package org.eclipse.jetty.server.ssl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.eclipse.jetty.http.security.Password;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.io.bio.SocketEndPoint;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.bio.SocketConnector;
import org.eclipse.jetty.util.TypeUtil;
import org.eclipse.jetty.util.log.Log;

/* loaded from: input_file:org/eclipse/jetty/server/ssl/SslSocketConnector.class */
public class SslSocketConnector extends SocketConnector implements SslConnector {
    static final String CACHED_INFO_ATTR = CachedInfo.class.getName();
    private transient Password _password;
    private transient Password _keyPassword;
    private transient Password _trustPassword;
    private String _provider;
    private String _secureRandomAlgorithm;
    private String _sslKeyManagerFactoryAlgorithm;
    private String _sslTrustManagerFactoryAlgorithm;
    private String _truststorePath;
    private String _truststoreType;
    private boolean _wantClientAuth;
    private int _handshakeTimeout;
    private SSLContext _context;
    private String[] _excludeCipherSuites = null;
    private String _keystorePath = DEFAULT_KEYSTORE;
    private String _keystoreType = "JKS";
    private boolean _needClientAuth = false;
    private String _protocol = "TLS";

    /* loaded from: input_file:org/eclipse/jetty/server/ssl/SslSocketConnector$CachedInfo.class */
    private class CachedInfo {
        private final X509Certificate[] _certs;
        private final Integer _keySize;
        private final String _idStr;

        CachedInfo(Integer num, X509Certificate[] x509CertificateArr, String str) {
            this._keySize = num;
            this._certs = x509CertificateArr;
            this._idStr = str;
        }

        X509Certificate[] getCerts() {
            return this._certs;
        }

        Integer getKeySize() {
            return this._keySize;
        }

        String getIdStr() {
            return this._idStr;
        }
    }

    /* loaded from: input_file:org/eclipse/jetty/server/ssl/SslSocketConnector$SslConnection.class */
    public class SslConnection extends SocketConnector.Connection {
        public SslConnection(Socket socket) throws IOException {
            super(socket);
        }

        @Override // org.eclipse.jetty.server.bio.SocketConnector.Connection, java.lang.Runnable
        public void run() {
            try {
                int handshakeTimeout = SslSocketConnector.this.getHandshakeTimeout();
                int soTimeout = this._socket.getSoTimeout();
                if (handshakeTimeout > 0) {
                    this._socket.setSoTimeout(handshakeTimeout);
                }
                ((SSLSocket) this._socket).startHandshake();
                if (handshakeTimeout > 0) {
                    this._socket.setSoTimeout(soTimeout);
                }
                super.run();
            } catch (SSLException e) {
                Log.debug(e);
                try {
                    close();
                } catch (IOException e2) {
                    Log.ignore(e2);
                }
            } catch (IOException e3) {
                Log.debug(e3);
                try {
                    close();
                } catch (IOException e4) {
                    Log.ignore(e4);
                }
            }
        }
    }

    private static X509Certificate[] getCertChain(SSLSession sSLSession) {
        try {
            javax.security.cert.X509Certificate[] peerCertificateChain = sSLSession.getPeerCertificateChain();
            if (peerCertificateChain == null || peerCertificateChain.length == 0) {
                return null;
            }
            int length = peerCertificateChain.length;
            X509Certificate[] x509CertificateArr = new X509Certificate[length];
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            for (int i = 0; i < length; i++) {
                x509CertificateArr[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(peerCertificateChain[i].getEncoded()));
            }
            return x509CertificateArr;
        } catch (SSLPeerUnverifiedException e) {
            return null;
        } catch (Exception e2) {
            Log.warn("EXCEPTION ", e2);
            return null;
        }
    }

    public SslSocketConnector() {
        this._sslKeyManagerFactoryAlgorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ? "SunX509" : Security.getProperty("ssl.KeyManagerFactory.algorithm");
        this._sslTrustManagerFactoryAlgorithm = Security.getProperty("ssl.TrustManagerFactory.algorithm") == null ? "SunX509" : Security.getProperty("ssl.TrustManagerFactory.algorithm");
        this._truststoreType = "JKS";
        this._wantClientAuth = false;
        this._handshakeTimeout = 0;
    }

    @Override // org.eclipse.jetty.server.bio.SocketConnector, org.eclipse.jetty.server.AbstractConnector
    public void accept(int i) throws IOException, InterruptedException {
        Socket accept = this._serverSocket.accept();
        configure(accept);
        new SslConnection(accept).dispatch();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.jetty.server.AbstractConnector
    public void configure(Socket socket) throws IOException {
        super.configure(socket);
    }

    protected SSLContext createSSLContext() throws Exception {
        KeyManager[] keyManagers = getKeyManagers();
        TrustManager[] trustManagers = getTrustManagers();
        SecureRandom secureRandom = this._secureRandomAlgorithm == null ? null : SecureRandom.getInstance(this._secureRandomAlgorithm);
        SSLContext sSLContext = this._provider == null ? SSLContext.getInstance(this._protocol) : SSLContext.getInstance(this._protocol, this._provider);
        sSLContext.init(keyManagers, trustManagers, secureRandom);
        return sSLContext;
    }

    protected SSLServerSocketFactory createFactory() throws Exception {
        if (this._context == null) {
            this._context = createSSLContext();
        }
        return this._context.getServerSocketFactory();
    }

    protected KeyManager[] getKeyManagers() throws Exception {
        KeyStore keyStore = getKeyStore(this._keystorePath, this._keystoreType, this._password == null ? null : this._password.toString());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this._sslKeyManagerFactoryAlgorithm);
        keyManagerFactory.init(keyStore, this._keyPassword == null ? this._password == null ? null : this._password.toString().toCharArray() : this._keyPassword.toString().toCharArray());
        return keyManagerFactory.getKeyManagers();
    }

    protected TrustManager[] getTrustManagers() throws Exception {
        if (this._truststorePath == null) {
            this._truststorePath = this._keystorePath;
            this._truststoreType = this._keystoreType;
            this._trustPassword = this._password;
            this._sslTrustManagerFactoryAlgorithm = this._sslKeyManagerFactoryAlgorithm;
        }
        KeyStore keyStore = getKeyStore(this._truststorePath, this._truststoreType, this._trustPassword == null ? null : this._trustPassword.toString());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this._sslTrustManagerFactoryAlgorithm);
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    /*  JADX ERROR: NullPointerException in pass: RegionMakerVisitor
        java.lang.NullPointerException: Cannot invoke "java.util.List.size()" because "successors" is null
        	at jadx.core.utils.BlockUtils.getNextBlockOnEmptyPath(BlockUtils.java:964)
        	at jadx.core.utils.BlockUtils.followEmptyPath(BlockUtils.java:939)
        	at jadx.core.dex.visitors.regions.RegionMaker.isEmptySyntheticPath(RegionMaker.java:1132)
        	at jadx.core.dex.visitors.regions.RegionMaker.isEqualPaths(RegionMaker.java:1127)
        	at jadx.core.dex.visitors.regions.IfMakerHelper.isInversionNeeded(IfMakerHelper.java:245)
        	at jadx.core.dex.visitors.regions.IfMakerHelper.mergeNestedIfNodes(IfMakerHelper.java:164)
        	at jadx.core.dex.visitors.regions.RegionMaker.processIf(RegionMaker.java:704)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:152)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:52)
        */
    protected java.security.KeyStore getKeyStore(java.lang.String r5, java.lang.String r6, java.lang.String r7) throws java.lang.Exception {
        /*
            r4 = this;
            r0 = 0
            r9 = r0
            r0 = r5
            if (r0 == 0) goto L36
            r0 = r5
            org.eclipse.jetty.util.resource.Resource r0 = org.eclipse.jetty.util.resource.Resource.newResource(r0)     // Catch: java.lang.Throwable -> L3f
            java.io.InputStream r0 = r0.getInputStream()     // Catch: java.lang.Throwable -> L3f
            r9 = r0
            r0 = r6
            java.security.KeyStore r0 = java.security.KeyStore.getInstance(r0)     // Catch: java.lang.Throwable -> L3f
            r8 = r0
            r0 = r8
            r1 = r9
            r2 = r7
            if (r2 != 0) goto L22
            r2 = 0
            goto L29
        L22:
            r2 = r7
            java.lang.String r2 = r2.toString()     // Catch: java.lang.Throwable -> L3f
            char[] r2 = r2.toCharArray()     // Catch: java.lang.Throwable -> L3f
        L29:
            r0.load(r1, r2)     // Catch: java.lang.Throwable -> L3f
            r0 = r8
            r10 = r0
            r0 = jsr -> L47
        L33:
            r1 = r10
            return r1
        L36:
            r0 = 0
            r10 = r0
            r0 = jsr -> L47
        L3c:
            r1 = r10
            return r1
        L3f:
            r11 = move-exception
            r0 = jsr -> L47
        L44:
            r1 = r11
            throw r1
        L47:
            r12 = r0
            r0 = r9
            if (r0 == 0) goto L53
            r0 = r9
            r0.close()
        L53:
            ret r12
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.jetty.server.ssl.SslSocketConnector.getKeyStore(java.lang.String, java.lang.String, java.lang.String):java.security.KeyStore");
    }

    @Override // org.eclipse.jetty.server.bio.SocketConnector, org.eclipse.jetty.server.AbstractConnector, org.eclipse.jetty.server.Connector
    public void customize(EndPoint endPoint, Request request) throws IOException {
        Integer num;
        X509Certificate[] certChain;
        String hexString;
        super.customize(endPoint, request);
        request.setScheme("https");
        try {
            SSLSession session = ((SSLSocket) ((SocketEndPoint) endPoint).getTransport()).getSession();
            String cipherSuite = session.getCipherSuite();
            CachedInfo cachedInfo = (CachedInfo) session.getValue(CACHED_INFO_ATTR);
            if (cachedInfo != null) {
                num = cachedInfo.getKeySize();
                certChain = cachedInfo.getCerts();
                hexString = cachedInfo.getIdStr();
            } else {
                num = new Integer(ServletSSL.deduceKeyLength(cipherSuite));
                certChain = getCertChain(session);
                hexString = TypeUtil.toHexString(session.getId());
                session.putValue(CACHED_INFO_ATTR, new CachedInfo(num, certChain, hexString));
            }
            if (certChain != null) {
                request.setAttribute("javax.servlet.request.X509Certificate", certChain);
            } else if (this._needClientAuth) {
                throw new IllegalStateException("no client auth");
            }
            request.setAttribute("javax.servlet.request.ssl_session_id", hexString);
            request.setAttribute("javax.servlet.request.cipher_suite", cipherSuite);
            request.setAttribute("javax.servlet.request.key_size", num);
        } catch (Exception e) {
            Log.warn("EXCEPTION ", e);
        }
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public String[] getExcludeCipherSuites() {
        return this._excludeCipherSuites;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public String getKeystore() {
        return this._keystorePath;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public String getKeystoreType() {
        return this._keystoreType;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public boolean getNeedClientAuth() {
        return this._needClientAuth;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public String getProtocol() {
        return this._protocol;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public String getProvider() {
        return this._provider;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public String getSecureRandomAlgorithm() {
        return this._secureRandomAlgorithm;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public String getSslKeyManagerFactoryAlgorithm() {
        return this._sslKeyManagerFactoryAlgorithm;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public String getSslTrustManagerFactoryAlgorithm() {
        return this._sslTrustManagerFactoryAlgorithm;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public String getTruststore() {
        return this._truststorePath;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public String getTruststoreType() {
        return this._truststoreType;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public boolean getWantClientAuth() {
        return this._wantClientAuth;
    }

    @Override // org.eclipse.jetty.server.AbstractConnector, org.eclipse.jetty.server.Connector
    public boolean isConfidential(Request request) {
        int confidentialPort = getConfidentialPort();
        return confidentialPort == 0 || confidentialPort == request.getServerPort();
    }

    @Override // org.eclipse.jetty.server.AbstractConnector, org.eclipse.jetty.server.Connector
    public boolean isIntegral(Request request) {
        int integralPort = getIntegralPort();
        return integralPort == 0 || integralPort == request.getServerPort();
    }

    @Override // org.eclipse.jetty.server.bio.SocketConnector
    protected ServerSocket newServerSocket(String str, int i, int i2) throws IOException {
        try {
            SSLServerSocketFactory createFactory = createFactory();
            SSLServerSocket sSLServerSocket = (SSLServerSocket) (str == null ? createFactory.createServerSocket(i, i2) : createFactory.createServerSocket(i, i2, InetAddress.getByName(str)));
            if (this._wantClientAuth) {
                sSLServerSocket.setWantClientAuth(this._wantClientAuth);
            }
            if (this._needClientAuth) {
                sSLServerSocket.setNeedClientAuth(this._needClientAuth);
            }
            if (this._excludeCipherSuites != null && this._excludeCipherSuites.length > 0) {
                List<String> asList = Arrays.asList(this._excludeCipherSuites);
                ArrayList arrayList = new ArrayList(Arrays.asList(sSLServerSocket.getEnabledCipherSuites()));
                for (String str2 : asList) {
                    if (arrayList.contains(str2)) {
                        arrayList.remove(str2);
                    }
                }
                sSLServerSocket.setEnabledCipherSuites((String[]) arrayList.toArray(new String[arrayList.size()]));
            }
            return sSLServerSocket;
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            Log.warn(e2.toString());
            Log.debug(e2);
            throw new IOException("!JsseListener: " + e2);
        }
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public void setExcludeCipherSuites(String[] strArr) {
        this._excludeCipherSuites = strArr;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public void setKeyPassword(String str) {
        this._keyPassword = Password.getPassword(SslConnector.KEYPASSWORD_PROPERTY, str, (String) null);
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public void setKeystore(String str) {
        this._keystorePath = str;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public void setKeystoreType(String str) {
        this._keystoreType = str;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public void setNeedClientAuth(boolean z) {
        this._needClientAuth = z;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public void setPassword(String str) {
        this._password = Password.getPassword(SslConnector.PASSWORD_PROPERTY, str, (String) null);
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public void setTrustPassword(String str) {
        this._trustPassword = Password.getPassword(SslConnector.PASSWORD_PROPERTY, str, (String) null);
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public void setProtocol(String str) {
        this._protocol = str;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public void setProvider(String str) {
        this._provider = str;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public void setSecureRandomAlgorithm(String str) {
        this._secureRandomAlgorithm = str;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public void setSslKeyManagerFactoryAlgorithm(String str) {
        this._sslKeyManagerFactoryAlgorithm = str;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public void setSslTrustManagerFactoryAlgorithm(String str) {
        this._sslTrustManagerFactoryAlgorithm = str;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public void setTruststore(String str) {
        this._truststorePath = str;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public void setTruststoreType(String str) {
        this._truststoreType = str;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public void setSslContext(SSLContext sSLContext) {
        this._context = sSLContext;
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public SSLContext getSslContext() {
        try {
            if (this._context == null) {
                this._context = createSSLContext();
            }
            return this._context;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.eclipse.jetty.server.ssl.SslConnector
    public void setWantClientAuth(boolean z) {
        this._wantClientAuth = z;
    }

    public void setHandshakeTimeout(int i) {
        this._handshakeTimeout = i;
    }

    public int getHandshakeTimeout() {
        return this._handshakeTimeout;
    }

    public String getAlgorithm() {
        throw new UnsupportedOperationException();
    }

    public void setAlgorithm(String str) {
        throw new UnsupportedOperationException();
    }
}
