package io.milton.grizzly;

import com.microsoft.services.msa.PreferencesConstants;
import java.io.File;
import java.io.IOException;
import java.net.Socket;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509ExtendedKeyManager;
import kotlin.io.path.PathTreeWalk$$ExternalSyntheticApiModelOutline0;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.glassfish.grizzly.ssl.SSLEngineConfigurator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class MiltonSNICertificateManager {
    public static final String SECURE_TYPE = "TLS";
    public static final String SYS_SECURE_PROTOCOL = "secure.protocol";
    private static final Logger log = LoggerFactory.getLogger(MiltonSNICertificateManager.class);
    private static MiltonSNICertificateManager sniCerManager;
    private final MiltonSNICertificateStore certificateStore;
    private final MiltonSNICertificateStoreSpi keyStoreSpi;
    public final String primaryDomain = GrizzlyServer.getPropertyOrDefault("secure.primary_domain", "localhost");

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes2.dex */
    public class SNICertificateManager extends X509ExtendedKeyManager {
        protected SNICertificateManager() {
        }

        private List<File> getCertificateFiles() throws URISyntaxException {
            ArrayList arrayList = new ArrayList();
            for (String str : GrizzlyServer.getPropertyOrDefault("secure.certificate", null).split(PreferencesConstants.COOKIE_DELIMITER)) {
                arrayList.add(new File(str));
            }
            return arrayList;
        }

        private X509Certificate[] loadCertificatesFromLocalFile() {
            X509Certificate parseX509Certificate;
            try {
                List<File> certificateFiles = getCertificateFiles();
                ArrayList arrayList = new ArrayList();
                for (File file : certificateFiles) {
                    if (file.isFile() && file.exists() && (parseX509Certificate = SSLTools.parseX509Certificate(FileUtils.readFileToByteArray(file))) != null) {
                        arrayList.add(parseX509Certificate);
                    }
                }
                int size = arrayList.size();
                X509Certificate[] x509CertificateArr = new X509Certificate[size];
                arrayList.toArray(x509CertificateArr);
                MiltonSNICertificateManager.log.trace("loaded X509Certificate[] len = {}", Integer.valueOf(size));
                return x509CertificateArr;
            } catch (Exception e) {
                MiltonSNICertificateManager.log.error("getCertificate error.", (Throwable) e);
                return null;
            }
        }

        private PrivateKey loadPrivateKeyFromFile() throws IOException, GeneralSecurityException {
            String propertyOrDefault = GrizzlyServer.getPropertyOrDefault("secure.privatekey", null);
            if (StringUtils.isNotBlank(propertyOrDefault)) {
                return SSLTools.parsePrivateKey(FileUtils.readFileToByteArray(new File(propertyOrDefault).getAbsoluteFile()));
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            throw new UnsupportedOperationException("Not supported yet.");
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
            throw new UnsupportedOperationException("Not supported yet.");
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
            SSLSession handshakeSession;
            List requestedServerNames;
            String str2;
            int type;
            MiltonSNICertificateManager.log.trace("Https (SSL/TLS) Handshaking start....");
            MiltonSNICertificateManager.log.trace("Choose the EngineServer Alias Name, and the engine type is: {}", str);
            handshakeSession = sSLEngine.getHandshakeSession();
            ExtendedSSLSession m1782m = PathTreeWalk$$ExternalSyntheticApiModelOutline0.m1782m((Object) handshakeSession);
            MiltonSNICertificateManager.log.debug("Choose EngineServer Alias Name, and the handshake session is:" + m1782m.hashCode());
            requestedServerNames = m1782m.getRequestedServerNames();
            Iterator it2 = requestedServerNames.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    str2 = null;
                    break;
                }
                SNIServerName m1784m = PathTreeWalk$$ExternalSyntheticApiModelOutline0.m1784m(it2.next());
                type = m1784m.getType();
                if (type == 0) {
                    str2 = PathTreeWalk$$ExternalSyntheticApiModelOutline0.m1783m((Object) m1784m).getAsciiName();
                    break;
                }
            }
            MiltonSNICertificateManager.log.trace("chooseEngineServerAlias, SNIServerName is: {}", str2);
            if (MiltonSNICertificateManager.this.keyStoreSpi.engineContainsAlias(str2)) {
                return str2;
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            throw new UnsupportedOperationException("Not supported yet.");
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            MiltonSNICertificateManager.log.trace("Get the CertificateChain for the domain {}", str);
            StringBuilder sb = new StringBuilder("admin.");
            sb.append(MiltonSNICertificateManager.this.primaryDomain);
            X509Certificate[] loadCertificatesFromLocalFile = str.endsWith(sb.toString()) ? loadCertificatesFromLocalFile() : MiltonSNICertificateManager.this.keyStoreSpi.engineGetCertificateChain(str);
            if (MiltonSNICertificateManager.log.isDebugEnabled()) {
                MiltonSNICertificateManager.log.debug("the Certificate Chain is :", Arrays.toString(loadCertificatesFromLocalFile));
            }
            return loadCertificatesFromLocalFile;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            throw new UnsupportedOperationException("Not supported yet.");
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            PrivateKey loadPrivateKeyFromFile;
            MiltonSNICertificateManager.log.trace("Get the PrivateKey for the domain : {}", str);
            if (str.endsWith("admin." + MiltonSNICertificateManager.this.primaryDomain)) {
                try {
                    loadPrivateKeyFromFile = loadPrivateKeyFromFile();
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            } else {
                loadPrivateKeyFromFile = (PrivateKey) MiltonSNICertificateManager.this.keyStoreSpi.engineGetKey(str, null);
            }
            MiltonSNICertificateManager.log.trace("Retrieved PK: {}", loadPrivateKeyFromFile);
            return loadPrivateKeyFromFile;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            throw new UnsupportedOperationException("Not supported yet.");
        }
    }

    public MiltonSNICertificateManager(MiltonSNICertificateStore miltonSNICertificateStore) {
        this.certificateStore = miltonSNICertificateStore;
        this.keyStoreSpi = new MiltonSNICertificateStoreSpi(miltonSNICertificateStore);
    }

    public SSLEngineConfigurator createEngineConfigurator() {
        return createEngineConfigurator(createKeyManager());
    }

    public SSLEngineConfigurator createEngineConfigurator(KeyManager[] keyManagerArr) {
        try {
            SSLContext sSLContext = SSLContext.getInstance(GrizzlyServer.getPropertyOrDefault(SYS_SECURE_PROTOCOL, "TLS"));
            sSLContext.init(keyManagerArr, null, new SecureRandom());
            return new SSLEngineConfigurator(sSLContext, false, false, false);
        } catch (Exception e) {
            log.error("createSSLContext", (Throwable) e);
            return null;
        }
    }

    public KeyManager[] createKeyManager() {
        return new SNICertificateManager[]{new SNICertificateManager()};
    }
}
