package org.apache.cxf.transport.https;

import java.util.logging.Handler;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.configuration.security.SSLServerPolicy;
import org.apache.cxf.transport.http.JettyListenerFactory;
import org.mortbay.http.SocketListener;
import org.mortbay.http.SslListener;
import org.mortbay.util.InetAddrPort;

/* loaded from: input_file:org/apache/cxf/transport/https/JettySslListenerFactory.class */
public final class JettySslListenerFactory implements JettyListenerFactory {
    private static final long serialVersionUID = 1;
    private static final Logger LOG = LogUtils.getL7dLogger(JettySslListenerFactory.class);
    private static final String[] UNSUPPORTED = {"SessionCaching", "SessionCacheKey", "MaxChainLength", "CertValidator", "TrustStoreAlgorithm", "TrustStoreType"};
    private static final String[] DERIVATIVE = {"CiphersuiteFilters"};
    SSLServerPolicy sslPolicy;

    public JettySslListenerFactory(SSLServerPolicy sSLServerPolicy) {
        this.sslPolicy = sSLServerPolicy;
    }

    @Override // org.apache.cxf.transport.http.JettyListenerFactory
    public SocketListener createListener(int i) {
        SslListener sslListener = new SslListener(new InetAddrPort(i));
        decorate(sslListener);
        return sslListener;
    }

    public void decorate(SslListener sslListener) {
        String keystore = SSLUtils.getKeystore(this.sslPolicy.getKeystore(), LOG);
        sslListener.setKeystore(keystore);
        String keystoreType = SSLUtils.getKeystoreType(this.sslPolicy.getKeystoreType(), LOG);
        sslListener.setKeystoreType(keystoreType);
        String keystorePassword = SSLUtils.getKeystorePassword(this.sslPolicy.getKeystorePassword(), LOG);
        sslListener.setPassword(keystorePassword);
        String keyPassword = SSLUtils.getKeyPassword(this.sslPolicy.getKeyPassword(), LOG);
        sslListener.setKeyPassword(keyPassword);
        String keystoreAlgorithm = SSLUtils.getKeystoreAlgorithm(this.sslPolicy.getKeystoreAlgorithm(), LOG);
        sslListener.setAlgorithm(keystoreAlgorithm);
        System.setProperty("javax.net.ssl.trustStore", SSLUtils.getTrustStore(this.sslPolicy.getTrustStore(), LOG));
        String secureSocketProtocol = SSLUtils.getSecureSocketProtocol(this.sslPolicy.getSecureSocketProtocol(), LOG);
        sslListener.setProtocol(secureSocketProtocol);
        sslListener.setWantClientAuth(SSLUtils.getWantClientAuthentication(this.sslPolicy.isSetWantClientAuthentication(), this.sslPolicy.isWantClientAuthentication(), LOG));
        sslListener.setNeedClientAuth(SSLUtils.getRequireClientAuthentication(this.sslPolicy.isSetRequireClientAuthentication(), this.sslPolicy.isRequireClientAuthentication(), LOG));
        try {
            sslListener.setCipherSuites(SSLUtils.getCiphersuites(this.sslPolicy.getCiphersuites(), SSLUtils.getServerSupportedCipherSuites(SSLUtils.getSSLContext(secureSocketProtocol, SSLUtils.getKeyStoreManagers(keystore, keystoreType, keystorePassword, keyPassword, keystoreAlgorithm, secureSocketProtocol, LOG), null)), this.sslPolicy.getCiphersuiteFilters(), LOG));
        } catch (Exception e) {
            LogUtils.log(LOG, Level.SEVERE, "SSL_CONTEXT_INIT_FAILURE", e);
        }
        SSLUtils.logUnSupportedPolicies(this.sslPolicy, false, UNSUPPORTED, LOG);
    }

    protected void addLogHandler(Handler handler) {
        LOG.addHandler(handler);
    }

    protected String[] getUnSupported() {
        return UNSUPPORTED;
    }

    protected String[] getDerivative() {
        return DERIVATIVE;
    }
}
