package org.mortbay.jetty.security;

import ch.qos.logback.core.net.ssl.SSL;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.mortbay.io.EndPoint;
import org.mortbay.io.bio.SocketEndPoint;
import org.mortbay.jetty.Request;
import org.mortbay.jetty.bio.SocketConnector;
import org.mortbay.log.Log;
import org.mortbay.resource.Resource;

/* loaded from: input_file:org/mortbay/jetty/security/SslSocketConnector.class */
public class SslSocketConnector extends SocketConnector {
    private static String a;
    public static final String DEFAULT_KEYSTORE;
    public static final String KEYPASSWORD_PROPERTY = "jetty.ssl.keypassword";
    public static final String PASSWORD_PROPERTY = "jetty.ssl.password";
    private transient Password f;
    private transient Password g;
    private transient Password h;
    private String j;
    private String k;
    private String l;
    private String m;
    private String n;
    private String o;
    private boolean p;
    private int q;
    private boolean r;
    private static Class s;
    private String[] b = null;
    private String c = DEFAULT_KEYSTORE;
    private String d = SSL.DEFAULT_KEYSTORE_TYPE;
    private boolean e = false;
    private String i = SSLSocketFactory.TLS;

    /* loaded from: input_file:org/mortbay/jetty/security/SslSocketConnector$CachedInfo.class */
    class CachedInfo {
        private X509Certificate[] a;
        private Integer b;

        CachedInfo(SslSocketConnector sslSocketConnector, Integer num, X509Certificate[] x509CertificateArr) {
            this.b = num;
            this.a = x509CertificateArr;
        }

        X509Certificate[] getCerts() {
            return this.a;
        }

        Integer getKeySize() {
            return this.b;
        }
    }

    /* loaded from: input_file:org/mortbay/jetty/security/SslSocketConnector$SslConnection.class */
    public class SslConnection extends SocketConnector.Connection {
        private final SslSocketConnector d;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public SslConnection(SslSocketConnector sslSocketConnector, Socket socket) {
            super(sslSocketConnector, socket);
            this.d = sslSocketConnector;
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
        /* JADX WARN: Type inference failed for: r0v18, types: [java.lang.Throwable, org.mortbay.jetty.bio.SocketConnector$Connection] */
        /* JADX WARN: Type inference failed for: r0v2, types: [org.mortbay.jetty.security.SslSocketConnector$SslConnection] */
        /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Throwable] */
        /* JADX WARN: Type inference failed for: r0v5, types: [org.mortbay.jetty.security.SslSocketConnector$SslConnection] */
        @Override // org.mortbay.jetty.bio.SocketConnector.Connection, java.lang.Runnable
        public void run() {
            ?? r0;
            try {
                int handshakeTimeout = this.d.getHandshakeTimeout();
                int soTimeout = this._socket.getSoTimeout();
                if (handshakeTimeout > 0) {
                    this._socket.setSoTimeout(handshakeTimeout);
                }
                SSLSocket sSLSocket = (SSLSocket) this._socket;
                sSLSocket.addHandshakeCompletedListener(new HandshakeCompletedListener(this, sSLSocket) { // from class: org.mortbay.jetty.security.SslSocketConnector.SslConnection.1
                    private boolean a = false;
                    private final SSLSocket b;
                    private final SslConnection c;

                    {
                        this.c = this;
                        this.b = sSLSocket;
                    }

                    /* JADX WARN: Multi-variable type inference failed */
                    /* JADX WARN: Type inference failed for: r0v10, types: [java.lang.Throwable] */
                    /* JADX WARN: Type inference failed for: r0v12, types: [javax.net.ssl.SSLSocket] */
                    /* JADX WARN: Type inference failed for: r0v9, types: [java.lang.String] */
                    @Override // javax.net.ssl.HandshakeCompletedListener
                    public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
                        if (!this.a) {
                            this.a = true;
                            return;
                        }
                        if (SslSocketConnector.a(SslConnection.a(this.c))) {
                            return;
                        }
                        ?? stringBuffer = new StringBuffer("SSL renegotiate denied: ").append(this.b).toString();
                        Log.warn((String) stringBuffer);
                        try {
                            stringBuffer = this.b;
                            stringBuffer.close();
                        } catch (IOException e) {
                            Log.warn((Throwable) stringBuffer);
                        }
                    }
                });
                sSLSocket.startHandshake();
                if (handshakeTimeout > 0) {
                    this._socket.setSoTimeout(soTimeout);
                }
                r0 = this;
                super.run();
            } catch (SSLException e) {
                Log.warn((Throwable) r0);
                try {
                    r0 = this;
                    r0.close();
                } catch (IOException e2) {
                    Log.ignore(r0);
                }
            } catch (IOException e3) {
                Log.debug((Throwable) r0);
                try {
                    r0 = this;
                    r0.close();
                } catch (IOException e4) {
                    Log.ignore(r0);
                }
            }
        }

        static SslSocketConnector a(SslConnection sslConnection) {
            return sslConnection.d;
        }
    }

    private static X509Certificate[] a(SSLSession sSLSession) {
        try {
            javax.security.cert.X509Certificate[] peerCertificateChain = sSLSession.getPeerCertificateChain();
            if (peerCertificateChain == null || peerCertificateChain.length == 0) {
                return null;
            }
            int length = peerCertificateChain.length;
            X509Certificate[] x509CertificateArr = new X509Certificate[length];
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            for (int i = 0; i < length; i++) {
                x509CertificateArr[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(peerCertificateChain[i].getEncoded()));
            }
            return x509CertificateArr;
        } catch (SSLPeerUnverifiedException unused) {
            return null;
        } catch (Exception e) {
            Log.warn(Log.EXCEPTION, (Throwable) e);
            return null;
        }
    }

    public SslSocketConnector() {
        this.l = Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ? "SunX509" : Security.getProperty("ssl.KeyManagerFactory.algorithm");
        this.m = Security.getProperty("ssl.TrustManagerFactory.algorithm") == null ? "SunX509" : Security.getProperty("ssl.TrustManagerFactory.algorithm");
        this.o = SSL.DEFAULT_KEYSTORE_TYPE;
        this.p = false;
        this.q = 0;
        this.r = false;
    }

    public boolean isAllowRenegotiate() {
        return this.r;
    }

    public void setAllowRenegotiate(boolean z) {
        this.r = z;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v3, types: [org.mortbay.jetty.security.SslSocketConnector] */
    /* JADX WARN: Type inference failed for: r0v8, types: [java.lang.Throwable, org.mortbay.jetty.security.SslSocketConnector$SslConnection, org.mortbay.jetty.bio.SocketConnector$Connection] */
    @Override // org.mortbay.jetty.bio.SocketConnector, org.mortbay.jetty.AbstractConnector
    public void accept(int i) {
        ?? r0;
        try {
            Socket accept = this._serverSocket.accept();
            configure(accept);
            r0 = new SslConnection(this, accept);
            r0.dispatch();
        } catch (SSLException e) {
            Log.warn((Throwable) r0);
            try {
                r0 = this;
                r0.stop();
            } catch (Exception e2) {
                Log.warn((Throwable) r0);
                throw new IllegalStateException(e2.getMessage());
            }
        }
    }

    @Override // org.mortbay.jetty.AbstractConnector
    public void configure(Socket socket) {
        super.configure(socket);
    }

    protected SSLServerSocketFactory createFactory() {
        if (this.n == null) {
            this.n = this.c;
            this.o = this.d;
        }
        InputStream inputStream = null;
        if (this.c != null) {
            inputStream = Resource.newResource(this.c).getInputStream();
        }
        KeyStore keyStore = KeyStore.getInstance(this.d);
        keyStore.load(inputStream, this.f == null ? null : this.f.toString().toCharArray());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.l);
        keyManagerFactory.init(keyStore, this.g == null ? null : this.g.toString().toCharArray());
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        InputStream inputStream2 = null;
        if (this.n != null) {
            inputStream2 = Resource.newResource(this.n).getInputStream();
        }
        KeyStore keyStore2 = KeyStore.getInstance(this.o);
        keyStore2.load(inputStream2, this.h == null ? null : this.h.toString().toCharArray());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this.m);
        trustManagerFactory.init(keyStore2);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        SecureRandom secureRandom = this.k == null ? null : SecureRandom.getInstance(this.k);
        SSLContext sSLContext = this.j == null ? SSLContext.getInstance(this.i) : SSLContext.getInstance(this.i, this.j);
        sSLContext.init(keyManagers, trustManagers, secureRandom);
        return sSLContext.getServerSocketFactory();
    }

    @Override // org.mortbay.jetty.bio.SocketConnector, org.mortbay.jetty.AbstractConnector, org.mortbay.jetty.Connector
    public void customize(EndPoint endPoint, Request request) {
        Integer num;
        X509Certificate[] a2;
        super.customize(endPoint, request);
        request.setScheme("https");
        try {
            SSLSession session = ((SSLSocket) ((SocketEndPoint) endPoint).getTransport()).getSession();
            String cipherSuite = session.getCipherSuite();
            CachedInfo cachedInfo = (CachedInfo) session.getValue(a);
            if (cachedInfo != null) {
                num = cachedInfo.getKeySize();
                a2 = cachedInfo.getCerts();
            } else {
                num = new Integer(ServletSSL.deduceKeyLength(cipherSuite));
                a2 = a(session);
                session.putValue(a, new CachedInfo(this, num, a2));
            }
            if (a2 != null) {
                request.setAttribute("javax.servlet.request.X509Certificate", a2);
            } else if (this.e) {
                throw new IllegalStateException("no client auth");
            }
            request.setAttribute("javax.servlet.request.cipher_suite", cipherSuite);
            request.setAttribute("javax.servlet.request.key_size", num);
        } catch (Exception e) {
            Log.warn(Log.EXCEPTION, (Throwable) e);
        }
    }

    public String[] getExcludeCipherSuites() {
        return this.b;
    }

    public String getKeystore() {
        return this.c;
    }

    public String getKeystoreType() {
        return this.d;
    }

    public boolean getNeedClientAuth() {
        return this.e;
    }

    public String getProtocol() {
        return this.i;
    }

    public String getProvider() {
        return this.j;
    }

    public String getSecureRandomAlgorithm() {
        return this.k;
    }

    public String getSslKeyManagerFactoryAlgorithm() {
        return this.l;
    }

    public String getSslTrustManagerFactoryAlgorithm() {
        return this.m;
    }

    public String getTruststore() {
        return this.n;
    }

    public String getTruststoreType() {
        return this.o;
    }

    public boolean getWantClientAuth() {
        return this.p;
    }

    @Override // org.mortbay.jetty.AbstractConnector, org.mortbay.jetty.Connector
    public boolean isConfidential(Request request) {
        int confidentialPort = getConfidentialPort();
        return confidentialPort == 0 || confidentialPort == request.getServerPort();
    }

    @Override // org.mortbay.jetty.AbstractConnector, org.mortbay.jetty.Connector
    public boolean isIntegral(Request request) {
        int integralPort = getIntegralPort();
        return integralPort == 0 || integralPort == request.getServerPort();
    }

    /* JADX WARN: Type inference failed for: r0v11, types: [java.lang.Throwable, java.net.ServerSocket, javax.net.ssl.SSLServerSocket, java.lang.Exception] */
    @Override // org.mortbay.jetty.bio.SocketConnector
    public ServerSocket newServerSocket(String str, int i, int i2) {
        ?? r0;
        try {
            SSLServerSocketFactory createFactory = createFactory();
            r0 = (SSLServerSocket) (str == null ? createFactory.createServerSocket(i, i2) : createFactory.createServerSocket(i, i2, InetAddress.getByName(str)));
            if (this.p) {
                r0.setWantClientAuth(this.p);
            }
            if (this.e) {
                r0.setNeedClientAuth(this.e);
            }
            if (this.b != null && this.b.length > 0) {
                List<String> asList = Arrays.asList(this.b);
                ArrayList arrayList = new ArrayList(Arrays.asList(r0.getEnabledCipherSuites()));
                for (String str2 : asList) {
                    if (arrayList.contains(str2)) {
                        arrayList.remove(str2);
                    }
                }
                r0.setEnabledCipherSuites((String[]) arrayList.toArray(new String[arrayList.size()]));
            }
            return r0;
        } catch (IOException e) {
            throw r0;
        } catch (Exception e2) {
            Log.warn(r0.toString());
            Log.debug(e2);
            throw new IOException(new StringBuffer("!JsseListener: ").append(e2).toString());
        }
    }

    public void setExcludeCipherSuites(String[] strArr) {
        this.b = strArr;
    }

    public void setKeyPassword(String str) {
        this.g = Password.getPassword(KEYPASSWORD_PROPERTY, str, null);
    }

    public void setKeystore(String str) {
        this.c = str;
    }

    public void setKeystoreType(String str) {
        this.d = str;
    }

    public void setNeedClientAuth(boolean z) {
        this.e = z;
    }

    public void setPassword(String str) {
        this.f = Password.getPassword(PASSWORD_PROPERTY, str, null);
    }

    public void setTrustPassword(String str) {
        this.h = Password.getPassword(PASSWORD_PROPERTY, str, null);
    }

    public void setProtocol(String str) {
        this.i = str;
    }

    public void setProvider(String str) {
        this.j = str;
    }

    public void setSecureRandomAlgorithm(String str) {
        this.k = str;
    }

    public void setSslKeyManagerFactoryAlgorithm(String str) {
        this.l = str;
    }

    public void setSslTrustManagerFactoryAlgorithm(String str) {
        this.m = str;
    }

    public void setTruststore(String str) {
        this.n = str;
    }

    public void setTruststoreType(String str) {
        this.o = str;
    }

    public void setWantClientAuth(boolean z) {
        this.p = z;
    }

    public void setHandshakeTimeout(int i) {
        this.q = i;
    }

    public int getHandshakeTimeout() {
        return this.q;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static boolean a(SslSocketConnector sslSocketConnector) {
        return sslSocketConnector.r;
    }

    static {
        Class cls;
        if (s == null) {
            cls = class$("org.mortbay.jetty.security.SslSocketConnector$CachedInfo");
            s = cls;
        } else {
            cls = s;
        }
        a = cls.getName();
        DEFAULT_KEYSTORE = new StringBuffer().append(System.getProperty("user.home")).append(File.separator).append(".keystore").toString();
    }
}
