package org.jruby.ext.openssl;

import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import org.jruby.IRuby;
import org.jruby.RubyArray;
import org.jruby.RubyClass;
import org.jruby.RubyModule;
import org.jruby.RubyNumeric;
import org.jruby.RubyObject;
import org.jruby.ext.openssl.x509store.X509AuxCertificate;
import org.jruby.ext.openssl.x509store.X509_STORE;
import org.jruby.ext.openssl.x509store.X509_STORE_CTX;
import org.jruby.runtime.CallbackFactory;
import org.jruby.runtime.builtin.IRubyObject;

/* loaded from: input_file:org/jruby/ext/openssl/SSLContext.class */
public class SSLContext extends RubyObject {
    private static final String[] ctx_attrs = {"cert", "key", "client_ca", "ca_file", "ca_path", "timeout", "verify_mode", "verify_depth", "verify_callback", "options", "cert_store", "extra_chain_cert", "client_cert_cb", "tmp_dh_callback", "session_id_context"};
    private IRubyObject ciphers;
    private PKey t_key;
    private X509Cert t_cert;
    private X509Certificate peer_cert;
    static Class class$org$jruby$ext$openssl$SSLContext;
    static Class class$org$jruby$runtime$builtin$IRubyObject;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jruby/ext/openssl/SSLContext$KM.class */
    public static class KM extends X509ExtendedKeyManager {
        private SSLContext ctt;

        public KM(SSLContext sSLContext) {
            this.ctt = sSLContext;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
            PKey callbackKey = !this.ctt.callMethod(this.ctt.getRuntime().getCurrentContext(), "key").isNil() ? (PKey) this.ctt.callMethod(this.ctt.getRuntime().getCurrentContext(), "key") : this.ctt.getCallbackKey();
            if (callbackKey == null) {
                return null;
            }
            for (int i = 0; i < strArr.length; i++) {
                if (strArr[i].equalsIgnoreCase(callbackKey.getAlgorithm())) {
                    return strArr[i];
                }
            }
            return null;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
            PKey callbackKey = !this.ctt.callMethod(this.ctt.getRuntime().getCurrentContext(), "key").isNil() ? (PKey) this.ctt.callMethod(this.ctt.getRuntime().getCurrentContext(), "key") : this.ctt.getCallbackKey();
            if (callbackKey != null && str.equalsIgnoreCase(callbackKey.getAlgorithm())) {
                return str;
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            X509Cert callbackCert = !this.ctt.callMethod(this.ctt.getRuntime().getCurrentContext(), "cert").isNil() ? (X509Cert) this.ctt.callMethod(this.ctt.getRuntime().getCurrentContext(), "cert") : this.ctt.getCallbackCert();
            if (callbackCert == null) {
                return null;
            }
            return new X509Certificate[]{callbackCert.getAuxCert()};
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            PKey callbackKey = !this.ctt.callMethod(this.ctt.getRuntime().getCurrentContext(), "key").isNil() ? (PKey) this.ctt.callMethod(this.ctt.getRuntime().getCurrentContext(), "key") : this.ctt.getCallbackKey();
            if (callbackKey == null) {
                return null;
            }
            return callbackKey.getPrivateKey();
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jruby/ext/openssl/SSLContext$TM.class */
    public static class TM implements X509TrustManager {
        private SSLContext ctt;

        public TM(SSLContext sSLContext) {
            this.ctt = sSLContext;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
                return;
            }
            this.ctt.setPeer(x509CertificateArr[0]);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (this.ctt.callMethod(this.ctt.getRuntime().getCurrentContext(), "verify_mode").isNil()) {
                if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
                    return;
                }
                this.ctt.setPeer(x509CertificateArr[0]);
                return;
            }
            int fix2int = RubyNumeric.fix2int(this.ctt.callMethod(this.ctt.getRuntime().getCurrentContext(), "verify_mode"));
            if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
                if ((fix2int & 2) != 0) {
                    throw new CertificateException("no peer certificate");
                }
                return;
            }
            this.ctt.setPeer(x509CertificateArr[0]);
            if ((fix2int & 1) != 0) {
                X509AuxCertificate transform = X509_STORE_CTX.transform(x509CertificateArr[0]);
                X509_STORE_CTX x509_store_ctx = new X509_STORE_CTX();
                IRubyObject callMethod = this.ctt.callMethod(this.ctt.getRuntime().getCurrentContext(), "cert_store");
                X509_STORE x509_store = null;
                if (!callMethod.isNil()) {
                    x509_store = ((X509Store) callMethod).getStore();
                }
                if (x509_store_ctx.init(x509_store, transform, X509_STORE_CTX.transform(x509CertificateArr)) == 0) {
                    throw new CertificateException("couldn't initialize store");
                }
                x509_store_ctx.set_default("ssl_client");
                try {
                    if (x509_store_ctx.verify_cert() == 0) {
                        throw new CertificateException("certificate verify failed");
                    }
                } catch (Exception e) {
                    throw new CertificateException("certificate verify failed");
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    public static void createSSLContext(IRuby iRuby, RubyModule rubyModule) {
        Class cls;
        Class cls2;
        RubyClass defineClassUnder = rubyModule.defineClassUnder("SSLContext", iRuby.getObject());
        for (int i = 0; i < ctx_attrs.length; i++) {
            defineClassUnder.attr_accessor(new IRubyObject[]{iRuby.newSymbol(ctx_attrs[i])});
        }
        if (class$org$jruby$ext$openssl$SSLContext == null) {
            cls = class$("org.jruby.ext.openssl.SSLContext");
            class$org$jruby$ext$openssl$SSLContext = cls;
        } else {
            cls = class$org$jruby$ext$openssl$SSLContext;
        }
        CallbackFactory callbackFactory = iRuby.callbackFactory(cls);
        defineClassUnder.defineSingletonMethod("new", callbackFactory.getOptSingletonMethod("newInstance"));
        defineClassUnder.defineMethod("initialize", callbackFactory.getOptMethod("initialize"));
        defineClassUnder.defineMethod("ciphers", callbackFactory.getMethod("ciphers"));
        if (class$org$jruby$runtime$builtin$IRubyObject == null) {
            cls2 = class$("org.jruby.runtime.builtin.IRubyObject");
            class$org$jruby$runtime$builtin$IRubyObject = cls2;
        } else {
            cls2 = class$org$jruby$runtime$builtin$IRubyObject;
        }
        defineClassUnder.defineMethod("ciphers=", callbackFactory.getMethod("set_ciphers", cls2));
    }

    public static IRubyObject newInstance(IRubyObject iRubyObject, IRubyObject[] iRubyObjectArr) {
        SSLContext sSLContext = new SSLContext(iRubyObject.getRuntime(), (RubyClass) iRubyObject);
        sSLContext.callInit(iRubyObjectArr);
        return sSLContext;
    }

    public SSLContext(IRuby iRuby, RubyClass rubyClass) {
        super(iRuby, rubyClass);
        this.t_key = null;
        this.t_cert = null;
    }

    public void setPeer(X509Certificate x509Certificate) {
        this.peer_cert = x509Certificate;
    }

    public X509Certificate getPeer() {
        return this.peer_cert;
    }

    private void initFromCallback(IRubyObject iRubyObject) {
        IRubyObject callMethod = iRubyObject.callMethod(getRuntime().getCurrentContext(), "call", this);
        this.t_cert = (X509Cert) ((RubyArray) callMethod).getList().get(0);
        this.t_key = (PKey) ((RubyArray) callMethod).getList().get(1);
    }

    public PKey getCallbackKey() {
        IRubyObject callMethod = callMethod(getRuntime().getCurrentContext(), "client_cert_cb");
        if (this.t_key == null && !callMethod.isNil()) {
            initFromCallback(callMethod);
        }
        return this.t_key;
    }

    public X509Cert getCallbackCert() {
        IRubyObject callMethod = callMethod(getRuntime().getCurrentContext(), "client_cert_cb");
        if (this.t_cert == null && !callMethod.isNil()) {
            initFromCallback(callMethod);
        }
        return this.t_cert;
    }

    @Override // org.jruby.RubyObject
    public IRubyObject initialize(IRubyObject[] iRubyObjectArr) {
        this.ciphers = getRuntime().getNil();
        return this;
    }

    public IRubyObject ciphers() {
        return this.ciphers;
    }

    public IRubyObject set_ciphers(IRubyObject iRubyObject) {
        this.ciphers = iRubyObject;
        return iRubyObject;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] getCipherSuites(SSLEngine sSLEngine) {
        ArrayList arrayList = new ArrayList();
        if (this.ciphers.isNil()) {
            return sSLEngine.getSupportedCipherSuites();
        }
        if (this.ciphers instanceof RubyArray) {
            Iterator it = ((RubyArray) this.ciphers).getList().iterator();
            while (it.hasNext()) {
                addCipher(arrayList, it.next().toString(), sSLEngine);
            }
        } else {
            addCipher(arrayList, this.ciphers.toString(), sSLEngine);
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private void addCipher(List list, String str, SSLEngine sSLEngine) {
        String[] supportedCipherSuites = sSLEngine.getSupportedCipherSuites();
        if ("ADH".equals(str)) {
            for (int i = 0; i < supportedCipherSuites.length; i++) {
                if (supportedCipherSuites[i].indexOf("DH_anon") != -1) {
                    list.add(supportedCipherSuites[i]);
                }
            }
            return;
        }
        for (int i2 = 0; i2 < supportedCipherSuites.length; i2++) {
            if (supportedCipherSuites[i2].indexOf(str) != -1) {
                list.add(supportedCipherSuites[i2]);
            }
        }
    }

    public KM getKM() {
        return new KM(this);
    }

    public TM getTM() {
        return new TM(this);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
