package org.mortbay.jetty.security;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.mortbay.io.EndPoint;
import org.mortbay.io.bio.SocketEndPoint;
import org.mortbay.jetty.Request;
import org.mortbay.jetty.bio.SocketConnector;
import org.mortbay.log.Log;
import org.mortbay.resource.Resource;

/* loaded from: input_file:org/mortbay/jetty/security/SslSocketConnector.class */
public class SslSocketConnector extends SocketConnector {
    public static final String DEFAULT_KEYSTORE = new StringBuffer().append(System.getProperty("user.home")).append(File.separator).append(".keystore").toString();
    public static final String PASSWORD_PROPERTY = "jetty.ssl.password";
    public static final String KEYPASSWORD_PROPERTY = "jetty.ssl.keypassword";
    static final String CACHED_INFO_ATTR;
    private transient Password _password;
    private transient Password _keypassword;
    private String _provider;
    static Class class$org$mortbay$jetty$security$SslSocketConnector$CachedInfo;
    private String[] cipherSuites = null;
    private String _keystore = DEFAULT_KEYSTORE;
    private String _protocol = "TLS";
    private String _algorithm = "SunX509";
    private String _keystoreType = "JKS";
    private boolean _needClientAuth = false;
    private boolean _wantClientAuth = false;

    /* loaded from: input_file:org/mortbay/jetty/security/SslSocketConnector$CachedInfo.class */
    private class CachedInfo {
        private Integer _keySize;
        private X509Certificate[] _certs;
        private final SslSocketConnector this$0;

        CachedInfo(SslSocketConnector sslSocketConnector, Integer num, X509Certificate[] x509CertificateArr) {
            this.this$0 = sslSocketConnector;
            this._keySize = num;
            this._certs = x509CertificateArr;
        }

        Integer getKeySize() {
            return this._keySize;
        }

        X509Certificate[] getCerts() {
            return this._certs;
        }
    }

    public String[] getCipherSuites() {
        return this.cipherSuites;
    }

    public void setCipherSuites(String[] strArr) {
        this.cipherSuites = strArr;
    }

    public void setPassword(String str) {
        this._password = Password.getPassword(PASSWORD_PROPERTY, str, null);
    }

    public void setKeyPassword(String str) {
        this._keypassword = Password.getPassword(KEYPASSWORD_PROPERTY, str, null);
    }

    public String getAlgorithm() {
        return this._algorithm;
    }

    public void setAlgorithm(String str) {
        this._algorithm = str;
    }

    public String getProtocol() {
        return this._protocol;
    }

    public void setProtocol(String str) {
        this._protocol = str;
    }

    public void setKeystore(String str) {
        this._keystore = str;
    }

    public String getKeystore() {
        return this._keystore;
    }

    public String getKeystoreType() {
        return this._keystoreType;
    }

    public void setKeystoreType(String str) {
        this._keystoreType = str;
    }

    public String getProvider() {
        return this._provider;
    }

    public void setProvider(String str) {
        this._provider = str;
    }

    public void setWantClientAuth(boolean z) {
        this._wantClientAuth = z;
    }

    public boolean getWantClientAuth() {
        return this._wantClientAuth;
    }

    public void setNeedClientAuth(boolean z) {
        this._needClientAuth = z;
    }

    public boolean getNeedClientAuth() {
        return this._needClientAuth;
    }

    @Override // org.mortbay.jetty.AbstractConnector, org.mortbay.jetty.Connector
    public boolean isIntegral(Request request) {
        int integralPort = getIntegralPort();
        return integralPort == 0 || integralPort == request.getServerPort();
    }

    @Override // org.mortbay.jetty.AbstractConnector, org.mortbay.jetty.Connector
    public boolean isConfidential(Request request) {
        int confidentialPort = getConfidentialPort();
        return confidentialPort == 0 || confidentialPort == request.getServerPort();
    }

    protected SSLServerSocketFactory createFactory() throws Exception {
        SSLContext sSLContext = this._provider == null ? SSLContext.getInstance(this._protocol) : SSLContext.getInstance(this._protocol, this._provider);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this._algorithm);
        KeyStore keyStore = KeyStore.getInstance(this._keystoreType);
        keyStore.load(Resource.newResource(this._keystore).getInputStream(), this._password.toString().toCharArray());
        keyManagerFactory.init(keyStore, this._keypassword.toString().toCharArray());
        sSLContext.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());
        return sSLContext.getServerSocketFactory();
    }

    @Override // org.mortbay.jetty.bio.SocketConnector
    protected ServerSocket newServerSocket(String str, int i, int i2) throws IOException {
        try {
            SSLServerSocketFactory createFactory = createFactory();
            SSLServerSocket sSLServerSocket = (SSLServerSocket) (str == null ? createFactory.createServerSocket(i, i2) : createFactory.createServerSocket(i, i2, InetAddress.getByName(str)));
            sSLServerSocket.setNeedClientAuth(this._needClientAuth);
            sSLServerSocket.setWantClientAuth(this._wantClientAuth);
            if (this.cipherSuites != null && this.cipherSuites.length > 0) {
                sSLServerSocket.setEnabledCipherSuites(this.cipherSuites);
                for (int i3 = 0; i3 < this.cipherSuites.length; i3++) {
                    Log.debug(new StringBuffer().append("SslListener enabled ciphersuite: ").append(this.cipherSuites[i3]).toString());
                }
            }
            return sSLServerSocket;
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            Log.warn(Log.EXCEPTION, (Throwable) e2);
            throw new IOException(new StringBuffer().append("Could not create JsseListener: ").append(e2.toString()).toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.mortbay.jetty.AbstractConnector
    public void configure(Socket socket) throws IOException {
        super.configure(socket);
        ((SSLSocket) socket).startHandshake();
    }

    @Override // org.mortbay.jetty.bio.SocketConnector, org.mortbay.jetty.AbstractConnector, org.mortbay.jetty.Connector
    public void customize(EndPoint endPoint, Request request) throws IOException {
        Integer num;
        X509Certificate[] certChain;
        super.customize(endPoint, request);
        request.setScheme("https");
        try {
            SSLSession session = ((SSLSocket) ((SocketEndPoint) endPoint).getConnection()).getSession();
            String cipherSuite = session.getCipherSuite();
            CachedInfo cachedInfo = (CachedInfo) session.getValue(CACHED_INFO_ATTR);
            if (cachedInfo != null) {
                num = cachedInfo.getKeySize();
                certChain = cachedInfo.getCerts();
            } else {
                num = new Integer(ServletSSL.deduceKeyLength(cipherSuite));
                certChain = getCertChain(session);
                session.putValue(CACHED_INFO_ATTR, new CachedInfo(this, num, certChain));
            }
            if (certChain != null) {
                request.setAttribute("javax.servlet.request.X509Certificate", certChain);
            } else if (this._needClientAuth) {
                throw new IllegalStateException("no client auth");
            }
            request.setAttribute("javax.servlet.request.cipher_suite", cipherSuite);
            request.setAttribute("javax.servlet.request.key_size", num);
        } catch (Exception e) {
            Log.warn(Log.EXCEPTION, (Throwable) e);
        }
    }

    private static X509Certificate[] getCertChain(SSLSession sSLSession) {
        try {
            javax.security.cert.X509Certificate[] peerCertificateChain = sSLSession.getPeerCertificateChain();
            if (peerCertificateChain == null || peerCertificateChain.length == 0) {
                return null;
            }
            int length = peerCertificateChain.length;
            X509Certificate[] x509CertificateArr = new X509Certificate[length];
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            for (int i = 0; i < length; i++) {
                x509CertificateArr[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(peerCertificateChain[i].getEncoded()));
            }
            return x509CertificateArr;
        } catch (SSLPeerUnverifiedException e) {
            return null;
        } catch (Exception e2) {
            Log.warn(Log.EXCEPTION, (Throwable) e2);
            return null;
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$mortbay$jetty$security$SslSocketConnector$CachedInfo == null) {
            cls = class$("org.mortbay.jetty.security.SslSocketConnector$CachedInfo");
            class$org$mortbay$jetty$security$SslSocketConnector$CachedInfo = cls;
        } else {
            cls = class$org$mortbay$jetty$security$SslSocketConnector$CachedInfo;
        }
        CACHED_INFO_ATTR = cls.getName();
    }
}
