package org.apache.tomcat.util.net.openssl;

import java.io.IOException;
import java.security.KeyStoreException;
import java.util.List;
import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.X509KeyManager;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.net.SSLContext;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.SSLUtilBase;
import org.apache.tomcat.util.net.jsse.JSSEKeyManager;
import org.apache.tomcat.util.res.StringManager;

/* JADX WARN: Classes with same name are omitted:
  input_file:BOOT-INF/lib/tomcat-coyote-9.0.68.jar:org/apache/tomcat/util/net/openssl/OpenSSLUtil.class
 */
/* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-9.0.68.jar:org/apache/tomcat/util/net/openssl/OpenSSLUtil.class */
public class OpenSSLUtil extends SSLUtilBase {
    private static final Log log = LogFactory.getLog((Class<?>) OpenSSLUtil.class);
    private static final StringManager sm = StringManager.getManager((Class<?>) OpenSSLUtil.class);

    public OpenSSLUtil(SSLHostConfigCertificate sSLHostConfigCertificate) {
        super(sSLHostConfigCertificate);
    }

    @Override // org.apache.tomcat.util.net.SSLUtilBase
    protected Log getLog() {
        return log;
    }

    @Override // org.apache.tomcat.util.net.SSLUtilBase
    protected Set<String> getImplementedProtocols() {
        return OpenSSLEngine.IMPLEMENTED_PROTOCOLS_SET;
    }

    @Override // org.apache.tomcat.util.net.SSLUtilBase
    protected Set<String> getImplementedCiphers() {
        return OpenSSLEngine.AVAILABLE_CIPHER_SUITES;
    }

    @Override // org.apache.tomcat.util.net.SSLUtilBase
    protected boolean isTls13RenegAuthAvailable() {
        return true;
    }

    @Override // org.apache.tomcat.util.net.SSLUtilBase
    public SSLContext createSSLContextInternal(List<String> list) throws Exception {
        return new OpenSSLContext(this.certificate, list);
    }

    public static X509KeyManager chooseKeyManager(KeyManager[] keyManagerArr) throws Exception {
        if (keyManagerArr == null) {
            return null;
        }
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof JSSEKeyManager) {
                return (JSSEKeyManager) keyManager;
            }
        }
        for (KeyManager keyManager2 : keyManagerArr) {
            if (keyManager2 instanceof X509KeyManager) {
                return (X509KeyManager) keyManager2;
            }
        }
        throw new IllegalStateException(sm.getString("openssl.keyManagerMissing"));
    }

    @Override // org.apache.tomcat.util.net.SSLUtilBase, org.apache.tomcat.util.net.SSLUtil
    public KeyManager[] getKeyManagers() throws Exception {
        try {
            return super.getKeyManagers();
        } catch (IOException | KeyStoreException e) {
            if (this.certificate.getCertificateFile() == null) {
                throw e;
            }
            String string = sm.getString("openssl.nonJsseCertificate", this.certificate.getCertificateFile(), this.certificate.getCertificateKeyFile());
            if (log.isDebugEnabled()) {
                log.info(string, e);
                return null;
            }
            log.info(string);
            return null;
        } catch (IllegalArgumentException e2) {
            String string2 = sm.getString("openssl.nonJsseChain", this.certificate.getCertificateChainFile());
            if (log.isDebugEnabled()) {
                log.info(string2, e2);
                return null;
            }
            log.info(string2);
            return null;
        }
    }
}
