package org.apache.tomcat.util.net;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.Serializable;
import java.security.KeyStore;
import java.security.UnrecoverableKeyException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.management.ObjectName;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.openssl.OpenSSLConf;
import org.apache.tomcat.util.net.openssl.ciphers.Cipher;
import org.apache.tomcat.util.net.openssl.ciphers.OpenSSLCipherConfigurationParser;
import org.apache.tomcat.util.res.StringManager;
import org.springframework.beans.propertyeditors.CustomBooleanEditor;
import org.springframework.boot.logging.LoggingSystem;
import org.springframework.validation.DefaultBindingErrorProcessor;

/* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-8.5.32.jar:org/apache/tomcat/util/net/SSLHostConfig.class */
public class SSLHostConfig implements Serializable {
    private static final long serialVersionUID = 1;
    private static final String DEFAULT_CIPHERS = "HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA";
    protected static final String DEFAULT_SSL_HOST_NAME = "_default_";
    private String[] enabledCiphers;
    private String[] enabledProtocols;
    private ObjectName oname;
    private String certificateRevocationListFile;
    private String ciphers;
    private String trustManagerClassName;
    private String certificateRevocationListPath;
    private String caCertificateFile;
    private String caCertificatePath;
    private static final Log log = LogFactory.getLog((Class<?>) SSLHostConfig.class);
    private static final StringManager sm = StringManager.getManager((Class<?>) SSLHostConfig.class);
    protected static final Set<String> SSL_PROTO_ALL_SET = new HashSet();
    private Type configType = null;
    private Type currentConfigType = null;
    private Map<Type, Set<String>> configuredProperties = new HashMap();
    private String hostName = DEFAULT_SSL_HOST_NAME;
    private transient Long openSslConfContext = 0L;
    private transient Long openSslContext = 0L;
    private SSLHostConfigCertificate defaultCertificate = null;
    private Set<SSLHostConfigCertificate> certificates = new HashSet(4);
    private CertificateVerification certificateVerification = CertificateVerification.NONE;
    private int certificateVerificationDepth = 10;
    private boolean certificateVerificationDepthConfigured = false;
    private LinkedHashSet<Cipher> cipherList = null;
    private List<String> jsseCipherNames = null;
    private String honorCipherOrder = null;
    private Set<String> protocols = new HashSet();
    private String keyManagerAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
    private boolean revocationEnabled = false;
    private int sessionCacheSize = 0;
    private int sessionTimeout = 86400;
    private String sslProtocol = "TLS";
    private String truststoreAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
    private String truststoreFile = System.getProperty("javax.net.ssl.trustStore");
    private String truststorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
    private String truststoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider");
    private String truststoreType = System.getProperty("javax.net.ssl.trustStoreType");
    private transient KeyStore truststore = null;
    private boolean disableCompression = true;
    private boolean disableSessionTickets = false;
    private boolean insecureRenegotiation = false;
    private OpenSSLConf openSslConf = null;

    /* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-8.5.32.jar:org/apache/tomcat/util/net/SSLHostConfig$CertificateVerification.class */
    public enum CertificateVerification {
        NONE,
        OPTIONAL_NO_CA,
        OPTIONAL,
        REQUIRED;

        public static CertificateVerification fromString(String str) {
            if ("true".equalsIgnoreCase(str) || CustomBooleanEditor.VALUE_YES.equalsIgnoreCase(str) || "require".equalsIgnoreCase(str) || DefaultBindingErrorProcessor.MISSING_FIELD_ERROR_CODE.equalsIgnoreCase(str)) {
                return REQUIRED;
            }
            if ("optional".equalsIgnoreCase(str) || "want".equalsIgnoreCase(str)) {
                return OPTIONAL;
            }
            if ("optionalNoCA".equalsIgnoreCase(str) || "optional_no_ca".equalsIgnoreCase(str)) {
                return OPTIONAL_NO_CA;
            }
            if ("false".equalsIgnoreCase(str) || "no".equalsIgnoreCase(str) || LoggingSystem.NONE.equalsIgnoreCase(str)) {
                return NONE;
            }
            throw new IllegalArgumentException(SSLHostConfig.sm.getString("sslHostConfig.certificateVerificationInvalid", str));
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-8.5.32.jar:org/apache/tomcat/util/net/SSLHostConfig$Type.class */
    public enum Type {
        JSSE,
        OPENSSL,
        EITHER
    }

    public SSLHostConfig() {
        setProtocols(Constants.SSL_PROTO_ALL);
    }

    public Long getOpenSslConfContext() {
        return this.openSslConfContext;
    }

    public void setOpenSslConfContext(Long l) {
        this.openSslConfContext = l;
    }

    public Long getOpenSslContext() {
        return this.openSslContext;
    }

    public void setOpenSslContext(Long l) {
        this.openSslContext = l;
    }

    public String getConfigType() {
        return this.configType.name();
    }

    public void setConfigType(Type type) {
        this.configType = type;
        if (type != Type.EITHER) {
            this.configuredProperties.remove(type);
        } else if (this.configuredProperties.remove(Type.JSSE) == null) {
            this.configuredProperties.remove(Type.OPENSSL);
        }
        for (Map.Entry<Type, Set<String>> entry : this.configuredProperties.entrySet()) {
            Iterator<String> it = entry.getValue().iterator();
            while (it.hasNext()) {
                log.warn(sm.getString("sslHostConfig.mismatch", it.next(), getHostName(), entry.getKey(), type));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setProperty(String str, Type type) {
        if (this.configType == null) {
            Set<String> set = this.configuredProperties.get(type);
            if (set == null) {
                set = new HashSet();
                this.configuredProperties.put(type, set);
            }
            set.add(str);
            return;
        }
        if (this.configType != Type.EITHER) {
            if (type != this.configType) {
                log.warn(sm.getString("sslHostConfig.mismatch", str, getHostName(), type, this.configType));
            }
        } else if (this.currentConfigType == null) {
            this.currentConfigType = type;
        } else if (this.currentConfigType != type) {
            log.warn(sm.getString("sslHostConfig.mismatch", str, getHostName(), type, this.currentConfigType));
        }
    }

    public String[] getEnabledProtocols() {
        return this.enabledProtocols;
    }

    public void setEnabledProtocols(String[] strArr) {
        this.enabledProtocols = strArr;
    }

    public String[] getEnabledCiphers() {
        return this.enabledCiphers;
    }

    public void setEnabledCiphers(String[] strArr) {
        this.enabledCiphers = strArr;
    }

    public ObjectName getObjectName() {
        return this.oname;
    }

    public void setObjectName(ObjectName objectName) {
        this.oname = objectName;
    }

    private void registerDefaultCertificate() {
        if (this.defaultCertificate == null) {
            this.defaultCertificate = new SSLHostConfigCertificate(this, SSLHostConfigCertificate.Type.UNDEFINED);
            this.certificates.add(this.defaultCertificate);
        }
    }

    public void addCertificate(SSLHostConfigCertificate sSLHostConfigCertificate) {
        if (this.certificates.size() == 0) {
            this.certificates.add(sSLHostConfigCertificate);
        } else {
            if ((this.certificates.size() == 1 && this.certificates.iterator().next().getType() == SSLHostConfigCertificate.Type.UNDEFINED) || sSLHostConfigCertificate.getType() == SSLHostConfigCertificate.Type.UNDEFINED) {
                throw new IllegalArgumentException(sm.getString("sslHostConfig.certificate.notype"));
            }
            this.certificates.add(sSLHostConfigCertificate);
        }
    }

    public OpenSSLConf getOpenSslConf() {
        return this.openSslConf;
    }

    public void setOpenSslConf(OpenSSLConf openSSLConf) {
        if (openSSLConf == null) {
            throw new IllegalArgumentException(sm.getString("sslHostConfig.opensslconf.null"));
        }
        if (this.openSslConf != null) {
            throw new IllegalArgumentException(sm.getString("sslHostConfig.opensslconf.alreadySet"));
        }
        setProperty("<OpenSSLConf>", Type.OPENSSL);
        this.openSslConf = openSSLConf;
    }

    public Set<SSLHostConfigCertificate> getCertificates() {
        return getCertificates(false);
    }

    public Set<SSLHostConfigCertificate> getCertificates(boolean z) {
        if (this.certificates.size() == 0 && z) {
            registerDefaultCertificate();
        }
        return this.certificates;
    }

    public String getCertificateKeyPassword() {
        registerDefaultCertificate();
        return this.defaultCertificate.getCertificateKeyPassword();
    }

    public void setCertificateKeyPassword(String str) {
        registerDefaultCertificate();
        this.defaultCertificate.setCertificateKeyPassword(str);
    }

    public void setCertificateRevocationListFile(String str) {
        this.certificateRevocationListFile = str;
    }

    public String getCertificateRevocationListFile() {
        return this.certificateRevocationListFile;
    }

    public void setCertificateVerification(String str) {
        try {
            this.certificateVerification = CertificateVerification.fromString(str);
        } catch (IllegalArgumentException e) {
            this.certificateVerification = CertificateVerification.REQUIRED;
            throw e;
        }
    }

    public CertificateVerification getCertificateVerification() {
        return this.certificateVerification;
    }

    public void setCertificateVerificationDepth(int i) {
        this.certificateVerificationDepth = i;
        this.certificateVerificationDepthConfigured = true;
    }

    public int getCertificateVerificationDepth() {
        return this.certificateVerificationDepth;
    }

    public boolean isCertificateVerificationDepthConfigured() {
        return this.certificateVerificationDepthConfigured;
    }

    public void setCiphers(String str) {
        if (str == null || str.contains(":")) {
            this.ciphers = str;
        } else {
            StringBuilder sb = new StringBuilder();
            for (String str2 : str.split(",")) {
                String trim = str2.trim();
                if (trim.length() > 0) {
                    String jsseToOpenSSL = OpenSSLCipherConfigurationParser.jsseToOpenSSL(trim);
                    if (jsseToOpenSSL == null) {
                        jsseToOpenSSL = trim;
                    }
                    if (sb.length() > 0) {
                        sb.append(':');
                    }
                    sb.append(jsseToOpenSSL);
                }
            }
            this.ciphers = sb.toString();
        }
        this.cipherList = null;
        this.jsseCipherNames = null;
    }

    public String getCiphers() {
        if (this.ciphers == null) {
            if (JreCompat.isJre8Available() || !Type.JSSE.equals(this.configType)) {
                this.ciphers = DEFAULT_CIPHERS;
            } else {
                this.ciphers = "HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!DHE";
            }
        }
        return this.ciphers;
    }

    public LinkedHashSet<Cipher> getCipherList() {
        if (this.cipherList == null) {
            this.cipherList = OpenSSLCipherConfigurationParser.parse(getCiphers());
        }
        return this.cipherList;
    }

    public List<String> getJsseCipherNames() {
        if (this.jsseCipherNames == null) {
            this.jsseCipherNames = OpenSSLCipherConfigurationParser.convertForJSSE(getCipherList());
        }
        return this.jsseCipherNames;
    }

    public void setHonorCipherOrder(String str) {
        this.honorCipherOrder = str;
    }

    public String getHonorCipherOrder() {
        return this.honorCipherOrder;
    }

    public void setHostName(String str) {
        this.hostName = str;
    }

    public String getHostName() {
        return this.hostName;
    }

    public void setProtocols(String str) {
        this.protocols.clear();
        for (String str2 : str.split("(?=[-+,])")) {
            String trim = str2.trim();
            if (trim.length() > 1) {
                if (trim.charAt(0) == '+') {
                    String trim2 = trim.substring(1).trim();
                    if (trim2.equalsIgnoreCase(Constants.SSL_PROTO_ALL)) {
                        this.protocols.addAll(SSL_PROTO_ALL_SET);
                    } else {
                        this.protocols.add(trim2);
                    }
                } else if (trim.charAt(0) == '-') {
                    String trim3 = trim.substring(1).trim();
                    if (trim3.equalsIgnoreCase(Constants.SSL_PROTO_ALL)) {
                        this.protocols.removeAll(SSL_PROTO_ALL_SET);
                    } else {
                        this.protocols.remove(trim3);
                    }
                } else {
                    if (trim.charAt(0) == ',') {
                        trim = trim.substring(1).trim();
                    }
                    if (!this.protocols.isEmpty()) {
                        log.warn(sm.getString("sslHostConfig.prefix_missing", trim, getHostName()));
                    }
                    if (trim.equalsIgnoreCase(Constants.SSL_PROTO_ALL)) {
                        this.protocols.addAll(SSL_PROTO_ALL_SET);
                    } else {
                        this.protocols.add(trim);
                    }
                }
            }
        }
    }

    public Set<String> getProtocols() {
        return this.protocols;
    }

    public String getCertificateKeyAlias() {
        registerDefaultCertificate();
        return this.defaultCertificate.getCertificateKeyAlias();
    }

    public void setCertificateKeyAlias(String str) {
        registerDefaultCertificate();
        this.defaultCertificate.setCertificateKeyAlias(str);
    }

    public String getCertificateKeystoreFile() {
        registerDefaultCertificate();
        return this.defaultCertificate.getCertificateKeystoreFile();
    }

    public void setCertificateKeystoreFile(String str) {
        registerDefaultCertificate();
        this.defaultCertificate.setCertificateKeystoreFile(str);
    }

    public String getCertificateKeystorePassword() {
        registerDefaultCertificate();
        return this.defaultCertificate.getCertificateKeystorePassword();
    }

    public void setCertificateKeystorePassword(String str) {
        registerDefaultCertificate();
        this.defaultCertificate.setCertificateKeystorePassword(str);
    }

    public String getCertificateKeystoreProvider() {
        registerDefaultCertificate();
        return this.defaultCertificate.getCertificateKeystoreProvider();
    }

    public void setCertificateKeystoreProvider(String str) {
        registerDefaultCertificate();
        this.defaultCertificate.setCertificateKeystoreProvider(str);
    }

    public String getCertificateKeystoreType() {
        registerDefaultCertificate();
        return this.defaultCertificate.getCertificateKeystoreType();
    }

    public void setCertificateKeystoreType(String str) {
        registerDefaultCertificate();
        this.defaultCertificate.setCertificateKeystoreType(str);
    }

    public void setKeyManagerAlgorithm(String str) {
        setProperty("keyManagerAlgorithm", Type.JSSE);
        this.keyManagerAlgorithm = str;
    }

    public String getKeyManagerAlgorithm() {
        return this.keyManagerAlgorithm;
    }

    public void setRevocationEnabled(boolean z) {
        setProperty("revocationEnabled", Type.JSSE);
        this.revocationEnabled = z;
    }

    public boolean getRevocationEnabled() {
        return this.revocationEnabled;
    }

    public void setSessionCacheSize(int i) {
        setProperty("sessionCacheSize", Type.JSSE);
        this.sessionCacheSize = i;
    }

    public int getSessionCacheSize() {
        return this.sessionCacheSize;
    }

    public void setSessionTimeout(int i) {
        setProperty("sessionTimeout", Type.JSSE);
        this.sessionTimeout = i;
    }

    public int getSessionTimeout() {
        return this.sessionTimeout;
    }

    public void setSslProtocol(String str) {
        setProperty("sslProtocol", Type.JSSE);
        this.sslProtocol = str;
    }

    public String getSslProtocol() {
        return this.sslProtocol;
    }

    public void setTrustManagerClassName(String str) {
        setProperty("trustManagerClassName", Type.JSSE);
        this.trustManagerClassName = str;
    }

    public String getTrustManagerClassName() {
        return this.trustManagerClassName;
    }

    public void setTruststoreAlgorithm(String str) {
        setProperty("truststoreAlgorithm", Type.JSSE);
        this.truststoreAlgorithm = str;
    }

    public String getTruststoreAlgorithm() {
        return this.truststoreAlgorithm;
    }

    public void setTruststoreFile(String str) {
        setProperty("truststoreFile", Type.JSSE);
        this.truststoreFile = str;
    }

    public String getTruststoreFile() {
        return this.truststoreFile;
    }

    public void setTruststorePassword(String str) {
        setProperty("truststorePassword", Type.JSSE);
        this.truststorePassword = str;
    }

    public String getTruststorePassword() {
        return this.truststorePassword;
    }

    public void setTruststoreProvider(String str) {
        setProperty("truststoreProvider", Type.JSSE);
        this.truststoreProvider = str;
    }

    public String getTruststoreProvider() {
        if (this.truststoreProvider != null) {
            return this.truststoreProvider;
        }
        Set<SSLHostConfigCertificate> certificates = getCertificates();
        return certificates.size() == 1 ? certificates.iterator().next().getCertificateKeystoreProvider() : SSLHostConfigCertificate.DEFAULT_KEYSTORE_PROVIDER;
    }

    public void setTruststoreType(String str) {
        setProperty("truststoreType", Type.JSSE);
        this.truststoreType = str;
    }

    public String getTruststoreType() {
        if (this.truststoreType != null) {
            return this.truststoreType;
        }
        Set<SSLHostConfigCertificate> certificates = getCertificates();
        if (certificates.size() == 1) {
            String certificateKeystoreType = certificates.iterator().next().getCertificateKeystoreType();
            if (!"PKCS12".equalsIgnoreCase(certificateKeystoreType)) {
                return certificateKeystoreType;
            }
        }
        return SSLHostConfigCertificate.DEFAULT_KEYSTORE_TYPE;
    }

    public void setTrustStore(KeyStore keyStore) {
        this.truststore = keyStore;
    }

    public KeyStore getTruststore() throws IOException {
        KeyStore keyStore = this.truststore;
        if (keyStore == null && this.truststoreFile != null) {
            try {
                keyStore = SSLUtilBase.getStore(getTruststoreType(), getTruststoreProvider(), getTruststoreFile(), getTruststorePassword());
            } catch (IOException e) {
                Throwable cause = e.getCause();
                if (!(cause instanceof UnrecoverableKeyException)) {
                    throw e;
                }
                log.warn(sm.getString("jsse.invalid_truststore_password"), cause);
                keyStore = SSLUtilBase.getStore(getTruststoreType(), getTruststoreProvider(), getTruststoreFile(), null);
            }
        }
        return keyStore;
    }

    public String getCertificateChainFile() {
        registerDefaultCertificate();
        return this.defaultCertificate.getCertificateChainFile();
    }

    public void setCertificateChainFile(String str) {
        registerDefaultCertificate();
        this.defaultCertificate.setCertificateChainFile(str);
    }

    public String getCertificateFile() {
        registerDefaultCertificate();
        return this.defaultCertificate.getCertificateFile();
    }

    public void setCertificateFile(String str) {
        registerDefaultCertificate();
        this.defaultCertificate.setCertificateFile(str);
    }

    public String getCertificateKeyFile() {
        registerDefaultCertificate();
        return this.defaultCertificate.getCertificateKeyFile();
    }

    public void setCertificateKeyFile(String str) {
        registerDefaultCertificate();
        this.defaultCertificate.setCertificateKeyFile(str);
    }

    public void setCertificateRevocationListPath(String str) {
        setProperty("certificateRevocationListPath", Type.OPENSSL);
        this.certificateRevocationListPath = str;
    }

    public String getCertificateRevocationListPath() {
        return this.certificateRevocationListPath;
    }

    public void setCaCertificateFile(String str) {
        setProperty("caCertificateFile", Type.OPENSSL);
        this.caCertificateFile = str;
    }

    public String getCaCertificateFile() {
        return this.caCertificateFile;
    }

    public void setCaCertificatePath(String str) {
        setProperty("caCertificatePath", Type.OPENSSL);
        this.caCertificatePath = str;
    }

    public String getCaCertificatePath() {
        return this.caCertificatePath;
    }

    public void setDisableCompression(boolean z) {
        setProperty("disableCompression", Type.OPENSSL);
        this.disableCompression = z;
    }

    public boolean getDisableCompression() {
        return this.disableCompression;
    }

    public void setDisableSessionTickets(boolean z) {
        setProperty("disableSessionTickets", Type.OPENSSL);
        this.disableSessionTickets = z;
    }

    public boolean getDisableSessionTickets() {
        return this.disableSessionTickets;
    }

    public void setInsecureRenegotiation(boolean z) {
        setProperty("insecureRenegotiation", Type.OPENSSL);
        this.insecureRenegotiation = z;
    }

    public boolean getInsecureRenegotiation() {
        return this.insecureRenegotiation;
    }

    public static String adjustRelativePath(String str) throws FileNotFoundException {
        if (str == null || str.length() == 0) {
            return str;
        }
        String str2 = str;
        File file = new File(str2);
        if (!file.isAbsolute()) {
            str2 = System.getProperty("catalina.base") + File.separator + str2;
            file = new File(str2);
        }
        if (file.exists()) {
            return str2;
        }
        throw new FileNotFoundException(sm.getString("sslHostConfig.fileNotFound", str2));
    }

    static {
        SSL_PROTO_ALL_SET.add(Constants.SSL_PROTO_SSLv2Hello);
        SSL_PROTO_ALL_SET.add(Constants.SSL_PROTO_TLSv1);
        SSL_PROTO_ALL_SET.add(Constants.SSL_PROTO_TLSv1_1);
        SSL_PROTO_ALL_SET.add(Constants.SSL_PROTO_TLSv1_2);
    }
}
