package org.apache.catalina.core;

import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleEvent;
import org.apache.catalina.LifecycleListener;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.jni.Library;
import org.apache.tomcat.jni.LibraryNotFoundError;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.util.ExceptionUtils;
import org.apache.tomcat.util.res.StringManager;

/* loaded from: input_file:org/apache/catalina/core/AprLifecycleListener.class */
public class AprLifecycleListener implements LifecycleListener {
    protected static final int TCN_REQUIRED_MAJOR = 1;
    protected static final int TCN_REQUIRED_MINOR = 2;
    protected static final int TCN_REQUIRED_PATCH = 14;
    protected static final int TCN_RECOMMENDED_MINOR = 2;
    protected static final int TCN_RECOMMENDED_PV = 30;
    private static final int FIPS_ON = 1;
    private static final int FIPS_OFF = 0;
    private static final Log log = LogFactory.getLog(AprLifecycleListener.class);
    private static final List<String> initInfoLogMessages = new ArrayList(3);
    protected static final StringManager sm = StringManager.getManager(AprLifecycleListener.class);
    protected static String SSLEngine = "on";
    protected static String FIPSMode = "off";
    protected static String SSLRandomSeed = "builtin";
    protected static boolean sslInitialized = false;
    protected static boolean fipsModeActive = false;
    protected static final Object lock = new Object();

    public static boolean isAprAvailable() {
        if (AprStatus.isInstanceCreated()) {
            synchronized (lock) {
                init();
            }
        }
        return AprStatus.isAprAvailable();
    }

    public AprLifecycleListener() {
        AprStatus.setInstanceCreated(true);
    }

    @Override // org.apache.catalina.LifecycleListener
    public void lifecycleEvent(LifecycleEvent lifecycleEvent) {
        if (!Lifecycle.BEFORE_INIT_EVENT.equals(lifecycleEvent.getType())) {
            if (Lifecycle.AFTER_DESTROY_EVENT.equals(lifecycleEvent.getType())) {
                synchronized (lock) {
                    if (AprStatus.isAprAvailable()) {
                        try {
                            terminateAPR();
                        } catch (Throwable th) {
                            ExceptionUtils.handleThrowable(ExceptionUtils.unwrapInvocationTargetException(th));
                            log.info(sm.getString("aprListener.aprDestroy"));
                        }
                        return;
                    }
                    return;
                }
            }
            return;
        }
        synchronized (lock) {
            init();
            Iterator<String> it = initInfoLogMessages.iterator();
            while (it.hasNext()) {
                log.info(it.next());
            }
            initInfoLogMessages.clear();
            if (AprStatus.isAprAvailable()) {
                try {
                    initializeSSL();
                } catch (Throwable th2) {
                    Throwable unwrapInvocationTargetException = ExceptionUtils.unwrapInvocationTargetException(th2);
                    ExceptionUtils.handleThrowable(unwrapInvocationTargetException);
                    log.error(sm.getString("aprListener.sslInit"), unwrapInvocationTargetException);
                }
            }
            if (null != FIPSMode && !"off".equalsIgnoreCase(FIPSMode) && !isFIPSModeActive()) {
                String string = sm.getString("aprListener.initializeFIPSFailed");
                Error error = new Error(string);
                log.fatal(string, error);
                throw error;
            }
        }
    }

    private static void terminateAPR() throws ClassNotFoundException, NoSuchMethodException, IllegalAccessException, InvocationTargetException {
        Class.forName("org.apache.tomcat.jni.Library").getMethod("terminate", (Class[]) null).invoke(null, (Object[]) null);
        AprStatus.setAprAvailable(false);
        AprStatus.setAprInitialized(false);
        sslInitialized = false;
        fipsModeActive = false;
    }

    private static void init() {
        if (AprStatus.isAprInitialized()) {
            return;
        }
        AprStatus.setAprInitialized(true);
        try {
            Library.initialize((String) null);
            int i = (Library.TCN_MAJOR_VERSION * 1000) + (Library.TCN_MINOR_VERSION * 100) + Library.TCN_PATCH_VERSION;
            if (i < 1214) {
                log.error(sm.getString("aprListener.tcnInvalid", new Object[]{Library.versionString(), "1.2.14"}));
                try {
                    terminateAPR();
                    return;
                } catch (Throwable th) {
                    ExceptionUtils.handleThrowable(ExceptionUtils.unwrapInvocationTargetException(th));
                    return;
                }
            }
            if (i < 1230) {
                initInfoLogMessages.add(sm.getString("aprListener.tcnVersion", new Object[]{Library.versionString(), "1.2.30"}));
            }
            initInfoLogMessages.add(sm.getString("aprListener.tcnValid", new Object[]{Library.versionString(), Library.aprVersionString()}));
            initInfoLogMessages.add(sm.getString("aprListener.flags", new Object[]{Boolean.valueOf(Library.APR_HAVE_IPV6), Boolean.valueOf(Library.APR_HAS_SENDFILE), Boolean.valueOf(Library.APR_HAS_SO_ACCEPTFILTER), Boolean.valueOf(Library.APR_HAS_RANDOM), Boolean.valueOf(Library.APR_HAVE_UNIX)}));
            AprStatus.setAprAvailable(true);
        } catch (LibraryNotFoundError e) {
            if (log.isDebugEnabled()) {
                log.debug(sm.getString("aprListener.aprInitDebug", new Object[]{e.getLibraryNames(), System.getProperty("java.library.path"), e.getMessage()}), e);
            }
            initInfoLogMessages.add(sm.getString("aprListener.aprInit", new Object[]{System.getProperty("java.library.path")}));
        } catch (Throwable th2) {
            Throwable unwrapInvocationTargetException = ExceptionUtils.unwrapInvocationTargetException(th2);
            ExceptionUtils.handleThrowable(unwrapInvocationTargetException);
            log.warn(sm.getString("aprListener.aprInitError", new Object[]{unwrapInvocationTargetException.getMessage()}), unwrapInvocationTargetException);
        }
    }

    private static void initializeSSL() throws Exception {
        boolean z;
        if ("off".equalsIgnoreCase(SSLEngine) || sslInitialized) {
            return;
        }
        sslInitialized = true;
        Class<?>[] clsArr = {String.class};
        Object[] objArr = {SSLRandomSeed};
        Class<?> cls = Class.forName("org.apache.tomcat.jni.SSL");
        cls.getMethod("randSet", clsArr).invoke(null, objArr);
        objArr[0] = "on".equalsIgnoreCase(SSLEngine) ? null : SSLEngine;
        cls.getMethod("initialize", clsArr).invoke(null, objArr);
        if (null != FIPSMode && !"off".equalsIgnoreCase(FIPSMode)) {
            fipsModeActive = false;
            int fipsModeGet = SSL.fipsModeGet();
            if (log.isDebugEnabled()) {
                log.debug(sm.getString("aprListener.currentFIPSMode", new Object[]{Integer.valueOf(fipsModeGet)}));
            }
            if ("on".equalsIgnoreCase(FIPSMode)) {
                if (fipsModeGet == 1) {
                    log.info(sm.getString("aprListener.skipFIPSInitialization"));
                    fipsModeActive = true;
                    z = false;
                } else {
                    z = true;
                }
            } else if ("require".equalsIgnoreCase(FIPSMode)) {
                if (fipsModeGet != 1) {
                    throw new IllegalStateException(sm.getString("aprListener.requireNotInFIPSMode"));
                }
                fipsModeActive = true;
                z = false;
            } else {
                if (!"enter".equalsIgnoreCase(FIPSMode)) {
                    throw new IllegalArgumentException(sm.getString("aprListener.wrongFIPSMode", new Object[]{FIPSMode}));
                }
                if (fipsModeGet != 0) {
                    throw new IllegalStateException(sm.getString("aprListener.enterAlreadyInFIPSMode", new Object[]{Integer.valueOf(fipsModeGet)}));
                }
                z = true;
            }
            if (z) {
                log.info(sm.getString("aprListener.initializingFIPS"));
                if (SSL.fipsModeSet(1) != 1) {
                    String string = sm.getString("aprListener.initializeFIPSFailed");
                    log.error(string);
                    throw new IllegalStateException(string);
                }
                fipsModeActive = true;
                log.info(sm.getString("aprListener.initializeFIPSSuccess"));
            }
        }
        log.info(sm.getString("aprListener.initializedOpenSSL", new Object[]{SSL.versionString()}));
    }

    public String getSSLEngine() {
        return SSLEngine;
    }

    public void setSSLEngine(String str) {
        if (str.equals(SSLEngine)) {
            return;
        }
        if (sslInitialized) {
            throw new IllegalStateException(sm.getString("aprListener.tooLateForSSLEngine"));
        }
        SSLEngine = str;
    }

    public String getSSLRandomSeed() {
        return SSLRandomSeed;
    }

    public void setSSLRandomSeed(String str) {
        if (str.equals(SSLRandomSeed)) {
            return;
        }
        if (sslInitialized) {
            throw new IllegalStateException(sm.getString("aprListener.tooLateForSSLRandomSeed"));
        }
        SSLRandomSeed = str;
    }

    public String getFIPSMode() {
        return FIPSMode;
    }

    public void setFIPSMode(String str) {
        if (str.equals(FIPSMode)) {
            return;
        }
        if (sslInitialized) {
            throw new IllegalStateException(sm.getString("aprListener.tooLateForFIPSMode"));
        }
        FIPSMode = str;
    }

    public boolean isFIPSModeActive() {
        return fipsModeActive;
    }

    public void setUseOpenSSL(boolean z) {
        if (z != AprStatus.getUseOpenSSL()) {
            AprStatus.setUseOpenSSL(z);
        }
    }

    public static boolean getUseOpenSSL() {
        return AprStatus.getUseOpenSSL();
    }

    public static boolean isInstanceCreated() {
        return AprStatus.isInstanceCreated();
    }
}
