package org.jruby.ext.openssl;

import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.xalan.templates.Constants;
import org.apache.xmlbeans.impl.schema.SoapEncSchemaTypeSystem;
import org.jruby.Ruby;
import org.jruby.RubyArray;
import org.jruby.RubyClass;
import org.jruby.RubyModule;
import org.jruby.RubyNumeric;
import org.jruby.RubyObject;
import org.jruby.RubyString;
import org.jruby.anno.JRubyMethod;
import org.jruby.common.IRubyWarnings;
import org.jruby.exceptions.RaiseException;
import org.jruby.ext.openssl.CipherStrings;
import org.jruby.ext.openssl.x509store.Certificate;
import org.jruby.ext.openssl.x509store.Name;
import org.jruby.ext.openssl.x509store.Store;
import org.jruby.ext.openssl.x509store.StoreContext;
import org.jruby.ext.openssl.x509store.X509AuxCertificate;
import org.jruby.ext.openssl.x509store.X509Object;
import org.jruby.runtime.Arity;
import org.jruby.runtime.Block;
import org.jruby.runtime.BlockCallback;
import org.jruby.runtime.CallBlock;
import org.jruby.runtime.Helpers;
import org.jruby.runtime.ObjectAllocator;
import org.jruby.runtime.ThreadContext;
import org.jruby.runtime.builtin.IRubyObject;

/* loaded from: input_file:mule/lib/opt/jruby-stdlib-1.7.4.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/SSLContext.class */
public class SSLContext extends RubyObject {
    private static final long serialVersionUID = -6203496135962974777L;
    private static final String[] ctx_attrs = {"cert", "key", "client_ca", "ca_file", "ca_path", "timeout", "verify_mode", "verify_depth", "verify_callback", "options", "cert_store", "extra_chain_cert", "client_cert_cb", "tmp_dh_callback", "session_id_context"};
    private static final Map<String, String> SSL_VERSION_OSSL2JSSE = new HashMap();
    private static final Map<String, String[]> ENABLED_PROTOCOLS = new HashMap();
    private static ObjectAllocator SSLCONTEXT_ALLOCATOR;
    private String ciphers;
    private String protocol;
    private boolean protocolForServer;
    private boolean protocolForClient;
    private PKey t_key;
    private X509Cert t_cert;
    private int verifyResult;
    private InternalContext internalCtx;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:mule/lib/opt/jruby-stdlib-1.7.4.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/SSLContext$InternalContext.class */
    public class InternalContext {
        Store store;
        int verifyMode;
        X509AuxCertificate cert;
        String keyAlgorithm;
        PrivateKey privateKey;
        List<X509AuxCertificate> extraChainCert;
        List<X509AuxCertificate> clientCa;
        int timeout;
        String protocol;
        boolean protocolForServer;
        boolean protocolForClient;
        private javax.net.ssl.SSLContext sslCtx;

        private InternalContext() {
            this.store = null;
            this.verifyMode = 0;
            this.cert = null;
            this.keyAlgorithm = null;
            this.privateKey = null;
            this.extraChainCert = null;
            this.clientCa = new ArrayList();
            this.timeout = 0;
            this.protocol = null;
            this.protocolForServer = true;
            this.protocolForClient = true;
            this.sslCtx = null;
        }

        void setLastVerifyResultInternal(int i) {
            SSLContext.this.setLastVerifyResult(i);
        }

        javax.net.ssl.SSLContext getSSLContext() {
            return this.sslCtx;
        }

        void init() throws GeneralSecurityException {
            KM km = new KM(this);
            TM tm = new TM(this);
            this.sslCtx = javax.net.ssl.SSLContext.getInstance(this.protocol);
            if (this.protocolForClient) {
                this.sslCtx.getClientSessionContext().setSessionTimeout(this.timeout);
            }
            if (this.protocolForServer) {
                this.sslCtx.getServerSessionContext().setSessionTimeout(this.timeout);
            }
            this.sslCtx.init(new KeyManager[]{km}, new TrustManager[]{tm}, null);
        }

        StoreContext createStoreContext(String str) {
            if (this.store == null) {
                return null;
            }
            StoreContext storeContext = new StoreContext();
            if (storeContext.init(this.store, null, null) == 0) {
                return null;
            }
            storeContext.setExtraData(1, this.store.getExtraData(1));
            if (str != null) {
                storeContext.setDefault(str);
            }
            storeContext.param.inherit(this.store.param);
            return storeContext;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:mule/lib/opt/jruby-stdlib-1.7.4.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/SSLContext$KM.class */
    public static class KM extends X509ExtendedKeyManager {
        private final InternalContext ctx;

        public KM(InternalContext internalContext) {
            this.ctx = internalContext;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
            if (this.ctx == null || this.ctx.privateKey == null) {
                return null;
            }
            for (int i = 0; i < strArr.length; i++) {
                if (strArr[i].equalsIgnoreCase(this.ctx.keyAlgorithm)) {
                    return strArr[i];
                }
            }
            return null;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
            if (this.ctx == null || this.ctx.privateKey == null || !str.equalsIgnoreCase(this.ctx.keyAlgorithm)) {
                return null;
            }
            return str;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            if (this.ctx == null) {
                return null;
            }
            ArrayList arrayList = new ArrayList();
            if (this.ctx.extraChainCert != null) {
                arrayList.addAll(this.ctx.extraChainCert);
            } else if (this.ctx.cert != null) {
                StoreContext createStoreContext = this.ctx.createStoreContext(null);
                X509AuxCertificate x509AuxCertificate = this.ctx.cert;
                while (true) {
                    arrayList.add(x509AuxCertificate);
                    if (x509AuxCertificate.getIssuerDN().equals(x509AuxCertificate.getSubjectDN())) {
                        break;
                    }
                    try {
                        X509Object[] x509ObjectArr = new X509Object[1];
                        if (createStoreContext.getBySubject(1, new Name(x509AuxCertificate.getIssuerX500Principal()), x509ObjectArr) <= 0) {
                            break;
                        }
                        x509AuxCertificate = ((Certificate) x509ObjectArr[0]).x509;
                    } catch (Exception e) {
                    }
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            if (this.ctx == null || this.ctx.privateKey == null) {
                return null;
            }
            return this.ctx.privateKey;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:mule/lib/opt/jruby-stdlib-1.7.4.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/SSLContext$TM.class */
    public static class TM implements X509TrustManager {
        private InternalContext ctx;

        public TM(InternalContext internalContext) {
            this.ctx = internalContext;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            checkTrusted("ssl_client", x509CertificateArr);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            checkTrusted("ssl_server", x509CertificateArr);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            if (this.ctx == null) {
                return null;
            }
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(this.ctx.clientCa);
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
        }

        private void checkTrusted(String str, X509Certificate[] x509CertificateArr) throws CertificateException {
            if (this.ctx == null) {
                throw new CertificateException("uninitialized trust manager");
            }
            if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
                if ((this.ctx.verifyMode & 2) != 0) {
                    throw new CertificateException("no peer certificate");
                }
            } else if ((this.ctx.verifyMode & 1) != 0) {
                StoreContext createStoreContext = this.ctx.createStoreContext(str);
                if (createStoreContext == null) {
                    throw new CertificateException("couldn't initialize store");
                }
                createStoreContext.setCertificate(x509CertificateArr[0]);
                createStoreContext.setChain(x509CertificateArr);
                verifyChain(createStoreContext);
            }
        }

        private void verifyChain(StoreContext storeContext) throws CertificateException {
            try {
                int verifyCertificate = storeContext.verifyCertificate();
                this.ctx.setLastVerifyResultInternal(storeContext.error);
                if (verifyCertificate == 0) {
                    throw new CertificateException("certificate verify failed");
                }
            } catch (Exception e) {
                this.ctx.setLastVerifyResultInternal(storeContext.error);
                if (storeContext.error == 0) {
                    this.ctx.setLastVerifyResultInternal(28);
                }
                throw new CertificateException("certificate verify failed", e);
            }
        }
    }

    public static void createSSLContext(Ruby ruby, RubyModule rubyModule) {
        RubyClass defineClassUnder = rubyModule.defineClassUnder("SSLContext", ruby.getObject(), SSLCONTEXT_ALLOCATOR);
        for (int i = 0; i < ctx_attrs.length; i++) {
            defineClassUnder.addReadWriteAttribute(ruby.getCurrentContext(), ctx_attrs[i]);
        }
        defineClassUnder.defineAlias("ssl_timeout", "timeout");
        defineClassUnder.defineAlias("ssl_timeout=", "timeout=");
        defineClassUnder.defineAnnotatedMethods(SSLContext.class);
    }

    public SSLContext(Ruby ruby, RubyClass rubyClass) {
        super(ruby, rubyClass);
        this.ciphers = CipherStrings.SSL_DEFAULT_CIPHER_LIST;
        this.protocol = "SSL";
        this.protocolForServer = true;
        this.protocolForClient = true;
        this.t_key = null;
        this.t_cert = null;
        this.verifyResult = 1;
        this.internalCtx = null;
    }

    public static RaiseException newSSLError(Ruby ruby, String str) {
        return Utils.newError(ruby, "OpenSSL::SSL::SSLError", str, false);
    }

    @JRubyMethod(rest = true)
    public IRubyObject initialize(IRubyObject[] iRubyObjectArr) {
        return this;
    }

    @JRubyMethod
    public IRubyObject setup() {
        PKey callbackKey;
        X509Cert callbackCert;
        if (isFrozen()) {
            return getRuntime().getNil();
        }
        freeze(getRuntime().getCurrentContext());
        this.internalCtx = new InternalContext();
        this.internalCtx.protocol = this.protocol;
        this.internalCtx.protocolForServer = this.protocolForServer;
        this.internalCtx.protocolForClient = this.protocolForClient;
        X509Store certStore = getCertStore();
        if (certStore != null) {
            this.internalCtx.store = certStore.getStore();
        } else {
            this.internalCtx.store = new Store();
        }
        IRubyObject instanceVariable = getInstanceVariable("@extra_chain_cert");
        if (instanceVariable != null && !instanceVariable.isNil()) {
            this.internalCtx.extraChainCert = new ArrayList();
            for (X509Cert x509Cert : convertToX509Certs(instanceVariable)) {
                this.internalCtx.extraChainCert.add(x509Cert.getAuxCert());
            }
        }
        IRubyObject instanceVariable2 = getInstanceVariable("@key");
        if (instanceVariable2 == null || instanceVariable2.isNil()) {
            callbackKey = getCallbackKey();
        } else {
            Utils.checkKind(getRuntime(), instanceVariable2, "OpenSSL::PKey::PKey");
            callbackKey = (PKey) instanceVariable2;
        }
        IRubyObject instanceVariable3 = getInstanceVariable("@cert");
        if (instanceVariable3 == null || instanceVariable3.isNil()) {
            callbackCert = getCallbackCert();
        } else {
            Utils.checkKind(getRuntime(), instanceVariable3, "OpenSSL::X509::Certificate");
            callbackCert = (X509Cert) instanceVariable3;
        }
        if (callbackKey != null && callbackCert != null) {
            this.internalCtx.keyAlgorithm = callbackKey.getAlgorithm();
            this.internalCtx.privateKey = callbackKey.getPrivateKey();
            this.internalCtx.cert = callbackCert.getAuxCert();
        }
        IRubyObject instanceVariable4 = getInstanceVariable("@client_ca");
        if (instanceVariable4 != null && !instanceVariable4.isNil()) {
            if (instanceVariable4.respondsTo("each")) {
                for (X509Cert x509Cert2 : convertToX509Certs(instanceVariable4)) {
                    this.internalCtx.clientCa.add(x509Cert2.getAuxCert());
                }
            } else {
                Utils.checkKind(getRuntime(), instanceVariable4, "OpenSSL::X509::Certificate");
                this.internalCtx.clientCa.add(((X509Cert) instanceVariable4).getAuxCert());
            }
        }
        String caFile = getCaFile();
        String caPath = getCaPath();
        if (caFile != null || caPath != null) {
            try {
                if (this.internalCtx.store.loadLocations(caFile, caPath) == 0) {
                    getRuntime().getWarnings().warn(IRubyWarnings.ID.MISCELLANEOUS, "can't set verify locations");
                }
            } catch (Exception e) {
                throw newSSLError(getRuntime(), e.getMessage());
            }
        }
        IRubyObject instanceVariable5 = getInstanceVariable("@verify_mode");
        if (instanceVariable5 == null || instanceVariable5.isNil()) {
            this.internalCtx.verifyMode = 0;
        } else {
            this.internalCtx.verifyMode = RubyNumeric.fix2int(instanceVariable5);
        }
        IRubyObject instanceVariable6 = getInstanceVariable("@verify_callback");
        if (instanceVariable6 == null || instanceVariable6.isNil()) {
            this.internalCtx.store.setExtraData(1, null);
        } else {
            this.internalCtx.store.setExtraData(1, instanceVariable6);
        }
        IRubyObject instanceVariable7 = getInstanceVariable("@timeout");
        if (instanceVariable7 != null && !instanceVariable7.isNil()) {
            this.internalCtx.timeout = RubyNumeric.fix2int(instanceVariable7);
        }
        IRubyObject instanceVariable8 = getInstanceVariable("@verify_depth");
        if (instanceVariable8 == null || instanceVariable8.isNil()) {
            this.internalCtx.store.setDepth(-1);
        } else {
            this.internalCtx.store.setDepth(RubyNumeric.fix2int(instanceVariable8));
        }
        try {
            this.internalCtx.init();
            return getRuntime().getTrue();
        } catch (GeneralSecurityException e2) {
            throw newSSLError(getRuntime(), e2.getMessage());
        }
    }

    @JRubyMethod
    public IRubyObject ciphers() {
        ArrayList arrayList = new ArrayList();
        Ruby runtime = getRuntime();
        try {
            for (CipherStrings.Def def : CipherStrings.getMatchingCiphers(this.ciphers, getCipherSuites(createDummySSLEngine()))) {
                RubyArray newArray = getRuntime().newArray(4);
                newArray.set(0, runtime.newString(def.name));
                newArray.set(1, runtime.newString(sslVersionString(def.algorithms)));
                newArray.set(2, runtime.newFixnum(def.strength_bits));
                newArray.set(3, runtime.newFixnum(def.alg_bits));
                arrayList.add(newArray);
            }
            return runtime.newArray(arrayList);
        } catch (GeneralSecurityException e) {
            throw newSSLError(getRuntime(), e.getMessage());
        }
    }

    @JRubyMethod(name = {"ciphers="})
    public IRubyObject set_ciphers(IRubyObject iRubyObject) {
        if (iRubyObject.isNil()) {
            this.ciphers = CipherStrings.SSL_DEFAULT_CIPHER_LIST;
        } else if (iRubyObject instanceof RubyArray) {
            StringBuilder sb = new StringBuilder();
            String str = "";
            for (IRubyObject iRubyObject2 : ((RubyArray) iRubyObject).toJavaArray()) {
                sb.append(str).append(iRubyObject2.toString());
                str = ":";
            }
            this.ciphers = sb.toString();
        } else {
            this.ciphers = iRubyObject.convertToString().toString();
            if (this.ciphers.equals("DEFAULT")) {
                this.ciphers = CipherStrings.SSL_DEFAULT_CIPHER_LIST;
            }
        }
        if (((RubyArray) ciphers()).size() == 0) {
            throw newSSLError(getRuntime(), "no cipher match");
        }
        return iRubyObject;
    }

    @JRubyMethod(name = {"ssl_version="})
    public IRubyObject set_ssl_version(IRubyObject iRubyObject) {
        String rubyString = iRubyObject instanceof RubyString ? iRubyObject.convertToString().toString() : iRubyObject.toString();
        String str = SSL_VERSION_OSSL2JSSE.get(rubyString);
        if (str == null) {
            throw newSSLError(getRuntime(), String.format("unknown SSL method `%s'.", rubyString));
        }
        this.protocol = str;
        this.protocolForClient = true;
        this.protocolForServer = true;
        if (rubyString.endsWith("_client")) {
            this.protocolForServer = false;
        }
        if (rubyString.endsWith("_server")) {
            this.protocolForClient = false;
        }
        return iRubyObject;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isProtocolForServer() {
        return this.protocolForServer;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isProtocolForClient() {
        return this.protocolForClient;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getLastVerifyResult() {
        return this.verifyResult;
    }

    void setLastVerifyResult(int i) {
        this.verifyResult = i;
    }

    SSLEngine createDummySSLEngine() throws GeneralSecurityException {
        javax.net.ssl.SSLContext sSLContext = javax.net.ssl.SSLContext.getInstance(this.protocol);
        sSLContext.init(null, null, null);
        return sSLContext.createSSLEngine();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLEngine createSSLEngine(String str, int i) throws NoSuchAlgorithmException, KeyManagementException {
        SSLEngine createSSLEngine = (str == null || str.length() == 0) ? this.internalCtx.getSSLContext().createSSLEngine() : this.internalCtx.getSSLContext().createSSLEngine(str, i);
        createSSLEngine.setEnabledCipherSuites(getCipherSuites(createSSLEngine));
        createSSLEngine.setEnabledProtocols(getEnabledProtocols(createSSLEngine));
        return createSSLEngine;
    }

    private String[] getCipherSuites(SSLEngine sSLEngine) {
        List<CipherStrings.Def> matchingCiphers = CipherStrings.getMatchingCiphers(this.ciphers, sSLEngine.getSupportedCipherSuites());
        String[] strArr = new String[matchingCiphers.size()];
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = matchingCiphers.get(i).cipherSuite;
        }
        return strArr;
    }

    private String[] getEnabledProtocols(SSLEngine sSLEngine) {
        ArrayList arrayList = new ArrayList();
        long options = getOptions();
        if (ENABLED_PROTOCOLS.get(this.protocol) != null) {
            for (String str : ENABLED_PROTOCOLS.get(this.protocol)) {
                if (((options & 16777216) == 0 || !str.equals("SSLv2")) && (((options & 33554432) == 0 || !str.equals(CipherStrings.SSL_TXT_SSLV3)) && ((options & 67108864) == 0 || !str.equals("TLSv1")))) {
                    for (String str2 : sSLEngine.getEnabledProtocols()) {
                        if (str2.equals(str)) {
                            arrayList.add(str2);
                        }
                    }
                }
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private String sslVersionString(long j) {
        StringBuilder sb = new StringBuilder();
        boolean z = true;
        if ((j & 33554432) != 0) {
            if (1 == 0) {
                sb.append("/");
            }
            z = false;
            sb.append("TLSv1/SSLv3");
        }
        if ((j & 16777216) != 0) {
            if (!z) {
                sb.append("/");
            }
            sb.append("SSLv2");
        }
        return sb.toString();
    }

    private PKey getCallbackKey() {
        if (this.t_key != null) {
            return this.t_key;
        }
        initFromCallback();
        return this.t_key;
    }

    private X509Cert getCallbackCert() {
        if (this.t_cert != null) {
            return this.t_cert;
        }
        initFromCallback();
        return this.t_cert;
    }

    private void initFromCallback() {
        IRubyObject instanceVariable = getInstanceVariable("@client_cert_cb");
        if (instanceVariable == null || instanceVariable.isNil()) {
            return;
        }
        IRubyObject callMethod = instanceVariable.callMethod(getRuntime().getCurrentContext(), Constants.ELEMNAME_CALL_STRING, this);
        Utils.checkKind(getRuntime(), callMethod, SoapEncSchemaTypeSystem.SOAP_ARRAY);
        IRubyObject iRubyObject = (IRubyObject) ((RubyArray) callMethod).getList().get(0);
        IRubyObject iRubyObject2 = (IRubyObject) ((RubyArray) callMethod).getList().get(1);
        Utils.checkKind(getRuntime(), iRubyObject, "OpenSSL::X509::Certificate");
        Utils.checkKind(getRuntime(), iRubyObject2, "OpenSSL::PKey::PKey");
        this.t_cert = (X509Cert) iRubyObject;
        this.t_key = (PKey) iRubyObject2;
    }

    private X509Store getCertStore() {
        IRubyObject instanceVariable = getInstanceVariable("@cert_store");
        if (instanceVariable == null || instanceVariable.isNil() || !(instanceVariable instanceof X509Store)) {
            return null;
        }
        Utils.checkKind(getRuntime(), instanceVariable, "OpenSSL::X509::Store");
        return (X509Store) instanceVariable;
    }

    private String getCaFile() {
        IRubyObject instanceVariable = getInstanceVariable("@ca_file");
        if (instanceVariable == null || instanceVariable.isNil()) {
            return null;
        }
        return instanceVariable.convertToString().toString();
    }

    private String getCaPath() {
        IRubyObject instanceVariable = getInstanceVariable("@ca_path");
        if (instanceVariable == null || instanceVariable.isNil()) {
            return null;
        }
        return instanceVariable.convertToString().toString();
    }

    private long getOptions() {
        IRubyObject instanceVariable = getInstanceVariable("@options");
        if (instanceVariable == null || instanceVariable.isNil()) {
            return 0L;
        }
        return RubyNumeric.fix2long(instanceVariable);
    }

    private X509Cert[] convertToX509Certs(IRubyObject iRubyObject) {
        final ArrayList arrayList = new ArrayList();
        ThreadContext currentContext = getRuntime().getCurrentContext();
        Helpers.invoke(currentContext, iRubyObject, "each", CallBlock.newCallClosure(iRubyObject, Utils.getClassFromPath(currentContext.runtime, "OpenSSL::SSL::SSLContext"), Arity.NO_ARGUMENTS, new BlockCallback() { // from class: org.jruby.ext.openssl.SSLContext.2
            @Override // org.jruby.runtime.BlockCallback
            public IRubyObject call(ThreadContext threadContext, IRubyObject[] iRubyObjectArr, Block block) {
                Utils.checkKind(SSLContext.this.getRuntime(), iRubyObjectArr[0], "OpenSSL::X509::Certificate");
                arrayList.add((X509Cert) iRubyObjectArr[0]);
                return threadContext.runtime.getNil();
            }
        }, currentContext));
        return (X509Cert[]) arrayList.toArray(new X509Cert[0]);
    }

    static {
        SSL_VERSION_OSSL2JSSE.put("TLSv1", "TLSv1");
        SSL_VERSION_OSSL2JSSE.put("TLSv1_server", "TLSv1");
        SSL_VERSION_OSSL2JSSE.put("TLSv1_client", "TLSv1");
        ENABLED_PROTOCOLS.put("TLSv1", new String[]{"TLSv1"});
        SSL_VERSION_OSSL2JSSE.put("SSLv2", "SSLv2");
        SSL_VERSION_OSSL2JSSE.put("SSLv2_server", "SSLv2");
        SSL_VERSION_OSSL2JSSE.put("SSLv2_client", "SSLv2");
        ENABLED_PROTOCOLS.put("SSLv2", new String[]{"SSLv2"});
        SSL_VERSION_OSSL2JSSE.put(CipherStrings.SSL_TXT_SSLV3, CipherStrings.SSL_TXT_SSLV3);
        SSL_VERSION_OSSL2JSSE.put("SSLv3_server", CipherStrings.SSL_TXT_SSLV3);
        SSL_VERSION_OSSL2JSSE.put("SSLv3_client", CipherStrings.SSL_TXT_SSLV3);
        ENABLED_PROTOCOLS.put(CipherStrings.SSL_TXT_SSLV3, new String[]{CipherStrings.SSL_TXT_SSLV3});
        SSL_VERSION_OSSL2JSSE.put("SSLv23", "SSL");
        SSL_VERSION_OSSL2JSSE.put("SSLv23_server", "SSL");
        SSL_VERSION_OSSL2JSSE.put("SSLv23_client", "SSL");
        ENABLED_PROTOCOLS.put("SSL", new String[]{"SSLv2", CipherStrings.SSL_TXT_SSLV3, "TLSv1"});
        SSL_VERSION_OSSL2JSSE.put("TLS", "TLS");
        ENABLED_PROTOCOLS.put("TLS", new String[]{"TLSv1", "TLSv1.1"});
        SSL_VERSION_OSSL2JSSE.put("TLSv1.1", "TLSv1.1");
        ENABLED_PROTOCOLS.put("TLSv1.1", new String[]{"TLSv1.1"});
        SSLCONTEXT_ALLOCATOR = new ObjectAllocator() { // from class: org.jruby.ext.openssl.SSLContext.1
            @Override // org.jruby.runtime.ObjectAllocator
            public IRubyObject allocate(Ruby ruby, RubyClass rubyClass) {
                return new SSLContext(ruby, rubyClass);
            }
        };
    }
}
