package eu.unicore.util.jetty;

import eu.emi.security.authn.x509.X509CertChainValidator;
import eu.emi.security.authn.x509.X509Credential;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import eu.emi.security.authn.x509.impl.X500NameUtils;
import eu.unicore.security.canl.SSLContextCreator;
import eu.unicore.util.httpclient.ServerHostnameCheckingMode;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import org.apache.logging.log4j.Logger;
import org.eclipse.jetty.util.ssl.SslContextFactory;

/* loaded from: input_file:eu/unicore/util/jetty/JettyConnectorUtils.class */
public class JettyConnectorUtils {
    public static SslContextFactory.Server createJettyContextFactory(X509CertChainValidator x509CertChainValidator, X509Credential x509Credential, Logger logger) throws NoSuchAlgorithmException, NoSuchProviderException, KeyManagementException {
        SslContextFactory.Server server = new SslContextFactory.Server();
        server.setSslContext(SSLContextCreator.createSSLContext(x509Credential, x509CertChainValidator, "TLS", "Jetty HTTP Server", logger, ServerHostnameCheckingMode.NONE));
        return server;
    }

    public static void reloadCredential(SslContextFactory.Server server, X509Credential x509Credential, X509CertChainValidator x509CertChainValidator, Logger logger) throws Exception {
        server.setSslContext(SSLContextCreator.createSSLContext(x509Credential, x509CertChainValidator, "TLS", "Jetty HTTP Server", logger, ServerHostnameCheckingMode.NONE));
        server.reload(sslContextFactory -> {
        });
    }

    public static void logConnection(Socket socket, final Logger logger) {
        InetSocketAddress inetSocketAddress = (InetSocketAddress) socket.getRemoteSocketAddress();
        if (!logger.isDebugEnabled() || inetSocketAddress == null || inetSocketAddress.getAddress() == null) {
            return;
        }
        final String hostAddress = inetSocketAddress.getAddress().getHostAddress();
        logger.debug("Connection attempt from {}", hostAddress);
        if (socket instanceof SSLSocket) {
            ((SSLSocket) socket).addHandshakeCompletedListener(new HandshakeCompletedListener() { // from class: eu.unicore.util.jetty.JettyConnectorUtils.1
                @Override // javax.net.ssl.HandshakeCompletedListener
                public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
                    try {
                        logger.debug("SSL connection with {}, connected from {} was established.", X500NameUtils.getReadableForm(CertificateUtils.convertToX509Chain(handshakeCompletedEvent.getPeerCertificates())[0].getSubjectX500Principal()), hostAddress);
                    } catch (SSLPeerUnverifiedException e) {
                        logger.debug("An identity of the peer connecting from {} was not established on TLS layer", hostAddress);
                    }
                }
            });
        }
    }
}
