package org.apache.tomcat.util.net;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext;
import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.openssl.OpenSSLImplementation;
import org.apache.tomcat.util.net.openssl.ciphers.Cipher;

/* loaded from: input_file:org/apache/tomcat/util/net/AbstractJsseEndpoint.class */
public abstract class AbstractJsseEndpoint<S> extends AbstractEndpoint<S> {
    private String sslImplementationName = null;
    private int sniParseLimit = 65536;
    private SSLImplementation sslImplementation = null;

    public String getSslImplementationName() {
        return this.sslImplementationName;
    }

    public void setSslImplementationName(String str) {
        this.sslImplementationName = str;
    }

    public SSLImplementation getSslImplementation() {
        return this.sslImplementation;
    }

    public int getSniParseLimit() {
        return this.sniParseLimit;
    }

    public void setSniParseLimit(int i) {
        this.sniParseLimit = i;
    }

    @Override // org.apache.tomcat.util.net.AbstractEndpoint
    protected SSLHostConfig.Type getSslConfigType() {
        return OpenSSLImplementation.class.getName().equals(this.sslImplementationName) ? SSLHostConfig.Type.EITHER : SSLHostConfig.Type.JSSE;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initialiseSsl() throws Exception {
        if (isSSLEnabled()) {
            this.sslImplementation = SSLImplementation.getInstance(getSslImplementationName());
            Iterator<SSLHostConfig> it = this.sslHostConfigs.values().iterator();
            while (it.hasNext()) {
                createSSLContext(it.next());
            }
        }
    }

    @Override // org.apache.tomcat.util.net.AbstractEndpoint
    protected void createSSLContext(SSLHostConfig sSLHostConfig) throws IllegalArgumentException {
        boolean z = true;
        for (SSLHostConfigCertificate sSLHostConfigCertificate : sSLHostConfig.getCertificates(true)) {
            SSLUtil sSLUtil = this.sslImplementation.getSSLUtil(sSLHostConfigCertificate);
            if (z) {
                z = false;
                sSLHostConfig.setEnabledProtocols(sSLUtil.getEnabledProtocols());
                sSLHostConfig.setEnabledCiphers(sSLUtil.getEnabledCiphers());
            }
            try {
                SSLContext createSSLContext = sSLUtil.createSSLContext(this.negotiableProtocols);
                createSSLContext.init(sSLUtil.getKeyManagers(), sSLUtil.getTrustManagers(), null);
                SSLSessionContext serverSessionContext = createSSLContext.getServerSessionContext();
                if (serverSessionContext != null) {
                    sSLUtil.configureSessionContext(serverSessionContext);
                }
                sSLHostConfigCertificate.setSslContext(createSSLContext);
            } catch (Exception e) {
                throw new IllegalArgumentException(e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void destroySsl() throws Exception {
        if (isSSLEnabled()) {
            Iterator<SSLHostConfig> it = this.sslHostConfigs.values().iterator();
            while (it.hasNext()) {
                releaseSSLContext(it.next());
            }
        }
    }

    @Override // org.apache.tomcat.util.net.AbstractEndpoint
    protected void releaseSSLContext(SSLHostConfig sSLHostConfig) {
        SSLContext sslContext;
        for (SSLHostConfigCertificate sSLHostConfigCertificate : sSLHostConfig.getCertificates(true)) {
            if (sSLHostConfigCertificate.getSslContext() != null && (sslContext = sSLHostConfigCertificate.getSslContext()) != null) {
                sslContext.destroy();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SSLEngine createSSLEngine(String str, List<Cipher> list) {
        SSLHostConfig sSLHostConfig = getSSLHostConfig(str);
        SSLContext sslContext = selectCertificate(sSLHostConfig, list).getSslContext();
        if (sslContext == null) {
            throw new IllegalStateException(sm.getString("endpoint.jsse.noSslContext", str));
        }
        SSLEngine createSSLEngine = sslContext.createSSLEngine();
        switch (sSLHostConfig.getCertificateVerification()) {
            case NONE:
                createSSLEngine.setNeedClientAuth(false);
                createSSLEngine.setWantClientAuth(false);
                break;
            case OPTIONAL:
            case OPTIONAL_NO_CA:
                createSSLEngine.setWantClientAuth(true);
                break;
            case REQUIRED:
                createSSLEngine.setNeedClientAuth(true);
                break;
        }
        createSSLEngine.setUseClientMode(false);
        createSSLEngine.setEnabledCipherSuites(sSLHostConfig.getEnabledCiphers());
        createSSLEngine.setEnabledProtocols(sSLHostConfig.getEnabledProtocols());
        String honorCipherOrder = sSLHostConfig.getHonorCipherOrder();
        if (honorCipherOrder != null) {
            JreCompat.getInstance().setUseServerCipherSuitesOrder(createSSLEngine, Boolean.parseBoolean(honorCipherOrder));
        }
        return createSSLEngine;
    }

    private SSLHostConfigCertificate selectCertificate(SSLHostConfig sSLHostConfig, List<Cipher> list) {
        Set<SSLHostConfigCertificate> certificates = sSLHostConfig.getCertificates(true);
        if (certificates.size() == 1) {
            return certificates.iterator().next();
        }
        LinkedHashSet<Cipher> cipherList = sSLHostConfig.getCipherList();
        ArrayList<Cipher> arrayList = new ArrayList();
        if (Boolean.parseBoolean(sSLHostConfig.getHonorCipherOrder())) {
            arrayList.addAll(cipherList);
            arrayList.retainAll(list);
        } else {
            arrayList.addAll(list);
            arrayList.retainAll(cipherList);
        }
        for (Cipher cipher : arrayList) {
            for (SSLHostConfigCertificate sSLHostConfigCertificate : certificates) {
                if (sSLHostConfigCertificate.getType().isCompatibleWith(cipher.getAu())) {
                    return sSLHostConfigCertificate;
                }
            }
        }
        return certificates.iterator().next();
    }

    @Override // org.apache.tomcat.util.net.AbstractEndpoint
    public void init() throws Exception {
        testServerCipherSuitesOrderSupport();
        super.init();
    }

    private void testServerCipherSuitesOrderSupport() {
        if (JreCompat.isJre8Available() || OpenSSLImplementation.class.getName().equals(getSslImplementationName())) {
            return;
        }
        Iterator<SSLHostConfig> it = this.sslHostConfigs.values().iterator();
        while (it.hasNext()) {
            if (it.next().getHonorCipherOrder() != null) {
                throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"));
            }
        }
    }

    @Override // org.apache.tomcat.util.net.AbstractEndpoint
    public void unbind() throws Exception {
        Iterator<SSLHostConfig> it = this.sslHostConfigs.values().iterator();
        while (it.hasNext()) {
            Iterator<SSLHostConfigCertificate> it2 = it.next().getCertificates(true).iterator();
            while (it2.hasNext()) {
                it2.next().setSslContext(null);
            }
        }
    }
}
