package org.openqa.jetty.http;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.apache.commons.logging.Log;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.openqa.jetty.jetty.servlet.ServletSSL;
import org.openqa.jetty.log.LogFactory;
import org.openqa.jetty.util.InetAddrPort;
import org.openqa.jetty.util.LogSupport;
import org.openqa.jetty.util.Password;
import org.openqa.jetty.util.Resource;

/* loaded from: input_file:org/openqa/jetty/http/SslListener.class */
public class SslListener extends SocketListener {
    private String[] cipherSuites;
    public static final String PASSWORD_PROPERTY = "jetty.ssl.password";
    public static final String KEYPASSWORD_PROPERTY = "jetty.ssl.keypassword";
    private String _keystore;
    private transient Password _password;
    private transient Password _keypassword;
    private boolean _needClientAuth;
    private boolean _wantClientAuth;
    private String _protocol;
    private String _algorithm;
    private String _keystoreType;
    private String _provider;
    private static Log log = LogFactory.getLog(SslListener.class);
    public static final String DEFAULT_KEYSTORE = String.valueOf(System.getProperty("user.home")) + File.separator + ".keystore";
    static final String CACHED_INFO_ATTR = CachedInfo.class.getName();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/openqa/jetty/http/SslListener$CachedInfo.class */
    public class CachedInfo {
        private Integer _keySize;
        private X509Certificate[] _certs;

        CachedInfo(Integer num, X509Certificate[] x509CertificateArr) {
            this._keySize = num;
            this._certs = x509CertificateArr;
        }

        Integer getKeySize() {
            return this._keySize;
        }

        X509Certificate[] getCerts() {
            return this._certs;
        }
    }

    public SslListener() {
        this.cipherSuites = null;
        this._keystore = DEFAULT_KEYSTORE;
        this._needClientAuth = false;
        this._wantClientAuth = false;
        this._protocol = SSLSocketFactory.TLS;
        this._algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ? "SunX509" : Security.getProperty("ssl.KeyManagerFactory.algorithm");
        this._keystoreType = "JKS";
        this._provider = null;
        setDefaultScheme(HttpMessage.__SSL_SCHEME);
    }

    public SslListener(InetAddrPort inetAddrPort) {
        super(inetAddrPort);
        this.cipherSuites = null;
        this._keystore = DEFAULT_KEYSTORE;
        this._needClientAuth = false;
        this._wantClientAuth = false;
        this._protocol = SSLSocketFactory.TLS;
        this._algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ? "SunX509" : Security.getProperty("ssl.KeyManagerFactory.algorithm");
        this._keystoreType = "JKS";
        this._provider = null;
        if (inetAddrPort.getPort() == 0) {
            inetAddrPort.setPort(443);
            setPort(443);
        }
        setDefaultScheme(HttpMessage.__SSL_SCHEME);
    }

    public String[] getCipherSuites() {
        return this.cipherSuites;
    }

    public void setCipherSuites(String[] strArr) {
        this.cipherSuites = strArr;
    }

    public void setPassword(String str) {
        this._password = Password.getPassword("jetty.ssl.password", str, null);
    }

    public void setKeyPassword(String str) {
        this._keypassword = Password.getPassword("jetty.ssl.keypassword", str, null);
    }

    public String getAlgorithm() {
        return this._algorithm;
    }

    public void setAlgorithm(String str) {
        this._algorithm = str;
    }

    public String getProtocol() {
        return this._protocol;
    }

    public void setProtocol(String str) {
        this._protocol = str;
    }

    public void setKeystore(String str) {
        this._keystore = str;
    }

    public String getKeystore() {
        return this._keystore;
    }

    public String getKeystoreType() {
        return this._keystoreType;
    }

    public void setKeystoreType(String str) {
        this._keystoreType = str;
    }

    public void setNeedClientAuth(boolean z) {
        this._needClientAuth = z;
    }

    public boolean getNeedClientAuth() {
        return this._needClientAuth;
    }

    public void setWantClientAuth(boolean z) {
        this._wantClientAuth = z;
    }

    public boolean getWantClientAuth() {
        return this._wantClientAuth;
    }

    @Override // org.openqa.jetty.http.SocketListener, org.openqa.jetty.http.HttpListener
    public boolean isIntegral(HttpConnection httpConnection) {
        int integralPort = getIntegralPort();
        return integralPort == 0 || integralPort == getPort();
    }

    @Override // org.openqa.jetty.http.SocketListener, org.openqa.jetty.http.HttpListener
    public boolean isConfidential(HttpConnection httpConnection) {
        int confidentialPort = getConfidentialPort();
        return confidentialPort == 0 || confidentialPort == getPort();
    }

    protected SSLServerSocketFactory createFactory() throws Exception {
        SSLContext sSLContext = this._provider == null ? SSLContext.getInstance(this._protocol) : SSLContext.getInstance(this._protocol, this._provider);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this._algorithm);
        KeyStore keyStore = KeyStore.getInstance(this._keystoreType);
        keyStore.load(Resource.newResource(this._keystore).getInputStream(), this._password.toString().toCharArray());
        keyManagerFactory.init(keyStore, this._keypassword.toString().toCharArray());
        sSLContext.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());
        return sSLContext.getServerSocketFactory();
    }

    @Override // org.openqa.jetty.util.ThreadedServer
    protected ServerSocket newServerSocket(InetAddrPort inetAddrPort, int i) throws IOException {
        try {
            SSLServerSocketFactory createFactory = createFactory();
            SSLServerSocket sSLServerSocket = inetAddrPort == null ? (SSLServerSocket) createFactory.createServerSocket(0, i) : (SSLServerSocket) createFactory.createServerSocket(inetAddrPort.getPort(), i, inetAddrPort.getInetAddress());
            if (this._needClientAuth) {
                sSLServerSocket.setNeedClientAuth(true);
            } else if (this._wantClientAuth) {
                sSLServerSocket.setWantClientAuth(true);
            }
            if (this.cipherSuites != null && this.cipherSuites.length > 0) {
                sSLServerSocket.setEnabledCipherSuites(this.cipherSuites);
                for (int i2 = 0; i2 < this.cipherSuites.length; i2++) {
                    log.debug("SslListener enabled ciphersuite: " + this.cipherSuites[i2]);
                }
            }
            return sSLServerSocket;
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            log.warn(LogSupport.EXCEPTION, e2);
            throw new IOException("Could not create JsseListener: " + e2.toString());
        }
    }

    protected Socket accept(ServerSocket serverSocket) throws IOException {
        try {
            SSLSocket sSLSocket = (SSLSocket) serverSocket.accept();
            if (getMaxIdleTimeMs() > 0) {
                sSLSocket.setSoTimeout(getMaxIdleTimeMs());
            }
            sSLSocket.startHandshake();
            return sSLSocket;
        } catch (SSLException e) {
            log.warn(LogSupport.EXCEPTION, e);
            throw new IOException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.openqa.jetty.http.SocketListener
    public void customizeRequest(Socket socket, HttpRequest httpRequest) {
        Integer num;
        X509Certificate[] certChain;
        super.customizeRequest(socket, httpRequest);
        if (socket instanceof SSLSocket) {
            try {
                SSLSession session = ((SSLSocket) socket).getSession();
                String cipherSuite = session.getCipherSuite();
                CachedInfo cachedInfo = (CachedInfo) session.getValue(CACHED_INFO_ATTR);
                if (cachedInfo != null) {
                    num = cachedInfo.getKeySize();
                    certChain = cachedInfo.getCerts();
                } else {
                    num = new Integer(ServletSSL.deduceKeyLength(cipherSuite));
                    certChain = getCertChain(session);
                    session.putValue(CACHED_INFO_ATTR, new CachedInfo(num, certChain));
                }
                if (certChain != null) {
                    httpRequest.setAttribute("javax.servlet.request.X509Certificate", certChain);
                } else if (this._needClientAuth) {
                    throw new HttpException(403);
                }
                httpRequest.setAttribute("javax.servlet.request.cipher_suite", cipherSuite);
                httpRequest.setAttribute("javax.servlet.request.key_size", num);
            } catch (Exception e) {
                log.warn(LogSupport.EXCEPTION, e);
            }
        }
    }

    private static X509Certificate[] getCertChain(SSLSession sSLSession) {
        try {
            javax.security.cert.X509Certificate[] peerCertificateChain = sSLSession.getPeerCertificateChain();
            if (peerCertificateChain == null || peerCertificateChain.length == 0) {
                return null;
            }
            int length = peerCertificateChain.length;
            X509Certificate[] x509CertificateArr = new X509Certificate[length];
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            for (int i = 0; i < length; i++) {
                x509CertificateArr[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(peerCertificateChain[i].getEncoded()));
            }
            return x509CertificateArr;
        } catch (SSLPeerUnverifiedException unused) {
            return null;
        } catch (Exception e) {
            log.warn(LogSupport.EXCEPTION, e);
            return null;
        }
    }

    public String getProvider() {
        return this._provider;
    }

    public void setProvider(String str) {
        this._provider = str;
    }
}
