package org.mortbay.jetty.security;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.mortbay.io.EndPoint;
import org.mortbay.io.bio.SocketEndPoint;
import org.mortbay.jetty.Request;
import org.mortbay.jetty.bio.SocketConnector;
import org.mortbay.log.Log;

/* loaded from: input_file:hadoop-hdfs-rbf-2.10.2/share/hadoop/hdfs/lib/jetty-6.1.26.jar:org/mortbay/jetty/security/SslSocketConnector.class */
public class SslSocketConnector extends SocketConnector {
    static final String CACHED_INFO_ATTR;
    public static final String DEFAULT_KEYSTORE;
    public static final String KEYPASSWORD_PROPERTY = "jetty.ssl.keypassword";
    public static final String PASSWORD_PROPERTY = "jetty.ssl.password";
    private transient Password _password;
    private transient Password _keyPassword;
    private transient Password _trustPassword;
    private String _provider;
    private String _secureRandomAlgorithm;
    private String _sslKeyManagerFactoryAlgorithm;
    private String _sslTrustManagerFactoryAlgorithm;
    private String _truststore;
    private String _truststoreType;
    private boolean _wantClientAuth;
    private int _handshakeTimeout;
    private boolean _allowRenegotiate;
    static Class class$org$mortbay$jetty$security$SslSocketConnector$CachedInfo;
    private String[] _excludeCipherSuites = null;
    private String _keystore = DEFAULT_KEYSTORE;
    private String _keystoreType = "JKS";
    private boolean _needClientAuth = false;
    private String _protocol = "TLS";

    /* loaded from: input_file:hadoop-hdfs-rbf-2.10.2/share/hadoop/hdfs/lib/jetty-6.1.26.jar:org/mortbay/jetty/security/SslSocketConnector$CachedInfo.class */
    private class CachedInfo {
        private X509Certificate[] _certs;
        private Integer _keySize;
        private final SslSocketConnector this$0;

        CachedInfo(SslSocketConnector sslSocketConnector, Integer num, X509Certificate[] x509CertificateArr) {
            this.this$0 = sslSocketConnector;
            this._keySize = num;
            this._certs = x509CertificateArr;
        }

        X509Certificate[] getCerts() {
            return this._certs;
        }

        Integer getKeySize() {
            return this._keySize;
        }
    }

    /* loaded from: input_file:hadoop-hdfs-rbf-2.10.2/share/hadoop/hdfs/lib/jetty-6.1.26.jar:org/mortbay/jetty/security/SslSocketConnector$SslConnection.class */
    public class SslConnection extends SocketConnector.Connection {
        private final SslSocketConnector this$0;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public SslConnection(SslSocketConnector sslSocketConnector, Socket socket) throws IOException {
            super(sslSocketConnector, socket);
            this.this$0 = sslSocketConnector;
        }

        @Override // org.mortbay.io.bio.SocketEndPoint, org.mortbay.io.bio.StreamEndPoint, org.mortbay.io.EndPoint
        public void shutdownOutput() throws IOException {
            close();
        }

        @Override // org.mortbay.jetty.bio.SocketConnector.Connection, java.lang.Runnable
        public void run() {
            try {
                int handshakeTimeout = this.this$0.getHandshakeTimeout();
                int soTimeout = this._socket.getSoTimeout();
                if (handshakeTimeout > 0) {
                    this._socket.setSoTimeout(handshakeTimeout);
                }
                SSLSocket sSLSocket = (SSLSocket) this._socket;
                sSLSocket.addHandshakeCompletedListener(new HandshakeCompletedListener(this, sSLSocket) { // from class: org.mortbay.jetty.security.SslSocketConnector.SslConnection.1
                    boolean handshook = false;
                    private final SSLSocket val$ssl;
                    private final SslConnection this$1;

                    {
                        this.this$1 = this;
                        this.val$ssl = sSLSocket;
                    }

                    @Override // javax.net.ssl.HandshakeCompletedListener
                    public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
                        if (!this.handshook) {
                            this.handshook = true;
                            return;
                        }
                        if (this.this$1.this$0._allowRenegotiate) {
                            return;
                        }
                        Log.warn(new StringBuffer().append("SSL renegotiate denied: ").append(this.val$ssl).toString());
                        try {
                            this.val$ssl.close();
                        } catch (IOException e) {
                            Log.warn(e);
                        }
                    }
                });
                sSLSocket.startHandshake();
                if (handshakeTimeout > 0) {
                    this._socket.setSoTimeout(soTimeout);
                }
                super.run();
            } catch (SSLException e) {
                Log.warn(e);
                try {
                    close();
                } catch (IOException e2) {
                    Log.ignore(e2);
                }
            } catch (IOException e3) {
                Log.debug(e3);
                try {
                    close();
                } catch (IOException e4) {
                    Log.ignore(e4);
                }
            }
        }
    }

    private static X509Certificate[] getCertChain(SSLSession sSLSession) {
        try {
            javax.security.cert.X509Certificate[] peerCertificateChain = sSLSession.getPeerCertificateChain();
            if (peerCertificateChain == null || peerCertificateChain.length == 0) {
                return null;
            }
            int length = peerCertificateChain.length;
            X509Certificate[] x509CertificateArr = new X509Certificate[length];
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            for (int i = 0; i < length; i++) {
                x509CertificateArr[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(peerCertificateChain[i].getEncoded()));
            }
            return x509CertificateArr;
        } catch (SSLPeerUnverifiedException e) {
            return null;
        } catch (Exception e2) {
            Log.warn(Log.EXCEPTION, (Throwable) e2);
            return null;
        }
    }

    public SslSocketConnector() {
        this._sslKeyManagerFactoryAlgorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ? "SunX509" : Security.getProperty("ssl.KeyManagerFactory.algorithm");
        this._sslTrustManagerFactoryAlgorithm = Security.getProperty("ssl.TrustManagerFactory.algorithm") == null ? "SunX509" : Security.getProperty("ssl.TrustManagerFactory.algorithm");
        this._truststoreType = "JKS";
        this._wantClientAuth = false;
        this._handshakeTimeout = 0;
        this._allowRenegotiate = false;
    }

    public boolean isAllowRenegotiate() {
        return this._allowRenegotiate;
    }

    public void setAllowRenegotiate(boolean z) {
        this._allowRenegotiate = z;
    }

    @Override // org.mortbay.jetty.bio.SocketConnector, org.mortbay.jetty.AbstractConnector
    public void accept(int i) throws IOException, InterruptedException {
        try {
            Socket accept = this._serverSocket.accept();
            configure(accept);
            new SslConnection(this, accept).dispatch();
        } catch (SSLException e) {
            Log.warn(e);
            try {
                stop();
            } catch (Exception e2) {
                Log.warn(e2);
                throw new IllegalStateException(e2.getMessage());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.mortbay.jetty.AbstractConnector
    public void configure(Socket socket) throws IOException {
        super.configure(socket);
    }

    /*  JADX ERROR: NullPointerException in pass: RegionMakerVisitor
        java.lang.NullPointerException
        */
    protected javax.net.ssl.SSLServerSocketFactory createFactory() throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 331
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.mortbay.jetty.security.SslSocketConnector.createFactory():javax.net.ssl.SSLServerSocketFactory");
    }

    @Override // org.mortbay.jetty.bio.SocketConnector, org.mortbay.jetty.AbstractConnector, org.mortbay.jetty.Connector
    public void customize(EndPoint endPoint, Request request) throws IOException {
        Integer num;
        X509Certificate[] certChain;
        super.customize(endPoint, request);
        request.setScheme("https");
        try {
            SSLSession session = ((SSLSocket) ((SocketEndPoint) endPoint).getTransport()).getSession();
            String cipherSuite = session.getCipherSuite();
            CachedInfo cachedInfo = (CachedInfo) session.getValue(CACHED_INFO_ATTR);
            if (cachedInfo != null) {
                num = cachedInfo.getKeySize();
                certChain = cachedInfo.getCerts();
            } else {
                num = new Integer(ServletSSL.deduceKeyLength(cipherSuite));
                certChain = getCertChain(session);
                session.putValue(CACHED_INFO_ATTR, new CachedInfo(this, num, certChain));
            }
            if (certChain != null) {
                request.setAttribute("javax.servlet.request.X509Certificate", certChain);
            } else if (this._needClientAuth) {
                throw new IllegalStateException("no client auth");
            }
            request.setAttribute("javax.servlet.request.cipher_suite", cipherSuite);
            request.setAttribute("javax.servlet.request.key_size", num);
        } catch (Exception e) {
            Log.warn(Log.EXCEPTION, (Throwable) e);
        }
    }

    public String[] getExcludeCipherSuites() {
        return this._excludeCipherSuites;
    }

    public String getKeystore() {
        return this._keystore;
    }

    public String getKeystoreType() {
        return this._keystoreType;
    }

    public boolean getNeedClientAuth() {
        return this._needClientAuth;
    }

    public String getProtocol() {
        return this._protocol;
    }

    public String getProvider() {
        return this._provider;
    }

    public String getSecureRandomAlgorithm() {
        return this._secureRandomAlgorithm;
    }

    public String getSslKeyManagerFactoryAlgorithm() {
        return this._sslKeyManagerFactoryAlgorithm;
    }

    public String getSslTrustManagerFactoryAlgorithm() {
        return this._sslTrustManagerFactoryAlgorithm;
    }

    public String getTruststore() {
        return this._truststore;
    }

    public String getTruststoreType() {
        return this._truststoreType;
    }

    public boolean getWantClientAuth() {
        return this._wantClientAuth;
    }

    @Override // org.mortbay.jetty.AbstractConnector, org.mortbay.jetty.Connector
    public boolean isConfidential(Request request) {
        int confidentialPort = getConfidentialPort();
        return confidentialPort == 0 || confidentialPort == request.getServerPort();
    }

    @Override // org.mortbay.jetty.AbstractConnector, org.mortbay.jetty.Connector
    public boolean isIntegral(Request request) {
        int integralPort = getIntegralPort();
        return integralPort == 0 || integralPort == request.getServerPort();
    }

    @Override // org.mortbay.jetty.bio.SocketConnector
    protected ServerSocket newServerSocket(String str, int i, int i2) throws IOException {
        try {
            SSLServerSocketFactory createFactory = createFactory();
            SSLServerSocket sSLServerSocket = (SSLServerSocket) (str == null ? createFactory.createServerSocket(i, i2) : createFactory.createServerSocket(i, i2, InetAddress.getByName(str)));
            if (this._wantClientAuth) {
                sSLServerSocket.setWantClientAuth(this._wantClientAuth);
            }
            if (this._needClientAuth) {
                sSLServerSocket.setNeedClientAuth(this._needClientAuth);
            }
            if (this._excludeCipherSuites != null && this._excludeCipherSuites.length > 0) {
                List<String> asList = Arrays.asList(this._excludeCipherSuites);
                ArrayList arrayList = new ArrayList(Arrays.asList(sSLServerSocket.getEnabledCipherSuites()));
                for (String str2 : asList) {
                    if (arrayList.contains(str2)) {
                        arrayList.remove(str2);
                    }
                }
                sSLServerSocket.setEnabledCipherSuites((String[]) arrayList.toArray(new String[arrayList.size()]));
            }
            return sSLServerSocket;
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            Log.warn(e2.toString());
            Log.debug(e2);
            throw new IOException(new StringBuffer().append("!JsseListener: ").append(e2).toString());
        }
    }

    public void setExcludeCipherSuites(String[] strArr) {
        this._excludeCipherSuites = strArr;
    }

    public void setKeyPassword(String str) {
        this._keyPassword = Password.getPassword(KEYPASSWORD_PROPERTY, str, null);
    }

    public void setKeystore(String str) {
        this._keystore = str;
    }

    public void setKeystoreType(String str) {
        this._keystoreType = str;
    }

    public void setNeedClientAuth(boolean z) {
        this._needClientAuth = z;
    }

    public void setPassword(String str) {
        this._password = Password.getPassword(PASSWORD_PROPERTY, str, null);
    }

    public void setTrustPassword(String str) {
        this._trustPassword = Password.getPassword(PASSWORD_PROPERTY, str, null);
    }

    public void setProtocol(String str) {
        this._protocol = str;
    }

    public void setProvider(String str) {
        this._provider = str;
    }

    public void setSecureRandomAlgorithm(String str) {
        this._secureRandomAlgorithm = str;
    }

    public void setSslKeyManagerFactoryAlgorithm(String str) {
        this._sslKeyManagerFactoryAlgorithm = str;
    }

    public void setSslTrustManagerFactoryAlgorithm(String str) {
        this._sslTrustManagerFactoryAlgorithm = str;
    }

    public void setTruststore(String str) {
        this._truststore = str;
    }

    public void setTruststoreType(String str) {
        this._truststoreType = str;
    }

    public void setWantClientAuth(boolean z) {
        this._wantClientAuth = z;
    }

    public void setHandshakeTimeout(int i) {
        this._handshakeTimeout = i;
    }

    public int getHandshakeTimeout() {
        return this._handshakeTimeout;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$mortbay$jetty$security$SslSocketConnector$CachedInfo == null) {
            cls = class$("org.mortbay.jetty.security.SslSocketConnector$CachedInfo");
            class$org$mortbay$jetty$security$SslSocketConnector$CachedInfo = cls;
        } else {
            cls = class$org$mortbay$jetty$security$SslSocketConnector$CachedInfo;
        }
        CACHED_INFO_ATTR = cls.getName();
        DEFAULT_KEYSTORE = new StringBuffer().append(System.getProperty("user.home")).append(File.separator).append(".keystore").toString();
    }
}
