package org.apache.cxf.transport.https_jetty;

import java.security.SecureRandom;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.ReflectionInvokationHandler;
import org.apache.cxf.configuration.jsse.SSLUtils;
import org.apache.cxf.configuration.security.ClientAuthentication;
import org.apache.cxf.configuration.security.FiltersType;
import org.apache.cxf.transport.https.AliasedX509ExtendedKeyManager;
import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;

/* loaded from: input_file:WEB-INF/lib/cxf-rt-transports-http-jetty-3.0.4.redhat-621211-02.jar:org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.class */
public class CXFJettySslSocketConnector extends SslSelectChannelConnector {
    private static final Logger LOG = LogUtils.getL7dLogger(CXFJettySslSocketConnector.class);
    protected KeyManager[] keyManagers;
    protected TrustManager[] trustManagers;
    protected SecureRandom secureRandom;
    protected List<String> cipherSuites;
    protected FiltersType cipherSuitesFilter;
    protected List<String> excludeProtocols;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/cxf-rt-transports-http-jetty-3.0.4.redhat-621211-02.jar:org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector$CxfSslContextFactory.class */
    public interface CxfSslContextFactory {
        void setExcludeCipherSuites(String... strArr);

        void setIncludeCipherSuites(String... strArr);

        String getProtocol();

        String getProvider();

        void setSslContext(SSLContext sSLContext);

        void setNeedClientAuth(boolean z);

        void setWantClientAuth(boolean z);

        void setProtocol(String str);

        void setProvider(String str);

        void setCertAlias(String str);

        String getCertAlias();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setCipherSuites(List<String> list) {
        this.cipherSuites = list;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setCipherSuitesFilter(FiltersType filtersType) {
        this.cipherSuitesFilter = filtersType;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setExcludeProtocols(List<String> list) {
        this.excludeProtocols = list;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setKeyManagers(KeyManager[] keyManagerArr) {
        this.keyManagers = keyManagerArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setTrustManagers(TrustManager[] trustManagerArr) {
        this.trustManagers = trustManagerArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setSecureRandom(SecureRandom secureRandom) {
        this.secureRandom = secureRandom;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setClientAuthentication(ClientAuthentication clientAuthentication) {
        getCxfSslContextFactory().setWantClientAuth(true);
        if (clientAuthentication != null) {
            if (clientAuthentication.isSetWant()) {
                getCxfSslContextFactory().setWantClientAuth(clientAuthentication.isWant());
            }
            if (clientAuthentication.isSetRequired()) {
                getCxfSslContextFactory().setNeedClientAuth(clientAuthentication.isRequired());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.jetty.server.ssl.SslSelectChannelConnector, org.eclipse.jetty.server.nio.SelectChannelConnector, org.eclipse.jetty.server.AbstractConnector, org.eclipse.jetty.util.component.AggregateLifeCycle, org.eclipse.jetty.util.component.AbstractLifeCycle
    public void doStart() throws Exception {
        getCxfSslContextFactory().setSslContext(createSSLContext());
        super.doStart();
    }

    protected SSLContext createSSLContext() throws Exception {
        String protocol = getCxfSslContextFactory().getProtocol() == null ? "TLS" : getCxfSslContextFactory().getProtocol();
        if (!"SSLv3".equals(protocol) && (this.excludeProtocols == null || this.excludeProtocols.isEmpty())) {
            getSslContextFactory().addExcludeProtocols("SSLv3");
            getSslContextFactory().addExcludeProtocols("SSLv2Hello");
        } else if (this.excludeProtocols != null) {
            Iterator<String> it = this.excludeProtocols.iterator();
            while (it.hasNext()) {
                getSslContextFactory().addExcludeProtocols(it.next());
            }
        }
        SSLContext sSLContext = getCxfSslContextFactory().getProvider() == null ? SSLContext.getInstance(protocol) : SSLContext.getInstance(protocol, getCxfSslContextFactory().getProvider());
        if (getCxfSslContextFactory().getCertAlias() != null) {
            getKeyManagersWithCertAlias();
        }
        sSLContext.init(this.keyManagers, this.trustManagers, this.secureRandom);
        String[] serverSupportedCipherSuites = SSLUtils.getServerSupportedCipherSuites(sSLContext);
        getCxfSslContextFactory().setExcludeCipherSuites(SSLUtils.getCiphersuites(this.cipherSuites, serverSupportedCipherSuites, this.cipherSuitesFilter, LOG, true));
        getCxfSslContextFactory().setIncludeCipherSuites(SSLUtils.getCiphersuites(this.cipherSuites, serverSupportedCipherSuites, this.cipherSuitesFilter, LOG, false));
        return sSLContext;
    }

    protected void getKeyManagersWithCertAlias() throws Exception {
        if (getCxfSslContextFactory().getCertAlias() != null) {
            for (int i = 0; i < this.keyManagers.length; i++) {
                if (this.keyManagers[i] instanceof X509KeyManager) {
                    this.keyManagers[i] = new AliasedX509ExtendedKeyManager(getCxfSslContextFactory().getCertAlias(), (X509KeyManager) this.keyManagers[i]);
                }
            }
        }
    }

    public CxfSslContextFactory getCxfSslContextFactory() {
        try {
            return (CxfSslContextFactory) ReflectionInvokationHandler.createProxyWrapper(getClass().getMethod("getSslContextFactory", new Class[0]).invoke(this, new Object[0]), CxfSslContextFactory.class);
        } catch (Exception e) {
            return null;
        }
    }
}
