package org.python.netty.handler.ssl;

import java.io.File;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.python.apache.tomcat.jni.CertificateVerifier;
import org.python.apache.tomcat.jni.SSL;
import org.python.apache.tomcat.jni.SSLContext;
import org.python.netty.buffer.ByteBuf;
import org.python.netty.buffer.ByteBufInputStream;
import org.python.netty.util.internal.ObjectUtil;
import org.python.netty.util.internal.logging.InternalLogger;
import org.python.netty.util.internal.logging.InternalLoggerFactory;

/* loaded from: input_file:WEB-INF/lib/jython-standalone-2.7.0-xwiki-2.jar:org/python/netty/handler/ssl/OpenSslServerContext.class */
public final class OpenSslServerContext extends OpenSslContext {
    private static final InternalLogger logger = InternalLoggerFactory.getInstance((Class<?>) OpenSslServerContext.class);
    private final OpenSslServerSessionContext sessionContext;

    public OpenSslServerContext(File file, File file2) throws SSLException {
        this(file, file2, null);
    }

    public OpenSslServerContext(File file, File file2, String str) throws SSLException {
        this(file, file2, str, (TrustManagerFactory) null, (Iterable<String>) null, OpenSslDefaultApplicationProtocolNegotiator.INSTANCE, 0L, 0L);
    }

    public OpenSslServerContext(File file, File file2, String str, Iterable<String> iterable, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2) throws SSLException {
        this(file, file2, str, (TrustManagerFactory) null, iterable, toNegotiator(applicationProtocolConfig, false), j, j2);
    }

    @Deprecated
    public OpenSslServerContext(File file, File file2, String str, Iterable<String> iterable, Iterable<String> iterable2, long j, long j2) throws SSLException {
        this(file, file2, str, iterable, toApplicationProtocolConfig(iterable2), j, j2);
    }

    public OpenSslServerContext(File file, File file2, String str, TrustManagerFactory trustManagerFactory, Iterable<String> iterable, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2) throws SSLException {
        this(file, file2, str, trustManagerFactory, iterable, toNegotiator(applicationProtocolConfig, true), j, j2);
    }

    public OpenSslServerContext(File file, File file2, String str, TrustManagerFactory trustManagerFactory, Iterable<String> iterable, OpenSslApplicationProtocolNegotiator openSslApplicationProtocolNegotiator, long j, long j2) throws SSLException {
        super(iterable, openSslApplicationProtocolNegotiator, j, j2, 1);
        PrivateKey generatePrivate;
        OpenSsl.ensureAvailability();
        ObjectUtil.checkNotNull(file, "certChainFile");
        if (!file.isFile()) {
            throw new IllegalArgumentException("certChainFile is not a file: " + file);
        }
        ObjectUtil.checkNotNull(file2, "keyFile");
        if (!file2.isFile()) {
            throw new IllegalArgumentException("keyPath is not a file: " + file2);
        }
        str = str == null ? "" : str;
        try {
            synchronized (OpenSslContext.class) {
                SSLContext.setVerify(this.ctx, 0, 10);
                if (!SSLContext.setCertificateChainFile(this.ctx, file.getPath(), true)) {
                    long lastErrorNumber = SSL.getLastErrorNumber();
                    if (OpenSsl.isError(lastErrorNumber)) {
                        throw new SSLException("failed to set certificate chain: " + file + " (" + SSL.getErrorString(lastErrorNumber) + ')');
                    }
                }
                try {
                    if (!SSLContext.setCertificate(this.ctx, file.getPath(), file2.getPath(), str, 0)) {
                        long lastErrorNumber2 = SSL.getLastErrorNumber();
                        if (OpenSsl.isError(lastErrorNumber2)) {
                            throw new SSLException("failed to set certificate: " + file + " and " + file2 + " (" + SSL.getErrorString(lastErrorNumber2) + ')');
                        }
                    }
                    try {
                        KeyStore keyStore = KeyStore.getInstance(ch.qos.logback.core.net.ssl.SSL.DEFAULT_KEYSTORE_TYPE);
                        keyStore.load(null, null);
                        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
                        KeyFactory keyFactory2 = KeyFactory.getInstance("DSA");
                        ByteBuf readPrivateKey = PemReader.readPrivateKey(file2);
                        byte[] bArr = new byte[readPrivateKey.readableBytes()];
                        readPrivateKey.readBytes(bArr).release();
                        char[] charArray = str.toCharArray();
                        PKCS8EncodedKeySpec generateKeySpec = generateKeySpec(charArray, bArr);
                        try {
                            generatePrivate = keyFactory.generatePrivate(generateKeySpec);
                        } catch (InvalidKeySpecException e) {
                            generatePrivate = keyFactory2.generatePrivate(generateKeySpec);
                        }
                        ArrayList arrayList = new ArrayList();
                        ByteBuf[] readCertificates = PemReader.readCertificates(file);
                        try {
                            for (ByteBuf byteBuf : readCertificates) {
                                arrayList.add(certificateFactory.generateCertificate(new ByteBufInputStream(byteBuf)));
                            }
                            keyStore.setKeyEntry("key", generatePrivate, charArray, (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]));
                            if (trustManagerFactory == null) {
                                trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                                trustManagerFactory.init((KeyStore) null);
                            } else {
                                trustManagerFactory.init(keyStore);
                            }
                            final X509TrustManager chooseTrustManager = chooseTrustManager(trustManagerFactory.getTrustManagers());
                            SSLContext.setCertVerifyCallback(this.ctx, new CertificateVerifier() { // from class: org.python.netty.handler.ssl.OpenSslServerContext.1
                                public boolean verify(long j3, byte[][] bArr2, String str2) {
                                    try {
                                        chooseTrustManager.checkClientTrusted(OpenSslContext.certificates(bArr2), str2);
                                        return true;
                                    } catch (Exception e2) {
                                        OpenSslServerContext.logger.debug("verification of certificate failed", (Throwable) e2);
                                        return false;
                                    }
                                }
                            });
                        } finally {
                            for (ByteBuf byteBuf2 : readCertificates) {
                                byteBuf2.release();
                            }
                        }
                    } catch (Exception e2) {
                        throw new SSLException("unable to setup trustmanager", e2);
                    }
                } catch (SSLException e3) {
                    throw e3;
                } catch (Exception e4) {
                    throw new SSLException("failed to set certificate: " + file + " and " + file2, e4);
                }
            }
            this.sessionContext = new OpenSslServerSessionContext(this.ctx);
            if (1 == 0) {
                destroyPools();
            }
        } catch (Throwable th) {
            if (0 == 0) {
                destroyPools();
            }
            throw th;
        }
    }

    @Override // org.python.netty.handler.ssl.OpenSslContext, org.python.netty.handler.ssl.SslContext
    public OpenSslServerSessionContext sessionContext() {
        return this.sessionContext;
    }
}
