package com.caucho.vfs;

import com.caucho.config.ConfigException;
import com.caucho.config.types.Period;
import com.caucho.util.JniTroubleshoot;
import com.caucho.util.JniUtil;
import com.caucho.util.L10N;
import java.io.IOException;
import java.net.InetAddress;
import java.util.regex.Pattern;
import javax.annotation.PostConstruct;

/* loaded from: input_file:com/caucho/vfs/OpenSSLFactory.class */
public class OpenSSLFactory extends QServerSocket implements SSLFactory {
    private static final int PROTOCOL_SSL2 = 1;
    private static final int PROTOCOL_SSL3 = 2;
    private static final int PROTOCOL_TLS1 = 4;
    private static final int PROTOCOL_TLS1_1 = 8;
    private static final int PROTOCOL_TLS1_2 = 16;
    private static boolean _hasJniInit;
    private static final JniTroubleshoot _jniTroubleshoot;
    private String _certificateFile;
    private String _keyFile;
    private String _certificateChainFile;
    private String _caCertificatePath;
    private String _caCertificateFile;
    private String _caRevocationPath;
    private String _caRevocationFile;
    private boolean _isCompression;
    private String _password;
    private String _verifyClient;
    private String _cipherSuite;
    private String _cryptoDevice;
    private boolean _uncleanShutdown;
    private String _protocol;
    private int _protocolFlags;
    private QServerSocket _stdServerSocket;
    private long _configFd;
    private static final L10N L = new L10N(OpenSSLFactory.class);
    private static Object _sslInitLock = new Object();
    private int _verifyDepth = -1;
    private boolean _isHonorCipherOrder = true;
    private boolean _enableSessionCache = true;
    private int _sessionCacheTimeout = 300;
    private int _defaultProtocolFlags = -1;

    public OpenSSLFactory() {
        this._protocolFlags = -1;
        this._defaultProtocolFlags &= -2;
        this._defaultProtocolFlags &= -3;
        this._protocolFlags = this._defaultProtocolFlags;
    }

    public void setCertificateFile(Path path) {
        this._certificateFile = path.getNativePath();
    }

    public String getCertificateFile() {
        return this._certificateFile;
    }

    public void setCertificateKeyFile(Path path) {
        this._keyFile = path.getNativePath();
    }

    public String getCertificateKeyFile() {
        return this._keyFile;
    }

    public void setCertificateChainFile(Path path) {
        this._certificateChainFile = path.getNativePath();
    }

    public String getCertificateChainFile() {
        return this._certificateChainFile;
    }

    public void setCACertificatePath(Path path) {
        this._caCertificatePath = path.getNativePath();
    }

    public String getCACertificatePath() {
        return this._caCertificatePath;
    }

    public void setCACertificateFile(Path path) {
        this._caCertificateFile = path.getNativePath();
    }

    public String getCACertificateFile() {
        return this._caCertificateFile;
    }

    public void setCARevocationPath(Path path) {
        this._caRevocationPath = path.getNativePath();
    }

    public String getCARevocationPath() {
        return this._caRevocationPath;
    }

    public void setCARevocationFile(Path path) {
        this._caRevocationFile = path.getNativePath();
    }

    public String getCARevocationFile() {
        return this._caRevocationFile;
    }

    public void setCipherSuite(String str) {
        this._cipherSuite = str;
    }

    public String getCipherSuite() {
        return this._cipherSuite;
    }

    public void setCompression(boolean z) {
        this._isCompression = z;
    }

    public boolean getCompression() {
        return this._isCompression;
    }

    public void setHonorCipherOrder(boolean z) {
        this._isHonorCipherOrder = z;
    }

    public boolean isHonorCipherOrder() {
        return this._isHonorCipherOrder;
    }

    public void setCryptoDevice(String str) {
        this._cryptoDevice = str;
    }

    public String getCryptoDevice() {
        return this._cryptoDevice;
    }

    public void setPassword(String str) {
        this._password = str;
    }

    public String getPassword() {
        return this._password;
    }

    public void setVerifyClient(String str) throws ConfigException {
        if (!"optional_no_ca".equals(str) && !"optional-no-ca".equals(str) && !"optional".equals(str) && !"require".equals(str) && !"none".equals(str)) {
            throw new ConfigException(L.l("'{0}' is an unknown value for verify-client.  Valid values are 'optional-no-ca', 'optional', and 'require'.", str));
        }
        if ("none".equals(str)) {
            this._verifyClient = null;
        } else {
            this._verifyClient = str;
        }
    }

    public String getVerifyClient() {
        return this._verifyClient;
    }

    public void setVerifyDepth(int i) {
        this._verifyDepth = i;
    }

    public void setUncleanShutdown(boolean z) {
        this._uncleanShutdown = z;
    }

    public boolean getUncleanShutdown() {
        return this._uncleanShutdown;
    }

    public void setSessionCache(boolean z) {
        this._enableSessionCache = z;
    }

    public void setSessionCacheTimeout(Period period) {
        this._sessionCacheTimeout = (int) (period.getPeriod() / 1000);
    }

    public void setProtocol(String str) throws ConfigException {
        int i;
        this._protocol = str;
        String[] split = Pattern.compile("\\s+").split(str);
        int i2 = this._defaultProtocolFlags;
        for (int i3 = 0; i3 < split.length; i3++) {
            if (split[i3].equalsIgnoreCase("+all")) {
                i = -1;
            } else if (split[i3].equalsIgnoreCase("-all")) {
                i = 0;
            } else if (split[i3].equalsIgnoreCase("+sslv2")) {
                i = i2 | 1;
            } else if (split[i3].equalsIgnoreCase("-sslv2")) {
                i = i2 & (-2);
            } else if (split[i3].equalsIgnoreCase("+sslv3")) {
                i = i2 | 2;
            } else if (split[i3].equalsIgnoreCase("-sslv3")) {
                i = i2 & (-3);
            } else if (split[i3].equalsIgnoreCase("+tlsv1")) {
                i = i2 | 4;
            } else if (split[i3].equalsIgnoreCase("-tlsv1")) {
                i = i2 & (-5);
            } else if (split[i3].equalsIgnoreCase("+tlsv1.1")) {
                i = i2 | 8;
            } else if (split[i3].equalsIgnoreCase("-tlsv1.1")) {
                i = i2 & (-9);
            } else if (split[i3].equalsIgnoreCase("+tlsv1.2")) {
                i = i2 | PROTOCOL_TLS1_2;
            } else {
                if (!split[i3].equalsIgnoreCase("-tlsv1.2")) {
                    throw new ConfigException(L.l("unknown protocol value '{0}'", str));
                }
                i = i2 & (-17);
            }
            i2 = i;
        }
        if (split.length > 0) {
            this._protocolFlags = i2;
        }
    }

    public boolean isJni() {
        return this._stdServerSocket != null && this._stdServerSocket.isJni();
    }

    @PostConstruct
    public void init() throws ConfigException {
        if (this._certificateFile == null) {
            throw new ConfigException(L.l("`certificate-file' is required for OpenSSL."));
        }
    }

    public QServerSocket create(InetAddress inetAddress, int i) throws ConfigException, IOException {
        synchronized (_sslInitLock) {
            if (this._stdServerSocket != null) {
                throw new IOException(L.l("Can't create duplicte ssl factory."));
            }
            initConfig();
            this._stdServerSocket = QJniServerSocket.createJNI(inetAddress, i);
            initSSL();
        }
        return this;
    }

    public QServerSocket bind(QServerSocket qServerSocket) throws ConfigException, IOException {
        synchronized (_sslInitLock) {
            if (this._stdServerSocket != null) {
                throw new ConfigException(L.l("Can't create duplicte ssl factory."));
            }
            try {
                initConfig();
                this._stdServerSocket = qServerSocket;
                initSSL();
            } catch (RuntimeException e) {
                e.printStackTrace();
                throw e;
            }
        }
        return this;
    }

    private void initSSL() throws IOException {
        JniServerSocketImpl jniServerSocketImpl = this._stdServerSocket;
        boolean z = false;
        try {
            jniServerSocketImpl.setSSL(true);
            nativeInit(jniServerSocketImpl.getFd(), this._configFd);
            z = true;
            if (1 == 0) {
                this._stdServerSocket = null;
            }
            if (1 == 0) {
                jniServerSocketImpl.close();
            }
            if (this._stdServerSocket == null) {
                throw new IOException(L.l("Can't create OpenSSL factory."));
            }
        } catch (Throwable th) {
            if (!z) {
                this._stdServerSocket = null;
            }
            if (!z) {
                jniServerSocketImpl.close();
            }
            throw th;
        }
    }

    public void setTcpNoDelay(boolean z) {
        this._stdServerSocket.setTcpNoDelay(z);
    }

    public boolean isTcpNoDelay() {
        return this._stdServerSocket.isTcpNoDelay();
    }

    public void setConnectionSocketTimeout(int i) {
        this._stdServerSocket.setConnectionSocketTimeout(i);
    }

    public void listen(int i) {
        this._stdServerSocket.listen(i);
    }

    public boolean accept(QSocket qSocket) throws IOException {
        long open;
        JniSocketImpl jniSocketImpl = (JniSocketImpl) qSocket;
        if (!this._stdServerSocket.accept(qSocket)) {
            return false;
        }
        synchronized (jniSocketImpl) {
            open = open(jniSocketImpl.getFd(), this._configFd);
        }
        if (open == 0) {
            jniSocketImpl.close();
            throw new IOException(L.l("failed to open SSL socket"));
        }
        jniSocketImpl.setSecure(true);
        return true;
    }

    public QSocket createSocket() throws IOException {
        return this._stdServerSocket.createSocket();
    }

    public InetAddress getLocalAddress() {
        QServerSocket qServerSocket = this._stdServerSocket;
        if (qServerSocket != null) {
            return qServerSocket.getLocalAddress();
        }
        return null;
    }

    public int getLocalPort() {
        QServerSocket qServerSocket = this._stdServerSocket;
        if (qServerSocket != null) {
            return qServerSocket.getLocalPort();
        }
        return 0;
    }

    public void close() throws IOException {
        QServerSocket qServerSocket = this._stdServerSocket;
        this._stdServerSocket = null;
        if (qServerSocket != null) {
            qServerSocket.close();
        }
    }

    public synchronized void initConfig() throws ConfigException {
        _jniTroubleshoot.checkIsValid();
        if (this._configFd != 0) {
            throw new ConfigException(L.l("Configuration is already initialized."));
        }
        String str = this._certificateFile;
        String str2 = this._keyFile;
        if (str2 == null) {
            str2 = str;
        }
        if (str == null) {
            str = str2;
        }
        if (str == null) {
            throw new ConfigException(L.l("certificate file is missing"));
        }
        if (str2 == null) {
            throw new ConfigException(L.l("key file is missing"));
        }
        this._configFd = initConfig(str, str2, this._password, this._certificateChainFile, this._caCertificatePath, this._caCertificateFile, this._caRevocationPath, this._caRevocationFile, getCipherSuite(), isHonorCipherOrder(), getCompression(), this._cryptoDevice, this._protocolFlags, this._uncleanShutdown);
        if (this._configFd == 0) {
            throw new ConfigException("Error initializing SSL server socket");
        }
        setVerify(this._configFd, this._verifyClient, this._verifyDepth);
        setSessionCache(this._configFd, this._enableSessionCache, this._sessionCacheTimeout);
    }

    native long initConfig(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9, boolean z, boolean z2, String str10, int i, boolean z3) throws ConfigException;

    native void setVerify(long j, String str, int i);

    native void setSessionCache(long j, boolean z, int i);

    native void nativeInit(long j, long j2) throws ConfigException;

    native long open(long j, long j2);

    public String toString() {
        return getClass().getSimpleName() + "[" + this._stdServerSocket + "]";
    }

    static {
        JniTroubleshoot jniTroubleshoot;
        JniUtil.acquire();
        try {
            try {
                System.loadLibrary("resinssl");
                jniTroubleshoot = new JniTroubleshoot(OpenSSLFactory.class, "resinssl");
                JniUtil.release();
            } catch (Throwable th) {
                jniTroubleshoot = new JniTroubleshoot(OpenSSLFactory.class, "resinssl", th);
                JniUtil.release();
            }
            _jniTroubleshoot = jniTroubleshoot;
        } catch (Throwable th2) {
            JniUtil.release();
            throw th2;
        }
    }
}
