package io.apigee.trireme.core.modules.crypto;

import io.apigee.trireme.core.ArgUtils;
import io.apigee.trireme.core.Utils;
import io.apigee.trireme.core.internal.Charsets;
import io.apigee.trireme.core.internal.CompositeTrustManager;
import io.apigee.trireme.core.internal.CryptoException;
import io.apigee.trireme.core.internal.SSLCiphers;
import io.apigee.trireme.core.internal.ScriptRunner;
import io.apigee.trireme.core.modules.Buffer;
import io.apigee.trireme.core.modules.Crypto;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.regex.Pattern;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.mozilla.javascript.Context;
import org.mozilla.javascript.Function;
import org.mozilla.javascript.Scriptable;
import org.mozilla.javascript.ScriptableObject;
import org.mozilla.javascript.annotations.JSFunction;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/apigee/trireme/core/modules/crypto/SecureContextImpl.class */
public class SecureContextImpl extends ScriptableObject {
    private static final Logger log;
    public static final String CLASS_NAME = "SecureContext";
    private static final String DEFAULT_PROTO = "TLS";
    private static final Pattern COLON;
    private static final String DEFAULT_KEY_ENTRY = "key";
    private KeyManager[] keyManagers;
    private TrustManager[] trustManagers;
    private X509TrustManager trustedCertManager;
    private X509Certificate[] certChain;
    private PrivateKey privateKey;
    private KeyStore trustedCertStore;
    private int trustedCertSequence = 0;
    private List<X509CRL> crls;
    private String protocol;
    private String mainProtocol;
    private String[] cipherSuites;
    private boolean initialized;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:io/apigee/trireme/core/modules/crypto/SecureContextImpl$AllTrustingManager.class */
    private static final class AllTrustingManager implements X509TrustManager {
        static final AllTrustingManager INSTANCE = new AllTrustingManager();

        private AllTrustingManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    public String getClassName() {
        return CLASS_NAME;
    }

    @JSFunction
    public static void init(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        SecureContextImpl secureContextImpl = (SecureContextImpl) scriptable;
        String stringArg = ArgUtils.stringArg(objArr, 0, null);
        if ("SSLv2_client_method".equals(stringArg)) {
            secureContextImpl.protocol = "SSLv2";
            secureContextImpl.mainProtocol = SSLCiphers.SSL;
        } else if ("SSLv2_server_method".equals(stringArg)) {
            secureContextImpl.protocol = "SSLv2";
            secureContextImpl.mainProtocol = SSLCiphers.SSL;
        } else if ("SSLv2_method".equals(stringArg)) {
            secureContextImpl.protocol = "SSLv2";
            secureContextImpl.mainProtocol = SSLCiphers.SSL;
        } else if ("SSLv3_client_method".equals(stringArg)) {
            secureContextImpl.protocol = "SSLv3";
            secureContextImpl.mainProtocol = SSLCiphers.SSL;
        } else if ("SSLv3_server_method".equals(stringArg)) {
            secureContextImpl.protocol = "SSLv3";
            secureContextImpl.mainProtocol = SSLCiphers.SSL;
        } else if ("SSLv3_method".equals(stringArg)) {
            secureContextImpl.protocol = "SSLv3";
            secureContextImpl.mainProtocol = SSLCiphers.SSL;
        } else if ("TLSv1_client_method".equals(stringArg)) {
            secureContextImpl.protocol = "TLSv1";
            secureContextImpl.mainProtocol = "TLS";
        } else if ("TLSv1_server_method".equals(stringArg)) {
            secureContextImpl.protocol = "TLSv1";
            secureContextImpl.mainProtocol = "TLS";
        } else if ("TLSv1_method".equals(stringArg)) {
            secureContextImpl.protocol = "TLSv1";
            secureContextImpl.mainProtocol = "TLS";
        } else if (stringArg == null) {
            secureContextImpl.protocol = "TLS";
            secureContextImpl.mainProtocol = "TLS";
        } else {
            secureContextImpl.protocol = stringArg;
            secureContextImpl.mainProtocol = "TLS";
        }
        try {
            SSLContext.getInstance(secureContextImpl.protocol);
            if (log.isDebugEnabled()) {
                log.debug("Creating secure context for {}", secureContextImpl.protocol);
            }
        } catch (NoSuchAlgorithmException e) {
            throw Utils.makeError(context, scriptable, "Unsupported TLS/SSL protocol " + stringArg);
        }
    }

    @JSFunction
    public static void close(Context context, Scriptable scriptable, Object[] objArr, Function function) {
    }

    @JSFunction
    public static void setKey(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        Crypto.ensureCryptoService(context, scriptable);
        String stringArg = ArgUtils.stringArg(objArr, 0);
        String stringArg2 = ArgUtils.stringArg(objArr, 1, null);
        char[] charArray = stringArg2 == null ? null : stringArg2.toCharArray();
        SecureContextImpl secureContextImpl = (SecureContextImpl) scriptable;
        secureContextImpl.initialized = false;
        try {
            try {
                secureContextImpl.privateKey = Crypto.getCryptoService().readKeyPair("RSA", stringArg, charArray).getPrivate();
                log.debug("Set private key from an RSA key pair");
                if (charArray != null) {
                    Arrays.fill(charArray, (char) 0);
                }
            } catch (CryptoException e) {
                throw Utils.makeError(context, scriptable, e.toString());
            } catch (IOException e2) {
                throw Utils.makeError(context, scriptable, e2.toString());
            }
        } catch (Throwable th) {
            if (charArray != null) {
                Arrays.fill(charArray, (char) 0);
            }
            throw th;
        }
    }

    @JSFunction
    public static void setCert(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        Crypto.ensureCryptoService(context, scriptable);
        String stringArg = ArgUtils.stringArg(objArr, 0);
        SecureContextImpl secureContextImpl = (SecureContextImpl) scriptable;
        secureContextImpl.initialized = false;
        try {
            X509Certificate readCertificate = Crypto.getCryptoService().readCertificate(new ByteArrayInputStream(stringArg.getBytes(Charsets.ASCII)));
            if (log.isDebugEnabled()) {
                log.debug("Set my certificate to: {}", readCertificate.getSubjectDN());
            }
            secureContextImpl.certChain = new X509Certificate[]{readCertificate};
        } catch (CryptoException e) {
            throw Utils.makeError(context, scriptable, e.toString());
        } catch (IOException e2) {
            throw Utils.makeError(context, scriptable, e2.toString());
        }
    }

    private void ensureCertStore() throws GeneralSecurityException, IOException {
        if (this.trustedCertStore == null) {
            this.trustedCertStore = Crypto.getCryptoService().createPemKeyStore();
            this.trustedCertStore.load(null, null);
        }
    }

    @JSFunction
    public static void addCACert(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        Crypto.ensureCryptoService(context, scriptable);
        String stringArg = ArgUtils.stringArg(objArr, 0);
        SecureContextImpl secureContextImpl = (SecureContextImpl) scriptable;
        secureContextImpl.initialized = false;
        try {
            secureContextImpl.ensureCertStore();
            X509Certificate readCertificate = Crypto.getCryptoService().readCertificate(new ByteArrayInputStream(stringArg.getBytes(Charsets.ASCII)));
            if (log.isDebugEnabled()) {
                log.debug("Adding trusted CA cert {}");
            }
            secureContextImpl.trustedCertStore.setCertificateEntry("Cert " + secureContextImpl.trustedCertSequence, readCertificate);
            secureContextImpl.trustedCertSequence++;
        } catch (CryptoException e) {
            throw Utils.makeError(context, scriptable, e.toString());
        } catch (IOException e2) {
            throw Utils.makeError(context, scriptable, e2.toString());
        } catch (GeneralSecurityException e3) {
            throw Utils.makeError(context, scriptable, e3.toString());
        }
    }

    @JSFunction
    public static void addCRL(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        String stringArg = ArgUtils.stringArg(objArr, 0);
        SecureContextImpl secureContextImpl = (SecureContextImpl) scriptable;
        secureContextImpl.initialized = false;
        try {
            X509CRL x509crl = (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(new ByteArrayInputStream(stringArg.getBytes(Charsets.ASCII)));
            if (secureContextImpl.crls == null) {
                secureContextImpl.crls = new ArrayList();
            }
            secureContextImpl.crls.add(x509crl);
            log.debug("Added CRL");
        } catch (CRLException e) {
            throw Utils.makeError(context, scriptable, "Error reading CRL: " + e);
        } catch (CertificateException e2) {
            throw Utils.makeError(context, scriptable, "Error reading CRL: " + e2);
        }
    }

    @JSFunction
    public static void addRootCerts(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        SecureContextImpl secureContextImpl = (SecureContextImpl) scriptable;
        secureContextImpl.initialized = false;
        secureContextImpl.trustManagers = DefaultTrustStore.get().getTrustManagers();
        if (secureContextImpl.trustManagers == null) {
            throw Utils.makeError(context, scriptable, "Cannot load default root CA certificates");
        }
        log.debug("Will be using default root certificates");
    }

    @JSFunction
    public static void setCiphers(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        String stringArg = ArgUtils.stringArg(objArr, 0);
        SecureContextImpl secureContextImpl = (SecureContextImpl) scriptable;
        secureContextImpl.initialized = false;
        ArrayList arrayList = new ArrayList();
        for (String str : COLON.split(stringArg)) {
            SSLCiphers.Ciph sslCipher = SSLCiphers.get().getSslCipher(secureContextImpl.mainProtocol, str);
            if (sslCipher == null) {
                arrayList.add(str);
            } else {
                arrayList.add(sslCipher.getJavaName());
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("Enabling cipher suites", arrayList);
        }
        secureContextImpl.cipherSuites = (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    @JSFunction
    public static void setOptions(Context context, Scriptable scriptable, Object[] objArr, Function function) {
    }

    @JSFunction
    public static void setSessionIdContext(Context context, Scriptable scriptable, Object[] objArr, Function function) {
    }

    @JSFunction
    public static void loadPKCS12(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        Buffer.BufferImpl bufferImpl = (Buffer.BufferImpl) ArgUtils.objArg(objArr, 0, Buffer.BufferImpl.class, true);
        String stringArg = ArgUtils.stringArg(objArr, 1, null);
        char[] charArray = stringArg == null ? null : stringArg.toCharArray();
        SecureContextImpl secureContextImpl = (SecureContextImpl) scriptable;
        secureContextImpl.initialized = false;
        try {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bufferImpl.getArray(), bufferImpl.getArrayOffset(), bufferImpl.getLength());
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                keyStore.load(byteArrayInputStream, charArray);
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, charArray);
                secureContextImpl.keyManagers = keyManagerFactory.getKeyManagers();
                log.debug("Loaded SSL key from PKCS12");
                if (charArray != null) {
                    Arrays.fill(charArray, (char) 0);
                }
            } catch (IOException e) {
                throw Utils.makeError(context, scriptable, "I/O error reading key store: " + e);
            } catch (GeneralSecurityException e2) {
                throw Utils.makeError(context, scriptable, "Error opening key store: " + e2);
            }
        } catch (Throwable th) {
            if (charArray != null) {
                Arrays.fill(charArray, (char) 0);
            }
            throw th;
        }
    }

    @JSFunction
    public static void setTrustStore(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        String stringArg = ArgUtils.stringArg(objArr, 0);
        SecureContextImpl secureContextImpl = (SecureContextImpl) scriptable;
        secureContextImpl.initialized = false;
        try {
            FileInputStream fileInputStream = new FileInputStream(((ScriptRunner) context.getThreadLocal("runner")).translatePath(stringArg));
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(fileInputStream, null);
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                secureContextImpl.trustManagers = trustManagerFactory.getTrustManagers();
                fileInputStream.close();
            } catch (Throwable th) {
                fileInputStream.close();
                throw th;
            }
        } catch (IOException e) {
            throw Utils.makeError(context, (Scriptable) secureContextImpl, "I/O error reading key store: " + e);
        } catch (GeneralSecurityException e2) {
            throw Utils.makeError(context, (Scriptable) secureContextImpl, "Error opening key store: " + e2);
        }
    }

    @JSFunction
    public static void setKeyStore(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        String stringArg = ArgUtils.stringArg(objArr, 0);
        String stringArg2 = ArgUtils.stringArg(objArr, 1);
        SecureContextImpl secureContextImpl = (SecureContextImpl) scriptable;
        secureContextImpl.initialized = false;
        ScriptRunner scriptRunner = (ScriptRunner) context.getThreadLocal("runner");
        char[] charArray = stringArg2.toCharArray();
        try {
            try {
                FileInputStream fileInputStream = new FileInputStream(scriptRunner.translatePath(stringArg));
                try {
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(fileInputStream, charArray);
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore, charArray);
                    secureContextImpl.keyManagers = keyManagerFactory.getKeyManagers();
                    fileInputStream.close();
                    fileInputStream.close();
                } catch (Throwable th) {
                    fileInputStream.close();
                    fileInputStream.close();
                    throw th;
                }
            } catch (IOException e) {
                throw Utils.makeError(context, (Scriptable) secureContextImpl, "I/O error reading key store: " + e);
            } catch (GeneralSecurityException e2) {
                throw Utils.makeError(context, (Scriptable) secureContextImpl, "Error opening key store: " + e2);
            }
        } finally {
            if (charArray != null) {
                Arrays.fill(charArray, (char) 0);
            }
        }
    }

    public String[] getCipherSuites() {
        return this.cipherSuites;
    }

    public String getProtocol() {
        return this.protocol;
    }

    private void initialize(Context context, Scriptable scriptable) {
        if (this.keyManagers == null && this.privateKey != null) {
            Crypto.ensureCryptoService(context, scriptable);
            KeyStore createPemKeyStore = Crypto.getCryptoService().createPemKeyStore();
            try {
                createPemKeyStore.load(null, null);
                createPemKeyStore.setKeyEntry(DEFAULT_KEY_ENTRY, this.privateKey, null, this.certChain);
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                if (log.isDebugEnabled()) {
                    log.debug("Setting up key manager factory {}", keyManagerFactory);
                }
                keyManagerFactory.init(createPemKeyStore, null);
                this.keyManagers = keyManagerFactory.getKeyManagers();
                if (!$assertionsDisabled && this.keyManagers == null) {
                    throw new AssertionError();
                }
                if (!$assertionsDisabled && this.keyManagers.length != 1) {
                    throw new AssertionError();
                }
            } catch (IOException e) {
                throw Utils.makeError(context, scriptable, e.toString());
            } catch (GeneralSecurityException e2) {
                throw Utils.makeError(context, scriptable, e2.toString());
            }
        }
        if (this.trustManagers == null && this.trustedCertStore != null) {
            try {
                ensureCertStore();
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                if (log.isDebugEnabled()) {
                    log.debug("Setting up trust manager factory {}", trustManagerFactory);
                }
                trustManagerFactory.init(this.trustedCertStore);
                this.trustManagers = trustManagerFactory.getTrustManagers();
            } catch (IOException e3) {
                throw Utils.makeError(context, (Scriptable) this, e3.toString());
            } catch (GeneralSecurityException e4) {
                throw Utils.makeError(context, (Scriptable) this, e4.toString());
            }
        }
        if (this.trustManagers != null) {
            if (!$assertionsDisabled && this.trustManagers.length != 1) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && !(this.trustManagers[0] instanceof X509TrustManager)) {
                throw new AssertionError();
            }
            this.trustedCertManager = (X509TrustManager) this.trustManagers[0];
        }
        if (this.crls != null && this.trustManagers != null) {
            this.trustedCertManager = new CompositeTrustManager((X509TrustManager) this.trustManagers[0], this.crls);
            if (log.isDebugEnabled()) {
                log.debug("Adding composite trust manager {}", this.trustedCertManager);
            }
        }
        this.initialized = true;
    }

    public SSLContext makeContext(Context context, Scriptable scriptable) {
        if (!this.initialized) {
            initialize(context, scriptable);
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance(this.protocol);
            sSLContext.init(this.keyManagers, new TrustManager[]{AllTrustingManager.INSTANCE}, null);
            if (log.isDebugEnabled()) {
                log.debug("Created a new SSLContext {}", sSLContext);
            }
            return sSLContext;
        } catch (KeyManagementException e) {
            throw Utils.makeError(context, scriptable, "Error initializing SSL context: " + e);
        } catch (NoSuchAlgorithmException e2) {
            throw new AssertionError(e2);
        }
    }

    public X509TrustManager getTrustManager() {
        return this.trustedCertManager;
    }

    static {
        $assertionsDisabled = !SecureContextImpl.class.desiredAssertionStatus();
        log = LoggerFactory.getLogger(SecureContextImpl.class.getName());
        COLON = Pattern.compile(":");
    }
}
