package org.mortbay.jetty.security;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.SelectionKey;
import java.nio.channels.SocketChannel;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.ConcurrentLinkedQueue;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.mortbay.io.Buffer;
import org.mortbay.io.Connection;
import org.mortbay.io.EndPoint;
import org.mortbay.io.nio.DirectNIOBuffer;
import org.mortbay.io.nio.IndirectNIOBuffer;
import org.mortbay.io.nio.NIOBuffer;
import org.mortbay.io.nio.SelectChannelEndPoint;
import org.mortbay.io.nio.SelectorManager;
import org.mortbay.jetty.HttpConnection;
import org.mortbay.jetty.HttpParser;
import org.mortbay.jetty.Request;
import org.mortbay.jetty.nio.SelectChannelConnector;
import org.mortbay.log.Log;

/* loaded from: input_file:modules/urn.org.netkernel.tpt.http-1.14.20.jar:lib/jetty-sslengine-6.1.19.jar:org/mortbay/jetty/security/SslSelectChannelConnector.class */
public class SslSelectChannelConnector extends SelectChannelConnector {
    static final String CACHED_INFO_ATTR = CachedInfo.class.getName();
    public static final String DEFAULT_KEYSTORE = System.getProperty("user.home") + File.separator + ".keystore";
    public static final String KEYPASSWORD_PROPERTY = "jetty.ssl.keypassword";
    public static final String PASSWORD_PROPERTY = "jetty.ssl.password";
    private transient Password _password;
    private transient Password _keyPassword;
    private transient Password _trustPassword;
    private String _provider;
    private String _secureRandomAlgorithm;
    private String _sslKeyManagerFactoryAlgorithm;
    private String _sslTrustManagerFactoryAlgorithm;
    private String _truststore;
    private String _truststoreType;
    private SSLContext _context;
    private int _packetBufferSize;
    private int _applicationBufferSize;
    private ConcurrentLinkedQueue<Buffer> _packetBuffers;
    private ConcurrentLinkedQueue<Buffer> _applicationBuffers;
    private String[] _excludeCipherSuites = null;
    private String _keystore = DEFAULT_KEYSTORE;
    private String _keystoreType = "JKS";
    private boolean _needClientAuth = false;
    private boolean _wantClientAuth = false;
    private String _protocol = "TLS";
    private String _algorithm = "SunX509";

    /* loaded from: input_file:modules/urn.org.netkernel.tpt.http-1.14.20.jar:lib/jetty-sslengine-6.1.19.jar:org/mortbay/jetty/security/SslSelectChannelConnector$CachedInfo.class */
    private class CachedInfo {
        private X509Certificate[] _certs;
        private Integer _keySize;

        CachedInfo(Integer num, X509Certificate[] x509CertificateArr) {
            this._keySize = num;
            this._certs = x509CertificateArr;
        }

        X509Certificate[] getCerts() {
            return this._certs;
        }

        Integer getKeySize() {
            return this._keySize;
        }
    }

    @Override // org.mortbay.jetty.AbstractBuffers, org.mortbay.io.Buffers
    public Buffer getBuffer(int i) {
        Buffer buffer;
        if (i == this._applicationBufferSize) {
            buffer = this._applicationBuffers.poll();
            if (buffer == null) {
                buffer = new IndirectNIOBuffer(i);
            }
        } else if (i == this._packetBufferSize) {
            buffer = this._packetBuffers.poll();
            if (buffer == null) {
                buffer = getUseDirectBuffers() ? new DirectNIOBuffer(i) : new IndirectNIOBuffer(i);
            }
        } else {
            buffer = super.getBuffer(i);
        }
        return buffer;
    }

    @Override // org.mortbay.jetty.AbstractBuffers, org.mortbay.io.Buffers
    public void returnBuffer(Buffer buffer) {
        buffer.clear();
        int capacity = buffer.capacity();
        ByteBuffer byteBuffer = ((NIOBuffer) buffer).getByteBuffer();
        byteBuffer.position(0);
        byteBuffer.limit(capacity);
        if (capacity == this._applicationBufferSize) {
            this._applicationBuffers.add(buffer);
        } else if (capacity == this._packetBufferSize) {
            this._packetBuffers.add(buffer);
        } else {
            super.returnBuffer(buffer);
        }
    }

    private static X509Certificate[] getCertChain(SSLSession sSLSession) {
        try {
            javax.security.cert.X509Certificate[] peerCertificateChain = sSLSession.getPeerCertificateChain();
            if (peerCertificateChain == null || peerCertificateChain.length == 0) {
                return null;
            }
            int length = peerCertificateChain.length;
            X509Certificate[] x509CertificateArr = new X509Certificate[length];
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            for (int i = 0; i < length; i++) {
                x509CertificateArr[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(peerCertificateChain[i].getEncoded()));
            }
            return x509CertificateArr;
        } catch (SSLPeerUnverifiedException e) {
            Log.ignore(e);
            return null;
        } catch (Exception e2) {
            Log.warn(Log.EXCEPTION, (Throwable) e2);
            return null;
        }
    }

    @Override // org.mortbay.jetty.nio.SelectChannelConnector, org.mortbay.jetty.AbstractConnector, org.mortbay.jetty.Connector
    public void customize(EndPoint endPoint, Request request) throws IOException {
        Integer num;
        X509Certificate[] certChain;
        super.customize(endPoint, request);
        request.setScheme("https");
        try {
            SSLSession session = ((SslHttpChannelEndPoint) endPoint).getSSLEngine().getSession();
            String cipherSuite = session.getCipherSuite();
            CachedInfo cachedInfo = (CachedInfo) session.getValue(CACHED_INFO_ATTR);
            if (cachedInfo != null) {
                num = cachedInfo.getKeySize();
                certChain = cachedInfo.getCerts();
            } else {
                num = new Integer(ServletSSL.deduceKeyLength(cipherSuite));
                certChain = getCertChain(session);
                session.putValue(CACHED_INFO_ATTR, new CachedInfo(num, certChain));
            }
            if (certChain != null) {
                request.setAttribute("javax.servlet.request.X509Certificate", certChain);
            }
            request.setAttribute("javax.servlet.request.cipher_suite", cipherSuite);
            request.setAttribute("javax.servlet.request.key_size", num);
        } catch (Exception e) {
            Log.warn(Log.EXCEPTION, (Throwable) e);
        }
    }

    public SslSelectChannelConnector() {
        this._sslKeyManagerFactoryAlgorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ? "SunX509" : Security.getProperty("ssl.KeyManagerFactory.algorithm");
        this._sslTrustManagerFactoryAlgorithm = Security.getProperty("ssl.TrustManagerFactory.algorithm") == null ? "SunX509" : Security.getProperty("ssl.TrustManagerFactory.algorithm");
        this._truststoreType = "JKS";
        this._packetBuffers = new ConcurrentLinkedQueue<>();
        this._applicationBuffers = new ConcurrentLinkedQueue<>();
    }

    public String[] getCipherSuites() {
        return getExcludeCipherSuites();
    }

    public String[] getExcludeCipherSuites() {
        return this._excludeCipherSuites;
    }

    public void setCipherSuites(String[] strArr) {
        setExcludeCipherSuites(strArr);
    }

    public void setExcludeCipherSuites(String[] strArr) {
        this._excludeCipherSuites = strArr;
    }

    public void setPassword(String str) {
        this._password = Password.getPassword("jetty.ssl.password", str, null);
    }

    public void setTrustPassword(String str) {
        this._trustPassword = Password.getPassword("jetty.ssl.password", str, null);
    }

    public void setKeyPassword(String str) {
        this._keyPassword = Password.getPassword("jetty.ssl.keypassword", str, null);
    }

    public String getAlgorithm() {
        return this._algorithm;
    }

    public void setAlgorithm(String str) {
        this._algorithm = str;
    }

    public String getProtocol() {
        return this._protocol;
    }

    public void setProtocol(String str) {
        this._protocol = str;
    }

    public void setKeystore(String str) {
        this._keystore = str;
    }

    public String getKeystore() {
        return this._keystore;
    }

    public String getKeystoreType() {
        return this._keystoreType;
    }

    public boolean getNeedClientAuth() {
        return this._needClientAuth;
    }

    public boolean getWantClientAuth() {
        return this._wantClientAuth;
    }

    public void setNeedClientAuth(boolean z) {
        this._needClientAuth = z;
    }

    public void setWantClientAuth(boolean z) {
        this._wantClientAuth = z;
    }

    public void setKeystoreType(String str) {
        this._keystoreType = str;
    }

    public String getProvider() {
        return this._provider;
    }

    public String getSecureRandomAlgorithm() {
        return this._secureRandomAlgorithm;
    }

    public String getSslKeyManagerFactoryAlgorithm() {
        return this._sslKeyManagerFactoryAlgorithm;
    }

    public String getSslTrustManagerFactoryAlgorithm() {
        return this._sslTrustManagerFactoryAlgorithm;
    }

    public String getTruststore() {
        return this._truststore;
    }

    public String getTruststoreType() {
        return this._truststoreType;
    }

    public void setProvider(String str) {
        this._provider = str;
    }

    public void setSecureRandomAlgorithm(String str) {
        this._secureRandomAlgorithm = str;
    }

    public void setSslKeyManagerFactoryAlgorithm(String str) {
        this._sslKeyManagerFactoryAlgorithm = str;
    }

    public void setSslTrustManagerFactoryAlgorithm(String str) {
        this._sslTrustManagerFactoryAlgorithm = str;
    }

    public void setTruststore(String str) {
        this._truststore = str;
    }

    public void setTruststoreType(String str) {
        this._truststoreType = str;
    }

    @Override // org.mortbay.jetty.AbstractConnector, org.mortbay.jetty.Connector
    public boolean isConfidential(Request request) {
        int confidentialPort = getConfidentialPort();
        return confidentialPort == 0 || confidentialPort == request.getServerPort();
    }

    @Override // org.mortbay.jetty.AbstractConnector, org.mortbay.jetty.Connector
    public boolean isIntegral(Request request) {
        int integralPort = getIntegralPort();
        return integralPort == 0 || integralPort == request.getServerPort();
    }

    @Override // org.mortbay.jetty.nio.SelectChannelConnector
    protected SelectChannelEndPoint newEndPoint(SocketChannel socketChannel, SelectorManager.SelectSet selectSet, SelectionKey selectionKey) throws IOException {
        return new SslHttpChannelEndPoint(this, socketChannel, selectSet, selectionKey, createSSLEngine());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.mortbay.jetty.nio.SelectChannelConnector
    public Connection newConnection(SocketChannel socketChannel, SelectChannelEndPoint selectChannelEndPoint) {
        HttpConnection httpConnection = (HttpConnection) super.newConnection(socketChannel, selectChannelEndPoint);
        ((HttpParser) httpConnection.getParser()).setForceContentBuffer(true);
        return httpConnection;
    }

    protected SSLEngine createSSLEngine() throws IOException {
        try {
            SSLEngine createSSLEngine = this._context.createSSLEngine();
            createSSLEngine.setUseClientMode(false);
            if (this._wantClientAuth) {
                createSSLEngine.setWantClientAuth(this._wantClientAuth);
            }
            if (this._needClientAuth) {
                createSSLEngine.setNeedClientAuth(this._needClientAuth);
            }
            if (this._excludeCipherSuites != null && this._excludeCipherSuites.length > 0) {
                List<String> asList = Arrays.asList(this._excludeCipherSuites);
                ArrayList arrayList = new ArrayList(Arrays.asList(createSSLEngine.getEnabledCipherSuites()));
                for (String str : asList) {
                    if (arrayList.contains(str)) {
                        arrayList.remove(str);
                    }
                }
                createSSLEngine.setEnabledCipherSuites((String[]) arrayList.toArray(new String[arrayList.size()]));
            }
            return createSSLEngine;
        } catch (Exception e) {
            Log.warn("Error creating sslEngine -- closing this connector", (Throwable) e);
            close();
            throw new IllegalStateException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.mortbay.jetty.nio.SelectChannelConnector, org.mortbay.jetty.AbstractConnector, org.mortbay.jetty.AbstractBuffers, org.mortbay.component.AbstractLifeCycle
    public void doStart() throws Exception {
        this._context = createSSLContext();
        SSLSession session = createSSLEngine().getSession();
        setHeaderBufferSize(session.getApplicationBufferSize());
        setRequestBufferSize(session.getApplicationBufferSize());
        setResponseBufferSize(session.getApplicationBufferSize());
        super.doStart();
    }

    /* JADX WARN: Code restructure failed: missing block: B:53:0x00f7, code lost:
    
        throw r13;
     */
    /* JADX WARN: Code restructure failed: missing block: B:61:0x005e, code lost:
    
        throw r9;
     */
    /* JADX WARN: Removed duplicated region for block: B:20:0x007e  */
    /* JADX WARN: Removed duplicated region for block: B:22:0x0069 A[REMOVE] */
    /* JADX WARN: Removed duplicated region for block: B:27:0x00b9 A[Catch: all -> 0x00f0, TryCatch #0 {all -> 0x00f0, blocks: (B:25:0x00b2, B:27:0x00b9, B:30:0x00e7, B:32:0x00dd), top: B:24:0x00b2 }] */
    /* JADX WARN: Removed duplicated region for block: B:35:0x00ff  */
    /* JADX WARN: Removed duplicated region for block: B:39:0x0124  */
    /* JADX WARN: Removed duplicated region for block: B:42:0x0138  */
    /* JADX WARN: Removed duplicated region for block: B:46:0x0142  */
    /* JADX WARN: Removed duplicated region for block: B:47:0x0104 A[REMOVE] */
    /* JADX WARN: Removed duplicated region for block: B:47:0x0128  */
    /* JADX WARN: Removed duplicated region for block: B:55:0x0096  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected javax.net.ssl.SSLContext createSSLContext() throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 348
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.mortbay.jetty.security.SslSelectChannelConnector.createSSLContext():javax.net.ssl.SSLContext");
    }
}
