package org.jruby.ext.openssl;

import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import org.jruby.Ruby;
import org.jruby.RubyArray;
import org.jruby.RubyClass;
import org.jruby.RubyHash;
import org.jruby.RubyInteger;
import org.jruby.RubyModule;
import org.jruby.RubyNumeric;
import org.jruby.RubyObject;
import org.jruby.RubySymbol;
import org.jruby.anno.JRubyMethod;
import org.jruby.common.IRubyWarnings;
import org.jruby.ext.openssl.CipherStrings;
import org.jruby.ext.openssl.x509store.Certificate;
import org.jruby.ext.openssl.x509store.Name;
import org.jruby.ext.openssl.x509store.Store;
import org.jruby.ext.openssl.x509store.StoreContext;
import org.jruby.ext.openssl.x509store.X509AuxCertificate;
import org.jruby.ext.openssl.x509store.X509Object;
import org.jruby.runtime.Arity;
import org.jruby.runtime.Block;
import org.jruby.runtime.BlockCallback;
import org.jruby.runtime.CallBlock;
import org.jruby.runtime.ObjectAllocator;
import org.jruby.runtime.ThreadContext;
import org.jruby.runtime.Visibility;
import org.jruby.runtime.builtin.IRubyObject;
import org.jruby.util.ByteList;

/* loaded from: input_file:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/SSLContext.class */
public class SSLContext extends RubyObject {
    private static final long serialVersionUID = -6955774230685920773L;
    private static final HashMap<String, String> SSL_VERSION_OSSL2JSSE = new LinkedHashMap(20, 1.0f);
    private static final Map<String, String[]> ENABLED_PROTOCOLS = new HashMap(8, 1.0f);
    private static ObjectAllocator SSLCONTEXT_ALLOCATOR;
    static final int SESSION_CACHE_OFF = 0;
    static final int SESSION_CACHE_CLIENT = 1;
    static final int SESSION_CACHE_SERVER = 2;
    static final int SESSION_CACHE_BOTH = 3;
    static final int SESSION_CACHE_NO_AUTO_CLEAR = 128;
    static final int SESSION_CACHE_NO_INTERNAL_LOOKUP = 256;
    static final int SESSION_CACHE_NO_INTERNAL_STORE = 512;
    static final int SESSION_CACHE_NO_INTERNAL = 768;
    private String ciphers;
    private String protocol;
    private boolean protocolForServer;
    private boolean protocolForClient;
    private PKey t_key;
    private X509Cert t_cert;
    private int verifyResult;
    private int sessionCacheSize;
    private InternalContext internalContext;
    private static String cachedProtocol;
    private static String[] cachedSupportedCipherSuites;
    private static final byte[] TLSv1;
    private static final byte[] SSLv2;
    private static final byte[] SSLv3;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/SSLContext$InternalContext.class */
    public class InternalContext {
        final Store store;
        final X509AuxCertificate cert;
        final String keyAlgorithm;
        final PrivateKey privateKey;
        final int verifyMode;
        final List<X509AuxCertificate> clientCert;
        final List<X509AuxCertificate> extraChainCert;
        private final javax.net.ssl.SSLContext sslContext;

        InternalContext(X509Cert x509Cert, PKey pKey, Store store, List<X509AuxCertificate> list, List<X509AuxCertificate> list2, int i, int i2) throws NoSuchAlgorithmException, KeyManagementException {
            if (pKey == null || x509Cert == null) {
                this.privateKey = null;
                this.keyAlgorithm = null;
                this.cert = null;
            } else {
                this.privateKey = pKey.getPrivateKey();
                this.keyAlgorithm = pKey.getAlgorithm();
                this.cert = x509Cert.getAuxCert();
            }
            this.store = store;
            this.clientCert = list;
            this.extraChainCert = list2;
            this.verifyMode = i;
            javax.net.ssl.SSLContext sSLContext = SecurityHelper.getSSLContext(SSLContext.this.protocol);
            if (SSLContext.this.protocolForClient) {
                SSLSessionContext clientSessionContext = sSLContext.getClientSessionContext();
                clientSessionContext.setSessionTimeout(i2);
                if (SSLContext.this.sessionCacheSize >= 0) {
                    clientSessionContext.setSessionCacheSize(SSLContext.this.sessionCacheSize);
                }
            }
            if (SSLContext.this.protocolForServer) {
                SSLSessionContext clientSessionContext2 = sSLContext.getClientSessionContext();
                clientSessionContext2.setSessionTimeout(i2);
                if (SSLContext.this.sessionCacheSize >= 0) {
                    clientSessionContext2.setSessionCacheSize(SSLContext.this.sessionCacheSize);
                }
            }
            sSLContext.init(new KeyManager[]{new KeyManagerImpl(this)}, new TrustManager[]{new TrustManagerImpl(this)}, null);
            this.sslContext = sSLContext;
        }

        StoreContext createStoreContext(String str) {
            if (this.store == null) {
                return null;
            }
            StoreContext storeContext = new StoreContext(this.store);
            if (storeContext.init(null, null) == 0) {
                return null;
            }
            storeContext.setExtraData(1, this.store.getExtraData(1));
            if (str != null) {
                storeContext.setDefault(str);
            }
            storeContext.verifyParameter.inherit(this.store.verifyParameter);
            return storeContext;
        }

        final javax.net.ssl.SSLContext getSSLContext() {
            return this.sslContext;
        }

        void setLastVerifyResult(int i) {
            SSLContext.this.setLastVerifyResult(i);
        }
    }

    /* loaded from: input_file:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/SSLContext$KeyManagerImpl.class */
    private static class KeyManagerImpl extends X509ExtendedKeyManager {
        final InternalContext internalContext;

        KeyManagerImpl(InternalContext internalContext) {
            this.internalContext = internalContext;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
            if (this.internalContext == null || this.internalContext.privateKey == null) {
                return null;
            }
            for (int i = 0; i < strArr.length; i++) {
                if (strArr[i].equalsIgnoreCase(this.internalContext.keyAlgorithm)) {
                    return strArr[i];
                }
            }
            return null;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
            if (this.internalContext == null || this.internalContext.privateKey == null || !str.equalsIgnoreCase(this.internalContext.keyAlgorithm)) {
                return null;
            }
            return str;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            if (this.internalContext == null) {
                return null;
            }
            ArrayList arrayList = new ArrayList();
            if (this.internalContext.extraChainCert != null) {
                arrayList.addAll(this.internalContext.extraChainCert);
            } else if (this.internalContext.cert != null) {
                StoreContext createStoreContext = this.internalContext.createStoreContext(null);
                X509AuxCertificate x509AuxCertificate = this.internalContext.cert;
                while (true) {
                    arrayList.add(x509AuxCertificate);
                    if (x509AuxCertificate.getIssuerDN().equals(x509AuxCertificate.getSubjectDN())) {
                        break;
                    }
                    try {
                        X509Object[] x509ObjectArr = new X509Object[1];
                        if (createStoreContext.getBySubject(1, new Name(x509AuxCertificate.getIssuerX500Principal()), x509ObjectArr) <= 0) {
                            break;
                        }
                        x509AuxCertificate = ((Certificate) x509ObjectArr[0]).x509;
                    } catch (RuntimeException e) {
                        OpenSSL.debugStackTrace(e);
                    } catch (Exception e2) {
                        OpenSSL.debug("KeyManagerImpl bySubject failed", e2);
                    }
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            if (this.internalContext == null || this.internalContext.privateKey == null) {
                return null;
            }
            return this.internalContext.privateKey;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return null;
        }
    }

    /* loaded from: input_file:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/SSLContext$TrustManagerImpl.class */
    private static class TrustManagerImpl implements X509TrustManager {
        final InternalContext internalContext;

        TrustManagerImpl(InternalContext internalContext) {
            this.internalContext = internalContext;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            checkTrusted("ssl_client", x509CertificateArr);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            checkTrusted("ssl_server", x509CertificateArr);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            if (this.internalContext == null) {
                return null;
            }
            return (X509Certificate[]) this.internalContext.clientCert.toArray(new X509Certificate[this.internalContext.clientCert.size()]);
        }

        private void checkTrusted(String str, X509Certificate[] x509CertificateArr) throws CertificateException {
            if (this.internalContext == null) {
                throw new CertificateException("uninitialized trust manager");
            }
            if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
                if ((this.internalContext.verifyMode & 2) != 0) {
                    throw new CertificateException("no peer certificate");
                }
            } else if ((this.internalContext.verifyMode & 1) != 0) {
                StoreContext createStoreContext = this.internalContext.createStoreContext(str);
                if (createStoreContext == null) {
                    throw new CertificateException("couldn't initialize store");
                }
                createStoreContext.setCertificate(x509CertificateArr[0]);
                createStoreContext.setChain(x509CertificateArr);
                verifyChain(createStoreContext);
            }
        }

        private void verifyChain(StoreContext storeContext) throws CertificateException {
            try {
                int verifyCertificate = storeContext.verifyCertificate();
                this.internalContext.setLastVerifyResult(storeContext.error);
                if (verifyCertificate == 0) {
                    throw new CertificateException("certificate verify failed");
                }
            } catch (Exception e) {
                this.internalContext.setLastVerifyResult(storeContext.error);
                if (storeContext.error == 0) {
                    this.internalContext.setLastVerifyResult(28);
                }
                throw new CertificateException("certificate verify failed", e);
            }
        }
    }

    public static void createSSLContext(Ruby ruby, RubyModule rubyModule) {
        RubyClass defineClassUnder = rubyModule.defineClassUnder("SSLContext", ruby.getObject(), SSLCONTEXT_ALLOCATOR);
        ThreadContext currentContext = ruby.getCurrentContext();
        defineClassUnder.addReadWriteAttribute(currentContext, "cert");
        defineClassUnder.addReadWriteAttribute(currentContext, "key");
        defineClassUnder.addReadWriteAttribute(currentContext, "client_ca");
        defineClassUnder.addReadWriteAttribute(currentContext, "ca_file");
        defineClassUnder.addReadWriteAttribute(currentContext, "ca_path");
        defineClassUnder.addReadWriteAttribute(currentContext, "timeout");
        defineClassUnder.addReadWriteAttribute(currentContext, "verify_mode");
        defineClassUnder.addReadWriteAttribute(currentContext, "verify_depth");
        defineClassUnder.addReadWriteAttribute(currentContext, "verify_callback");
        defineClassUnder.addReadWriteAttribute(currentContext, "options");
        defineClassUnder.addReadWriteAttribute(currentContext, "cert_store");
        defineClassUnder.addReadWriteAttribute(currentContext, "extra_chain_cert");
        defineClassUnder.addReadWriteAttribute(currentContext, "client_cert_cb");
        defineClassUnder.addReadWriteAttribute(currentContext, "session_id_context");
        defineClassUnder.addReadWriteAttribute(currentContext, "tmp_dh_callback");
        defineClassUnder.addReadWriteAttribute(currentContext, "servername_cb");
        defineClassUnder.defineAlias("ssl_timeout", "timeout");
        defineClassUnder.defineAlias("ssl_timeout=", "timeout=");
        defineClassUnder.defineAnnotatedMethods(SSLContext.class);
        Set<String> keySet = SSL_VERSION_OSSL2JSSE.keySet();
        RubyArray newArray = ruby.newArray(keySet.size());
        for (String str : keySet) {
            if (!str.equals(CipherStrings.SSL_TXT_SSLV2) && !str.startsWith("SSLv2_") && str.indexOf(46) == -1) {
                newArray.append(ruby.newSymbol(str));
            }
        }
        defineClassUnder.defineConstant("METHODS", newArray);
        defineClassUnder.setConstant("SESSION_CACHE_OFF", ruby.newFixnum(0));
        defineClassUnder.setConstant("SESSION_CACHE_CLIENT", ruby.newFixnum(1));
        defineClassUnder.setConstant("SESSION_CACHE_SERVER", ruby.newFixnum(2));
        defineClassUnder.setConstant("SESSION_CACHE_BOTH", ruby.newFixnum(3));
        defineClassUnder.setConstant("SESSION_CACHE_NO_AUTO_CLEAR", ruby.newFixnum(128));
        defineClassUnder.setConstant("SESSION_CACHE_NO_INTERNAL_LOOKUP", ruby.newFixnum(256));
        defineClassUnder.setConstant("SESSION_CACHE_NO_INTERNAL_STORE", ruby.newFixnum(512));
        defineClassUnder.setConstant("SESSION_CACHE_NO_INTERNAL", ruby.newFixnum(768));
        X509Store newStore = X509Store.newStore(ruby);
        newStore.set_default_paths(currentContext);
        IRubyObject constantAt = X509._X509(ruby).getConstantAt("V_FLAG_CRL_CHECK_ALL");
        if (constantAt != null) {
            newStore.set_flags(constantAt);
        }
        defineClassUnder.setConstant("DEFAULT_CERT_STORE", newStore);
        RubyHash rubyHash = new RubyHash(ruby);
        rubyHash.op_aset(currentContext, ruby.newSymbol("ssl_version"), StringHelper.newString(ruby, new byte[]{83, 83, 76, 118, 50, 51}));
        rubyHash.op_aset(currentContext, ruby.newSymbol("verify_mode"), ruby.newFixnum(1));
        rubyHash.op_aset(currentContext, ruby.newSymbol("ciphers"), StringHelper.newString(ruby, new byte[]{65, 76, 76, 58, 33, 65, 68, 72, 58, 33, 69, 88, 80, 79, 82, 84, 58, 33, 83, 83, 76, 118, 50, 58, 82, 67, 52, 43, 82, 83, 65, 58, 43, 72, 73, 71, 72, 58, 43, 77, 69, 68, 73, 85, 77, 58, 43, 76, 79, 87}));
        rubyHash.op_aset(currentContext, ruby.newSymbol("options"), ruby.newFixnum(SSL.OP_ALL));
        defineClassUnder.setConstant("DEFAULT_PARAMS", rubyHash);
    }

    public SSLContext(Ruby ruby, RubyClass rubyClass) {
        super(ruby, rubyClass);
        this.ciphers = CipherStrings.SSL_DEFAULT_CIPHER_LIST;
        this.protocol = "SSL";
        this.protocolForServer = true;
        this.protocolForClient = true;
        this.verifyResult = 1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLContext(Ruby ruby) {
        super(ruby, _SSLContext(ruby));
        this.ciphers = CipherStrings.SSL_DEFAULT_CIPHER_LIST;
        this.protocol = "SSL";
        this.protocolForServer = true;
        this.protocolForClient = true;
        this.verifyResult = 1;
    }

    @JRubyMethod(required = 0, optional = 1, visibility = Visibility.PRIVATE)
    public IRubyObject initialize(IRubyObject[] iRubyObjectArr) {
        if (iRubyObjectArr.length > 0) {
            set_ssl_version(iRubyObjectArr[0]);
        }
        return initializeImpl();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final SSLContext initializeImpl() {
        return this;
    }

    @JRubyMethod
    public IRubyObject setup(ThreadContext threadContext) {
        PKey callbackKey;
        X509Cert callbackCert;
        List emptyList;
        ArrayList arrayList;
        Ruby ruby = threadContext.runtime;
        if (isFrozen()) {
            return ruby.getNil();
        }
        synchronized (this) {
            if (isFrozen()) {
                return ruby.getNil();
            }
            freeze(threadContext);
            X509Store certStore = getCertStore();
            IRubyObject instanceVariable = getInstanceVariable("@key");
            if (instanceVariable == null || instanceVariable.isNil()) {
                callbackKey = getCallbackKey(threadContext);
            } else {
                if (!(instanceVariable instanceof PKey)) {
                    throw ruby.newTypeError("OpenSSL::PKey::PKey expected but got @key = " + instanceVariable.inspect());
                }
                callbackKey = (PKey) instanceVariable;
            }
            IRubyObject instanceVariable2 = getInstanceVariable("@cert");
            if (instanceVariable2 == null || instanceVariable2.isNil()) {
                callbackCert = getCallbackCert(threadContext);
            } else {
                if (!(instanceVariable2 instanceof X509Cert)) {
                    throw ruby.newTypeError("OpenSSL::X509::Certificate expected but got @cert = " + instanceVariable2.inspect());
                }
                callbackCert = (X509Cert) instanceVariable2;
            }
            IRubyObject instanceVariable3 = getInstanceVariable("@client_ca");
            if (instanceVariable3 == null || instanceVariable3.isNil()) {
                emptyList = Collections.emptyList();
            } else if (instanceVariable3.respondsTo("each")) {
                List<X509Cert> convertToX509Certs = convertToX509Certs(threadContext, instanceVariable3);
                emptyList = new ArrayList(convertToX509Certs.size());
                Iterator<X509Cert> it = convertToX509Certs.iterator();
                while (it.hasNext()) {
                    emptyList.add(it.next().getAuxCert());
                }
            } else {
                if (!(instanceVariable3 instanceof X509Cert)) {
                    throw ruby.newTypeError("OpenSSL::X509::Certificate expected but got @client_ca = " + instanceVariable3.inspect());
                }
                emptyList = Collections.singletonList(((X509Cert) instanceVariable3).getAuxCert());
            }
            IRubyObject instanceVariable4 = getInstanceVariable("@extra_chain_cert");
            if (instanceVariable4 == null || instanceVariable4.isNil()) {
                arrayList = null;
            } else {
                List<X509Cert> convertToX509Certs2 = convertToX509Certs(threadContext, instanceVariable4);
                arrayList = new ArrayList(convertToX509Certs2.size());
                Iterator<X509Cert> it2 = convertToX509Certs2.iterator();
                while (it2.hasNext()) {
                    arrayList.add(it2.next().getAuxCert());
                }
            }
            IRubyObject instanceVariable5 = getInstanceVariable("@verify_mode");
            int fix2int = (instanceVariable5 == null || instanceVariable5.isNil()) ? 0 : RubyNumeric.fix2int(instanceVariable5);
            IRubyObject instanceVariable6 = getInstanceVariable("@timeout");
            int fix2int2 = (instanceVariable6 == null || instanceVariable6.isNil()) ? 0 : RubyNumeric.fix2int(instanceVariable6);
            Store store = certStore != null ? certStore.getStore() : new Store();
            String caFile = getCaFile();
            String caPath = getCaPath();
            if (caFile != null || caPath != null) {
                try {
                    if (store.loadLocations(ruby, caFile, caPath) == 0) {
                        ruby.getWarnings().warn(IRubyWarnings.ID.MISCELLANEOUS, "can't set verify locations");
                    }
                } catch (Exception e) {
                    if (e instanceof RuntimeException) {
                        OpenSSL.debugStackTrace(ruby, e);
                    }
                    throw SSL.newSSLError(ruby, e);
                }
            }
            IRubyObject instanceVariable7 = getInstanceVariable("@verify_callback");
            if (instanceVariable7 == null || instanceVariable7.isNil()) {
                store.setExtraData(1, null);
            } else {
                store.setExtraData(1, instanceVariable7);
            }
            IRubyObject instanceVariable8 = getInstanceVariable("@verify_depth");
            if (instanceVariable8 == null || instanceVariable8.isNil()) {
                store.setDepth(-1);
            } else {
                store.setDepth(RubyNumeric.fix2int(instanceVariable8));
            }
            IRubyObject instanceVariable9 = getInstanceVariable("@servername_cb");
            if (instanceVariable9 == null || !instanceVariable9.isNil()) {
            }
            try {
                this.internalContext = new InternalContext(callbackCert, callbackKey, store, emptyList, arrayList, fix2int, fix2int2);
                return ruby.getTrue();
            } catch (GeneralSecurityException e2) {
                throw SSL.newSSLError(ruby, e2);
            }
        }
    }

    @JRubyMethod
    public RubyArray ciphers(ThreadContext threadContext) {
        return matchedCiphers(threadContext);
    }

    private RubyArray matchedCiphers(ThreadContext threadContext) {
        Ruby ruby = threadContext.runtime;
        try {
            Collection<CipherStrings.Def> matchingCiphers = CipherStrings.matchingCiphers(this.ciphers, getSupportedCipherSuites(this.protocol), false);
            RubyArray newArray = ruby.newArray(matchingCiphers.size());
            for (CipherStrings.Def def : matchingCiphers) {
                RubyArray newArray2 = ruby.newArray(4);
                newArray2.store(0L, StringHelper.newUTF8String(ruby, def.name));
                newArray2.store(1L, StringHelper.newUTF8String(ruby, sslVersionString(def.algorithms)));
                newArray2.store(2L, ruby.newFixnum(def.algStrengthBits));
                newArray2.store(3L, ruby.newFixnum(def.algBits));
                newArray.append(newArray2);
            }
            return newArray;
        } catch (GeneralSecurityException e) {
            throw SSL.newSSLError(ruby, e.getMessage());
        }
    }

    @JRubyMethod(name = {"ciphers="})
    public IRubyObject set_ciphers(ThreadContext threadContext, IRubyObject iRubyObject) {
        if (iRubyObject.isNil()) {
            this.ciphers = CipherStrings.SSL_DEFAULT_CIPHER_LIST;
        } else if (iRubyObject instanceof RubyArray) {
            RubyArray rubyArray = (RubyArray) iRubyObject;
            StringBuilder sb = new StringBuilder();
            String str = "";
            for (int i = 0; i < rubyArray.size(); i++) {
                sb.append(str).append(rubyArray.eltInternal(i).toString());
                str = ":";
            }
            this.ciphers = sb.toString();
        } else {
            this.ciphers = iRubyObject.asString().toString();
            if ("DEFAULT".equals(this.ciphers)) {
                this.ciphers = CipherStrings.SSL_DEFAULT_CIPHER_LIST;
            }
        }
        if (matchedCiphers(threadContext).isEmpty()) {
            throw SSL.newSSLError(threadContext.runtime, "no cipher match");
        }
        return iRubyObject;
    }

    @JRubyMethod(name = {"ssl_version="})
    public IRubyObject set_ssl_version(IRubyObject iRubyObject) {
        String obj = iRubyObject instanceof RubySymbol ? iRubyObject.toString() : iRubyObject.convertToString().toString();
        String str = SSL_VERSION_OSSL2JSSE.get(obj);
        if (str == null) {
            throw getRuntime().newArgumentError("unknown SSL method `" + obj + "'");
        }
        this.protocol = str;
        this.protocolForServer = !obj.endsWith("_client");
        this.protocolForClient = !obj.endsWith("_server");
        return iRubyObject;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String getProtocol() {
        return this.protocol;
    }

    @JRubyMethod(optional = 1)
    public IRubyObject set_params(final ThreadContext threadContext, IRubyObject[] iRubyObjectArr) {
        RubyClass _SSLContext = _SSLContext(threadContext.runtime);
        RubyHash rubyHash = (RubyHash) _SSLContext.getConstantAt("DEFAULT_PARAMS");
        RubyHash rubyHash2 = iRubyObjectArr.length == 0 ? rubyHash : (RubyHash) rubyHash.callMethod(threadContext, "merge", iRubyObjectArr[0]);
        rubyHash2.visitAll(new RubyHash.Visitor() { // from class: org.jruby.ext.openssl.SSLContext.2
            @Override // org.jruby.RubyHash.Visitor
            public void visit(IRubyObject iRubyObject, IRubyObject iRubyObject2) {
                this.callMethod(threadContext, iRubyObject.toString() + '=', iRubyObject2);
            }
        });
        IRubyObject instanceVariable = getInstanceVariable("@verify_mode");
        if (instanceVariable != null && !instanceVariable.isNil() && RubyNumeric.fix2int(instanceVariable) != 0 && !Utils.hasNonNilInstanceVariable(this, "@ca_file") && !Utils.hasNonNilInstanceVariable(this, "@ca_path") && !Utils.hasNonNilInstanceVariable(this, "@cert_store")) {
            setInstanceVariable("@cert_store", _SSLContext.getConstantAt("DEFAULT_CERT_STORE"));
        }
        return rubyHash2;
    }

    @JRubyMethod(name = {"session_cache_mode"})
    public IRubyObject session_cache_mode() {
        return getRuntime().getNil();
    }

    @JRubyMethod(name = {"session_cache_mode="})
    public IRubyObject set_session_cache_mode(IRubyObject iRubyObject) {
        OpenSSL.warn(getRuntime().getCurrentContext(), "SSLContext#session_cache_mode= has no effect under JRuby");
        return session_cache_mode();
    }

    @JRubyMethod(name = {"session_cache_size"})
    public IRubyObject session_cache_size() {
        return getRuntime().newFixnum(this.sessionCacheSize);
    }

    @JRubyMethod(name = {"session_cache_size="})
    public IRubyObject set_session_cache_size(IRubyObject iRubyObject) {
        this.sessionCacheSize = RubyInteger.fix2int(iRubyObject);
        return iRubyObject;
    }

    @JRubyMethod(name = {"session_cache_stats"})
    public RubyHash session_cache_stats(ThreadContext threadContext) {
        return RubyHash.newHash(threadContext.runtime);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isProtocolForServer() {
        return this.protocolForServer;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isProtocolForClient() {
        return this.protocolForClient;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getLastVerifyResult() {
        return this.verifyResult;
    }

    void setLastVerifyResult(int i) {
        this.verifyResult = i;
    }

    private static String[] getSupportedCipherSuites(String str) throws GeneralSecurityException {
        if (cachedProtocol == null) {
            synchronized (SSLContext.class) {
                if (cachedProtocol == null) {
                    cachedSupportedCipherSuites = dummySSLEngine(str).getSupportedCipherSuites();
                    cachedProtocol = str;
                    return cachedSupportedCipherSuites;
                }
            }
        }
        return str.equals(cachedProtocol) ? cachedSupportedCipherSuites : dummySSLEngine(str).getSupportedCipherSuites();
    }

    private static SSLEngine dummySSLEngine(String str) throws GeneralSecurityException {
        javax.net.ssl.SSLContext sSLContext = SecurityHelper.getSSLContext(str);
        sSLContext.init(null, null, null);
        return sSLContext.createSSLEngine();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLEngine createSSLEngine(String str, int i) throws NoSuchAlgorithmException, KeyManagementException {
        SSLEngine createSSLEngine = (str == null || str.length() == 0) ? this.internalContext.getSSLContext().createSSLEngine() : this.internalContext.getSSLContext().createSSLEngine(str, i);
        createSSLEngine.setEnabledCipherSuites(getCipherSuites(createSSLEngine.getSupportedCipherSuites()));
        createSSLEngine.setEnabledProtocols(getEnabledProtocols(createSSLEngine));
        return createSSLEngine;
    }

    private String[] getCipherSuites(String[] strArr) {
        Collection<CipherStrings.Def> matchingCiphers = CipherStrings.matchingCiphers(this.ciphers, strArr, true);
        String[] strArr2 = new String[matchingCiphers.size()];
        int i = 0;
        Iterator<CipherStrings.Def> it = matchingCiphers.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            strArr2[i2] = it.next().getCipherSuite();
        }
        return strArr2;
    }

    private String[] getEnabledProtocols(SSLEngine sSLEngine) {
        String[] strArr = ENABLED_PROTOCOLS.get(this.protocol);
        if (strArr == null) {
            return new String[0];
        }
        long options = getOptions();
        String[] enabledProtocols = sSLEngine.getEnabledProtocols();
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            if (((options & 16777216) == 0 || !str.equals(CipherStrings.SSL_TXT_SSLV2)) && (((options & 33554432) == 0 || !str.equals(CipherStrings.SSL_TXT_SSLV3)) && ((options & 67108864) == 0 || !str.equals(CipherStrings.SSL_TXT_TLSV1)))) {
                for (String str2 : enabledProtocols) {
                    if (str2.equals(str)) {
                        arrayList.add(str2);
                    }
                }
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private ByteList sslVersionString(long j) {
        ByteList byteList = new ByteList(18);
        boolean z = true;
        if ((j & 33554432) != 0) {
            if (1 == 0) {
                byteList.append(47);
            }
            z = false;
            byteList.append(TLSv1);
            byteList.append(47);
            byteList.append(SSLv3);
        }
        if ((j & 16777216) != 0) {
            if (!z) {
                byteList.append(47);
            }
            byteList.append(SSLv2);
        }
        return byteList;
    }

    private PKey getCallbackKey(ThreadContext threadContext) {
        if (this.t_key != null) {
            return this.t_key;
        }
        initFromCallback(threadContext);
        return this.t_key;
    }

    private X509Cert getCallbackCert(ThreadContext threadContext) {
        if (this.t_cert != null) {
            return this.t_cert;
        }
        initFromCallback(threadContext);
        return this.t_cert;
    }

    private void initFromCallback(ThreadContext threadContext) {
        IRubyObject instanceVariable = getInstanceVariable("@client_cert_cb");
        if (instanceVariable == null || instanceVariable.isNil()) {
            return;
        }
        IRubyObject callMethod = instanceVariable.callMethod(threadContext, "call", this);
        if (!(callMethod instanceof RubyArray)) {
            throw threadContext.runtime.newTypeError("expected @client_cert_cb.call to return an Array but got: " + callMethod.getMetaClass().getName());
        }
        IRubyObject entry = ((RubyArray) callMethod).entry(0);
        IRubyObject entry2 = ((RubyArray) callMethod).entry(1);
        if (!(entry instanceof X509Cert)) {
            throw threadContext.runtime.newTypeError(entry.inspect() + " is not an instance of OpenSSL::X509::Certificate");
        }
        if (!(entry2 instanceof PKey)) {
            throw threadContext.runtime.newTypeError(entry2.inspect() + " is not an instance of OpenSSL::PKey::PKey");
        }
        this.t_cert = (X509Cert) entry;
        this.t_key = (PKey) entry2;
    }

    private X509Store getCertStore() {
        IRubyObject instanceVariable = getInstanceVariable("@cert_store");
        if (instanceVariable instanceof X509Store) {
            return (X509Store) instanceVariable;
        }
        return null;
    }

    private String getCaFile() {
        IRubyObject instanceVariable = getInstanceVariable("@ca_file");
        if (instanceVariable == null || instanceVariable.isNil()) {
            return null;
        }
        return instanceVariable.asString().toString();
    }

    private String getCaPath() {
        IRubyObject instanceVariable = getInstanceVariable("@ca_path");
        if (instanceVariable == null || instanceVariable.isNil()) {
            return null;
        }
        return instanceVariable.asString().toString();
    }

    private long getOptions() {
        IRubyObject instanceVariable = getInstanceVariable("@options");
        if (instanceVariable == null || instanceVariable.isNil()) {
            return 0L;
        }
        return RubyNumeric.fix2long(instanceVariable);
    }

    private List<X509Cert> convertToX509Certs(ThreadContext threadContext, IRubyObject iRubyObject) {
        final ArrayList arrayList = new ArrayList();
        RubyClass _SSLContext = _SSLContext(threadContext.runtime);
        final RubyClass _Certificate = X509Cert._Certificate(threadContext.runtime);
        Utils.invoke(threadContext, iRubyObject, "each", CallBlock.newCallClosure(iRubyObject, _SSLContext, Arity.NO_ARGUMENTS, new BlockCallback() { // from class: org.jruby.ext.openssl.SSLContext.3
            @Override // org.jruby.runtime.BlockCallback
            public IRubyObject call(ThreadContext threadContext2, IRubyObject[] iRubyObjectArr, Block block) {
                IRubyObject iRubyObject2 = iRubyObjectArr[0];
                if (!_Certificate.isInstance(iRubyObject2)) {
                    throw threadContext2.runtime.newTypeError("wrong argument : " + iRubyObject2.inspect() + " is not a " + _Certificate.getName());
                }
                arrayList.add((X509Cert) iRubyObject2);
                return threadContext2.nil;
            }
        }, threadContext));
        return arrayList;
    }

    static RubyClass _SSLContext(Ruby ruby) {
        return (RubyClass) SSL._SSL(ruby).getConstantAt("SSLContext");
    }

    static {
        SSL_VERSION_OSSL2JSSE.put(CipherStrings.SSL_TXT_TLSV1, CipherStrings.SSL_TXT_TLSV1);
        SSL_VERSION_OSSL2JSSE.put("TLSv1_server", CipherStrings.SSL_TXT_TLSV1);
        SSL_VERSION_OSSL2JSSE.put("TLSv1_client", CipherStrings.SSL_TXT_TLSV1);
        ENABLED_PROTOCOLS.put(CipherStrings.SSL_TXT_TLSV1, new String[]{CipherStrings.SSL_TXT_TLSV1});
        SSL_VERSION_OSSL2JSSE.put(CipherStrings.SSL_TXT_SSLV2, CipherStrings.SSL_TXT_SSLV2);
        SSL_VERSION_OSSL2JSSE.put("SSLv2_server", CipherStrings.SSL_TXT_SSLV2);
        SSL_VERSION_OSSL2JSSE.put("SSLv2_client", CipherStrings.SSL_TXT_SSLV2);
        ENABLED_PROTOCOLS.put(CipherStrings.SSL_TXT_SSLV2, new String[]{CipherStrings.SSL_TXT_SSLV2});
        SSL_VERSION_OSSL2JSSE.put(CipherStrings.SSL_TXT_SSLV3, CipherStrings.SSL_TXT_SSLV3);
        SSL_VERSION_OSSL2JSSE.put("SSLv3_server", CipherStrings.SSL_TXT_SSLV3);
        SSL_VERSION_OSSL2JSSE.put("SSLv3_client", CipherStrings.SSL_TXT_SSLV3);
        ENABLED_PROTOCOLS.put(CipherStrings.SSL_TXT_SSLV3, new String[]{CipherStrings.SSL_TXT_SSLV3});
        SSL_VERSION_OSSL2JSSE.put("SSLv23", "SSL");
        SSL_VERSION_OSSL2JSSE.put("SSLv23_server", "SSL");
        SSL_VERSION_OSSL2JSSE.put("SSLv23_client", "SSL");
        ENABLED_PROTOCOLS.put("SSL", new String[]{CipherStrings.SSL_TXT_SSLV2, CipherStrings.SSL_TXT_SSLV3, CipherStrings.SSL_TXT_TLSV1});
        SSL_VERSION_OSSL2JSSE.put("TLS", "TLS");
        ENABLED_PROTOCOLS.put("TLS", new String[]{CipherStrings.SSL_TXT_TLSV1, "TLSv1.1"});
        SSL_VERSION_OSSL2JSSE.put("TLSv1.1", "TLSv1.1");
        ENABLED_PROTOCOLS.put("TLSv1.1", new String[]{"TLSv1.1"});
        SSL_VERSION_OSSL2JSSE.put("TLSv1_1", "TLSv1.1");
        SSL_VERSION_OSSL2JSSE.put("TLSv1_2", "TLSv1.2");
        ENABLED_PROTOCOLS.put("TLSv1.2", new String[]{"TLSv1.2"});
        SSL_VERSION_OSSL2JSSE.put("TLSv1.2", "TLSv1.2");
        SSLCONTEXT_ALLOCATOR = new ObjectAllocator() { // from class: org.jruby.ext.openssl.SSLContext.1
            @Override // org.jruby.runtime.ObjectAllocator
            public IRubyObject allocate(Ruby ruby, RubyClass rubyClass) {
                return new SSLContext(ruby, rubyClass);
            }
        };
        cachedProtocol = null;
        TLSv1 = new byte[]{84, 76, 83, 118, 49};
        SSLv2 = new byte[]{83, 83, 76, 118, 50};
        SSLv3 = new byte[]{83, 83, 76, 118, 51};
    }
}
