package com.oracle.graal.python.builtins.objects.ssl;

import com.oracle.graal.python.annotations.ArgumentClinic;
import com.oracle.graal.python.builtins.Builtin;
import com.oracle.graal.python.builtins.CoreFunctions;
import com.oracle.graal.python.builtins.PythonBuiltinClassType;
import com.oracle.graal.python.builtins.PythonBuiltins;
import com.oracle.graal.python.builtins.PythonOS;
import com.oracle.graal.python.builtins.modules.SSLModuleBuiltins;
import com.oracle.graal.python.builtins.objects.PNone;
import com.oracle.graal.python.builtins.objects.buffer.PythonBufferAccessLibrary;
import com.oracle.graal.python.builtins.objects.bytes.PBytes;
import com.oracle.graal.python.builtins.objects.bytes.PBytesLike;
import com.oracle.graal.python.builtins.objects.common.HashingStorage;
import com.oracle.graal.python.builtins.objects.common.HashingStorageNodes;
import com.oracle.graal.python.builtins.objects.common.SequenceStorageNodes;
import com.oracle.graal.python.builtins.objects.dict.PDict;
import com.oracle.graal.python.builtins.objects.exception.OSErrorEnum;
import com.oracle.graal.python.builtins.objects.function.PKeyword;
import com.oracle.graal.python.builtins.objects.list.PList;
import com.oracle.graal.python.builtins.objects.socket.PSocket;
import com.oracle.graal.python.builtins.objects.ssl.CertUtils;
import com.oracle.graal.python.builtins.objects.ssl.SSLContextBuiltinsClinicProviders;
import com.oracle.graal.python.builtins.objects.str.StringNodes;
import com.oracle.graal.python.builtins.objects.type.TypeFlags;
import com.oracle.graal.python.lib.PyCallableCheckNode;
import com.oracle.graal.python.lib.PyNumberAsSizeNode;
import com.oracle.graal.python.lib.PyNumberIndexNode;
import com.oracle.graal.python.lib.PyObjectIsTrueNode;
import com.oracle.graal.python.lib.PyUnicodeFSDecoderNode;
import com.oracle.graal.python.nodes.BuiltinNames;
import com.oracle.graal.python.nodes.ErrorMessages;
import com.oracle.graal.python.nodes.PConstructAndRaiseNode;
import com.oracle.graal.python.nodes.PGuards;
import com.oracle.graal.python.nodes.PNodeWithContext;
import com.oracle.graal.python.nodes.PNodeWithRaise;
import com.oracle.graal.python.nodes.PRaiseNode;
import com.oracle.graal.python.nodes.StringLiterals;
import com.oracle.graal.python.nodes.attributes.GetAttributeNode;
import com.oracle.graal.python.nodes.call.CallNode;
import com.oracle.graal.python.nodes.function.PythonBuiltinBaseNode;
import com.oracle.graal.python.nodes.function.builtins.PythonBinaryBuiltinNode;
import com.oracle.graal.python.nodes.function.builtins.PythonBinaryClinicBuiltinNode;
import com.oracle.graal.python.nodes.function.builtins.PythonClinicBuiltinNode;
import com.oracle.graal.python.nodes.function.builtins.PythonQuaternaryBuiltinNode;
import com.oracle.graal.python.nodes.function.builtins.PythonUnaryBuiltinNode;
import com.oracle.graal.python.nodes.function.builtins.clinic.ArgumentClinicProvider;
import com.oracle.graal.python.nodes.truffle.PythonArithmeticTypes;
import com.oracle.graal.python.nodes.util.CannotCastException;
import com.oracle.graal.python.nodes.util.CastToJavaLongExactNode;
import com.oracle.graal.python.nodes.util.CastToJavaStringNode;
import com.oracle.graal.python.runtime.PythonContext;
import com.oracle.graal.python.runtime.exception.PException;
import com.oracle.graal.python.util.IPAddressUtil;
import com.oracle.graal.python.util.PythonUtils;
import com.oracle.truffle.api.CompilerDirectives;
import com.oracle.truffle.api.TruffleFile;
import com.oracle.truffle.api.dsl.Bind;
import com.oracle.truffle.api.dsl.Cached;
import com.oracle.truffle.api.dsl.Fallback;
import com.oracle.truffle.api.dsl.GenerateNodeFactory;
import com.oracle.truffle.api.dsl.NeverDefault;
import com.oracle.truffle.api.dsl.NodeFactory;
import com.oracle.truffle.api.dsl.Specialization;
import com.oracle.truffle.api.dsl.TypeSystemReference;
import com.oracle.truffle.api.frame.Frame;
import com.oracle.truffle.api.frame.VirtualFrame;
import com.oracle.truffle.api.library.CachedLibrary;
import com.oracle.truffle.api.nodes.Node;
import com.oracle.truffle.api.strings.TruffleString;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.StringReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.LinkOption;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.logging.Level;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import org.bouncycastle.util.encoders.DecoderException;

@CoreFunctions(extendClasses = {PythonBuiltinClassType.PSSLContext})
/* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins.class */
public final class SSLContextBuiltins extends PythonBuiltins {
    private static final TruffleString T_ENVIRON;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "cert_store_stats", minNumOfPositionalArgs = 1)
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$CertStoreStatsNode.class */
    public static abstract class CertStoreStatsNode extends PythonUnaryBuiltinNode {
        public static final TruffleString T_X509 = PythonUtils.tsLiteral("x509");
        public static final TruffleString T_CRL = PythonUtils.tsLiteral("crl");
        public static final TruffleString T_X509_CA = PythonUtils.tsLiteral("x509_ca");

        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization
        public Object storeStats(VirtualFrame virtualFrame, PSSLContext pSSLContext, @Bind("this") Node node, @Cached PConstructAndRaiseNode.Lazy lazy) {
            try {
                int i = 0;
                int i2 = 0;
                int i3 = 0;
                for (X509Certificate x509Certificate : pSSLContext.getCACerts()) {
                    boolean[] keyUsage = CertUtils.getKeyUsage(x509Certificate);
                    if (CertUtils.isCrl(keyUsage)) {
                        i2++;
                    } else {
                        i++;
                        if (CertUtils.isCA(x509Certificate, keyUsage)) {
                            i3++;
                        }
                    }
                }
                return factory().createDict(new PKeyword[]{new PKeyword(T_X509, Integer.valueOf(i)), new PKeyword(T_CRL, Integer.valueOf(i2)), new PKeyword(T_X509_CA, Integer.valueOf(i3))});
            } catch (Exception e) {
                throw lazy.get(node).raiseSSLError((Frame) virtualFrame, SSLErrorCode.ERROR_SSL, e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "check_hostname", minNumOfPositionalArgs = 1, maxNumOfPositionalArgs = 2, isGetter = true, isSetter = true)
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$CheckHostnameNode.class */
    public static abstract class CheckHostnameNode extends PythonBinaryBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization(guards = {"isNoValue(none)"})
        public static boolean getCheckHostname(PSSLContext pSSLContext, PNone pNone) {
            return pSSLContext.getCheckHostname();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization(guards = {"!isNoValue(value)"})
        public static Object setCheckHostname(VirtualFrame virtualFrame, PSSLContext pSSLContext, Object obj, @Bind("this") Node node, @Cached PyObjectIsTrueNode pyObjectIsTrueNode) {
            boolean execute = pyObjectIsTrueNode.execute(virtualFrame, node, obj);
            if (execute && pSSLContext.getVerifyMode() == 0) {
                pSSLContext.setVerifyMode(2);
            }
            pSSLContext.setCheckHostname(execute);
            return PNone.NONE;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "get_ca_certs", minNumOfPositionalArgs = 1, parameterNames = {"$self", "binary_form"})
    @ArgumentClinic(name = "binary_form", conversion = ArgumentClinic.ClinicConversion.Boolean, useDefaultForNone = true, defaultValue = "false")
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$GetCACerts.class */
    public static abstract class GetCACerts extends PythonBinaryClinicBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization(guards = {"!binary_form"})
        public Object getCerts(VirtualFrame virtualFrame, PSSLContext pSSLContext, boolean z, @Bind("this") Node node, @Cached PConstructAndRaiseNode.Lazy lazy) {
            try {
                List newList = PythonUtils.newList();
                for (X509Certificate x509Certificate : pSSLContext.getCACerts()) {
                    if (CertUtils.isCA(x509Certificate, CertUtils.getKeyUsage(x509Certificate))) {
                        PythonUtils.add(newList, CertUtils.decodeCertificate(getContext().factory(), x509Certificate));
                    }
                }
                return factory().createList(PythonUtils.toArray(newList));
            } catch (KeyStoreException | NoSuchAlgorithmException | CertificateParsingException e) {
                throw lazy.get(node).raiseSSLError((Frame) virtualFrame, SSLErrorCode.ERROR_SSL, e);
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization(guards = {"binary_form"})
        public Object getCertsBinary(PSSLContext pSSLContext, boolean z) {
            try {
                List newList = PythonUtils.newList();
                for (X509Certificate x509Certificate : pSSLContext.getCACerts()) {
                    if (CertUtils.isCA(x509Certificate, CertUtils.getKeyUsage(x509Certificate))) {
                        PythonUtils.add(newList, factory().createBytes(CertUtils.getEncoded(x509Certificate)));
                    }
                }
                return factory().createList(PythonUtils.toArray(newList));
            } catch (KeyStoreException | NoSuchAlgorithmException | CertificateEncodingException e) {
                throw PConstructAndRaiseNode.raiseUncachedSSLError(SSLErrorCode.ERROR_SSL, e);
            }
        }

        @Override // com.oracle.graal.python.nodes.function.builtins.PythonBinaryClinicBuiltinNode
        protected ArgumentClinicProvider getArgumentClinic() {
            return SSLContextBuiltinsClinicProviders.GetCACertsClinicProviderGen.INSTANCE;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "get_ciphers", minNumOfPositionalArgs = 1)
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$GetCiphersNode.class */
    public static abstract class GetCiphersNode extends PythonUnaryBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization
        @CompilerDirectives.TruffleBoundary
        public PList getCiphers(PSSLContext pSSLContext) {
            List<SSLCipher> computeEnabledCiphers = pSSLContext.computeEnabledCiphers(pSSLContext.getContext().createSSLEngine());
            Object[] objArr = new Object[computeEnabledCiphers.size()];
            for (int i = 0; i < objArr.length; i++) {
                objArr[i] = factory().createDict(computeEnabledCiphers.get(i).asKeywords());
            }
            return factory().createList(objArr);
        }
    }

    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$GetPasswordNode.class */
    static abstract class GetPasswordNode extends PNodeWithContext {
        private static final int MAX_LEN = 1024;

        public abstract char[] execute(VirtualFrame virtualFrame, Object obj);

        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization(guards = {"isString(password)"})
        public static char[] doString(Object obj, @Cached CastToJavaStringNode castToJavaStringNode, @Cached.Shared @Cached PRaiseNode pRaiseNode) {
            String execute = castToJavaStringNode.execute(obj);
            checkPasswordLength(pRaiseNode, execute.length());
            return stringToChars(execute);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization(limit = "2")
        public static char[] doBytes(PBytesLike pBytesLike, @CachedLibrary("bytes") PythonBufferAccessLibrary pythonBufferAccessLibrary, @Cached.Shared @Cached PRaiseNode pRaiseNode) {
            byte[] internalOrCopiedByteArray = pythonBufferAccessLibrary.getInternalOrCopiedByteArray(pBytesLike);
            int bufferLength = pythonBufferAccessLibrary.getBufferLength(pBytesLike);
            checkPasswordLength(pRaiseNode, bufferLength);
            char[] cArr = new char[bufferLength];
            for (int i = 0; i < cArr.length; i++) {
                cArr[i] = (char) internalOrCopiedByteArray[i];
            }
            return cArr;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Fallback
        public static char[] doCallable(VirtualFrame virtualFrame, Object obj, @Bind("this") Node node, @Cached PyCallableCheckNode pyCallableCheckNode, @Cached CallNode callNode, @Cached GetPasswordNode getPasswordNode, @Cached.Shared @Cached PRaiseNode pRaiseNode) {
            if (!pyCallableCheckNode.execute(node, obj)) {
                throw pRaiseNode.raise(PythonBuiltinClassType.TypeError, ErrorMessages.PSSWD_SHOULD_BE_STR_OR_CALLABLE);
            }
            Object execute = callNode.execute((Frame) virtualFrame, obj, new Object[0]);
            if (PGuards.isString(execute) || (execute instanceof PBytesLike)) {
                return getPasswordNode.execute(virtualFrame, execute);
            }
            throw pRaiseNode.raise(PythonBuiltinClassType.TypeError, ErrorMessages.PSSWD_CALLBACK_MUST_RETURN_STR);
        }

        @CompilerDirectives.TruffleBoundary
        private static char[] stringToChars(String str) {
            return str.toCharArray();
        }

        private static void checkPasswordLength(PRaiseNode pRaiseNode, int i) {
            if (i > 1024) {
                throw pRaiseNode.raise(PythonBuiltinClassType.ValueError, ErrorMessages.PSSWD_CANNOT_BE_LONGER_THAN_D_BYTES, 1024);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "load_cert_chain", minNumOfPositionalArgs = 2, parameterNames = {"$self", "certfile", "keyfile", "password"})
    @TypeSystemReference(PythonArithmeticTypes.class)
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$LoadCertChainNode.class */
    public static abstract class LoadCertChainNode extends PythonQuaternaryBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization
        public Object load(VirtualFrame virtualFrame, PSSLContext pSSLContext, Object obj, Object obj2, Object obj3, @Bind("this") Node node, @Cached PyUnicodeFSDecoderNode pyUnicodeFSDecoderNode, @Cached PConstructAndRaiseNode.Lazy lazy, @Cached GetPasswordNode getPasswordNode, @Cached TruffleString.ToJavaStringNode toJavaStringNode, @Cached TruffleString.EqualNode equalNode) {
            if (!PGuards.isString(obj) && !PGuards.isBytes(obj)) {
                throw raise(PythonBuiltinClassType.TypeError, ErrorMessages.S_SHOULD_BE_A_VALID_FILESYSTEMPATH, "certfile");
            }
            if (!(obj2 instanceof PNone) && !PGuards.isString(obj2) && !PGuards.isBytes(obj2)) {
                throw raise(PythonBuiltinClassType.TypeError, ErrorMessages.S_SHOULD_BE_A_VALID_FILESYSTEMPATH, "keyfile");
            }
            Object obj4 = obj2 instanceof PNone ? obj : obj2;
            TruffleFile truffleFile = toTruffleFile(virtualFrame, node, pyUnicodeFSDecoderNode.execute(virtualFrame, obj), toJavaStringNode, equalNode, lazy);
            TruffleFile truffleFile2 = toTruffleFile(virtualFrame, node, pyUnicodeFSDecoderNode.execute(virtualFrame, obj4), toJavaStringNode, equalNode, lazy);
            try {
                try {
                    return load(getContext(), truffleFile, truffleFile2, (char[]) null, pSSLContext);
                } catch (CertUtils.NeedsPasswordException e) {
                    if (obj3 == PNone.NONE) {
                        throw raise(PythonBuiltinClassType.NotImplementedError, ErrorMessages.PASSWORD_NOT_IMPLEMENTED);
                    }
                    try {
                        return load(getContext(), truffleFile, truffleFile2, getPasswordNode.execute(virtualFrame, obj3), pSSLContext);
                    } catch (CertUtils.NeedsPasswordException e2) {
                        throw CompilerDirectives.shouldNotReachHere();
                    }
                }
            } catch (IOException e3) {
                throw lazy.get(node).raiseSSLError((Frame) virtualFrame, SSLErrorCode.ERROR_SSL, (Exception) e3);
            }
        }

        @CompilerDirectives.TruffleBoundary
        private Object load(PythonContext pythonContext, TruffleFile truffleFile, TruffleFile truffleFile2, char[] cArr, PSSLContext pSSLContext) throws IOException, CertUtils.NeedsPasswordException {
            BufferedReader reader = getReader(truffleFile, "certfile");
            try {
                BufferedReader reader2 = getReader(truffleFile2, "keyfile");
                try {
                    Object load = load(pythonContext, pSSLContext, reader, reader2, cArr);
                    if (reader2 != null) {
                        reader2.close();
                    }
                    if (reader != null) {
                        reader.close();
                    }
                    return load;
                } catch (Throwable th) {
                    if (reader2 != null) {
                        try {
                            reader2.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                if (reader != null) {
                    try {
                        reader.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                }
                throw th3;
            }
        }

        private BufferedReader getReader(TruffleFile truffleFile, String str) throws IOException {
            try {
                SSLModuleBuiltins.LOGGER.fine(() -> {
                    return String.format("load_cert_chain %s:%s", str, truffleFile.getPath());
                });
                return truffleFile.newBufferedReader();
            } catch (CannotCastException e) {
                throw raise(PythonBuiltinClassType.TypeError, ErrorMessages.S_SHOULD_BE_A_VALID_FILESYSTEMPATH, str);
            }
        }

        private static Object load(PythonContext pythonContext, PSSLContext pSSLContext, BufferedReader bufferedReader, BufferedReader bufferedReader2, char[] cArr) throws CertUtils.NeedsPasswordException {
            try {
                try {
                    List<Object> certificates = CertUtils.getCertificates(bufferedReader, true);
                    X509Certificate[] x509CertificateArr = (X509Certificate[]) certificates.toArray(new X509Certificate[certificates.size()]);
                    if (x509CertificateArr.length == 0) {
                        throw PConstructAndRaiseNode.raiseUncachedSSLError(SSLErrorCode.ERROR_SSL_PEM_LIB, ErrorMessages.SSL_PEM_LIB, new Object[0]);
                    }
                    pSSLContext.setCertChain(CertUtils.getPrivateKey(pythonContext, bufferedReader2, cArr, x509CertificateArr[0]), PythonUtils.EMPTY_CHAR_ARRAY, x509CertificateArr);
                    return PNone.NONE;
                } catch (IOException | DecoderException e) {
                    throw PConstructAndRaiseNode.raiseUncachedSSLError(SSLErrorCode.ERROR_SSL_PEM_LIB, ErrorMessages.SSL_PEM_LIB, new Object[0]);
                }
            } catch (IOException | GeneralSecurityException e2) {
                throw PConstructAndRaiseNode.raiseUncachedSSLError(SSLErrorCode.ERROR_SSL, e2);
            }
        }

        private TruffleFile toTruffleFile(VirtualFrame virtualFrame, Node node, TruffleString truffleString, TruffleString.ToJavaStringNode toJavaStringNode, TruffleString.EqualNode equalNode, PConstructAndRaiseNode.Lazy lazy) throws PException {
            try {
                TruffleFile publicTruffleFile = getContext().getEnv().getPublicTruffleFile(toJavaStringNode.execute(truffleString));
                if (publicTruffleFile.exists(new LinkOption[0])) {
                    return publicTruffleFile;
                }
                throw lazy.get(node).raiseOSError(virtualFrame, OSErrorEnum.ENOENT);
            } catch (Exception e) {
                throw lazy.get(node).raiseOSError((Frame) virtualFrame, e, equalNode);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "load_dh_params", minNumOfPositionalArgs = 2, parameterNames = {"$self", "filepath"})
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$LoadDhParamsNode.class */
    public static abstract class LoadDhParamsNode extends PythonBinaryBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization
        public PNone load(VirtualFrame virtualFrame, PSSLContext pSSLContext, Object obj, @Cached PyUnicodeFSDecoderNode pyUnicodeFSDecoderNode) {
            pyUnicodeFSDecoderNode.execute(virtualFrame, obj);
            throw raise(PythonBuiltinClassType.NotImplementedError);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "load_verify_locations", minNumOfPositionalArgs = 1, parameterNames = {"$self", "cafile", "capath", "cadata"})
    @TypeSystemReference(PythonArithmeticTypes.class)
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$LoadVerifyLocationsNode.class */
    public static abstract class LoadVerifyLocationsNode extends PythonQuaternaryBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        /* JADX WARN: Multi-variable type inference failed */
        @Specialization
        public Object load(VirtualFrame virtualFrame, PSSLContext pSSLContext, Object obj, Object obj2, Object obj3, @Bind("this") Node node, @Cached PyUnicodeFSDecoderNode pyUnicodeFSDecoderNode, @Cached CastToJavaStringNode castToJavaStringNode, @Cached SequenceStorageNodes.ToByteArrayNode toByteArrayNode, @Cached PConstructAndRaiseNode.Lazy lazy, @Cached TruffleString.ToJavaStringNode toJavaStringNode, @Cached TruffleString.EqualNode equalNode) {
            TruffleFile truffleFile;
            Collection fromBytesLike;
            if ((obj instanceof PNone) && (obj2 instanceof PNone) && (obj3 instanceof PNone)) {
                throw raise(PythonBuiltinClassType.TypeError, ErrorMessages.CA_FILE_PATH_DATA_CANNOT_BE_ALL_OMMITED);
            }
            if (!(obj instanceof PNone) && !PGuards.isString(obj) && !PGuards.isBytes(obj)) {
                throw raise(PythonBuiltinClassType.TypeError, ErrorMessages.S_SHOULD_BE_A_VALID_FILESYSTEMPATH, "cafile");
            }
            if (!(obj2 instanceof PNone) && !PGuards.isString(obj2) && !PGuards.isBytes(obj2)) {
                throw raise(PythonBuiltinClassType.TypeError, ErrorMessages.S_SHOULD_BE_A_VALID_FILESYSTEMPATH, "capath");
            }
            if (obj instanceof PNone) {
                truffleFile = null;
            } else {
                truffleFile = toTruffleFile(virtualFrame, node, pyUnicodeFSDecoderNode, obj, toJavaStringNode, equalNode, lazy);
                if (!truffleFile.exists(new LinkOption[0])) {
                    throw lazy.get(node).raiseOSError(virtualFrame, OSErrorEnum.ENOENT);
                }
            }
            TruffleFile truffleFile2 = !(obj2 instanceof PNone) ? toTruffleFile(virtualFrame, node, pyUnicodeFSDecoderNode, obj2, toJavaStringNode, equalNode, lazy) : null;
            try {
                if (!(obj3 instanceof PNone)) {
                    try {
                        fromBytesLike = fromString(castToJavaStringNode.execute(obj3));
                    } catch (CannotCastException e) {
                        if (!(obj3 instanceof PBytesLike)) {
                            throw raise(PythonBuiltinClassType.TypeError, ErrorMessages.S_SHOULD_BE_ASCII_OR_BYTELIKE, "cadata");
                        }
                        fromBytesLike = fromBytesLike(toByteArrayNode.execute(node, ((PBytesLike) obj3).getSequenceStorage()));
                    }
                    pSSLContext.setCAEntries(fromBytesLike);
                }
                if (truffleFile != null || truffleFile2 != null) {
                    TruffleFile truffleFile3 = truffleFile;
                    TruffleFile truffleFile4 = truffleFile2;
                    SSLModuleBuiltins.LOGGER.fine(() -> {
                        Object[] objArr = new Object[2];
                        objArr[0] = truffleFile3 != null ? truffleFile3.getPath() : "None";
                        objArr[1] = truffleFile4 != null ? truffleFile4.getPath() : "None";
                        return String.format("LoadVerifyLocationsNode cafile: %s, capath: %s", objArr);
                    });
                    try {
                        try {
                            pSSLContext.setCAEntries(CertUtils.loadVerifyLocations(truffleFile, truffleFile2));
                        } catch (CertUtils.NoCertificateFoundException e2) {
                            throw lazy.get(node).raiseSSLError(virtualFrame, SSLErrorCode.ERROR_NO_CERTIFICATE_OR_CRL_FOUND, ErrorMessages.NO_CERTIFICATE_OR_CRL_FOUND, new Object[0]);
                        }
                    } catch (IOException | DecoderException e3) {
                        throw lazy.get(node).raiseSSLError(virtualFrame, SSLErrorCode.ERROR_SSL_PEM_LIB, ErrorMessages.X509_PEM_LIB, new Object[0]);
                    }
                }
                return PNone.NONE;
            } catch (IOException | GeneralSecurityException e4) {
                throw lazy.get(node).raiseSSLError((Frame) virtualFrame, SSLErrorCode.ERROR_SSL, e4);
            }
        }

        private TruffleFile toTruffleFile(VirtualFrame virtualFrame, Node node, PyUnicodeFSDecoderNode pyUnicodeFSDecoderNode, Object obj, TruffleString.ToJavaStringNode toJavaStringNode, TruffleString.EqualNode equalNode, PConstructAndRaiseNode.Lazy lazy) throws PException {
            try {
                return getContext().getEnv().getPublicTruffleFile(toJavaStringNode.execute(pyUnicodeFSDecoderNode.execute(virtualFrame, obj)));
            } catch (Exception e) {
                throw lazy.get(node).raiseOSError((Frame) virtualFrame, e, equalNode);
            }
        }

        private List<Object> fromString(String str) throws IOException, CertificateException, CRLException {
            if (str.isEmpty()) {
                throw raise(PythonBuiltinClassType.ValueError, ErrorMessages.EMPTY_CERTIFICATE_DATA);
            }
            return getCertificates(str);
        }

        @CompilerDirectives.TruffleBoundary
        private static List<Object> getCertificates(String str) throws PException, CRLException, IOException, CertificateException {
            BufferedReader bufferedReader = new BufferedReader(new StringReader(str));
            try {
                try {
                    List<Object> certificates = CertUtils.getCertificates(bufferedReader);
                    if (certificates.isEmpty()) {
                        throw PConstructAndRaiseNode.raiseUncachedSSLError(SSLErrorCode.ERROR_NO_START_LINE, ErrorMessages.SSL_PEM_NO_START_LINE, new Object[0]);
                    }
                    bufferedReader.close();
                    return certificates;
                } catch (DecoderException e) {
                    throw PConstructAndRaiseNode.raiseUncachedSSLError(SSLErrorCode.ERROR_BAD_BASE64_DECODE, ErrorMessages.BAD_BASE64_DECODE, new Object[0]);
                } catch (IOException e2) {
                    throw PConstructAndRaiseNode.raiseUncachedSSLError(SSLErrorCode.ERROR_SSL_PEM_LIB, ErrorMessages.SSL_PEM_LIB, new Object[0]);
                }
            } catch (Throwable th) {
                try {
                    bufferedReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }

        @CompilerDirectives.TruffleBoundary
        private static Collection<?> fromBytesLike(byte[] bArr) {
            try {
                return CertUtils.generateCertificates(bArr);
            } catch (CertificateException e) {
                String message = e.getMessage();
                if (message == null) {
                    message = "error while reading cadata";
                } else if (message.contains("No certificate data found")) {
                    throw PConstructAndRaiseNode.raiseUncachedSSLError(SSLErrorCode.ERROR_NOT_ENOUGH_DATA, ErrorMessages.NOT_ENOUGH_DATA, new Object[0]);
                }
                throw PConstructAndRaiseNode.raiseUncachedSSLError((TruffleString) null, SSLErrorCode.ERROR_SSL, PythonUtils.toTruffleStringUncached(message));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "maximum_version", minNumOfPositionalArgs = 1, maxNumOfPositionalArgs = 2, isGetter = true, isSetter = true)
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$MaximumVersionNode.class */
    public static abstract class MaximumVersionNode extends PythonBinaryBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization(guards = {"isNoValue(none)"})
        public static int get(PSSLContext pSSLContext, Object obj) {
            if (pSSLContext.getMaximumVersion() != null) {
                return pSSLContext.getMaximumVersion().getId();
            }
            return -1;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization(guards = {"!isNoValue(obj)"})
        public Object set(VirtualFrame virtualFrame, PSSLContext pSSLContext, Object obj, @Bind("this") Node node, @Cached PyNumberAsSizeNode pyNumberAsSizeNode) {
            SSLContextBuiltins.setMinMaxVersion(this, pSSLContext, true, pyNumberAsSizeNode.executeExact((Frame) virtualFrame, node, obj));
            return PNone.NONE;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "minimum_version", minNumOfPositionalArgs = 1, maxNumOfPositionalArgs = 2, isGetter = true, isSetter = true)
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$MinimumVersionNode.class */
    public static abstract class MinimumVersionNode extends PythonBinaryBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization(guards = {"isNoValue(none)"})
        public static int get(PSSLContext pSSLContext, Object obj) {
            if (pSSLContext.getMinimumVersion() != null) {
                return pSSLContext.getMinimumVersion().getId();
            }
            return -2;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization(guards = {"!isNoValue(obj)"})
        public Object set(VirtualFrame virtualFrame, PSSLContext pSSLContext, Object obj, @Bind("this") Node node, @Cached PyNumberAsSizeNode pyNumberAsSizeNode) {
            SSLContextBuiltins.setMinMaxVersion(this, pSSLContext, false, pyNumberAsSizeNode.executeExact((Frame) virtualFrame, node, obj));
            return PNone.NONE;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "num_tickets", minNumOfPositionalArgs = 1, maxNumOfPositionalArgs = 2, isGetter = true, isSetter = true)
    @TypeSystemReference(PythonArithmeticTypes.class)
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$NumTicketsNode.class */
    public static abstract class NumTicketsNode extends PythonBinaryBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization(guards = {"isNoValue(value)"})
        public int get(PSSLContext pSSLContext, PNone pNone) {
            throw raise(PythonBuiltinClassType.NotImplementedError);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization(guards = {"!isNoValue(value)"})
        public Object set(VirtualFrame virtualFrame, PSSLContext pSSLContext, Object obj) {
            throw raise(PythonBuiltinClassType.NotImplementedError);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "options", minNumOfPositionalArgs = 1, maxNumOfPositionalArgs = 2, isGetter = true, isSetter = true)
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$OptionsNode.class */
    public static abstract class OptionsNode extends PythonBinaryBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization(guards = {"isNoValue(none)"})
        public static long getOptions(PSSLContext pSSLContext, PNone pNone) {
            return pSSLContext.getOptions();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization(guards = {"!isNoValue(valueObj)"})
        public static Object setOption(VirtualFrame virtualFrame, PSSLContext pSSLContext, Object obj, @Bind("this") Node node, @Cached PyNumberIndexNode pyNumberIndexNode, @Cached CastToJavaLongExactNode castToJavaLongExactNode) {
            pSSLContext.setOptions(castToJavaLongExactNode.execute(node, pyNumberIndexNode.execute(virtualFrame, node, obj)));
            return PNone.NONE;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "post_handshake_auth", minNumOfPositionalArgs = 1, isGetter = true)
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$PostHandshakeAuthNode.class */
    public static abstract class PostHandshakeAuthNode extends PythonUnaryBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization
        public static Object pha(PSSLContext pSSLContext) {
            return PNone.NONE;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "protocol", minNumOfPositionalArgs = 1, isGetter = true)
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$ProtocolNode.class */
    public static abstract class ProtocolNode extends PythonUnaryBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization
        public static int getProtocol(PSSLContext pSSLContext) {
            return pSSLContext.getMethod().getPythonId();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "sni_callback", minNumOfPositionalArgs = 1, maxNumOfPositionalArgs = 2, isGetter = true, isSetter = true)
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$SNICallbackNode.class */
    public static abstract class SNICallbackNode extends PythonBinaryBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization
        public Object notImplemented(PSSLContext pSSLContext, Object obj) {
            throw raise(PythonBuiltinClassType.NotImplementedError);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "_SSLContext", constructsClass = PythonBuiltinClassType.PSSLContext, minNumOfPositionalArgs = 2, parameterNames = {BuiltinNames.J_TYPE, "protocol"})
    @ArgumentClinic(name = "protocol", conversion = ArgumentClinic.ClinicConversion.Int)
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$SSLContextNode.class */
    public static abstract class SSLContextNode extends PythonBinaryClinicBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization
        public PSSLContext createContext(VirtualFrame virtualFrame, Object obj, int i, @Bind("this") Node node, @Cached PConstructAndRaiseNode.Lazy lazy) {
            boolean z;
            int i2;
            SSLMethod fromPythonId = SSLMethod.fromPythonId(i);
            if (fromPythonId == null) {
                throw raise(PythonBuiltinClassType.ValueError, ErrorMessages.INVALID_OR_UNSUPPORTED_PROTOCOL_VERSION, "NULL");
            }
            try {
                if (fromPythonId == SSLMethod.TLS_CLIENT) {
                    z = true;
                    i2 = 2;
                } else {
                    z = false;
                    i2 = 0;
                }
                PSSLContext createSSLContext = factory().createSSLContext(obj, fromPythonId, SSLModuleBuiltins.X509_V_FLAG_TRUSTED_FIRST, z, i2, createSSLContext());
                long j = 131072;
                if (fromPythonId != SSLMethod.SSL3) {
                    j = TypeFlags.METHOD_DESCRIPTOR | 33554432;
                }
                createSSLContext.setOptions(j);
                return createSSLContext;
            } catch (KeyManagementException e) {
                throw lazy.get(node).raiseSSLError((Frame) virtualFrame, SSLErrorCode.ERROR_SSL, (Exception) e);
            } catch (NoSuchAlgorithmException e2) {
                throw raise(PythonBuiltinClassType.ValueError, ErrorMessages.INVALID_OR_UNSUPPORTED_PROTOCOL_VERSION, e2);
            }
        }

        @CompilerDirectives.TruffleBoundary
        private static SSLContext createSSLContext() throws NoSuchAlgorithmException, KeyManagementException {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.getClientSessionContext().setSessionCacheSize(0);
            sSLContext.init(null, null, null);
            return sSLContext;
        }

        @Override // com.oracle.graal.python.nodes.function.builtins.PythonBinaryClinicBuiltinNode
        protected ArgumentClinicProvider getArgumentClinic() {
            return SSLContextBuiltinsClinicProviders.SSLContextNodeClinicProviderGen.INSTANCE;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "_set_alpn_protocols", minNumOfPositionalArgs = 2, numOfPositionalOnlyArgs = 2, parameterNames = {"$self", "protos"})
    @ArgumentClinic(name = "protos", conversion = ArgumentClinic.ClinicConversion.ReadableBuffer)
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$SetAlpnProtocols.class */
    public static abstract class SetAlpnProtocols extends PythonBinaryClinicBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization(limit = "3")
        public Object setFromBuffer(VirtualFrame virtualFrame, PSSLContext pSSLContext, Object obj, @CachedLibrary("buffer") PythonBufferAccessLibrary pythonBufferAccessLibrary) {
            try {
                pSSLContext.setAlpnProtocols(parseProtocols(pythonBufferAccessLibrary.getInternalOrCopiedByteArray(obj), pythonBufferAccessLibrary.getBufferLength(obj)));
                PNone pNone = PNone.NONE;
                pythonBufferAccessLibrary.release(obj, virtualFrame, this);
                return pNone;
            } catch (Throwable th) {
                pythonBufferAccessLibrary.release(obj, virtualFrame, this);
                throw th;
            }
        }

        @CompilerDirectives.TruffleBoundary
        private static String[] parseProtocols(byte[] bArr, int i) {
            ArrayList arrayList = new ArrayList();
            int i2 = 0;
            while (true) {
                int i3 = i2;
                if (i3 >= i) {
                    return (String[]) arrayList.toArray(new String[0]);
                }
                byte b = bArr[i3];
                int i4 = i3 + 1;
                if (i4 + b <= i) {
                    arrayList.add(new String(bArr, i4, b, StandardCharsets.US_ASCII));
                }
                i2 = i4 + b;
            }
        }

        @Override // com.oracle.graal.python.nodes.function.builtins.PythonBinaryClinicBuiltinNode
        protected ArgumentClinicProvider getArgumentClinic() {
            return SSLContextBuiltinsClinicProviders.SetAlpnProtocolsClinicProviderGen.INSTANCE;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "set_ciphers", minNumOfPositionalArgs = 2, parameterNames = {"$self", "cipherlist"})
    @ArgumentClinic(name = "cipherlist", conversion = ArgumentClinic.ClinicConversion.TString)
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$SetCiphersNode.class */
    public static abstract class SetCiphersNode extends PythonClinicBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization
        public Object setCiphers(PSSLContext pSSLContext, TruffleString truffleString, @Cached TruffleString.ToJavaStringNode toJavaStringNode) {
            pSSLContext.setCiphers(SSLCipherSelector.selectCiphers(this, toJavaStringNode.execute(truffleString)));
            return PNone.NONE;
        }

        @Override // com.oracle.graal.python.nodes.function.builtins.PythonClinicBuiltinNode
        protected ArgumentClinicProvider getArgumentClinic() {
            return SSLContextBuiltinsClinicProviders.SetCiphersNodeClinicProviderGen.INSTANCE;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "set_default_verify_paths", minNumOfPositionalArgs = 1)
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$SetDefaultVerifyPathsNode.class */
    public static abstract class SetDefaultVerifyPathsNode extends PythonUnaryBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization
        public Object set(VirtualFrame virtualFrame, PSSLContext pSSLContext, @Bind("this") Node node, @Cached PyUnicodeFSDecoderNode pyUnicodeFSDecoderNode, @Cached("createEnvironLookup()") GetAttributeNode getAttributeNode, @Cached HashingStorageNodes.HashingStorageGetItem hashingStorageGetItem, @Cached("createCertFileKey()") PBytes pBytes, @Cached("createCertDirKey()") PBytes pBytes2, @Cached TruffleString.ToJavaStringNode toJavaStringNode) {
            HashingStorage dictStorage = ((PDict) getAttributeNode.executeObject(virtualFrame, PythonOS.getPythonOS() == PythonOS.PLATFORM_WIN32 ? getContext().lookupBuiltinModule(BuiltinNames.T_NT) : getContext().lookupBuiltinModule(BuiltinNames.T_POSIX))).getDictStorage();
            TruffleFile truffleFile = toTruffleFile(virtualFrame, pyUnicodeFSDecoderNode, hashingStorageGetItem.execute(virtualFrame, node, dictStorage, pBytes), toJavaStringNode);
            TruffleFile truffleFile2 = toTruffleFile(virtualFrame, pyUnicodeFSDecoderNode, hashingStorageGetItem.execute(virtualFrame, node, dictStorage, pBytes2), toJavaStringNode);
            if (truffleFile == null && truffleFile2 == null) {
                pSSLContext.setUseDefaultTrustStore(true);
            } else {
                SSLModuleBuiltins.LOGGER.fine(() -> {
                    Object[] objArr = new Object[2];
                    objArr[0] = truffleFile != null ? truffleFile.getPath() : "None";
                    objArr[1] = truffleFile2 != null ? truffleFile2.getPath() : "None";
                    return String.format("set_default_verify_paths file: %s. path: %s", objArr);
                });
                try {
                    pSSLContext.setCAEntries(CertUtils.loadVerifyLocations(truffleFile, truffleFile2));
                } catch (IOException | DecoderException | CertUtils.NoCertificateFoundException | GeneralSecurityException e) {
                    SSLModuleBuiltins.LOGGER.log(Level.FINER, StringLiterals.J_EMPTY_STRING, e);
                }
            }
            return PNone.NONE;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @NeverDefault
        public PBytes createCertFileKey() {
            return factory().createBytes("SSL_CERT_FILE".getBytes());
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @NeverDefault
        public PBytes createCertDirKey() {
            return factory().createBytes("SSL_CERT_DIR".getBytes());
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @NeverDefault
        public static GetAttributeNode createEnvironLookup() {
            return GetAttributeNode.create(SSLContextBuiltins.T_ENVIRON);
        }

        private TruffleFile toTruffleFile(VirtualFrame virtualFrame, PyUnicodeFSDecoderNode pyUnicodeFSDecoderNode, Object obj, TruffleString.ToJavaStringNode toJavaStringNode) throws PException {
            if (obj == null) {
                return null;
            }
            try {
                TruffleFile publicTruffleFile = getContext().getEnv().getPublicTruffleFile(toJavaStringNode.execute(pyUnicodeFSDecoderNode.execute(virtualFrame, obj)));
                if (publicTruffleFile.exists(new LinkOption[0])) {
                    return publicTruffleFile;
                }
                return null;
            } catch (Exception e) {
                return null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "verify_flags", minNumOfPositionalArgs = 1, maxNumOfPositionalArgs = 2, isGetter = true, isSetter = true)
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$VerifyFlagsNode.class */
    public static abstract class VerifyFlagsNode extends PythonBinaryBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization(guards = {"isNoValue(none)"})
        public static long getVerifyFlags(PSSLContext pSSLContext, PNone pNone) {
            return pSSLContext.getVerifyFlags();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization(guards = {"!isNoValue(flags)"})
        public static Object setVerifyFlags(VirtualFrame virtualFrame, PSSLContext pSSLContext, Object obj, @Bind("this") Node node, @Cached PyNumberAsSizeNode pyNumberAsSizeNode) {
            pSSLContext.setVerifyFlags(pyNumberAsSizeNode.executeLossy(virtualFrame, node, obj));
            return PNone.NONE;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "verify_mode", minNumOfPositionalArgs = 1, maxNumOfPositionalArgs = 2, isGetter = true, isSetter = true)
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$VerifyModeNode.class */
    public static abstract class VerifyModeNode extends PythonBinaryBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization(guards = {"isNoValue(value)"})
        public static int get(PSSLContext pSSLContext, PNone pNone) {
            return pSSLContext.getVerifyMode();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization(guards = {"!isNoValue(value)"})
        public Object set(VirtualFrame virtualFrame, PSSLContext pSSLContext, Object obj, @Bind("this") Node node, @Cached PyNumberAsSizeNode pyNumberAsSizeNode) {
            int executeLossy = pyNumberAsSizeNode.executeLossy(virtualFrame, node, obj);
            if (executeLossy == 0 && pSSLContext.getCheckHostname()) {
                throw raise(PythonBuiltinClassType.ValueError, ErrorMessages.CANNOT_SET_VERIFY_MODE_TO_CERT_NONE);
            }
            switch (executeLossy) {
                case 0:
                case 1:
                case 2:
                    pSSLContext.setVerifyMode(executeLossy);
                    return PNone.NONE;
                default:
                    throw raise(PythonBuiltinClassType.ValueError, ErrorMessages.INVALID_VALUE_FOR_VERIFY_MODE);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "_wrap_bio", minNumOfPositionalArgs = 4, parameterNames = {"$self", "incoming", "outgoing", "server_side", "server_hostname"}, keywordOnlyNames = {"owner", "session"})
    @ArgumentClinic(name = "server_side", conversion = ArgumentClinic.ClinicConversion.Boolean)
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$WrapBIONode.class */
    public static abstract class WrapBIONode extends PythonClinicBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization
        public Object wrap(PSSLContext pSSLContext, PMemoryBIO pMemoryBIO, PMemoryBIO pMemoryBIO2, boolean z, Object obj, Object obj2, PNone pNone, @Bind("this") Node node, @Cached StringNodes.CastToTruffleStringCheckedNode castToTruffleStringCheckedNode, @Cached TruffleString.ToJavaStringNode toJavaStringNode) {
            TruffleString truffleString = null;
            if (!(obj instanceof PNone)) {
                truffleString = castToTruffleStringCheckedNode.cast(node, obj, ErrorMessages.S_MUST_BE_NONE_OR_STRING, "serverHostname", obj);
            }
            PSSLSocket createSSLSocket = factory().createSSLSocket(PythonBuiltinClassType.PSSLSocket, pSSLContext, SSLContextBuiltins.createSSLEngine(this, pSSLContext, z, truffleString == null ? null : toJavaStringNode.execute(truffleString)), pMemoryBIO, pMemoryBIO2);
            if (!(obj2 instanceof PNone)) {
                createSSLSocket.setOwner(obj2);
            }
            createSSLSocket.setServerHostname(truffleString);
            return createSSLSocket;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Fallback
        public Object wrap(Object obj, Object obj2, Object obj3, Object obj4, Object obj5, Object obj6, Object obj7) {
            throw raise(PythonBuiltinClassType.TypeError, ErrorMessages.INVALID_WRAP_BIO_CALL);
        }

        @Override // com.oracle.graal.python.nodes.function.builtins.PythonClinicBuiltinNode
        protected ArgumentClinicProvider getArgumentClinic() {
            return SSLContextBuiltinsClinicProviders.WrapBIONodeClinicProviderGen.INSTANCE;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Builtin(name = "_wrap_socket", minNumOfPositionalArgs = 3, parameterNames = {"$self", "sock", "server_side", "server_hostname"}, keywordOnlyNames = {"owner", "session"})
    @ArgumentClinic(name = "server_side", conversion = ArgumentClinic.ClinicConversion.Boolean)
    @GenerateNodeFactory
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/SSLContextBuiltins$WrapSocketNode.class */
    public static abstract class WrapSocketNode extends PythonClinicBuiltinNode {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Specialization
        public Object wrap(PSSLContext pSSLContext, PSocket pSocket, boolean z, Object obj, Object obj2, PNone pNone, @Bind("this") Node node, @Cached StringNodes.CastToTruffleStringCheckedNode castToTruffleStringCheckedNode, @Cached TruffleString.ToJavaStringNode toJavaStringNode) {
            TruffleString truffleString = null;
            if (!(obj instanceof PNone)) {
                truffleString = castToTruffleStringCheckedNode.cast(node, obj, ErrorMessages.S_MUST_BE_NONE_OR_STRING, "serverHostname", obj);
            }
            PSSLSocket createSSLSocket = factory().createSSLSocket(PythonBuiltinClassType.PSSLSocket, pSSLContext, SSLContextBuiltins.createSSLEngine(this, pSSLContext, z, truffleString == null ? null : toJavaStringNode.execute(truffleString)), pSocket);
            if (!(obj2 instanceof PNone)) {
                createSSLSocket.setOwner(obj2);
            }
            createSSLSocket.setServerHostname(truffleString);
            return createSSLSocket;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Fallback
        public Object wrap(Object obj, Object obj2, Object obj3, Object obj4, Object obj5, Object obj6) {
            throw raise(PythonBuiltinClassType.TypeError, ErrorMessages.INVALID_WRAP_SOCKET_CALL);
        }

        @Override // com.oracle.graal.python.nodes.function.builtins.PythonClinicBuiltinNode
        protected ArgumentClinicProvider getArgumentClinic() {
            return SSLContextBuiltinsClinicProviders.WrapSocketNodeClinicProviderGen.INSTANCE;
        }
    }

    @Override // com.oracle.graal.python.builtins.PythonBuiltins
    protected List<? extends NodeFactory<? extends PythonBuiltinBaseNode>> getNodeFactories() {
        return SSLContextBuiltinsFactory.getFactories();
    }

    @CompilerDirectives.TruffleBoundary
    static SSLEngine createSSLEngine(PNodeWithRaise pNodeWithRaise, PSSLContext pSSLContext, boolean z, String str) {
        SSLEngine createSSLEngine;
        try {
            pSSLContext.init();
            SSLParameters sSLParameters = new SSLParameters();
            if (str == null || isIPAddress(str)) {
                createSSLEngine = pSSLContext.getContext().createSSLEngine();
            } else {
                try {
                    sSLParameters.setServerNames(Collections.singletonList(new SNIHostName(str)));
                    if (pSSLContext.getCheckHostname()) {
                        sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
                    }
                    createSSLEngine = pSSLContext.getContext().createSSLEngine(str, -1);
                } catch (IllegalArgumentException e) {
                    if (str.contains("��")) {
                        throw pNodeWithRaise.raise(PythonBuiltinClassType.TypeError, ErrorMessages.ARG_MUST_BE_ENCODED_NON_NULL);
                    }
                    throw pNodeWithRaise.raise(PythonBuiltinClassType.ValueError, ErrorMessages.INVALID_HOSTNAME);
                }
            }
            createSSLEngine.setUseClientMode(!z);
            createSSLEngine.setEnabledProtocols(pSSLContext.computeEnabledProtocols());
            List<SSLCipher> computeEnabledCiphers = pSSLContext.computeEnabledCiphers(createSSLEngine);
            String[] strArr = new String[computeEnabledCiphers.size()];
            for (int i = 0; i < computeEnabledCiphers.size(); i++) {
                strArr[i] = computeEnabledCiphers.get(i).name();
            }
            sSLParameters.setCipherSuites(strArr);
            if (pSSLContext.getAlpnProtocols() != null) {
                sSLParameters.setApplicationProtocols(pSSLContext.getAlpnProtocols());
            }
            if (z) {
                switch (pSSLContext.getVerifyMode()) {
                    case 0:
                        sSLParameters.setNeedClientAuth(false);
                        sSLParameters.setWantClientAuth(false);
                        break;
                    case 1:
                        sSLParameters.setWantClientAuth(true);
                        break;
                    case 2:
                        sSLParameters.setNeedClientAuth(true);
                        break;
                    default:
                        if (!$assertionsDisabled) {
                            throw new AssertionError();
                        }
                        break;
                }
            }
            createSSLEngine.setSSLParameters(sSLParameters);
            return createSSLEngine;
        } catch (IOException | InvalidAlgorithmParameterException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e2) {
            throw PConstructAndRaiseNode.raiseUncachedSSLError(SSLErrorCode.ERROR_SSL, e2);
        }
    }

    @CompilerDirectives.TruffleBoundary
    private static boolean isIPAddress(String str) {
        return IPAddressUtil.isIPv4LiteralAddress(str) || IPAddressUtil.isIPv6LiteralAddress(str) || (str.startsWith("[") && str.endsWith("]") && IPAddressUtil.isIPv6LiteralAddress(str.substring(1, str.length() - 1)));
    }

    private static void setMinMaxVersion(PNodeWithRaise pNodeWithRaise, PSSLContext pSSLContext, boolean z, int i) {
        if (pSSLContext.getMethod().isSingleVersion()) {
            throw pNodeWithRaise.raise(PythonBuiltinClassType.ValueError, ErrorMessages.CONTEXT_DOESNT_SUPPORT_MIN_MAX);
        }
        SSLProtocol sSLProtocol = null;
        switch (i) {
            case -2:
                sSLProtocol = z ? SSLModuleBuiltins.getMinimumVersion() : null;
                break;
            case -1:
                sSLProtocol = z ? null : SSLModuleBuiltins.getMaximumVersion();
                break;
            default:
                SSLProtocol[] values = SSLProtocol.values();
                int length = values.length;
                int i2 = 0;
                while (true) {
                    if (i2 < length) {
                        SSLProtocol sSLProtocol2 = values[i2];
                        if (sSLProtocol2.getId() == i) {
                            sSLProtocol = sSLProtocol2;
                        } else {
                            i2++;
                        }
                    }
                }
                if (sSLProtocol == null) {
                    throw pNodeWithRaise.raise(PythonBuiltinClassType.ValueError, ErrorMessages.UNSUPPORTED_PROTOCOL_VERSION, Integer.valueOf(i));
                }
                break;
        }
        if (z) {
            pSSLContext.setMaximumVersion(sSLProtocol);
        } else {
            pSSLContext.setMinimumVersion(sSLProtocol);
        }
    }

    static {
        $assertionsDisabled = !SSLContextBuiltins.class.desiredAssertionStatus();
        T_ENVIRON = PythonUtils.tsLiteral("environ");
    }
}
