package one.nio.net;

import java.io.File;
import java.io.IOException;
import java.lang.reflect.Field;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.Arrays;
import java.util.Comparator;
import java.util.Date;
import java.util.concurrent.atomic.AtomicLong;
import javax.net.ssl.SSLException;
import one.nio.net.NativeSslContext;
import one.nio.os.NativeLibrary;
import one.nio.util.ByteArrayBuilder;
import one.nio.util.Utf8;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:one/nio/net/SslContext.class */
public abstract class SslContext {
    private static final Log log = LogFactory.getLog(SslContext.class);
    public static final int VERIFY_NONE = 0;
    public static final int VERIFY_PEER = 1;
    public static final int VERIFY_REQUIRE_PEER_CERT = 2;
    public static final int VERIFY_ONCE = 4;
    private long lastCertUpdate;
    private long lastTicketsUpdate;
    private long lastOCSPUpdate;
    private final AtomicLong nextRefresh = new AtomicLong();
    protected SslConfig currentConfig = new SslConfig();

    public static SslContext getDefault() {
        if (NativeLibrary.IS_SUPPORTED) {
            return NativeSslContext.Holder.DEFAULT;
        }
        return null;
    }

    public static SslContext create() throws SSLException {
        if (NativeLibrary.IS_SUPPORTED) {
            return new NativeSslContext();
        }
        throw new UnsupportedOperationException();
    }

    public void close() {
    }

    public synchronized SslContext configure(SslConfig sslConfig) throws IOException {
        if (sslConfig.verifyMode != 0 && sslConfig.sessionId == null) {
            throw new SSLException("SessionId should be provided if verifyMode is set");
        }
        setDebug(sslConfig.debug);
        if (sslConfig.rdrand != this.currentConfig.rdrand) {
            setRdrand(sslConfig.rdrand);
        }
        if (changed(sslConfig.protocols, this.currentConfig.protocols)) {
            setProtocols(sslConfig.protocols);
        }
        setCiphers(sslConfig.ciphers != null ? sslConfig.ciphers : "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA");
        if (changed(sslConfig.passphrase, this.currentConfig.passphrase)) {
            setPassphrase(Utf8.toBytes(getPassphrase(sslConfig.passphrase)));
        }
        if (changed(sslConfig.certFile, this.currentConfig.certFile)) {
            long j = 0;
            for (String str : sslConfig.certFile) {
                setCertificate(str);
                j = Math.max(j, new File(str).lastModified());
            }
            this.lastCertUpdate = j;
        }
        if (changed(sslConfig.privateKeyFile, this.currentConfig.privateKeyFile)) {
            for (String str2 : sslConfig.privateKeyFile) {
                setPrivateKey(str2);
            }
        }
        if (changed(sslConfig.caFile, this.currentConfig.caFile)) {
            setCA(sslConfig.caFile);
        }
        if (changed(sslConfig.ticketDir, this.currentConfig.ticketDir)) {
            updateTicketKeys(sslConfig.ticketDir, true);
        } else if (changed(sslConfig.ticketKeyFile, this.currentConfig.ticketKeyFile)) {
            setTicketKeys(Files.readAllBytes(Paths.get(sslConfig.ticketKeyFile, new String[0])));
        } else if (sslConfig.ticketDir == null && sslConfig.ticketKeyFile == null) {
            setTicketKeys(null);
        }
        setVerify(sslConfig.verifyMode);
        setCacheSize(sslConfig.cacheSize != 0 ? sslConfig.cacheSize : 262144);
        setTimeout(sslConfig.timeout != 0 ? sslConfig.timeout / 1000 : 300L);
        if (changed(sslConfig.sessionId, this.currentConfig.sessionId)) {
            setSessionId(Utf8.toBytes(sslConfig.sessionId));
        }
        if (changed(sslConfig.applicationProtocols, this.currentConfig.applicationProtocols)) {
            setApplicationProtocols(sslConfig.applicationProtocols);
        }
        if (changed(sslConfig.ocspFile, this.currentConfig.ocspFile)) {
            updateOCSP(sslConfig.ocspFile, true);
        } else if (sslConfig.ocspFile == null) {
            setOCSP(null);
        }
        if (sslConfig.sni != this.currentConfig.sni) {
            inherit(sslConfig, sslConfig.sni);
            setSNI(sslConfig.sni);
        }
        this.currentConfig = sslConfig;
        return this;
    }

    private static boolean changed(String str, String str2) {
        return (str == null || str.equals(str2)) ? false : true;
    }

    private static boolean changed(String[] strArr, String[] strArr2) {
        return (strArr == null || Arrays.equals(strArr, strArr2)) ? false : true;
    }

    private String getPassphrase(String str) {
        String str2;
        int length = str.length();
        return (length <= 2 || str.charAt(0) != '%' || str.charAt(length - 1) != '%' || (str2 = System.getenv(str.substring(1, length - 1))) == null) ? str : str2;
    }

    private void inherit(SslConfig sslConfig, SslConfig[] sslConfigArr) {
        if (sslConfigArr != null) {
            for (SslConfig sslConfig2 : sslConfigArr) {
                for (Field field : SslConfig.class.getFields()) {
                    try {
                        Object obj = field.get(sslConfig2);
                        if (obj == null || obj == Boolean.FALSE || ((obj instanceof Number) && ((Number) obj).longValue() == 0)) {
                            field.set(sslConfig2, field.get(sslConfig));
                        }
                    } catch (IllegalAccessException e) {
                        throw new AssertionError("Should not happen");
                    }
                }
            }
        }
    }

    void updateCertificates(String[] strArr, String[] strArr2) throws IOException {
        long j = 0;
        for (String str : strArr) {
            long lastModified = new File(str).lastModified();
            if (lastModified > this.lastCertUpdate) {
                setCertificate(str);
                j = Math.max(j, lastModified);
            }
        }
        if (j == 0) {
            return;
        }
        for (String str2 : strArr2) {
            setPrivateKey(str2);
        }
        log.info("Certificates updated: " + new Date(j));
        this.lastCertUpdate = j;
    }

    void updateTicketKeys(String str, boolean z) throws IOException {
        File[] listFiles = new File(str).listFiles();
        if (listFiles == null || listFiles.length == 0) {
            log.warn("No ticket keys found in " + str);
            return;
        }
        Arrays.sort(listFiles, new Comparator<File>() { // from class: one.nio.net.SslContext.1
            @Override // java.util.Comparator
            public int compare(File file, File file2) {
                return Long.compare(file2.lastModified(), file.lastModified());
            }
        });
        long lastModified = listFiles[0].lastModified();
        if (z || lastModified > this.lastTicketsUpdate) {
            ByteArrayBuilder byteArrayBuilder = new ByteArrayBuilder(listFiles.length * 48);
            for (File file : listFiles) {
                byteArrayBuilder.append(Files.readAllBytes(file.toPath()));
            }
            setTicketKeys(byteArrayBuilder.trim());
            log.info("Ticket keys updated: " + new Date(lastModified) + ", key count = " + listFiles.length);
            this.lastTicketsUpdate = lastModified;
        }
    }

    void updateOCSP(String str, boolean z) throws IOException {
        long lastModified = new File(str).lastModified();
        if (z || lastModified > this.lastOCSPUpdate) {
            setOCSP(Files.readAllBytes(Paths.get(str, new String[0])));
            log.info("OCSP updated: " + new Date(lastModified));
            this.lastOCSPUpdate = lastModified;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void refresh() {
        long currentTimeMillis = System.currentTimeMillis();
        long j = this.nextRefresh.get();
        if (currentTimeMillis < j) {
            return;
        }
        long j2 = this.currentConfig.refreshInterval;
        if (j2 == 0) {
            j2 = 300000;
        }
        if (this.nextRefresh.compareAndSet(j, currentTimeMillis + j2)) {
            if (this.currentConfig.certFile != null && this.currentConfig.privateKeyFile != null) {
                try {
                    updateCertificates(this.currentConfig.certFile, this.currentConfig.privateKeyFile);
                } catch (IOException e) {
                    log.error("Failed to update certificates", e);
                }
            }
            if (this.currentConfig.ticketDir != null) {
                try {
                    updateTicketKeys(this.currentConfig.ticketDir, false);
                } catch (IOException e2) {
                    log.error("Failed to update ticket keys", e2);
                }
            }
            if (this.currentConfig.ocspFile != null) {
                try {
                    updateOCSP(this.currentConfig.ocspFile, false);
                } catch (IOException e3) {
                    log.error("Failed to update OCSP", e3);
                }
            }
        }
    }

    public abstract void setDebug(boolean z);

    public abstract boolean getDebug();

    public abstract void setRdrand(boolean z) throws SSLException;

    public abstract void setProtocols(String str) throws SSLException;

    public abstract void setCiphers(String str) throws SSLException;

    public abstract void setCertificate(String str) throws SSLException;

    public abstract void setPrivateKey(String str) throws SSLException;

    public abstract void setPassphrase(byte[] bArr) throws SSLException;

    public abstract void setCA(String str) throws SSLException;

    public abstract void setVerify(int i) throws SSLException;

    public abstract void setTicketKeys(byte[] bArr) throws SSLException;

    public abstract void setCacheSize(int i) throws SSLException;

    public abstract void setTimeout(long j) throws SSLException;

    public abstract void setSessionId(byte[] bArr) throws SSLException;

    public abstract void setApplicationProtocols(String[] strArr) throws SSLException;

    public abstract void setOCSP(byte[] bArr) throws SSLException;

    public abstract void setSNI(SslConfig[] sslConfigArr) throws IOException;
}
