package org.apache.tomcat.util.net;

import ch.qos.logback.core.net.ssl.SSL;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.file.ConfigFileLoader;
import org.apache.tomcat.util.res.StringManager;

/* loaded from: input_file:WEB-INF/lib/tomcat-embed-core-8.5.34.jar:org/apache/tomcat/util/net/SSLUtilBase.class */
public abstract class SSLUtilBase implements SSLUtil {
    private static final Log log = LogFactory.getLog((Class<?>) SSLUtilBase.class);
    private static final StringManager sm = StringManager.getManager((Class<?>) SSLUtilBase.class);
    protected final SSLHostConfigCertificate certificate;
    private final String[] enabledProtocols;
    private final String[] enabledCiphers;

    /* JADX INFO: Access modifiers changed from: protected */
    public SSLUtilBase(SSLHostConfigCertificate sSLHostConfigCertificate) {
        this.certificate = sSLHostConfigCertificate;
        SSLHostConfig sSLHostConfig = sSLHostConfigCertificate.getSSLHostConfig();
        List enabled = getEnabled("protocols", getLog(), true, sSLHostConfig.getProtocols(), getImplementedProtocols());
        if (enabled.contains(Constants.SSL_PROTO_SSLv3)) {
            log.warn(sm.getString("jsse.ssl3"));
        }
        this.enabledProtocols = (String[]) enabled.toArray(new String[enabled.size()]);
        List enabled2 = getEnabled("ciphers", getLog(), false, sSLHostConfig.getJsseCipherNames(), getImplementedCiphers());
        this.enabledCiphers = (String[]) enabled2.toArray(new String[enabled2.size()]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static <T> List<T> getEnabled(String str, Log log2, boolean z, Collection<T> collection, Collection<T> collection2) {
        ArrayList arrayList = new ArrayList();
        if (collection2.size() == 0) {
            arrayList.addAll(collection);
        } else {
            arrayList.addAll(collection);
            arrayList.retainAll(collection2);
            if (arrayList.isEmpty()) {
                throw new IllegalArgumentException(sm.getString("sslUtilBase.noneSupported", str, collection));
            }
            if (log2.isDebugEnabled()) {
                log2.debug(sm.getString("sslUtilBase.active", str, arrayList));
            }
            if ((log2.isDebugEnabled() || z) && arrayList.size() != collection.size()) {
                ArrayList arrayList2 = new ArrayList();
                arrayList2.addAll(collection);
                arrayList2.removeAll(arrayList);
                String string = sm.getString("sslUtilBase.skipped", str, arrayList2);
                if (z) {
                    log2.warn(string);
                } else {
                    log2.debug(string);
                }
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore getStore(String str, String str2, String str3, String str4) throws IOException {
        InputStream inputStream = null;
        try {
            try {
                try {
                    KeyStore keyStore = str2 == null ? KeyStore.getInstance(str) : KeyStore.getInstance(str, str2);
                    if ("DKS".equalsIgnoreCase(str)) {
                        keyStore.load(JreCompat.getInstance().getDomainLoadStoreParameter(ConfigFileLoader.getURI(str3)));
                    } else {
                        if ((!"PKCS11".equalsIgnoreCase(str) && !"".equalsIgnoreCase(str3)) || "NONE".equalsIgnoreCase(str3)) {
                            inputStream = ConfigFileLoader.getInputStream(str3);
                        }
                        char[] cArr = null;
                        if (str4 != null && (!"".equals(str4) || SSL.DEFAULT_KEYSTORE_TYPE.equalsIgnoreCase(str) || "PKCS12".equalsIgnoreCase(str))) {
                            cArr = str4.toCharArray();
                        }
                        keyStore.load(inputStream, cArr);
                    }
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e) {
                        }
                    }
                    return keyStore;
                } catch (FileNotFoundException e2) {
                    throw e2;
                }
            } catch (IOException e3) {
                throw e3;
            } catch (Exception e4) {
                String string = sm.getString("jsse.keystore_load_failed", str, str3, e4.getMessage());
                log.error(string, e4);
                throw new IOException(string);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (IOException e5) {
                }
            }
            throw th;
        }
    }

    @Override // org.apache.tomcat.util.net.SSLUtil
    public String[] getEnabledProtocols() {
        return this.enabledProtocols;
    }

    @Override // org.apache.tomcat.util.net.SSLUtil
    public String[] getEnabledCiphers() {
        return this.enabledCiphers;
    }

    protected abstract Set<String> getImplementedProtocols();

    protected abstract Set<String> getImplementedCiphers();

    protected abstract Log getLog();
}
