package org.apache.tomcat.util.net;

import ch.qos.logback.core.net.ssl.SSL;
import com.alibaba.nacos.client.constant.Constants;
import java.io.File;
import java.io.IOException;
import java.io.Serializable;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import javax.management.ObjectName;
import javax.net.ssl.X509KeyManager;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.openssl.ciphers.Authentication;
import org.apache.tomcat.util.res.StringManager;

/* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-10.1.16.jar:org/apache/tomcat/util/net/SSLHostConfigCertificate.class */
public class SSLHostConfigCertificate implements Serializable {
    private static final long serialVersionUID = 1;
    private static final Log log = LogFactory.getLog((Class<?>) SSLHostConfigCertificate.class);
    private static final StringManager sm = StringManager.getManager((Class<?>) SSLHostConfigCertificate.class);
    public static final Type DEFAULT_TYPE = Type.UNDEFINED;
    static final String DEFAULT_KEYSTORE_PROVIDER = System.getProperty("javax.net.ssl.keyStoreProvider");
    static final String DEFAULT_KEYSTORE_TYPE = System.getProperty("javax.net.ssl.keyStoreType", SSL.DEFAULT_KEYSTORE_TYPE);
    private static final String DEFAULT_KEYSTORE_FILE = System.getProperty(Constants.SysEnv.USER_HOME) + File.separator + ".keystore";
    private static final String DEFAULT_KEYSTORE_PASSWORD = "changeit";
    private ObjectName oname;
    private volatile transient SSLContext sslContext;
    private final SSLHostConfig sslHostConfig;
    private final Type type;
    private String certificateKeyPassword;
    private String certificateKeyPasswordFile;
    private String certificateKeyAlias;
    private String certificateKeystorePassword;
    private String certificateKeystorePasswordFile;
    private String certificateKeystoreFile;
    private String certificateKeystoreProvider;
    private String certificateKeystoreType;
    private transient KeyStore certificateKeystore;
    private transient X509KeyManager certificateKeyManager;
    private String certificateChainFile;
    private String certificateFile;
    private String certificateKeyFile;
    private StoreType storeType;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-10.1.16.jar:org/apache/tomcat/util/net/SSLHostConfigCertificate$StoreType.class */
    public enum StoreType {
        KEYSTORE,
        PEM
    }

    /* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-10.1.16.jar:org/apache/tomcat/util/net/SSLHostConfigCertificate$Type.class */
    public enum Type {
        UNDEFINED(new Authentication[0]),
        RSA(Authentication.RSA),
        DSA(Authentication.DSS),
        EC(Authentication.ECDH, Authentication.ECDSA);

        private final Set<Authentication> compatibleAuthentications = new HashSet();

        Type(Authentication... authenticationArr) {
            if (authenticationArr != null) {
                this.compatibleAuthentications.addAll(Arrays.asList(authenticationArr));
            }
        }

        public boolean isCompatibleWith(Authentication authentication) {
            return this.compatibleAuthentications.contains(authentication);
        }
    }

    public SSLHostConfigCertificate() {
        this(null, Type.UNDEFINED);
    }

    public SSLHostConfigCertificate(SSLHostConfig sSLHostConfig, Type type) {
        this.certificateKeyPassword = null;
        this.certificateKeyPasswordFile = null;
        this.certificateKeystorePassword = "changeit";
        this.certificateKeystorePasswordFile = null;
        this.certificateKeystoreFile = DEFAULT_KEYSTORE_FILE;
        this.certificateKeystoreProvider = DEFAULT_KEYSTORE_PROVIDER;
        this.certificateKeystoreType = DEFAULT_KEYSTORE_TYPE;
        this.certificateKeystore = null;
        this.certificateKeyManager = null;
        this.storeType = null;
        this.sslHostConfig = sSLHostConfig;
        this.type = type;
    }

    public SSLContext getSslContext() {
        return this.sslContext;
    }

    public void setSslContext(SSLContext sSLContext) {
        this.sslContext = sSLContext;
    }

    public SSLHostConfig getSSLHostConfig() {
        return this.sslHostConfig;
    }

    public ObjectName getObjectName() {
        return this.oname;
    }

    public void setObjectName(ObjectName objectName) {
        this.oname = objectName;
    }

    public Type getType() {
        return this.type;
    }

    public String getCertificateKeyPassword() {
        return this.certificateKeyPassword;
    }

    public void setCertificateKeyPassword(String str) {
        this.certificateKeyPassword = str;
    }

    public String getCertificateKeyPasswordFile() {
        return this.certificateKeyPasswordFile;
    }

    public void setCertificateKeyPasswordFile(String str) {
        this.certificateKeyPasswordFile = str;
    }

    public void setCertificateKeyAlias(String str) {
        this.sslHostConfig.setProperty("Certificate.certificateKeyAlias", SSLHostConfig.Type.JSSE);
        this.certificateKeyAlias = str;
    }

    public String getCertificateKeyAlias() {
        return this.certificateKeyAlias;
    }

    public void setCertificateKeystoreFile(String str) {
        this.sslHostConfig.setProperty("Certificate.certificateKeystoreFile", SSLHostConfig.Type.JSSE);
        setStoreType("Certificate.certificateKeystoreFile", StoreType.KEYSTORE);
        this.certificateKeystoreFile = str;
    }

    public String getCertificateKeystoreFile() {
        return this.certificateKeystoreFile;
    }

    public void setCertificateKeystorePassword(String str) {
        this.sslHostConfig.setProperty("Certificate.certificateKeystorePassword", SSLHostConfig.Type.JSSE);
        setStoreType("Certificate.certificateKeystorePassword", StoreType.KEYSTORE);
        this.certificateKeystorePassword = str;
    }

    public String getCertificateKeystorePassword() {
        return this.certificateKeystorePassword;
    }

    public void setCertificateKeystorePasswordFile(String str) {
        this.sslHostConfig.setProperty("Certificate.certificateKeystorePasswordFile", SSLHostConfig.Type.JSSE);
        setStoreType("Certificate.certificateKeystorePasswordFile", StoreType.KEYSTORE);
        this.certificateKeystorePasswordFile = str;
    }

    public String getCertificateKeystorePasswordFile() {
        return this.certificateKeystorePasswordFile;
    }

    public void setCertificateKeystoreProvider(String str) {
        this.sslHostConfig.setProperty("Certificate.certificateKeystoreProvider", SSLHostConfig.Type.JSSE);
        setStoreType("Certificate.certificateKeystoreProvider", StoreType.KEYSTORE);
        this.certificateKeystoreProvider = str;
    }

    public String getCertificateKeystoreProvider() {
        return this.certificateKeystoreProvider;
    }

    public void setCertificateKeystoreType(String str) {
        this.sslHostConfig.setProperty("Certificate.certificateKeystoreType", SSLHostConfig.Type.JSSE);
        setStoreType("Certificate.certificateKeystoreType", StoreType.KEYSTORE);
        this.certificateKeystoreType = str;
    }

    public String getCertificateKeystoreType() {
        return this.certificateKeystoreType;
    }

    public void setCertificateKeystore(KeyStore keyStore) {
        this.certificateKeystore = keyStore;
        if (keyStore != null) {
            setCertificateKeystoreType(keyStore.getType());
        }
    }

    public KeyStore getCertificateKeystore() throws IOException {
        KeyStore keyStore = this.certificateKeystore;
        if (keyStore == null && this.storeType == StoreType.KEYSTORE) {
            keyStore = SSLUtilBase.getStore(getCertificateKeystoreType(), getCertificateKeystoreProvider(), getCertificateKeystoreFile(), getCertificateKeystorePassword(), getCertificateKeystorePasswordFile());
        }
        return keyStore;
    }

    public void setCertificateKeyManager(X509KeyManager x509KeyManager) {
        this.certificateKeyManager = x509KeyManager;
    }

    public X509KeyManager getCertificateKeyManager() {
        return this.certificateKeyManager;
    }

    public void setCertificateChainFile(String str) {
        setStoreType("Certificate.certificateChainFile", StoreType.PEM);
        this.certificateChainFile = str;
    }

    public String getCertificateChainFile() {
        return this.certificateChainFile;
    }

    public void setCertificateFile(String str) {
        setStoreType("Certificate.certificateFile", StoreType.PEM);
        this.certificateFile = str;
    }

    public String getCertificateFile() {
        return this.certificateFile;
    }

    public void setCertificateKeyFile(String str) {
        setStoreType("Certificate.certificateKeyFile", StoreType.PEM);
        this.certificateKeyFile = str;
    }

    public String getCertificateKeyFile() {
        return this.certificateKeyFile;
    }

    private void setStoreType(String str, StoreType storeType) {
        if (this.storeType == null) {
            this.storeType = storeType;
        } else if (this.storeType != storeType) {
            log.warn(sm.getString("sslHostConfigCertificate.mismatch", str, this.sslHostConfig.getHostName(), storeType, this.storeType));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public StoreType getStoreType() {
        return this.storeType;
    }
}
