package org.jboss.netty.handler.ssl;

import androidx.core.app.Person;
import java.io.File;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSessionContext;
import org.jboss.netty.buffer.ChannelBuffer;
import org.jboss.netty.buffer.ChannelBufferInputStream;

/* loaded from: classes2.dex */
public final class JdkSslServerContext extends JdkSslContext {
    public final SSLContext ctx;
    public final List<String> nextProtocols;

    public JdkSslServerContext(File file, File file2) {
        this(file, file2, null);
    }

    public JdkSslServerContext(File file, File file2, String str) {
        this(null, file, file2, str, null, null, 0L, 0L);
    }

    public JdkSslServerContext(SslBufferPool sslBufferPool, File file, File file2, String str, Iterable<String> iterable, Iterable<String> iterable2, long j, long j2) {
        super(sslBufferPool, iterable);
        PrivateKey generatePrivate;
        String next;
        if (file == null) {
            throw new NullPointerException("certChainFile");
        }
        if (file2 == null) {
            throw new NullPointerException("keyFile");
        }
        String str2 = str == null ? "" : str;
        if (iterable2 == null || !iterable2.iterator().hasNext()) {
            this.nextProtocols = Collections.emptyList();
        } else {
            if (!JettyNpnSslEngine.isAvailable()) {
                throw new SSLException("NPN/ALPN unsupported: " + iterable2);
            }
            ArrayList arrayList = new ArrayList();
            Iterator<String> it = iterable2.iterator();
            while (it.hasNext() && (next = it.next()) != null) {
                arrayList.add(next);
            }
            this.nextProtocols = Collections.unmodifiableList(arrayList);
        }
        String property = Security.getProperty("ssl.KeyManagerFactory.algorithm");
        property = property == null ? "SunX509" : property;
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null, null);
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            KeyFactory keyFactory2 = KeyFactory.getInstance("DSA");
            ChannelBuffer readPrivateKey = PemReader.readPrivateKey(file2);
            byte[] bArr = new byte[readPrivateKey.readableBytes()];
            readPrivateKey.readBytes(bArr);
            char[] charArray = str2.toCharArray();
            PKCS8EncodedKeySpec generateKeySpec = generateKeySpec(charArray, bArr);
            try {
                generatePrivate = keyFactory.generatePrivate(generateKeySpec);
            } catch (InvalidKeySpecException unused) {
                generatePrivate = keyFactory2.generatePrivate(generateKeySpec);
            }
            ArrayList arrayList2 = new ArrayList();
            for (ChannelBuffer channelBuffer : PemReader.readCertificates(file)) {
                arrayList2.add(certificateFactory.generateCertificate(new ChannelBufferInputStream(channelBuffer)));
            }
            keyStore.setKeyEntry(Person.KEY_KEY, generatePrivate, charArray, (Certificate[]) arrayList2.toArray(new Certificate[arrayList2.size()]));
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(property);
            keyManagerFactory.init(keyStore, charArray);
            this.ctx = SSLContext.getInstance(JdkSslContext.PROTOCOL);
            this.ctx.init(keyManagerFactory.getKeyManagers(), null, null);
            SSLSessionContext serverSessionContext = this.ctx.getServerSessionContext();
            if (j > 0) {
                serverSessionContext.setSessionCacheSize((int) Math.min(j, 2147483647L));
            }
            if (j2 > 0) {
                serverSessionContext.setSessionTimeout((int) Math.min(j2, 2147483647L));
            }
        } catch (Exception e) {
            throw new SSLException("failed to initialize the server-side SSL context", e);
        }
    }

    public static PKCS8EncodedKeySpec generateKeySpec(char[] cArr, byte[] bArr) {
        if (cArr == null || cArr.length == 0) {
            return new PKCS8EncodedKeySpec(bArr);
        }
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
        SecretKey generateSecret = SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(cArr));
        Cipher cipher = Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
        cipher.init(2, generateSecret, encryptedPrivateKeyInfo.getAlgParameters());
        return encryptedPrivateKeyInfo.getKeySpec(cipher);
    }

    @Override // org.jboss.netty.handler.ssl.JdkSslContext
    public SSLContext context() {
        return this.ctx;
    }

    @Override // org.jboss.netty.handler.ssl.SslContext
    public boolean isClient() {
        return false;
    }

    @Override // org.jboss.netty.handler.ssl.SslContext
    public List<String> nextProtocols() {
        return this.nextProtocols;
    }
}
