package cfca.sadk.tls.sun.security.ssl;

import cfca.sadk.tls.java.security.CFCAAlgorithmConstraints;
import cfca.sadk.tls.java.security.CFCACryptoPrimitive;
import cfca.sadk.tls.javax.net.ssl.CFCASSLEngine;
import cfca.sadk.tls.javax.net.ssl.CFCASSLParameters;
import cfca.sadk.tls.javax.net.ssl.CFCAX509ExtendedTrustManager;
import cfca.sadk.tls.sun.security.ssl.manager.CFCAX509TrustManagerFactory;
import cfca.sadk.tls.sun.security.ssl.sec.CipherBulk;
import cfca.sadk.tls.sun.security.ssl.sec.CipherSuite;
import cfca.sadk.tls.sun.security.ssl.sec.EphemeralKeyManager;
import cfca.sadk.tls.sun.security.ssl.sec.JSSEJCE;
import cfca.sadk.tls.sun.security.ssl.sec.SSLAlgorithmConstraints;
import cfca.sadk.tls.sun.security.ssl.sec.SecureRandoms;
import java.io.FileInputStream;
import java.security.AccessController;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.security.SecureRandom;
import java.util.Collection;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.TreeSet;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContextSpi;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import sun.security.action.GetPropertyAction;

/* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/SSLContextImpl.class */
public abstract class SSLContextImpl extends SSLContextSpi {
    private boolean isInitialized;
    private X509ExtendedKeyManager keyManager;
    private X509TrustManager trustManager;
    private SecureRandom secureRandom;
    private ProtocolList defaultServerProtocolList;
    private ProtocolList defaultClientProtocolList;
    private ProtocolList supportedProtocolList;
    private CipherSuiteList defaultServerCipherSuiteList;
    private CipherSuiteList defaultClientCipherSuiteList;
    private CipherSuiteList supportedCipherSuiteList;
    private CFCAAlgorithmConstraints defaultAlgorithmConstraints = new SSLAlgorithmConstraints(null);
    private final EphemeralKeyManager ephemeralKeyManager = new EphemeralKeyManager();
    private final SSLSessionContextImpl clientCache = new SSLSessionContextImpl();
    private final SSLSessionContextImpl serverCache = new SSLSessionContextImpl();

    /* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/SSLContextImpl$AbstractSSLContext.class */
    private static abstract class AbstractSSLContext extends SSLContextImpl {
        private static final CFCASSLParameters defaultServerSSLParams;
        private static final CFCASSLParameters supportedSSLParams = new CFCASSLParameters();

        private AbstractSSLContext() {
        }

        @Override // cfca.sadk.tls.sun.security.ssl.SSLContextImpl
        CFCASSLParameters getDefaultServerSSLParams() {
            return defaultServerSSLParams;
        }

        @Override // cfca.sadk.tls.sun.security.ssl.SSLContextImpl
        CFCASSLParameters getSupportedSSLParams() {
            return supportedSSLParams;
        }

        @Override // cfca.sadk.tls.sun.security.ssl.SSLContextImpl, javax.net.ssl.SSLContextSpi
        protected /* bridge */ /* synthetic */ SSLEngine engineCreateSSLEngine(String str, int i) {
            return super.engineCreateSSLEngine(str, i);
        }

        @Override // cfca.sadk.tls.sun.security.ssl.SSLContextImpl, javax.net.ssl.SSLContextSpi
        protected /* bridge */ /* synthetic */ SSLEngine engineCreateSSLEngine() {
            return super.engineCreateSSLEngine();
        }

        static {
            supportedSSLParams.setProtocols(new String[]{ProtocolVersion.TLS11SM.name});
            defaultServerSSLParams = supportedSSLParams;
        }
    }

    /* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/SSLContextImpl$CustomizedSSLContext.class */
    private static class CustomizedSSLContext extends AbstractSSLContext {
        private static final String PROPERTY_NAME = "jdk.tls.client.protocols";
        private static final CFCASSLParameters defaultClientSSLParams;
        private static IllegalArgumentException reservedException;

        protected CustomizedSSLContext() {
            super();
            if (reservedException != null) {
                throw reservedException;
            }
        }

        @Override // cfca.sadk.tls.sun.security.ssl.SSLContextImpl
        CFCASSLParameters getDefaultClientSSLParams() {
            return defaultClientSSLParams;
        }

        static {
            reservedException = null;
            String str = (String) AccessController.doPrivileged((PrivilegedAction) new GetPropertyAction(PROPERTY_NAME));
            defaultClientSSLParams = new CFCASSLParameters();
            if (str == null || str.length() == 0) {
                defaultClientSSLParams.setProtocols(new String[]{ProtocolVersion.TLS11SM.name});
                return;
            }
            if (str.charAt(0) == '\"' && str.charAt(str.length() - 1) == '\"') {
                str = str.substring(1, str.length() - 1);
            }
            String[] split = str.split(",");
            for (int i = 0; i < split.length; i++) {
                split[i] = split[i].trim();
                try {
                    ProtocolVersion.valueOf(split[i]);
                } catch (IllegalArgumentException e) {
                    reservedException = new IllegalArgumentException("jdk.tls.client.protocols: " + split[i] + " is not a standard SSL protocol name", e);
                }
            }
            if (reservedException == null) {
                defaultClientSSLParams.setProtocols(split);
            }
        }
    }

    /* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/SSLContextImpl$DefaultSSLContext.class */
    public static final class DefaultSSLContext extends CustomizedSSLContext {
        private static final String NONE = "NONE";
        private static final String P11KEYSTORE = "PKCS11";
        private static volatile SSLContextImpl defaultImpl;
        private static TrustManager[] defaultTrustManagers;
        private static KeyManager[] defaultKeyManagers;

        public DefaultSSLContext() throws Exception {
            try {
                super.engineInit(getDefaultKeyManager(), getDefaultTrustManager(), null);
                if (defaultImpl == null) {
                    defaultImpl = this;
                }
            } catch (Exception e) {
                if (Debugger.sslctx.isErrorEnabled()) {
                    Debugger.sslctx.error("default context init failed: ", e);
                }
                throw e;
            }
        }

        @Override // cfca.sadk.tls.sun.security.ssl.SSLContextImpl, javax.net.ssl.SSLContextSpi
        protected void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws KeyManagementException {
            throw new KeyManagementException("Default SSLContext is initialized automatically");
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static synchronized SSLContextImpl getDefaultImpl() throws Exception {
            if (defaultImpl == null) {
                new DefaultSSLContext();
            }
            return defaultImpl;
        }

        private static synchronized TrustManager[] getDefaultTrustManager() throws Exception {
            if (defaultTrustManagers != null) {
                return defaultTrustManagers;
            }
            KeyStore cacertsKeyStore = CFCAX509TrustManagerFactory.getCacertsKeyStore("defaultctx");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(cacertsKeyStore);
            defaultTrustManagers = trustManagerFactory.getTrustManagers();
            return defaultTrustManagers;
        }

        /* JADX WARN: Finally extract failed */
        private static synchronized KeyManager[] getDefaultKeyManager() throws Exception {
            if (defaultKeyManagers != null) {
                return defaultKeyManagers;
            }
            final HashMap hashMap = new HashMap();
            AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: cfca.sadk.tls.sun.security.ssl.SSLContextImpl.DefaultSSLContext.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    hashMap.put("keyStore", System.getProperty("javax.net.ssl.keyStore", ""));
                    hashMap.put("keyStoreType", System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType()));
                    hashMap.put("keyStoreProvider", System.getProperty("javax.net.ssl.keyStoreProvider", ""));
                    hashMap.put("keyStorePasswd", System.getProperty("javax.net.ssl.keyStorePassword", ""));
                    return null;
                }
            });
            final String str = (String) hashMap.get("keyStore");
            String str2 = (String) hashMap.get("keyStoreType");
            String str3 = (String) hashMap.get("keyStoreProvider");
            if (Debugger.sslctx.isDebugEnabled()) {
                Debugger.sslctx.debug("\nkeyStore is : {}\nkeyStore type is :  {}\nkeyStore provider is :  {}", new Object[]{str, str2, str3});
            }
            if (P11KEYSTORE.equals(str2) && !NONE.equals(str)) {
                throw new IllegalArgumentException("if keyStoreType is PKCS11, then keyStore must be NONE");
            }
            FileInputStream fileInputStream = null;
            KeyStore keyStore = null;
            char[] cArr = null;
            try {
                if (str.length() != 0 && !NONE.equals(str)) {
                    fileInputStream = (FileInputStream) AccessController.doPrivileged(new PrivilegedExceptionAction<FileInputStream>() { // from class: cfca.sadk.tls.sun.security.ssl.SSLContextImpl.DefaultSSLContext.2
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedExceptionAction
                        public FileInputStream run() throws Exception {
                            return new FileInputStream(str);
                        }
                    });
                }
                String str4 = (String) hashMap.get("keyStorePasswd");
                if (str4.length() != 0) {
                    cArr = str4.toCharArray();
                }
                if (str2.length() != 0) {
                    Debugger.sslctx.debug("init keystore");
                    keyStore = JSSEJCE.getDefaultKeyStore(str2, str3);
                    keyStore.load(fileInputStream, cArr);
                }
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                Debugger.sslctx.debug("init keymanager of type {}", KeyManagerFactory.getDefaultAlgorithm());
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                if (P11KEYSTORE.equals(str2)) {
                    keyManagerFactory.init(keyStore, null);
                } else {
                    keyManagerFactory.init(keyStore, cArr);
                }
                defaultKeyManagers = keyManagerFactory.getKeyManagers();
                return defaultKeyManagers;
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        }
    }

    /* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/SSLContextImpl$TLS11Context.class */
    public static final class TLS11Context extends AbstractSSLContext {
        private static final CFCASSLParameters defaultClientSSLParams = new CFCASSLParameters();

        public TLS11Context() {
            super();
        }

        @Override // cfca.sadk.tls.sun.security.ssl.SSLContextImpl
        CFCASSLParameters getDefaultClientSSLParams() {
            return defaultClientSSLParams;
        }

        static {
            defaultClientSSLParams.setProtocols(new String[]{ProtocolVersion.TLS11SM.name});
        }
    }

    /* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/SSLContextImpl$TLS12Context.class */
    public static final class TLS12Context extends AbstractSSLContext {
        private static final CFCASSLParameters defaultClientSSLParams = new CFCASSLParameters();

        public TLS12Context() {
            super();
        }

        @Override // cfca.sadk.tls.sun.security.ssl.SSLContextImpl
        CFCASSLParameters getDefaultClientSSLParams() {
            return defaultClientSSLParams;
        }

        static {
            defaultClientSSLParams.setProtocols(new String[]{ProtocolVersion.TLS11SM.name});
        }
    }

    /* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/SSLContextImpl$TLSContext.class */
    public static final class TLSContext extends CustomizedSSLContext {
    }

    SSLContextImpl() {
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws KeyManagementException {
        this.isInitialized = false;
        this.keyManager = chooseKeyManager(keyManagerArr);
        if (trustManagerArr == null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } catch (Exception e) {
            }
        }
        this.trustManager = chooseTrustManager(trustManagerArr);
        if (secureRandom == null) {
            this.secureRandom = SecureRandoms.newSecure();
        } else {
            this.secureRandom = secureRandom;
        }
        Debugger.sslctx.debug("trigger seeding of SecureRandom");
        this.secureRandom.nextInt();
        Debugger.sslctx.debug("done seeding of SecureRandom");
        this.isInitialized = true;
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLSocketFactory engineGetSocketFactory() {
        if (this.isInitialized) {
            return new SSLSocketFactoryImpl(this);
        }
        throw new IllegalStateException("SSLContextImpl is not initialized");
    }

    @Override // javax.net.ssl.SSLContextSpi
    protected SSLServerSocketFactory engineGetServerSocketFactory() {
        if (this.isInitialized) {
            return new SSLServerSocketFactoryImpl(this);
        }
        throw new IllegalStateException("SSLContext is not initialized");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.SSLContextSpi
    public CFCASSLEngine engineCreateSSLEngine() {
        if (this.isInitialized) {
            return new SSLEngineImpl(this);
        }
        throw new IllegalStateException("SSLContextImpl is not initialized");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.SSLContextSpi
    public CFCASSLEngine engineCreateSSLEngine(String str, int i) {
        if (this.isInitialized) {
            return new SSLEngineImpl(this, str, i);
        }
        throw new IllegalStateException("SSLContextImpl is not initialized");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.SSLContextSpi
    public SSLSessionContext engineGetClientSessionContext() {
        return this.clientCache;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.net.ssl.SSLContextSpi
    public SSLSessionContext engineGetServerSessionContext() {
        return this.serverCache;
    }

    private X509TrustManager chooseTrustManager(TrustManager[] trustManagerArr) throws KeyManagementException {
        X509TrustManager x509TrustManager = null;
        int i = 0;
        while (true) {
            if (trustManagerArr == null || i >= trustManagerArr.length) {
                break;
            }
            if (!(trustManagerArr[i] instanceof X509TrustManager)) {
                i++;
            } else if (trustManagerArr[i] instanceof CFCAX509ExtendedTrustManager) {
                Debugger.sslctx.debug("chooseTrustManager: choose tm-{} is X509TrustManager", Integer.valueOf(i));
                x509TrustManager = (X509TrustManager) trustManagerArr[i];
            } else {
                Debugger.sslctx.debug("chooseTrustManager: convert tm-{} to AbstractTrustManagerWrapper", Integer.valueOf(i));
                x509TrustManager = new AbstractTrustManagerWrapper((X509TrustManager) trustManagerArr[i]);
            }
        }
        if (x509TrustManager == null) {
            Debugger.sslctx.debug("chooseTrustManager: nothing found, return DummyX509TrustManager");
            x509TrustManager = DummyX509TrustManager.INSTANCE;
        }
        return x509TrustManager;
    }

    private X509ExtendedKeyManager chooseKeyManager(KeyManager[] keyManagerArr) throws KeyManagementException {
        X509ExtendedKeyManager x509ExtendedKeyManager = null;
        int i = 0;
        while (true) {
            if (keyManagerArr == null || i >= keyManagerArr.length) {
                break;
            }
            KeyManager keyManager = keyManagerArr[i];
            if (!(keyManager instanceof X509KeyManager)) {
                i++;
            } else if (keyManager instanceof X509ExtendedKeyManager) {
                Debugger.sslctx.debug("chooseKeyManager: choose km-{} is X509ExtendedKeyManager", Integer.valueOf(i));
                x509ExtendedKeyManager = (X509ExtendedKeyManager) keyManager;
            } else {
                Debugger.sslctx.debug("chooseKeyManager: convert km-{} to AbstractKeyManagerWrapper", Integer.valueOf(i));
                x509ExtendedKeyManager = new AbstractKeyManagerWrapper((X509KeyManager) keyManager);
            }
        }
        if (x509ExtendedKeyManager == null) {
            Debugger.sslctx.debug("chooseKeyManager: nothing found, return DummyX509KeyManager");
            x509ExtendedKeyManager = DummyX509KeyManager.INSTANCE;
        }
        return x509ExtendedKeyManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecureRandom getSecureRandom() {
        return this.secureRandom;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509ExtendedKeyManager getX509KeyManager() {
        return this.keyManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509TrustManager getX509TrustManager() {
        return this.trustManager;
    }

    EphemeralKeyManager getEphemeralKeyManager() {
        return this.ephemeralKeyManager;
    }

    abstract CFCASSLParameters getDefaultServerSSLParams();

    abstract CFCASSLParameters getDefaultClientSSLParams();

    abstract CFCASSLParameters getSupportedSSLParams();

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProtocolList getSuportedProtocolList() {
        if (this.supportedProtocolList == null) {
            this.supportedProtocolList = new ProtocolList(getSupportedSSLParams().getProtocols());
        }
        return this.supportedProtocolList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProtocolList getDefaultProtocolList(boolean z) {
        if (z) {
            if (this.defaultServerProtocolList == null) {
                this.defaultServerProtocolList = new ProtocolList(getDefaultServerSSLParams().getProtocols());
            }
            return this.defaultServerProtocolList;
        }
        if (this.defaultClientProtocolList == null) {
            this.defaultClientProtocolList = new ProtocolList(getDefaultClientSSLParams().getProtocols());
        }
        return this.defaultClientProtocolList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CipherSuiteList getSupportedCipherSuiteList() {
        CipherSuiteList cipherSuiteList;
        synchronized (this) {
            clearAvailableCache();
            if (this.supportedCipherSuiteList == null) {
                this.supportedCipherSuiteList = getApplicableCipherSuiteList(getSuportedProtocolList(), false);
            }
            cipherSuiteList = this.supportedCipherSuiteList;
        }
        return cipherSuiteList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CipherSuiteList getDefaultCipherSuiteList(boolean z) {
        synchronized (this) {
            clearAvailableCache();
            if (z) {
                if (this.defaultServerCipherSuiteList == null) {
                    this.defaultServerCipherSuiteList = getApplicableCipherSuiteList(getDefaultProtocolList(true), true);
                }
                return this.defaultServerCipherSuiteList;
            }
            if (this.defaultClientCipherSuiteList == null) {
                this.defaultClientCipherSuiteList = getApplicableCipherSuiteList(getDefaultProtocolList(false), true);
            }
            return this.defaultClientCipherSuiteList;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isDefaultProtocolList(ProtocolList protocolList) {
        return protocolList == this.defaultServerProtocolList || protocolList == this.defaultClientProtocolList;
    }

    private CipherSuiteList getApplicableCipherSuiteList(ProtocolList protocolList, boolean z) {
        int i = z ? 300 : 1;
        Collection<CipherSuite> allowedCipherSuites = CipherSuite.allowedCipherSuites();
        TreeSet treeSet = new TreeSet();
        if (!protocolList.collection().isEmpty() && protocolList.min.version != ProtocolVersion.NONE.version) {
            for (CipherSuite cipherSuite : allowedCipherSuites) {
                if (cipherSuite.allowed && cipherSuite.priority >= i) {
                    if (!cipherSuite.isAvailable() || cipherSuite.obsoleted <= protocolList.min.version || cipherSuite.supported > protocolList.max.version) {
                        if (Debugger.sslctx.isDebugEnabled()) {
                            if (cipherSuite.obsoleted <= protocolList.min.version) {
                                Debugger.sslctx.debug("Ignoring obsoleted cipher suite: " + cipherSuite);
                            } else if (cipherSuite.supported > protocolList.max.version) {
                                Debugger.sslctx.debug("Ignoring unsupported cipher suite: " + cipherSuite);
                            } else {
                                Debugger.sslctx.debug("Ignoring unavailable cipher suite: " + cipherSuite);
                            }
                        }
                    } else if (this.defaultAlgorithmConstraints.permits(EnumSet.of(CFCACryptoPrimitive.KEY_AGREEMENT), cipherSuite.name, null)) {
                        treeSet.add(cipherSuite);
                    }
                }
            }
        }
        return new CipherSuiteList(treeSet);
    }

    private void clearAvailableCache() {
        this.supportedCipherSuiteList = null;
        this.defaultServerCipherSuiteList = null;
        this.defaultClientCipherSuiteList = null;
        CipherBulk.clearAvailableCache();
    }
}
