inference failed */
    static {
        Logger logger = Log.getLogger((Class<?>) SslContextFactory.class);
        j0 = logger;
        k0 = logger.getLogger(Args.config);
        DEFAULT_KEYMANAGERFACTORY_ALGORITHM = Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ? KeyManagerFactory.getDefaultAlgorithm() : Security.getProperty("ssl.KeyManagerFactory.algorithm");
        DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM = Security.getProperty("ssl.TrustManagerFactory.algorithm") == null ? TrustManagerFactory.getDefaultAlgorithm() : Security.getProperty("ssl.TrustManagerFactory.algorithm");
        l0 = new String[]{"SSL", "SSLv2", "SSLv2Hello", "SSLv3"};
        m0 = new String[]{"^.*_(MD5|SHA|SHA1)$", "^TLS_RSA_.*$", "^SSL_.*$", "^.*_NULL_.*$", "^.*_anon_.*$"};
    }

    public SslContextFactory() {
        this(false);
    }

    public SslContextFactory(String str) {
        this(false, str);
    }

    public SslContextFactory(boolean z) {
        this(z, null);
    }

    public SslContextFactory(boolean z, String str) {
        this.f = new LinkedHashSet();
        this.g = new LinkedHashSet();
        this.h = new LinkedHashSet();
        this.i = new ArrayList();
        this.j = new HashMap();
        this.t = new HashMap();
        this.u = new HashMap();
        this.w = true;
        this.B = "JKS";
        this.G = false;
        this.H = false;
        this.M = "TLS";
        this.O = DEFAULT_KEYMANAGERFACTORY_ALGORITHM;
        this.P = DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM;
        this.S = -1;
        this.U = false;
        this.V = false;
        this.Z = true;
        this.a0 = -1;
        this.b0 = -1;
        this.d0 = null;
        this.f0 = true;
        this.g0 = 5;
        setTrustAll(z);
        setExcludeProtocols(l0);
        setExcludeCipherSuites(m0);
        if (str != null) {
            setKeyStorePath(str);
        }
    }

    public static int deduceKeyLength(String str) {
        if (str == null) {
            return 0;
        }
        if (str.contains("WITH_AES_256_")) {
            return 256;
        }
        if (str.contains("WITH_RC4_128_") || str.contains("WITH_AES_128_")) {
            return 128;
        }
        if (str.contains("WITH_RC4_40_")) {
            return 40;
        }
        if (str.contains("WITH_3DES_EDE_CBC_")) {
            return Opcodes.JSR;
        }
        if (str.contains("WITH_IDEA_CBC_")) {
            return 128;
        }
        if (str.contains("WITH_RC2_CBC_40_") || str.contains("WITH_DES40_CBC_")) {
            return 40;
        }
        return str.contains("WITH_DES_CBC_") ? 56 : 0;
    }

    public static X509Certificate[] getCertChain(SSLSession sSLSession) {
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            if (peerCertificates != null && peerCertificates.length != 0) {
                int length = peerCertificates.length;
                X509Certificate[] x509CertificateArr = new X509Certificate[length];
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                for (int i = 0; i < length; i++) {
                    x509CertificateArr[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(peerCertificates[i].getEncoded()));
                }
                return x509CertificateArr;
            }
            return null;
        } catch (SSLPeerUnverifiedException unused) {
            return null;
        } catch (Exception e) {
            j0.warn(Log.EXCEPTION, e);
            return null;
        }
    }

    public void addExcludeCipherSuites(String... strArr) {
        this.h.addAll(Arrays.asList(strArr));
    }

    public void addExcludeProtocols(String... strArr) {
        this.f.addAll(Arrays.asList(strArr));
    }

    public final void b() {
        if (isStarted()) {
            return;
        }
        throw new IllegalStateException("!STARTED: " + this);
    }

    public final void c() {
        SSLContext sSLContext;
        TrustManager[] trustManagerArr;
        SSLContext sSLContext2 = this.c0;
        KeyStore keyStore = this.X;
        KeyStore keyStore2 = this.Y;
        Logger logger = j0;
        if (sSLContext2 == null) {
            if (keyStore == null && this.z == null && keyStore2 == null && this.D == null) {
                if (isTrustAll()) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("No keystore or trust store configured.  ACCEPTING UNTRUSTED CERTIFICATES!!!!!", new Object[0]);
                    }
                    trustManagerArr = TRUST_ALL_CERTS;
                } else {
                    trustManagerArr = null;
                }
                String secureRandomAlgorithm = getSecureRandomAlgorithm();
                SecureRandom secureRandom = secureRandomAlgorithm == null ? null : SecureRandom.getInstance(secureRandomAlgorithm);
                String str = this.L;
                sSLContext = str == null ? SSLContext.getInstance(this.M) : SSLContext.getInstance(this.M, str);
                sSLContext.init(null, trustManagerArr, secureRandom);
            } else {
                if (keyStore == null) {
                    keyStore = loadKeyStore(this.z);
                }
                if (keyStore2 == null) {
                    keyStore2 = loadTrustStore(this.D);
                }
                Collection<? extends CRL> loadCRL = loadCRL(getCrlPath());
                if (keyStore != null) {
                    Iterator it = Collections.list(keyStore.aliases()).iterator();
                    while (it.hasNext()) {
                        String str2 = (String) it.next();
                        Certificate certificate = keyStore.getCertificate(str2);
                        if (certificate != null && "X.509".equals(certificate.getType())) {
                            X509Certificate x509Certificate = (X509Certificate) certificate;
                            if (!X509.isCertSign(x509Certificate)) {
                                X509 x509 = new X509(str2, x509Certificate);
                                this.j.put(str2, x509);
                                if (isValidateCerts()) {
                                    CertificateValidator certificateValidator = new CertificateValidator(keyStore2, loadCRL);
                                    certificateValidator.setMaxCertPathLength(getMaxCertPathLength());
                                    certificateValidator.setEnableCRLDP(isEnableCRLDP());
                                    certificateValidator.setEnableOCSP(isEnableOCSP());
                                    certificateValidator.setOcspResponderURL(getOcspResponderURL());
                                    certificateValidator.validate(keyStore, x509Certificate);
                                }
                                logger.info("x509={} for {}", x509, this);
                                Iterator<String> it2 = x509.getHosts().iterator();
                                while (it2.hasNext()) {
                                    this.t.put(it2.next(), x509);
                                }
                                Iterator<String> it3 = x509.getWilds().iterator();
                                while (it3.hasNext()) {
                                    this.u.put(it3.next(), x509);
                                }
                            } else if (logger.isDebugEnabled()) {
                                logger.debug("Skipping " + x509Certificate, new Object[0]);
                            }
                        }
                    }
                }
                KeyManager[] keyManagers = getKeyManagers(keyStore);
                TrustManager[] trustManagers = getTrustManagers(keyStore2, loadCRL);
                String str3 = this.N;
                SecureRandom secureRandom2 = str3 != null ? SecureRandom.getInstance(str3) : null;
                String str4 = this.L;
                sSLContext = str4 == null ? SSLContext.getInstance(this.M) : SSLContext.getInstance(this.M, str4);
                sSLContext.init(keyManagers, trustManagers, secureRandom2);
            }
            sSLContext2 = sSLContext;
        }
        SSLSessionContext serverSessionContext = sSLContext2.getServerSessionContext();
        if (serverSessionContext != null) {
            if (getSslSessionCacheSize() > -1) {
                serverSessionContext.setSessionCacheSize(getSslSessionCacheSize());
            }
            if (getSslSessionTimeout() > -1) {
                serverSessionContext.setSessionTimeout(getSslSessionTimeout());
            }
        }
        SSLParameters defaultSSLParameters = sSLContext2.getDefaultSSLParameters();
        SSLParameters supportedSSLParameters = sSLContext2.getSupportedSSLParameters();
        selectCipherSuites(defaultSSLParameters.getCipherSuites(), supportedSSLParameters.getCipherSuites());
        selectProtocols(defaultSSLParameters.getProtocols(), supportedSSLParameters.getProtocols());
        this.h0 = new sr8(keyStore, keyStore2, sSLContext2, 23);
        if (logger.isDebugEnabled()) {
            logger.debug("Selected Protocols {} of {}", Arrays.asList(this.v), Arrays.asList(supportedSSLParameters.getProtocols()));
            logger.debug("Selected Ciphers   {} of {}", Arrays.asList(this.y), Arrays.asList(supportedSSLParameters.getCipherSuites()));
        }
    }

    public SSLParameters customize(SSLParameters sSLParameters) {
        sSLParameters.setEndpointIdentificationAlgorithm(getEndpointIdentificationAlgorithm());
        sSLParameters.setUseCipherSuitesOrder(isUseCipherSuitesOrder());
        if (!this.t.isEmpty() || !this.u.isEmpty()) {
            sSLParameters.setSNIMatchers(Collections.singletonList(new an7(this)));
        }
        String[] strArr = this.y;
        if (strArr != null) {
            sSLParameters.setCipherSuites(strArr);
        }
        String[] strArr2 = this.v;
        if (strArr2 != null) {
            sSLParameters.setProtocols(strArr2);
        }
        if (getWantClientAuth()) {
            sSLParameters.setWantClientAuth(true);
        }
        if (getNeedClientAuth()) {
            sSLParameters.setNeedClientAuth(true);
        }
        return sSLParameters;
    }

    public void customize(SSLEngine sSLEngine) {
        Logger logger = j0;
        if (logger.isDebugEnabled()) {
            logger.debug("Customize {}", sSLEngine);
        }
        sSLEngine.setSSLParameters(customize(sSLEngine.getSSLParameters()));
    }

    public final void d() {
        this.h0 = null;
        this.v = null;
        this.y = null;
        this.j.clear();
        this.t.clear();
        this.u.clear();
    }

    @Override // org.eclipse.jetty.util.component.AbstractLifeCycle
    public void doStart() throws Exception {
        super.doStart();
        synchronized (this) {
            c();
        }
        secureConfigurationCheck();
    }

    @Override // org.eclipse.jetty.util.component.AbstractLifeCycle
    public void doStop() throws Exception {
        synchronized (this) {
            d();
        }
        super.doStop();
    }

    @Override // org.eclipse.jetty.util.component.Dumpable
    public String dump() {
        return dq2.b(this);
    }

    @Override // org.eclipse.jetty.util.component.Dumpable
    public void dump(Appendable appendable, String str) throws IOException {
        try {
            SSLEngine createSSLEngine = SSLContext.getDefault().createSSLEngine();
            dq2.d(appendable, str, this, "trustAll=" + this.e0, new hj6("Protocol", createSSLEngine.getSupportedProtocols(), createSSLEngine.getEnabledProtocols(), getExcludeProtocols(), getIncludeProtocols()), new hj6("Cipher Suite", createSSLEngine.getSupportedCipherSuites(), createSSLEngine.getEnabledCipherSuites(), getExcludeCipherSuites(), getIncludeCipherSuites()));
        } catch (NoSuchAlgorithmException e) {
            j0.ignore(e);
        }
    }

    public Set<String> getAliases() {
        return DesugarCollections.unmodifiableSet(this.j.keySet());
    }

    @ManagedAttribute("The certificate alias")
    public String getCertAlias() {
        return this.C;
    }

    public Comparator<String> getCipherComparator() {
        return this.x;
    }

    @ManagedAttribute("The path to the certificate revocation list file")
    public String getCrlPath() {
        return this.T;
    }

    @ManagedAttribute("The endpoint identification algorithm")
    public String getEndpointIdentificationAlgorithm() {
        return this.d0;
    }

    @ManagedAttribute("The excluded cipher suites")
    public String[] getExcludeCipherSuites() {
        return (String[]) this.h.toArray(new String[0]);
    }

    @ManagedAttribute("The excluded TLS protocols")
    public String[] getExcludeProtocols() {
        return (String[]) this.f.toArray(new String[0]);
    }

    @ManagedAttribute("The included cipher suites")
    public String[] getIncludeCipherSuites() {
        return (String[]) this.i.toArray(new String[0]);
    }

    @ManagedAttribute("The included TLS protocols")
    public String[] getIncludeProtocols() {
        return (String[]) this.g.toArray(new String[0]);
    }

    @ManagedAttribute("The KeyManagerFactory algorithm")
    public String getKeyManagerFactoryAlgorithm() {
        return this.O;
    }

    /* JADX WARN: Code restructure failed: missing block: B:28:0x0060, code lost:
    
        if (r6.j.size() <= 1) goto L36;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public javax.net.ssl.KeyManager[] getKeyManagers(java.security.KeyStore r7) throws java.lang.Exception {
        /*
            r6 = this;
            r0 = 0
            r1 = 1
            r2 = 0
            if (r7 == 0) goto L79
            java.lang.String r3 = r6.getKeyManagerFactoryAlgorithm()
            javax.net.ssl.KeyManagerFactory r3 = javax.net.ssl.KeyManagerFactory.getInstance(r3)
            org.eclipse.jetty.util.security.Password r4 = r6.J
            if (r4 != 0) goto L16
            org.eclipse.jetty.util.security.Password r4 = r6.I
            if (r4 != 0) goto L16
            goto L1e
        L16:
            java.lang.String r2 = r4.toString()
            char[] r2 = r2.toCharArray()
        L1e:
            r3.init(r7, r2)
            javax.net.ssl.KeyManager[] r2 = r3.getKeyManagers()
            if (r2 == 0) goto L79
            java.lang.String r7 = r6.getCertAlias()
            if (r7 == 0) goto L44
            r3 = 0
        L2e:
            int r4 = r2.length
            if (r3 >= r4) goto L44
            r4 = r2[r3]
            boolean r4 = r4 instanceof javax.net.ssl.X509ExtendedKeyManager
            if (r4 == 0) goto L42
            org.eclipse.jetty.util.ssl.AliasedX509ExtendedKeyManager r4 = new org.eclipse.jetty.util.ssl.AliasedX509ExtendedKeyManager
            r5 = r2[r3]
            javax.net.ssl.X509ExtendedKeyManager r5 = (javax.net.ssl.X509ExtendedKeyManager) r5
            r4.<init>(r5, r7)
            r2[r3] = r4
        L42:
            int r3 = r3 + r1
            goto L2e
        L44:
            java.util.HashMap r7 = r6.u
            boolean r7 = r7.isEmpty()
            if (r7 == 0) goto L62
            java.util.HashMap r7 = r6.t
            int r3 = r7.size()
            if (r3 > r1) goto L62
            int r7 = r7.size()
            if (r7 != r1) goto L79
            java.util.HashMap r7 = r6.j
            int r7 = r7.size()
            if (r7 <= r1) goto L79
        L62:
            r7 = 0
        L63:
            int r3 = r2.length
            if (r7 >= r3) goto L79
            r3 = r2[r7]
            boolean r3 = r3 instanceof javax.net.ssl.X509ExtendedKeyManager
            if (r3 == 0) goto L77
            org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager r3 = new org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager
            r4 = r2[r7]
            javax.net.ssl.X509ExtendedKeyManager r4 = (javax.net.ssl.X509ExtendedKeyManager) r4
            r3.<init>(r4)
            r2[r7] = r3
        L77:
            int r7 = r7 + r1
            goto L63
        L79:
            org.eclipse.jetty.util.log.Logger r7 = org.eclipse.jetty.util.ssl.SslContextFactory.j0
            boolean r3 = r7.isDebugEnabled()
            if (r3 == 0) goto L8d
            java.lang.String r3 = "managers={} for {}"
            r4 = 2
            java.lang.Object[] r4 = new java.lang.Object[r4]
            r4[r0] = r2
            r4[r1] = r6
            r7.debug(r3, r4)
        L8d:
            return r2
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(java.security.KeyStore):javax.net.ssl.KeyManager[]");
    }

    public KeyStore getKeyStore() {
        KeyStore keyStore;
        if (!isStarted()) {
            return this.X;
        }
        synchronized (this) {
            keyStore = (KeyStore) this.h0.c;
        }
        return keyStore;
    }

    @ManagedAttribute("The keyStore path")
    public String getKeyStorePath() {
        return Objects.toString(this.z, null);
    }

    @ManagedAttribute("The keyStore provider name")
    public String getKeyStoreProvider() {
        return this.A;
    }

    public Resource getKeyStoreResource() {
        return this.z;
    }

    @ManagedAttribute("The keyStore type")
    public String getKeyStoreType() {
        return this.B;
    }

    @ManagedAttribute("The maximum number of intermediate certificates")
    public int getMaxCertPathLength() {
        return this.S;
    }

    @ManagedAttribute("Whether client authentication is needed")
    public boolean getNeedClientAuth() {
        return this.G;
    }

    @ManagedAttribute("The online certificate status protocol URL")
    public String getOcspResponderURL() {
        return this.W;
    }

    public Password getPassword(String str) {
        return Password.getPassword(str, null, null);
    }

    public PKIXCertPathChecker getPkixCertPathChecker() {
        return this.i0;
    }

    @ManagedAttribute("The TLS protocol")
    public String getProtocol() {
        return this.M;
    }

    @ManagedAttribute("The provider name")
    public String getProvider() {
        return this.L;
    }

    @ManagedAttribute("The max number of renegotiations allowed")
    public int getRenegotiationLimit() {
        return this.g0;
    }

    @ManagedAttribute("The SecureRandom algorithm")
    public String getSecureRandomAlgorithm() {
        return this.N;
    }

    @ManagedAttribute(readonly = true, value = "The selected cipher suites")
    public String[] getSelectedCipherSuites() {
        String[] strArr = this.y;
        return (String[]) Arrays.copyOf(strArr, strArr.length);
    }

    @ManagedAttribute(readonly = true, value = "The selected TLS protocol versions")
    public String[] getSelectedProtocols() {
        String[] strArr = this.v;
        return (String[]) Arrays.copyOf(strArr, strArr.length);
    }

    public SSLContext getSslContext() {
        SSLContext sSLContext;
        if (!isStarted()) {
            return this.c0;
        }
        synchronized (this) {
            sSLContext = (SSLContext) this.h0.d;
        }
        return sSLContext;
    }

    @ManagedAttribute("The maximum TLS session cache size")
    public int getSslSessionCacheSize() {
        return this.a0;
    }

    @ManagedAttribute("The TLS session cache timeout, in seconds")
    public int getSslSessionTimeout() {
        return this.b0;
    }

    @ManagedAttribute("The TrustManagerFactory algorithm")
    public String getTrustManagerFactoryAlgorithm() {
        return this.P;
    }

    public TrustManager[] getTrustManagers(KeyStore keyStore, Collection<? extends CRL> collection) throws Exception {
        if (keyStore == null) {
            return null;
        }
        if (!isValidatePeerCerts() || !"PKIX".equalsIgnoreCase(getTrustManagerFactoryAlgorithm())) {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this.P);
            trustManagerFactory.init(keyStore);
            return trustManagerFactory.getTrustManagers();
        }
        PKIXBuilderParameters newPKIXBuilderParameters = newPKIXBuilderParameters(keyStore, collection);
        TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(this.P);
        trustManagerFactory2.init(new CertPathTrustManagerParameters(newPKIXBuilderParameters));
        return trustManagerFactory2.getTrustManagers();
    }

    public KeyStore getTrustStore() {
        KeyStore keyStore;
        if (!isStarted()) {
            return this.Y;
        }
        synchronized (this) {
            keyStore = (KeyStore) this.h0.b;
        }
        return keyStore;
    }

    @ManagedAttribute("The trustStore path")
    public String getTrustStorePath() {
        return Objects.toString(this.D, null);
    }

    @ManagedAttribute("The trustStore provider name")
    public String getTrustStoreProvider() {
        return this.E;
    }

    public Resource getTrustStoreResource() {
        return this.D;
    }

    @ManagedAttribute("The trustStore type")
    public String getTrustStoreType() {
        return this.F;
    }

    @ManagedAttribute("Whether client authentication is wanted")
    public boolean getWantClientAuth() {
        return this.H;
    }

    public X509 getX509(String str) {
        return (X509) this.j.get(str);
    }

    @ManagedAttribute("Whether certificate revocation list distribution points is enabled")
    public boolean isEnableCRLDP() {
        return this.U;
    }

    @ManagedAttribute("Whether online certificate status protocol support is enabled")
    public boolean isEnableOCSP() {
        return this.V;
    }

    @ManagedAttribute("Whether renegotiation is allowed")
    public boolean isRenegotiationAllowed() {
        return this.f0;
    }

    @ManagedAttribute("Whether TLS session caching is enabled")
    public boolean isSessionCachingEnabled() {
        return this.Z;
    }

    @ManagedAttribute("Whether certificates should be trusted even if they are invalid")
    public boolean isTrustAll() {
        return this.e0;
    }

    @ManagedAttribute("Whether to respect the cipher suites order")
    public boolean isUseCipherSuitesOrder() {
        return this.w;
    }

    @ManagedAttribute("Whether certificates are validated")
    public boolean isValidateCerts() {
        return this.Q;
    }

    @ManagedAttribute("Whether peer certificates are validated")
    public boolean isValidatePeerCerts() {
        return this.R;
    }

    public Collection<? extends CRL> loadCRL(String str) throws Exception {
        return CertificateUtils.loadCRL(str);
    }

    public KeyStore loadKeyStore(Resource resource) throws Exception {
        return CertificateUtils.getKeyStore(resource, getKeyStoreType(), getKeyStoreProvider(), Objects.toString(this.I, null));
    }

    public KeyStore loadTrustStore(Resource resource) throws Exception {
        String objects = Objects.toString(getTrustStoreType(), getKeyStoreType());
        String objects2 = Objects.toString(getTrustStoreProvider(), getKeyStoreProvider());
        Password password = this.K;
        if (resource == null || resource.equals(this.z)) {
            resource = this.z;
            if (password == null) {
                password = this.I;
            }
        }
        return CertificateUtils.getKeyStore(resource, objects, objects2, Objects.toString(password, null));
    }

    public PKIXBuilderParameters newPKIXBuilderParameters(KeyStore keyStore, Collection<? extends CRL> collection) throws Exception {
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        pKIXBuilderParameters.setMaxPathLength(this.S);
        pKIXBuilderParameters.setRevocationEnabled(true);
        PKIXCertPathChecker pKIXCertPathChecker = this.i0;
        if (pKIXCertPathChecker != null) {
            pKIXBuilderParameters.addCertPathChecker(pKIXCertPathChecker);
        }
        if (collection != null && !collection.isEmpty()) {
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(collection)));
        }
        if (this.U) {
            System.setProperty("com.sun.security.enableCRLDP", BooleanUtils.TRUE);
        }
        if (this.V) {
            Security.setProperty("ocsp.enable", BooleanUtils.TRUE);
            String str = this.W;
            if (str != null) {
                Security.setProperty("ocsp.responderURL", str);
            }
        }
        return pKIXBuilderParameters;
    }

    public Password newPassword(String str) {
        return new Password(str);
    }

    public SSLEngine newSSLEngine() {
        b();
        SSLEngine createSSLEngine = getSslContext().createSSLEngine();
        customize(createSSLEngine);
        return createSSLEngine;
    }

    public SSLEngine newSSLEngine(String str, int i) {
        b();
        SSLContext sslContext = getSslContext();
        SSLEngine createSSLEngine = isSessionCachingEnabled() ? sslContext.createSSLEngine(str, i) : sslContext.createSSLEngine();
        customize(createSSLEngine);
        return createSSLEngine;
    }

    public SSLEngine newSSLEngine(InetSocketAddress inetSocketAddress) {
        return inetSocketAddress == null ? newSSLEngine() : newSSLEngine(inetSocketAddress.getHostString(), inetSocketAddress.getPort());
    }

    public SSLServerSocket newSslServerSocket(String str, int i, int i2) throws IOException {
        SSLParameters sSLParameters;
        b();
        SSLServerSocketFactory serverSocketFactory = getSslContext().getServerSocketFactory();
        SSLServerSocket sSLServerSocket = (SSLServerSocket) (str == null ? serverSocketFactory.createServerSocket(i, i2) : serverSocketFactory.createServerSocket(i, i2, InetAddress.getByName(str)));
        sSLParameters = sSLServerSocket.getSSLParameters();
        sSLServerSocket.setSSLParameters(customize(sSLParameters));
        return sSLServerSocket;
    }

    public SSLSocket newSslSocket() throws IOException {
        b();
        SSLSocket sSLSocket = (SSLSocket) getSslContext().getSocketFactory().createSocket();
        sSLSocket.setSSLParameters(customize(sSLSocket.getSSLParameters()));
        return sSLSocket;
    }

    public void processIncludeCipherSuites(String[] strArr, List<String> list) {
        Iterator it = this.i.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            Pattern compile = Pattern.compile(str);
            boolean z = false;
            for (String str2 : strArr) {
                if (compile.matcher(str2).matches()) {
                    list.add(str2);
                    z = true;
                }
            }
            if (!z) {
                j0.info("No Cipher matching '{}' is supported", str);
            }
        }
    }

    public void reload(Consumer<SslContextFactory> consumer) throws Exception {
        synchronized (this) {
            consumer.p(this);
            d();
            c();
        }
    }

    public void removeExcludedCipherSuites(List<String> list) {
        Iterator it = this.h.iterator();
        while (it.hasNext()) {
            Pattern compile = Pattern.compile((String) it.next());
            Iterator<String> it2 = list.iterator();
            while (it2.hasNext()) {
                if (compile.matcher(it2.next()).matches()) {
                    it2.remove();
                }
            }
        }
    }

    public void secureConfigurationCheck() {
        boolean isTrustAll = isTrustAll();
        Logger logger = k0;
        if (isTrustAll) {
            logger.warn("Trusting all certificates configured for {}", this);
        }
        if (getEndpointIdentificationAlgorithm() == null) {
            logger.warn("No Client EndPointIdentificationAlgorithm configured for {}", this);
        }
        SSLEngine createSSLEngine = ((SSLContext) this.h0.d).createSSLEngine();
        customize(createSSLEngine);
        SSLParameters sSLParameters = createSSLEngine.getSSLParameters();
        for (String str : sSLParameters.getProtocols()) {
            for (String str2 : l0) {
                if (str2.equals(str)) {
                    logger.warn("Protocol {} not excluded for {}", str, this);
                }
            }
        }
        for (String str3 : sSLParameters.getCipherSuites()) {
            for (String str4 : m0) {
                if (str3.matches(str4)) {
                    logger.warn("Weak cipher suite {} enabled for {}", str3, this);
                }
            }
        }
    }

    public void selectCipherSuites(String[] strArr, String[] strArr2) {
        ArrayList arrayList = new ArrayList();
        if (this.i.isEmpty()) {
            arrayList.addAll(Arrays.asList(strArr));
        } else {
            processIncludeCipherSuites(strArr2, arrayList);
        }
        removeExcludedCipherSuites(arrayList);
        boolean isEmpty = arrayList.isEmpty();
        Logger logger = j0;
        if (isEmpty) {
            logger.warn("No supported ciphers from {}", Arrays.asList(strArr2));
        }
        Comparator<String> cipherComparator = getCipherComparator();
        if (cipherComparator != null) {
            if (logger.isDebugEnabled()) {
                logger.debug("Sorting selected ciphers with {}", cipherComparator);
            }
            List.EL.sort(arrayList, cipherComparator);
        }
        this.y = (String[]) arrayList.toArray(new String[0]);
    }

    public void selectProtocols(String[] strArr, String[] strArr2) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        LinkedHashSet<String> linkedHashSet2 = this.g;
        boolean isEmpty = linkedHashSet2.isEmpty();
        Logger logger = j0;
        if (isEmpty) {
            linkedHashSet.addAll(Arrays.asList(strArr));
        } else {
            for (String str : linkedHashSet2) {
                if (Arrays.asList(strArr2).contains(str)) {
                    linkedHashSet.add(str);
                } else {
                    logger.info("Protocol {} not supported in {}", str, Arrays.asList(strArr2));
                }
            }
        }
        linkedHashSet.removeAll(this.f);
        if (linkedHashSet.isEmpty()) {
            logger.warn("No selected protocols from {}", Arrays.asList(strArr2));
        }
        this.v = (String[]) linkedHashSet.toArray(new String[0]);
    }

    public void setCertAlias(String str) {
        this.C = str;
    }

    public void setCipherComparator(Comparator<String> comparator) {
        if (comparator != null) {
            setUseCipherSuitesOrder(true);
        }
        this.x = comparator;
    }

    public void setCrlPath(String str) {
        this.T = str;
    }

    public void setEnableCRLDP(boolean z) {
        this.U = z;
    }

    public void setEnableOCSP(boolean z) {
        this.V = z;
    }

    public void setEndpointIdentificationAlgorithm(String str) {
        this.d0 = str;
    }

    public void setExcludeCipherSuites(String... strArr) {
        LinkedHashSet linkedHashSet = this.h;
        linkedHashSet.clear();
        linkedHashSet.addAll(Arrays.asList(strArr));
    }

    public void setExcludeProtocols(String... strArr) {
        LinkedHashSet linkedHashSet = this.f;
        linkedHashSet.clear();
        linkedHashSet.addAll(Arrays.asList(strArr));
    }

    public void setIncludeCipherSuites(String... strArr) {
        ArrayList arrayList = this.i;
        arrayList.clear();
        arrayList.addAll(Arrays.asList(strArr));
    }

    public void setIncludeProtocols(String... strArr) {
        LinkedHashSet linkedHashSet = this.g;
        linkedHashSet.clear();
        linkedHashSet.addAll(Arrays.asList(strArr));
    }

    public void setKeyManagerFactoryAlgorithm(String str) {
        this.O = str;
    }

    public void setKeyManagerPassword(String str) {
        if (str != null) {
            this.J = newPassword(str);
        } else if (System.getProperty(KEYPASSWORD_PROPERTY) != null) {
            this.J = getPassword(KEYPASSWORD_PROPERTY);
        } else {
            this.J = null;
        }
    }

    public void setKeyStore(KeyStore keyStore) {
        this.X = keyStore;
    }

    public void setKeyStorePassword(String str) {
        if (str != null) {
            this.I = newPassword(str);
        } else if (this.z != null) {
            this.I = getPassword(PASSWORD_PROPERTY);
        } else {
            this.I = null;
        }
    }

    public void setKeyStorePath(String str) {
        try {
            this.z = Resource.newResource(str);
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    public void setKeyStoreProvider(String str) {
        this.A = str;
    }

    public void setKeyStoreResource(Resource resource) {
        this.z = resource;
    }

    public void setKeyStoreType(String str) {
        this.B = str;
    }

    public void setMaxCertPathLength(int i) {
        this.S = i;
    }

    public void setNeedClientAuth(boolean z) {
        this.G = z;
    }

    public void setOcspResponderURL(String str) {
        this.W = str;
    }

    public void setPkixCertPathChecker(PKIXCertPathChecker pKIXCertPathChecker) {
        this.i0 = pKIXCertPathChecker;
    }

    public void setProtocol(String str) {
        this.M = str;
    }

    public void setProvider(String str) {
        this.L = str;
    }

    public void setRenegotiationAllowed(boolean z) {
        this.f0 = z;
    }

    public void setRenegotiationLimit(int i) {
        this.g0 = i;
    }

    public void setSecureRandomAlgorithm(String str) {
        this.N = str;
    }

    public void setSessionCachingEnabled(boolean z) {
        this.Z = z;
    }

    public void setSslContext(SSLContext sSLContext) {
        this.c0 = sSLContext;
    }

    public void setSslSessionCacheSize(int i) {
        this.a0 = i;
    }

    public void setSslSessionTimeout(int i) {
        this.b0 = i;
    }

    public void setTrustAll(boolean z) {
        this.e0 = z;
        if (z) {
            setEndpointIdentificationAlgorithm(null);
        }
    }

    public void setTrustManagerFactoryAlgorithm(String str) {
        this.P = str;
    }

    public void setTrustStore(KeyStore keyStore) {
        this.Y = keyStore;
    }

    public void setTrustStorePassword(String str) {
        if (str != null) {
            this.K = newPassword(str);
            return;
        }
        Resource resource = this.D;
        if (resource == null || resource.equals(this.z)) {
            this.K = null;
        } else {
            this.K = getPassword(PASSWORD_PROPERTY);
        }
    }

    public void setTrustStorePath(String str) {
        try {
            this.D = Resource.newResource(str);
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    public void setTrustStoreProvider(String str) {
        this.E = str;
    }

    public void setTrustStoreResource(Resource resource) {
        this.D = resource;
    }

    public void setTrustStoreType(String str) {
        this.F = str;
    }

    public void setUseCipherSuitesOrder(boolean z) {
        this.w = z;
    }

    public void setValidateCerts(boolean z) {
        this.Q = z;
    }

    public void setValidatePeerCerts(boolean z) {
        this.R = z;
    }

    public void setWantClientAuth(boolean z) {
        this.H = z;
    }

    @Override // org.eclipse.jetty.util.component.AbstractLifeCycle
    public String toString() {
        return String.format("%s@%x[provider=%s,keyStore=%s,trustStore=%s]", getClass().getSimpleName(), Integer.valueOf(hashCode()), this.L, this.z, this.D);
    }
}
