package io.apigee.trireme.core.modules;

import io.apigee.trireme.core.ArgUtils;
import io.apigee.trireme.core.InternalNodeModule;
import io.apigee.trireme.core.NodeRuntime;
import io.apigee.trireme.core.Utils;
import io.apigee.trireme.core.internal.CompositeTrustManager;
import io.apigee.trireme.core.internal.CryptoException;
import io.apigee.trireme.core.internal.CryptoService;
import io.apigee.trireme.core.internal.SSLCiphers;
import io.apigee.trireme.core.modules.Buffer;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.ServiceLoader;
import java.util.regex.Pattern;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.mozilla.javascript.Context;
import org.mozilla.javascript.EvaluatorException;
import org.mozilla.javascript.Function;
import org.mozilla.javascript.Scriptable;
import org.mozilla.javascript.ScriptableObject;
import org.mozilla.javascript.annotations.JSFunction;
import org.mozilla.javascript.annotations.JSGetter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/apigee/trireme/core/modules/SSLWrap.class */
public class SSLWrap implements InternalNodeModule {
    protected static final Logger log = LoggerFactory.getLogger(SSLWrap.class);
    protected static final Pattern COLON = Pattern.compile(":");
    protected static final DateFormat X509_DATE = new SimpleDateFormat("MMM dd HH:mm:ss yyyy zzz");
    protected static CryptoService cryptoService;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.apigee.trireme.core.modules.SSLWrap$1, reason: invalid class name */
    /* loaded from: input_file:io/apigee/trireme/core/modules/SSLWrap$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus;
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$Status = new int[SSLEngineResult.Status.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_OVERFLOW.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_UNDERFLOW.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.CLOSED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.OK.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 3;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 4;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 5;
            } catch (NoSuchFieldError e9) {
            }
        }
    }

    /* loaded from: input_file:io/apigee/trireme/core/modules/SSLWrap$AllTrustingManager.class */
    private static final class AllTrustingManager implements X509TrustManager {
        static final AllTrustingManager INSTANCE = new AllTrustingManager();

        private AllTrustingManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* loaded from: input_file:io/apigee/trireme/core/modules/SSLWrap$ContextImpl.class */
    public static class ContextImpl extends ScriptableObject {
        public static final String CLASS_NAME = "_sslContextClass";
        private static final String DEFAULT_KEY_ENTRY = "key";
        private static final String DEFAULT_CERT_ENTRY = "cert";
        private SSLContext context;
        private NodeRuntime runner;
        private KeyManager[] keyManagers;
        private PrivateKey privateKey;
        private X509Certificate[] certChain;
        private TrustManager[] trustManagers;
        private X509CRL crl;
        private KeyStore trustedCertStore;
        private X509TrustManager trustedCertManager;
        private boolean trustStoreValidation;

        public String getClassName() {
            return CLASS_NAME;
        }

        void init(NodeRuntime nodeRuntime) {
            this.runner = nodeRuntime;
        }

        public SSLContext getSslContext() {
            return this.context;
        }

        @JSFunction
        public void setKeyStore(String str, String str2) {
            char[] charArray = str2.toCharArray();
            try {
                try {
                    try {
                        FileInputStream fileInputStream = new FileInputStream(this.runner.translatePath(str));
                        try {
                            KeyStore keyStore = KeyStore.getInstance("JKS");
                            keyStore.load(fileInputStream, charArray);
                            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                            keyManagerFactory.init(keyStore, charArray);
                            this.keyManagers = keyManagerFactory.getKeyManagers();
                            fileInputStream.close();
                        } catch (Throwable th) {
                            fileInputStream.close();
                            throw th;
                        }
                    } catch (GeneralSecurityException e) {
                        throw new EvaluatorException("Error opening key store: " + e);
                    }
                } catch (IOException e2) {
                    throw new EvaluatorException("I/O error reading key store: " + e2);
                }
            } finally {
                if (charArray != null) {
                    Arrays.fill(charArray, (char) 0);
                }
            }
        }

        @JSFunction
        public static void setPfx(Context context, Scriptable scriptable, Object[] objArr, Function function) {
            Buffer.BufferImpl bufferImpl = (Buffer.BufferImpl) ArgUtils.objArg(objArr, 0, Buffer.BufferImpl.class, true);
            String stringArg = ArgUtils.stringArg(objArr, 1, null);
            char[] charArray = stringArg == null ? null : stringArg.toCharArray();
            ContextImpl contextImpl = (ContextImpl) scriptable;
            try {
                try {
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bufferImpl.getArray(), bufferImpl.getArrayOffset(), bufferImpl.getLength());
                    KeyStore keyStore = KeyStore.getInstance("PKCS12");
                    keyStore.load(byteArrayInputStream, charArray);
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                    keyManagerFactory.init(keyStore, charArray);
                    contextImpl.keyManagers = keyManagerFactory.getKeyManagers();
                    if (charArray != null) {
                        Arrays.fill(charArray, (char) 0);
                    }
                } catch (IOException e) {
                    throw new EvaluatorException("I/O error reading key store: " + e);
                } catch (GeneralSecurityException e2) {
                    throw new EvaluatorException("Error opening key store: " + e2);
                }
            } catch (Throwable th) {
                if (charArray != null) {
                    Arrays.fill(charArray, (char) 0);
                }
                throw th;
            }
        }

        @JSFunction
        public static void setKey(Context context, Scriptable scriptable, Object[] objArr, Function function) {
            if (SSLWrap.cryptoService == null) {
                throw Utils.makeError(context, scriptable, "No crypto service available to read PEM key");
            }
            Buffer.BufferImpl bufferImpl = (Buffer.BufferImpl) ArgUtils.objArg(objArr, 0, Buffer.BufferImpl.class, true);
            String stringArg = ArgUtils.stringArg(objArr, 1, null);
            char[] charArray = stringArg == null ? null : stringArg.toCharArray();
            try {
                try {
                    ((ContextImpl) scriptable).privateKey = SSLWrap.cryptoService.readKeyPair("RSA", new ByteArrayInputStream(bufferImpl.getArray(), bufferImpl.getArrayOffset(), bufferImpl.getLength()), charArray).getPrivate();
                    Arrays.fill(charArray, (char) 0);
                } catch (CryptoException e) {
                    throw Utils.makeError(context, scriptable, e.toString());
                } catch (IOException e2) {
                    throw Utils.makeError(context, scriptable, e2.toString());
                }
            } catch (Throwable th) {
                Arrays.fill(charArray, (char) 0);
                throw th;
            }
        }

        @JSFunction
        public static void setCert(Context context, Scriptable scriptable, Object[] objArr, Function function) {
            if (SSLWrap.cryptoService == null) {
                throw Utils.makeError(context, scriptable, "No crypto service available to read PEM key");
            }
            Buffer.BufferImpl bufferImpl = (Buffer.BufferImpl) ArgUtils.objArg(objArr, 0, Buffer.BufferImpl.class, true);
            ContextImpl contextImpl = (ContextImpl) scriptable;
            try {
                X509Certificate readCertificate = SSLWrap.cryptoService.readCertificate(new ByteArrayInputStream(bufferImpl.getArray(), bufferImpl.getArrayOffset(), bufferImpl.getLength()));
                if (SSLWrap.log.isDebugEnabled()) {
                    SSLWrap.log.debug("My SSL certificate is {}", readCertificate.getSubjectDN());
                }
                contextImpl.certChain = new X509Certificate[]{readCertificate};
            } catch (CryptoException e) {
                throw Utils.makeError(context, scriptable, e.toString());
            } catch (IOException e2) {
                throw Utils.makeError(context, scriptable, e2.toString());
            }
        }

        @JSFunction
        public void setTrustStore(String str) {
            try {
                FileInputStream fileInputStream = new FileInputStream(this.runner.translatePath(str));
                try {
                    KeyStore keyStore = KeyStore.getInstance("JKS");
                    keyStore.load(fileInputStream, null);
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
                    trustManagerFactory.init(keyStore);
                    this.trustManagers = trustManagerFactory.getTrustManagers();
                    this.trustStoreValidation = true;
                    fileInputStream.close();
                } catch (Throwable th) {
                    fileInputStream.close();
                    throw th;
                }
            } catch (IOException e) {
                throw new EvaluatorException("I/O error reading key store: " + e);
            } catch (GeneralSecurityException e2) {
                throw new EvaluatorException("Error opening key store: " + e2);
            }
        }

        @JSFunction
        public static void addTrustedCert(Context context, Scriptable scriptable, Object[] objArr, Function function) {
            if (SSLWrap.cryptoService == null) {
                throw Utils.makeError(context, scriptable, "No crypto service available to read cert");
            }
            int intArg = ArgUtils.intArg(objArr, 0);
            ArgUtils.ensureArg(objArr, 1);
            ContextImpl contextImpl = (ContextImpl) scriptable;
            Buffer.BufferImpl bufferImpl = null;
            if (objArr[1] != null) {
                bufferImpl = (Buffer.BufferImpl) ArgUtils.objArg(objArr, 1, Buffer.BufferImpl.class, true);
            }
            try {
                if (contextImpl.trustedCertStore == null) {
                    contextImpl.trustedCertStore = SSLWrap.cryptoService.createPemKeyStore();
                    contextImpl.trustedCertStore.load(null, null);
                }
                if (bufferImpl != null) {
                    X509Certificate readCertificate = SSLWrap.cryptoService.readCertificate(new ByteArrayInputStream(bufferImpl.getArray(), bufferImpl.getArrayOffset(), bufferImpl.getLength()));
                    if (SSLWrap.log.isDebugEnabled()) {
                        SSLWrap.log.debug("Adding trusted CA cert {}");
                    }
                    contextImpl.trustedCertStore.setCertificateEntry("Cert " + intArg, readCertificate);
                }
            } catch (CryptoException e) {
                throw Utils.makeError(context, scriptable, e.toString());
            } catch (IOException e2) {
                throw Utils.makeError(context, scriptable, e2.toString());
            } catch (GeneralSecurityException e3) {
                throw Utils.makeError(context, scriptable, e3.toString());
            }
        }

        @JSFunction
        public static void setCRL(Context context, Scriptable scriptable, Object[] objArr, Function function) {
            Buffer.BufferImpl bufferImpl = (Buffer.BufferImpl) ArgUtils.objArg(objArr, 0, Buffer.BufferImpl.class, true);
            try {
                ((ContextImpl) scriptable).crl = (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(new ByteArrayInputStream(bufferImpl.getArray(), bufferImpl.getArrayOffset(), bufferImpl.getLength()));
            } catch (CRLException e) {
                throw Utils.makeError(Context.getCurrentContext(), scriptable, "Error reading CRL: " + e);
            } catch (CertificateException e2) {
                throw Utils.makeError(Context.getCurrentContext(), scriptable, "Error reading CRL: " + e2);
            }
        }

        @JSFunction
        public static void init(Context context, Scriptable scriptable, Object[] objArr, Function function) {
            ContextImpl contextImpl = (ContextImpl) scriptable;
            if (contextImpl.keyManagers == null && contextImpl.privateKey != null) {
                if (SSLWrap.cryptoService == null) {
                    throw Utils.makeError(context, scriptable, "No crypto service available");
                }
                KeyStore createPemKeyStore = SSLWrap.cryptoService.createPemKeyStore();
                try {
                    createPemKeyStore.load(null, null);
                    createPemKeyStore.setKeyEntry(DEFAULT_KEY_ENTRY, contextImpl.privateKey, null, contextImpl.certChain);
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                    keyManagerFactory.init(createPemKeyStore, null);
                    contextImpl.keyManagers = keyManagerFactory.getKeyManagers();
                } catch (IOException e) {
                    throw Utils.makeError(context, scriptable, e.toString());
                } catch (GeneralSecurityException e2) {
                    throw Utils.makeError(context, scriptable, e2.toString());
                }
            }
            if (contextImpl.trustedCertStore != null && contextImpl.trustManagers == null) {
                try {
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
                    trustManagerFactory.init(contextImpl.trustedCertStore);
                    contextImpl.trustManagers = trustManagerFactory.getTrustManagers();
                    contextImpl.trustStoreValidation = true;
                } catch (GeneralSecurityException e3) {
                    throw Utils.makeError(context, scriptable, e3.toString());
                }
            }
            TrustManager[] trustManagerArr = contextImpl.trustManagers;
            if (contextImpl.trustManagers != null && contextImpl.crl != null) {
                trustManagerArr[0] = new CompositeTrustManager((X509TrustManager) contextImpl.trustManagers[0], contextImpl.crl);
            }
            try {
                if (contextImpl.keyManagers == null && trustManagerArr == null) {
                    contextImpl.context = SSLContext.getDefault();
                    contextImpl.trustStoreValidation = true;
                } else {
                    contextImpl.context = SSLContext.getInstance(SSLCiphers.TLS);
                    contextImpl.context.init(contextImpl.keyManagers, trustManagerArr, null);
                }
                if (contextImpl.trustedCertStore != null) {
                    try {
                        TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance("SunX509");
                        trustManagerFactory2.init(contextImpl.trustedCertStore);
                        contextImpl.trustedCertManager = (X509TrustManager) trustManagerFactory2.getTrustManagers()[0];
                        if (contextImpl.crl != null) {
                            contextImpl.trustedCertManager = new CompositeTrustManager(contextImpl.trustedCertManager, contextImpl.crl);
                        }
                    } catch (GeneralSecurityException e4) {
                        throw Utils.makeError(context, scriptable, e4.toString());
                    }
                }
            } catch (KeyManagementException e5) {
                throw Utils.makeError(context, scriptable, "Error initializing SSL context: " + e5);
            } catch (NoSuchAlgorithmException e6) {
                throw new AssertionError(e6);
            }
        }

        @JSFunction
        public void setTrustEverybody() {
            this.trustManagers = new TrustManager[]{AllTrustingManager.INSTANCE};
        }

        @JSFunction
        public static Object createEngine(Context context, Scriptable scriptable, Object[] objArr, Function function) {
            boolean booleanArg = ArgUtils.booleanArg(objArr, 0);
            ContextImpl contextImpl = (ContextImpl) scriptable;
            EngineImpl newObject = context.newObject(scriptable, EngineImpl.CLASS_NAME);
            newObject.init(contextImpl.runner, contextImpl.context, booleanArg, contextImpl.trustStoreValidation, contextImpl.trustedCertManager);
            return newObject;
        }
    }

    /* loaded from: input_file:io/apigee/trireme/core/modules/SSLWrap$EngineImpl.class */
    public static class EngineImpl extends ScriptableObject {
        public static final String CLASS_NAME = "_sslEngineClass";
        public static final int STATUS_OK = 0;
        public static final int STATUS_NEED_WRAP = 1;
        public static final int STATUS_NEED_UNWRAP = 2;
        public static final int STATUS_NEED_TASK = 3;
        public static final int STATUS_UNDERFLOW = 4;
        public static final int STATUS_OVERFLOW = 5;
        public static final int STATUS_CLOSED = 6;
        public static final int STATUS_ERROR = 7;
        private static final int MIN_BUFFER_SIZE = 128;
        private SSLEngine engine;
        private NodeRuntime runner;
        private X509TrustManager trustManager;
        private boolean peerAuthorized;
        private Scriptable authorizationError;
        private boolean trustStoreValidation;
        private static final ByteBuffer EMPTY_BUF = ByteBuffer.allocate(0);

        public String getClassName() {
            return CLASS_NAME;
        }

        void init(NodeRuntime nodeRuntime, SSLContext sSLContext, boolean z, boolean z2, X509TrustManager x509TrustManager) {
            this.runner = nodeRuntime;
            this.trustManager = x509TrustManager;
            this.trustStoreValidation = z2;
            this.engine = sSLContext.createSSLEngine();
            this.engine.setUseClientMode(z);
        }

        private static ByteBuffer doubleBuffer(ByteBuffer byteBuffer) {
            ByteBuffer allocate = ByteBuffer.allocate(byteBuffer.capacity() * 2);
            byteBuffer.flip();
            allocate.put(byteBuffer);
            return allocate;
        }

        @JSGetter("peerAuthorized")
        public boolean isPeerAuthorized() {
            return this.peerAuthorized;
        }

        @JSGetter("authorizationError")
        public Object getAuthorizationError() {
            return this.authorizationError == null ? Context.getUndefinedValue() : this.authorizationError;
        }

        @JSFunction
        public static Object wrap(Context context, Scriptable scriptable, Object[] objArr, Function function) {
            SSLEngineResult wrap;
            Buffer.BufferImpl bufferImpl = (Buffer.BufferImpl) ArgUtils.objArg(objArr, 0, Buffer.BufferImpl.class, false);
            int intArg = ArgUtils.intArg(objArr, 1, 0);
            EngineImpl engineImpl = (EngineImpl) scriptable;
            ByteBuffer byteBuffer = EMPTY_BUF;
            if (bufferImpl != null) {
                byteBuffer = bufferImpl.getBuffer();
                byteBuffer.position(byteBuffer.position() + intArg);
            }
            ByteBuffer allocate = ByteBuffer.allocate(engineImpl.engine.getSession().getPacketBufferSize());
            Scriptable newObject = context.newObject(scriptable);
            do {
                try {
                    if (SSLWrap.log.isDebugEnabled()) {
                        SSLWrap.log.debug("SSLEngine wrap {} -> {}", byteBuffer, allocate);
                    }
                    wrap = engineImpl.engine.wrap(byteBuffer, allocate);
                    if (SSLWrap.log.isDebugEnabled()) {
                        SSLWrap.log.debug("  wrap {} -> {} = {}", new Object[]{byteBuffer, allocate, wrap});
                    }
                    if (wrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                        allocate = doubleBuffer(allocate);
                    }
                } catch (SSLException e) {
                    if (SSLWrap.log.isDebugEnabled()) {
                        SSLWrap.log.debug("SSLException: {}", e);
                    }
                    return engineImpl.makeException(newObject, e);
                }
            } while (wrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW);
            return engineImpl.makeResult(context, byteBuffer, allocate, wrap, newObject);
        }

        @JSFunction
        public static Object unwrap(Context context, Scriptable scriptable, Object[] objArr, Function function) {
            SSLEngineResult unwrap;
            Buffer.BufferImpl bufferImpl = (Buffer.BufferImpl) ArgUtils.objArg(objArr, 0, Buffer.BufferImpl.class, false);
            int intArg = ArgUtils.intArg(objArr, 1, 0);
            EngineImpl engineImpl = (EngineImpl) scriptable;
            ByteBuffer byteBuffer = EMPTY_BUF;
            if (bufferImpl != null) {
                byteBuffer = bufferImpl.getBuffer();
                byteBuffer.position(byteBuffer.position() + intArg);
            }
            ByteBuffer allocate = ByteBuffer.allocate(Math.min(Math.max(byteBuffer.remaining(), 128), engineImpl.engine.getSession().getApplicationBufferSize()));
            Scriptable newObject = context.newObject(scriptable);
            do {
                try {
                    if (SSLWrap.log.isDebugEnabled()) {
                        SSLWrap.log.debug("SSLEngine unwrap {} -> {}", byteBuffer, allocate);
                    }
                    unwrap = engineImpl.engine.unwrap(byteBuffer, allocate);
                    if (SSLWrap.log.isDebugEnabled()) {
                        SSLWrap.log.debug("  unwrap {} -> {} = {}", new Object[]{byteBuffer, allocate, unwrap});
                    }
                    if (unwrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                        allocate = ByteBuffer.allocate(allocate.capacity() * 2);
                    }
                } catch (SSLException e) {
                    if (SSLWrap.log.isDebugEnabled()) {
                        SSLWrap.log.debug("SSLException: {}", e);
                    }
                    return engineImpl.makeException(newObject, e);
                }
            } while (unwrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW);
            return engineImpl.makeResult(context, byteBuffer, allocate, unwrap, newObject);
        }

        private Scriptable makeException(Scriptable scriptable, Exception exc) {
            Throwable th = exc;
            while (true) {
                Throwable th2 = th;
                if (th2.getCause() == null || !((th2.getCause() instanceof GeneralSecurityException) || (th2.getCause() instanceof SSLException))) {
                    break;
                }
                th = th2.getCause();
            }
            scriptable.put("status", scriptable, 7);
            scriptable.put("error", scriptable, exc.toString());
            return scriptable;
        }

        private Scriptable makeResult(Context context, ByteBuffer byteBuffer, ByteBuffer byteBuffer2, SSLEngineResult sSLEngineResult, Scriptable scriptable) {
            int i;
            boolean z = false;
            switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[sSLEngineResult.getStatus().ordinal()]) {
                case 1:
                    i = 5;
                    break;
                case 2:
                    i = 4;
                    break;
                case 3:
                case 4:
                    switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[sSLEngineResult.getHandshakeStatus().ordinal()]) {
                        case 1:
                            i = 3;
                            break;
                        case 2:
                            i = 2;
                            break;
                        case 3:
                            i = 1;
                            break;
                        case 4:
                            z = true;
                            i = sSLEngineResult.getStatus() == SSLEngineResult.Status.CLOSED ? 6 : 0;
                            break;
                        case 5:
                            i = sSLEngineResult.getStatus() == SSLEngineResult.Status.CLOSED ? 6 : 0;
                            break;
                        default:
                            throw new AssertionError();
                    }
                default:
                    throw new AssertionError();
            }
            if (byteBuffer2.position() > 0) {
                byteBuffer2.flip();
                Buffer.BufferImpl newBuffer = Buffer.BufferImpl.newBuffer(context, this, byteBuffer2, false);
                byteBuffer2.clear();
                scriptable.put("data", scriptable, newBuffer);
            }
            scriptable.put("status", scriptable, Integer.valueOf(i));
            scriptable.put("consumed", scriptable, Integer.valueOf(sSLEngineResult.bytesConsumed()));
            scriptable.put("remaining", scriptable, Integer.valueOf(byteBuffer.remaining()));
            if (z) {
                scriptable.put("justHandshaked", scriptable, Boolean.TRUE);
                checkPeerAuthorization(context);
            }
            return scriptable;
        }

        @JSFunction
        public void runTask(final Function function) {
            final Runnable delegatedTask = this.engine.getDelegatedTask();
            final Scriptable domain = this.runner.getDomain();
            if (delegatedTask == null) {
                fireFunction(function, domain);
            } else {
                this.runner.getAsyncPool().execute(new Runnable() { // from class: io.apigee.trireme.core.modules.SSLWrap.EngineImpl.1
                    @Override // java.lang.Runnable
                    public void run() {
                        if (SSLWrap.log.isDebugEnabled()) {
                            SSLWrap.log.debug("Running async task {} in thread pool", delegatedTask);
                        }
                        delegatedTask.run();
                        EngineImpl.this.fireFunction(function, domain);
                    }
                });
            }
        }

        @JSFunction
        public void beginHandshake() {
            try {
                this.engine.beginHandshake();
            } catch (SSLException e) {
                throw new EvaluatorException(e.toString());
            }
        }

        @JSFunction
        public void closeInbound() {
            try {
                this.engine.closeInbound();
            } catch (SSLException e) {
                throw new EvaluatorException(e.toString());
            }
        }

        @JSFunction
        public void closeOutbound() {
            this.engine.closeOutbound();
        }

        @JSFunction
        public boolean isOutboundDone() {
            return this.engine.isOutboundDone();
        }

        @JSFunction
        public boolean isInboundDone() {
            return this.engine.isInboundDone();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void fireFunction(Function function, Scriptable scriptable) {
            this.runner.enqueueCallback(function, this, this, scriptable, null);
        }

        private void checkPeerAuthorization(Context context) {
            try {
                Certificate[] peerCertificates = this.engine.getSession().getPeerCertificates();
                if (peerCertificates == null) {
                    if (SSLWrap.log.isDebugEnabled()) {
                        SSLWrap.log.debug("Peer has no client- or server-side certs");
                    }
                    this.peerAuthorized = false;
                    return;
                }
                if (this.trustManager == null) {
                    this.peerAuthorized = this.trustStoreValidation;
                    return;
                }
                try {
                    if (this.engine.getUseClientMode()) {
                        this.trustManager.checkServerTrusted((X509Certificate[]) peerCertificates, "RSA");
                    } else {
                        this.trustManager.checkClientTrusted((X509Certificate[]) peerCertificates, "RSA");
                    }
                    this.peerAuthorized = true;
                    if (SSLWrap.log.isDebugEnabled()) {
                        SSLWrap.log.debug("SSL peer is valid");
                    }
                } catch (CertificateException e) {
                    if (SSLWrap.log.isDebugEnabled()) {
                        SSLWrap.log.debug("Error verifying SSL peer: {}", e);
                    }
                    this.authorizationError = Utils.makeErrorObject(context, (Scriptable) this, e.toString());
                    this.peerAuthorized = false;
                }
            } catch (SSLPeerUnverifiedException e2) {
                if (SSLWrap.log.isDebugEnabled()) {
                    SSLWrap.log.debug("Peer is unverified");
                }
                this.peerAuthorized = false;
            }
        }

        @JSFunction
        public static Object getCipher(Context context, Scriptable scriptable, Object[] objArr, Function function) {
            EngineImpl engineImpl = (EngineImpl) scriptable;
            if (engineImpl.engine == null || engineImpl.engine.getSession() == null) {
                return null;
            }
            Scriptable newObject = context.newObject(scriptable);
            SSLCiphers.Ciph javaCipher = SSLCiphers.get().getJavaCipher(engineImpl.engine.getSession().getCipherSuite());
            newObject.put("name", newObject, javaCipher == null ? engineImpl.engine.getSession().getCipherSuite() : javaCipher.getSslName());
            newObject.put("version", newObject, engineImpl.engine.getSession().getProtocol());
            return newObject;
        }

        @JSFunction
        public boolean validateCiphers(String str) {
            boolean z = true;
            HashSet hashSet = new HashSet(Arrays.asList(this.engine.getEnabledCipherSuites()));
            for (String str2 : SSLWrap.COLON.split(str)) {
                SSLCiphers.Ciph sslCipher = SSLCiphers.get().getSslCipher(SSLCiphers.TLS, str2);
                if (sslCipher == null) {
                    SSLWrap.log.debug(str2 + " is unknown");
                    z = false;
                } else if (!hashSet.contains(sslCipher.getJavaName())) {
                    SSLWrap.log.debug(str2 + " is not supported in the JVM");
                    z = false;
                }
            }
            return z;
        }

        @JSFunction
        public void setClientAuthRequired(boolean z) {
            this.engine.setNeedClientAuth(z);
        }

        @JSFunction
        public void setClientAuthRequested(boolean z) {
            this.engine.setWantClientAuth(z);
        }

        @JSFunction
        public void setCiphers(String str) {
            ArrayList arrayList = new ArrayList();
            for (String str2 : SSLWrap.COLON.split(str)) {
                SSLCiphers.Ciph sslCipher = SSLCiphers.get().getSslCipher(SSLCiphers.TLS, str2);
                if (sslCipher == null) {
                    throw new EvaluatorException("Unsupported SSL cipher suite \"" + str2 + '\"');
                }
                arrayList.add(sslCipher.getJavaName());
            }
            this.engine.setEnabledCipherSuites((String[]) arrayList.toArray(new String[arrayList.size()]));
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v20, types: [java.security.cert.Certificate[]] */
        /* JADX WARN: Type inference failed for: r0v21 */
        @JSFunction
        public static Object getPeerCertificate(Context context, Scriptable scriptable, Object[] objArr, Function function) {
            X509Certificate x509Certificate;
            EngineImpl engineImpl = (EngineImpl) scriptable;
            if (engineImpl.engine == null || engineImpl.engine.getSession() == null) {
                return Context.getUndefinedValue();
            }
            try {
                x509Certificate = engineImpl.engine.getSession().getPeerCertificates()[0];
            } catch (SSLPeerUnverifiedException e) {
                SSLWrap.log.debug("getPeerCertificates threw {}", e);
                x509Certificate = null;
            }
            if (x509Certificate != null && (x509Certificate instanceof X509Certificate)) {
                return engineImpl.makeCertificate(context, x509Certificate);
            }
            SSLWrap.log.debug("Peer certificate is not an X.509 cert");
            return Context.getUndefinedValue();
        }

        private Object makeCertificate(Context context, X509Certificate x509Certificate) {
            if (SSLWrap.log.isDebugEnabled()) {
                SSLWrap.log.debug("Returning subject " + x509Certificate.getSubjectX500Principal());
            }
            Scriptable newObject = context.newObject(this);
            newObject.put("subject", newObject, x509Certificate.getSubjectX500Principal().getName("RFC2253"));
            newObject.put("issuer", newObject, x509Certificate.getIssuerX500Principal().getName("RFC2253"));
            newObject.put("valid_from", newObject, SSLWrap.X509_DATE.format(x509Certificate.getNotBefore()));
            newObject.put("valid_to", newObject, SSLWrap.X509_DATE.format(x509Certificate.getNotAfter()));
            try {
                addAltNames(context, newObject, "subject", "subjectAltNames", x509Certificate.getSubjectAlternativeNames());
                addAltNames(context, newObject, "issuer", "issuerAltNames", x509Certificate.getIssuerAlternativeNames());
            } catch (CertificateParsingException e) {
                SSLWrap.log.debug("Error getting all the cert names: {}", e);
            }
            return newObject;
        }

        private void addAltNames(Context context, Scriptable scriptable, String str, String str2, Collection<List<?>> collection) {
            String str3;
            if (collection == null) {
                return;
            }
            Scriptable newObject = context.newObject(this);
            scriptable.put(str2, scriptable, newObject);
            for (List<?> list : collection) {
                if (list.size() >= 2 && (list.get(0) instanceof Integer) && (list.get(1) instanceof String)) {
                    switch (((Integer) list.get(0)).intValue()) {
                        case 1:
                            str3 = "rfc822Name";
                            break;
                        case 2:
                            str3 = "dNSName";
                            break;
                        case 6:
                            str3 = "uniformResourceIdentifier";
                            break;
                        default:
                            return;
                    }
                    newObject.put(str3, scriptable, list.get(1));
                }
            }
            Scriptable scriptable2 = (Scriptable) scriptable.get(str, scriptable);
            scriptable2.put(str2, scriptable2, newObject);
        }

        @JSFunction
        public static Object getSession(Context context, Scriptable scriptable, Object[] objArr, Function function) {
            return Buffer.BufferImpl.newBuffer(context, scriptable, ((EngineImpl) scriptable).engine.getSession().getId());
        }

        @JSFunction
        public static boolean isSessionReused(Context context, Scriptable scriptable, Object[] objArr, Function function) {
            return false;
        }

        @JSGetter("OK")
        public int getOK() {
            return 0;
        }

        @JSGetter("NEED_WRAP")
        public int getNeedWrap() {
            return 1;
        }

        @JSGetter("NEED_UNWRAP")
        public int getNeedUnwrap() {
            return 2;
        }

        @JSGetter("NEED_TASK")
        public int getNeedTask() {
            return 3;
        }

        @JSGetter("UNDERFLOW")
        public int getUnderflow() {
            return 4;
        }

        @JSGetter("OVERFLOW")
        public int getOverflow() {
            return 5;
        }

        @JSGetter("CLOSED")
        public int getClosed() {
            return 6;
        }

        @JSGetter("ERROR")
        public int getError() {
            return 7;
        }
    }

    /* loaded from: input_file:io/apigee/trireme/core/modules/SSLWrap$WrapperImpl.class */
    public static class WrapperImpl extends ScriptableObject {
        public static final String CLASS_NAME = "_sslWrapper";
        private NodeRuntime runner;

        public String getClassName() {
            return CLASS_NAME;
        }

        void init(NodeRuntime nodeRuntime) {
            this.runner = nodeRuntime;
        }

        @JSFunction
        public static Object createContext(Context context, Scriptable scriptable, Object[] objArr, Function function) {
            ContextImpl newObject = context.newObject(scriptable, ContextImpl.CLASS_NAME);
            newObject.init(((WrapperImpl) scriptable).runner);
            return newObject;
        }

        @JSFunction
        public static Object getCiphers(Context context, Scriptable scriptable, Object[] objArr, Function function) {
            try {
                List<String> sslCiphers = SSLCiphers.get().getSslCiphers(SSLCiphers.TLS, Arrays.asList(SSLContext.getDefault().createSSLEngine().getSupportedCipherSuites()));
                Scriptable newObject = context.newObject(function);
                int i = 0;
                Iterator<String> it = sslCiphers.iterator();
                while (it.hasNext()) {
                    int i2 = i;
                    i++;
                    newObject.put(i2, newObject, it.next().toLowerCase());
                }
                return newObject;
            } catch (NoSuchAlgorithmException e) {
                return null;
            }
        }
    }

    @Override // io.apigee.trireme.core.NodeModule
    public String getModuleName() {
        return "ssl_wrap";
    }

    @Override // io.apigee.trireme.core.NodeModule
    public Scriptable registerExports(Context context, Scriptable scriptable, NodeRuntime nodeRuntime) throws InvocationTargetException, IllegalAccessException, InstantiationException {
        ScriptableObject.defineClass(scriptable, WrapperImpl.class);
        ScriptableObject.defineClass(scriptable, EngineImpl.class);
        ScriptableObject.defineClass(scriptable, ContextImpl.class);
        WrapperImpl newObject = context.newObject(scriptable, WrapperImpl.CLASS_NAME);
        newObject.init(nodeRuntime);
        loadCryptoService();
        return newObject;
    }

    private static void loadCryptoService() {
        ServiceLoader load = ServiceLoader.load(CryptoService.class);
        if (load.iterator().hasNext()) {
            if (log.isDebugEnabled()) {
                log.debug("Using crypto service implementation {}", cryptoService);
            }
            cryptoService = (CryptoService) load.iterator().next();
        } else if (log.isDebugEnabled()) {
            log.debug("No crypto service available");
        }
    }
}
