package com.cloudera.io.netty.handler.ssl;

import com.cloudera.io.netty.buffer.ByteBufAllocator;
import com.cloudera.io.netty.util.internal.logging.InternalLogger;
import com.cloudera.io.netty.util.internal.logging.InternalLoggerFactory;
import com.ctc.wstx.cfg.InputConfigFlags;
import java.io.File;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import org.apache.hadoop.crypto.key.kms.KMSRESTConstants;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;

/* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.6.0-cdh5.14.98.jar:com/cloudera/io/netty/handler/ssl/OpenSslServerContext.class */
public final class OpenSslServerContext extends SslContext {
    private static final InternalLogger logger = InternalLoggerFactory.getInstance((Class<?>) OpenSslServerContext.class);
    private static final List<String> DEFAULT_CIPHERS;
    private final long aprPool;
    private final List<String> ciphers;
    private final List<String> unmodifiableCiphers;
    private final long sessionCacheSize;
    private final long sessionTimeout;
    private final List<String> nextProtocols;
    private final long ctx;
    private final OpenSslSessionStats stats;

    public OpenSslServerContext(File file, File file2) throws SSLException {
        this(file, file2, null);
    }

    public OpenSslServerContext(File file, File file2, String str) throws SSLException {
        this(file, file2, str, null, null, 0L, 0L);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public OpenSslServerContext(File file, File file2, String str, Iterable<String> iterable, Iterable<String> iterable2, long j, long j2) throws SSLException {
        String next;
        String next2;
        this.ciphers = new ArrayList();
        this.unmodifiableCiphers = Collections.unmodifiableList(this.ciphers);
        OpenSsl.ensureAvailability();
        if (file == null) {
            throw new NullPointerException("certChainFile");
        }
        if (!file.isFile()) {
            throw new IllegalArgumentException("certChainFile is not a file: " + file);
        }
        if (file2 == null) {
            throw new NullPointerException("keyPath");
        }
        if (!file2.isFile()) {
            throw new IllegalArgumentException("keyPath is not a file: " + file2);
        }
        iterable = iterable == null ? DEFAULT_CIPHERS : iterable;
        str = str == null ? "" : str;
        iterable2 = iterable2 == null ? Collections.emptyList() : iterable2;
        Iterator<String> it = iterable.iterator();
        while (it.hasNext() && (next2 = it.next()) != null) {
            this.ciphers.add(next2);
        }
        ArrayList arrayList = new ArrayList();
        Iterator<String> it2 = iterable2.iterator();
        while (it2.hasNext() && (next = it2.next()) != null) {
            arrayList.add(next);
        }
        this.nextProtocols = Collections.unmodifiableList(arrayList);
        this.aprPool = Pool.create(0L);
        try {
            synchronized (OpenSslServerContext.class) {
                try {
                    this.ctx = SSLContext.make(this.aprPool, 6, 1);
                    SSLContext.setOptions(this.ctx, 4095);
                    SSLContext.setOptions(this.ctx, 16777216);
                    SSLContext.setOptions(this.ctx, InputConfigFlags.CFG_XMLID_UNIQ_CHECKS);
                    SSLContext.setOptions(this.ctx, InputConfigFlags.CFG_SUPPORT_DTDPP);
                    SSLContext.setOptions(this.ctx, 1048576);
                    SSLContext.setOptions(this.ctx, 65536);
                    try {
                        StringBuilder sb = new StringBuilder();
                        Iterator<String> it3 = this.ciphers.iterator();
                        while (it3.hasNext()) {
                            sb.append(it3.next());
                            sb.append(':');
                        }
                        sb.setLength(sb.length() - 1);
                        SSLContext.setCipherSuite(this.ctx, sb.toString());
                        SSLContext.setVerify(this.ctx, 0, 10);
                        try {
                            if (!SSLContext.setCertificate(this.ctx, file.getPath(), file2.getPath(), str, 0)) {
                                throw new SSLException("failed to set certificate: " + file + " and " + file2 + " (" + SSL.getLastError() + ')');
                            }
                            if (!SSLContext.setCertificateChainFile(this.ctx, file.getPath(), true) && !SSL.getLastError().startsWith("error:00000000:")) {
                                throw new SSLException("failed to set certificate chain: " + file + " (" + SSL.getLastError() + ')');
                            }
                            if (!arrayList.isEmpty()) {
                                StringBuilder sb2 = new StringBuilder();
                                Iterator it4 = arrayList.iterator();
                                while (it4.hasNext()) {
                                    sb2.append((String) it4.next());
                                    sb2.append(',');
                                }
                                sb2.setLength(sb2.length() - 1);
                                SSLContext.setNextProtos(this.ctx, sb2.toString());
                            }
                            if (j > 0) {
                                this.sessionCacheSize = j;
                                SSLContext.setSessionCacheSize(this.ctx, j);
                            } else {
                                this.sessionCacheSize = SSLContext.setSessionCacheSize(this.ctx, 20480L);
                                SSLContext.setSessionCacheSize(this.ctx, this);
                            }
                            if (j2 > 0) {
                                this.sessionTimeout = j2;
                                SSLContext.setSessionCacheTimeout(this.ctx, j2);
                            } else {
                                this.sessionTimeout = SSLContext.setSessionCacheTimeout(this.ctx, 300L);
                                SSLContext.setSessionCacheTimeout(this.ctx, this);
                            }
                        } catch (SSLException e) {
                            throw e;
                        } catch (Exception e2) {
                            throw new SSLException("failed to set certificate: " + file + " and " + file2, e2);
                        }
                    } catch (SSLException e3) {
                        throw e3;
                    } catch (Exception e4) {
                        throw new SSLException("failed to set cipher suite: " + this.ciphers, e4);
                    }
                } catch (Exception e5) {
                    throw new SSLException("failed to create an SSL_CTX", e5);
                }
            }
            if (1 == 0) {
                destroyPools();
            }
            this.stats = new OpenSslSessionStats(this.ctx);
        } catch (Throwable th) {
            if (0 == 0) {
                destroyPools();
            }
            throw th;
        }
    }

    @Override // com.cloudera.io.netty.handler.ssl.SslContext
    public boolean isClient() {
        return false;
    }

    @Override // com.cloudera.io.netty.handler.ssl.SslContext
    public List<String> cipherSuites() {
        return this.unmodifiableCiphers;
    }

    @Override // com.cloudera.io.netty.handler.ssl.SslContext
    public long sessionCacheSize() {
        return this.sessionCacheSize;
    }

    @Override // com.cloudera.io.netty.handler.ssl.SslContext
    public long sessionTimeout() {
        return this.sessionTimeout;
    }

    @Override // com.cloudera.io.netty.handler.ssl.SslContext
    public List<String> nextProtocols() {
        return this.nextProtocols;
    }

    public long context() {
        return this.ctx;
    }

    public OpenSslSessionStats stats() {
        return this.stats;
    }

    @Override // com.cloudera.io.netty.handler.ssl.SslContext
    public SSLEngine newEngine(ByteBufAllocator byteBufAllocator) {
        return this.nextProtocols.isEmpty() ? new OpenSslEngine(this.ctx, byteBufAllocator, null) : new OpenSslEngine(this.ctx, byteBufAllocator, this.nextProtocols.get(this.nextProtocols.size() - 1));
    }

    @Override // com.cloudera.io.netty.handler.ssl.SslContext
    public SSLEngine newEngine(ByteBufAllocator byteBufAllocator, String str, int i) {
        throw new UnsupportedOperationException();
    }

    public void setTicketKeys(byte[] bArr) {
        if (bArr == null) {
            throw new NullPointerException(KMSRESTConstants.KEYS_RESOURCE);
        }
        SSLContext.setSessionTicketKeys(this.ctx, bArr);
    }

    protected void finalize() throws Throwable {
        super.finalize();
        synchronized (OpenSslServerContext.class) {
            if (this.ctx != 0) {
                SSLContext.free(this.ctx);
            }
        }
        destroyPools();
    }

    private void destroyPools() {
        if (this.aprPool != 0) {
            Pool.destroy(this.aprPool);
        }
    }

    static {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-RC4-SHA", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "RC4-SHA", "RC4-MD5", "AES128-SHA", "AES256-SHA", "DES-CBC3-SHA");
        DEFAULT_CIPHERS = Collections.unmodifiableList(arrayList);
        if (logger.isDebugEnabled()) {
            logger.debug("Default cipher suite (OpenSSL): " + arrayList);
        }
    }
}
