package org.mortbay.jetty.security;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.mortbay.io.EndPoint;
import org.mortbay.io.bio.SocketEndPoint;
import org.mortbay.jetty.Request;
import org.mortbay.jetty.bio.SocketConnector;
import org.mortbay.log.Log;
import org.mortbay.resource.Resource;

/* loaded from: classes3.dex */
public class SslSocketConnector extends SocketConnector {
    public static final String DEFAULT_KEYSTORE;
    public static final String KEYPASSWORD_PROPERTY = "jetty.ssl.keypassword";
    public static final String PASSWORD_PROPERTY = "jetty.ssl.password";
    static final String n;
    static Class o;
    private String A;
    private String B;
    private String C;
    private boolean D;
    private int E;
    private boolean F;
    private transient Password t;
    private transient Password u;
    private transient Password v;
    private String x;
    private String y;
    private String z;
    private String[] p = null;

    /* renamed from: q, reason: collision with root package name */
    private String f174q = DEFAULT_KEYSTORE;
    private String r = "JKS";
    private boolean s = false;
    private String w = "TLS";

    /* loaded from: classes3.dex */
    public class SslConnection extends SocketConnector.Connection {
        private final SslSocketConnector i;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public SslConnection(SslSocketConnector sslSocketConnector, Socket socket) throws IOException {
            super(sslSocketConnector, socket);
            this.i = sslSocketConnector;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static SslSocketConnector a(SslConnection sslConnection) {
            return sslConnection.i;
        }

        @Override // org.mortbay.jetty.bio.SocketConnector.Connection, java.lang.Runnable
        public void run() {
            try {
                int handshakeTimeout = this.i.getHandshakeTimeout();
                int soTimeout = this._socket.getSoTimeout();
                if (handshakeTimeout > 0) {
                    this._socket.setSoTimeout(handshakeTimeout);
                }
                SSLSocket sSLSocket = (SSLSocket) this._socket;
                sSLSocket.addHandshakeCompletedListener(new e(this, sSLSocket));
                sSLSocket.startHandshake();
                if (handshakeTimeout > 0) {
                    this._socket.setSoTimeout(soTimeout);
                }
                super.run();
            } catch (SSLException e) {
                Log.warn(e);
                try {
                    close();
                } catch (IOException e2) {
                    Log.ignore(e2);
                }
            } catch (IOException e3) {
                Log.debug(e3);
                try {
                    close();
                } catch (IOException e4) {
                    Log.ignore(e4);
                }
            }
        }

        @Override // org.mortbay.io.bio.SocketEndPoint, org.mortbay.io.bio.StreamEndPoint, org.mortbay.io.EndPoint
        public void shutdownOutput() throws IOException {
            close();
        }
    }

    /* loaded from: classes3.dex */
    private class a {
        private X509Certificate[] a;
        private Integer b;
        private final SslSocketConnector c;

        a(SslSocketConnector sslSocketConnector, Integer num, X509Certificate[] x509CertificateArr) {
            this.c = sslSocketConnector;
            this.b = num;
            this.a = x509CertificateArr;
        }

        X509Certificate[] a() {
            return this.a;
        }

        Integer b() {
            return this.b;
        }
    }

    static {
        Class cls;
        if (o == null) {
            cls = class$("org.mortbay.jetty.security.SslSocketConnector$a");
            o = cls;
        } else {
            cls = o;
        }
        n = cls.getName();
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(System.getProperty("user.home"));
        stringBuffer.append(File.separator);
        stringBuffer.append(".keystore");
        DEFAULT_KEYSTORE = stringBuffer.toString();
    }

    public SslSocketConnector() {
        this.z = Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ? "SunX509" : Security.getProperty("ssl.KeyManagerFactory.algorithm");
        this.A = Security.getProperty("ssl.TrustManagerFactory.algorithm") == null ? "SunX509" : Security.getProperty("ssl.TrustManagerFactory.algorithm");
        this.C = "JKS";
        this.D = false;
        this.E = 0;
        this.F = false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(SslSocketConnector sslSocketConnector) {
        return sslSocketConnector.F;
    }

    private static X509Certificate[] a(SSLSession sSLSession) {
        try {
            javax.security.cert.X509Certificate[] peerCertificateChain = sSLSession.getPeerCertificateChain();
            if (peerCertificateChain != null && peerCertificateChain.length != 0) {
                int length = peerCertificateChain.length;
                X509Certificate[] x509CertificateArr = new X509Certificate[length];
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                for (int i = 0; i < length; i++) {
                    x509CertificateArr[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(peerCertificateChain[i].getEncoded()));
                }
                return x509CertificateArr;
            }
            return null;
        } catch (SSLPeerUnverifiedException unused) {
            return null;
        } catch (Exception e) {
            Log.warn(Log.EXCEPTION, (Throwable) e);
            return null;
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    @Override // org.mortbay.jetty.bio.SocketConnector, org.mortbay.jetty.AbstractConnector
    public void accept(int i) throws IOException, InterruptedException {
        try {
            Socket accept = this._serverSocket.accept();
            configure(accept);
            new SslConnection(this, accept).dispatch();
        } catch (SSLException e) {
            Log.warn(e);
            try {
                stop();
            } catch (Exception e2) {
                Log.warn(e2);
                throw new IllegalStateException(e2.getMessage());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.mortbay.jetty.AbstractConnector
    public void configure(Socket socket) throws IOException {
        super.configure(socket);
    }

    protected SSLServerSocketFactory createFactory() throws Exception {
        InputStream inputStream;
        Throwable th;
        InputStream inputStream2;
        if (this.B == null) {
            this.B = this.f174q;
            this.C = this.r;
        }
        try {
            inputStream = this.f174q != null ? Resource.newResource(this.f174q).getInputStream() : null;
            try {
                KeyStore keyStore = KeyStore.getInstance(this.r);
                keyStore.load(inputStream, this.t == null ? null : this.t.toString().toCharArray());
                if (inputStream != null) {
                    inputStream.close();
                }
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.z);
                keyManagerFactory.init(keyStore, this.u == null ? null : this.u.toString().toCharArray());
                KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
                try {
                    inputStream2 = this.B != null ? Resource.newResource(this.B).getInputStream() : null;
                    try {
                        KeyStore keyStore2 = KeyStore.getInstance(this.C);
                        keyStore2.load(inputStream2, this.v == null ? null : this.v.toString().toCharArray());
                        if (inputStream2 != null) {
                            inputStream2.close();
                        }
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this.A);
                        trustManagerFactory.init(keyStore2);
                        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                        SecureRandom secureRandom = this.y != null ? SecureRandom.getInstance(this.y) : null;
                        SSLContext sSLContext = this.x == null ? SSLContext.getInstance(this.w) : SSLContext.getInstance(this.w, this.x);
                        sSLContext.init(keyManagers, trustManagers, secureRandom);
                        return sSLContext.getServerSocketFactory();
                    } catch (Throwable th2) {
                        th = th2;
                        if (inputStream2 != null) {
                            inputStream2.close();
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    th = th3;
                    inputStream2 = null;
                }
            } catch (Throwable th4) {
                th = th4;
                if (inputStream != null) {
                    inputStream.close();
                }
                throw th;
            }
        } catch (Throwable th5) {
            inputStream = null;
            th = th5;
        }
    }

    @Override // org.mortbay.jetty.bio.SocketConnector, org.mortbay.jetty.AbstractConnector, org.mortbay.jetty.Connector
    public void customize(EndPoint endPoint, Request request) throws IOException {
        Object obj;
        Object obj2;
        super.customize(endPoint, request);
        request.setScheme("https");
        try {
            SSLSession session = ((SSLSocket) ((SocketEndPoint) endPoint).getTransport()).getSession();
            String cipherSuite = session.getCipherSuite();
            a aVar = (a) session.getValue(n);
            if (aVar != null) {
                obj = aVar.b();
                obj2 = aVar.a();
            } else {
                Integer num = new Integer(ServletSSL.deduceKeyLength(cipherSuite));
                X509Certificate[] a2 = a(session);
                session.putValue(n, new a(this, num, a2));
                obj = num;
                obj2 = a2;
            }
            if (obj2 != null) {
                request.setAttribute("javax.servlet.request.X509Certificate", obj2);
            } else if (this.s) {
                throw new IllegalStateException("no client auth");
            }
            request.setAttribute("javax.servlet.request.cipher_suite", cipherSuite);
            request.setAttribute("javax.servlet.request.key_size", obj);
        } catch (Exception e) {
            Log.warn(Log.EXCEPTION, (Throwable) e);
        }
    }

    public String[] getExcludeCipherSuites() {
        return this.p;
    }

    public int getHandshakeTimeout() {
        return this.E;
    }

    public String getKeystore() {
        return this.f174q;
    }

    public String getKeystoreType() {
        return this.r;
    }

    public boolean getNeedClientAuth() {
        return this.s;
    }

    public String getProtocol() {
        return this.w;
    }

    public String getProvider() {
        return this.x;
    }

    public String getSecureRandomAlgorithm() {
        return this.y;
    }

    public String getSslKeyManagerFactoryAlgorithm() {
        return this.z;
    }

    public String getSslTrustManagerFactoryAlgorithm() {
        return this.A;
    }

    public String getTruststore() {
        return this.B;
    }

    public String getTruststoreType() {
        return this.C;
    }

    public boolean getWantClientAuth() {
        return this.D;
    }

    public boolean isAllowRenegotiate() {
        return this.F;
    }

    @Override // org.mortbay.jetty.AbstractConnector, org.mortbay.jetty.Connector
    public boolean isConfidential(Request request) {
        int confidentialPort = getConfidentialPort();
        return confidentialPort == 0 || confidentialPort == request.getServerPort();
    }

    @Override // org.mortbay.jetty.AbstractConnector, org.mortbay.jetty.Connector
    public boolean isIntegral(Request request) {
        int integralPort = getIntegralPort();
        return integralPort == 0 || integralPort == request.getServerPort();
    }

    @Override // org.mortbay.jetty.bio.SocketConnector
    protected ServerSocket newServerSocket(String str, int i, int i2) throws IOException {
        try {
            SSLServerSocketFactory createFactory = createFactory();
            SSLServerSocket sSLServerSocket = (SSLServerSocket) (str == null ? createFactory.createServerSocket(i, i2) : createFactory.createServerSocket(i, i2, InetAddress.getByName(str)));
            if (this.D) {
                sSLServerSocket.setWantClientAuth(this.D);
            }
            if (this.s) {
                sSLServerSocket.setNeedClientAuth(this.s);
            }
            if (this.p != null && this.p.length > 0) {
                List<String> asList = Arrays.asList(this.p);
                ArrayList arrayList = new ArrayList(Arrays.asList(sSLServerSocket.getEnabledCipherSuites()));
                for (String str2 : asList) {
                    if (arrayList.contains(str2)) {
                        arrayList.remove(str2);
                    }
                }
                sSLServerSocket.setEnabledCipherSuites((String[]) arrayList.toArray(new String[arrayList.size()]));
            }
            return sSLServerSocket;
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            Log.warn(e2.toString());
            Log.debug(e2);
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("!JsseListener: ");
            stringBuffer.append(e2);
            throw new IOException(stringBuffer.toString());
        }
    }

    public void setAllowRenegotiate(boolean z) {
        this.F = z;
    }

    public void setExcludeCipherSuites(String[] strArr) {
        this.p = strArr;
    }

    public void setHandshakeTimeout(int i) {
        this.E = i;
    }

    public void setKeyPassword(String str) {
        this.u = Password.getPassword(KEYPASSWORD_PROPERTY, str, null);
    }

    public void setKeystore(String str) {
        this.f174q = str;
    }

    public void setKeystoreType(String str) {
        this.r = str;
    }

    public void setNeedClientAuth(boolean z) {
        this.s = z;
    }

    public void setPassword(String str) {
        this.t = Password.getPassword(PASSWORD_PROPERTY, str, null);
    }

    public void setProtocol(String str) {
        this.w = str;
    }

    public void setProvider(String str) {
        this.x = str;
    }

    public void setSecureRandomAlgorithm(String str) {
        this.y = str;
    }

    public void setSslKeyManagerFactoryAlgorithm(String str) {
        this.z = str;
    }

    public void setSslTrustManagerFactoryAlgorithm(String str) {
        this.A = str;
    }

    public void setTrustPassword(String str) {
        this.v = Password.getPassword(PASSWORD_PROPERTY, str, null);
    }

    public void setTruststore(String str) {
        this.B = str;
    }

    public void setTruststoreType(String str) {
        this.C = str;
    }

    public void setWantClientAuth(boolean z) {
        this.D = z;
    }
}
