package org.apache.activemq.transport.https;

import java.io.IOException;
import java.net.ServerSocket;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.util.Collections;
import java.util.List;
import java.util.Random;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.ssl.ServletSSL;
import org.eclipse.jetty.server.ssl.SslSocketConnector;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/activemq-all-5.9.0.redhat-610091.jar:org/apache/activemq/transport/https/Krb5AndCertsSslSocketConnector.class */
public class Krb5AndCertsSslSocketConnector extends SslSocketConnector {
    public static final List<String> KRB5_CIPHER_SUITES = Collections.unmodifiableList(Collections.singletonList("TLS_KRB5_WITH_3DES_EDE_CBC_SHA"));
    private static final Logger LOG;
    private static final String REMOTE_PRINCIPAL = "remote_principal";
    private boolean useKrb = false;
    private boolean useCerts = true;

    /* loaded from: input_file:WEB-INF/lib/activemq-all-5.9.0.redhat-610091.jar:org/apache/activemq/transport/https/Krb5AndCertsSslSocketConnector$MODE.class */
    public enum MODE {
        KRB,
        CERTS,
        BOTH
    }

    public Krb5AndCertsSslSocketConnector() {
        setPasswords();
    }

    public static boolean isKrb(String str) {
        return str == MODE.KRB.toString() || str == MODE.BOTH.toString();
    }

    public void setMode(String str) {
        this.useKrb = str == MODE.KRB.toString() || str == MODE.BOTH.toString();
        this.useCerts = str == MODE.CERTS.toString() || str == MODE.BOTH.toString();
        logIfDebug("useKerb = " + this.useKrb + ", useCerts = " + this.useCerts);
    }

    private void setPasswords() {
        if (this.useCerts) {
            return;
        }
        Random random = new Random();
        System.setProperty("jetty.ssl.password", String.valueOf(random.nextLong()));
        System.setProperty("jetty.ssl.keypassword", String.valueOf(random.nextLong()));
    }

    public SslContextFactory getSslContextFactory() {
        SslContextFactory sslContextFactory = super.getSslContextFactory();
        if (this.useCerts) {
            return sslContextFactory;
        }
        try {
            SSLContext sSLContext = sslContextFactory.getProvider() == null ? SSLContext.getInstance(sslContextFactory.getProtocol()) : SSLContext.getInstance(sslContextFactory.getProtocol(), sslContextFactory.getProvider());
            sSLContext.init(null, null, null);
            sslContextFactory.setSslContext(sSLContext);
        } catch (KeyManagementException e) {
        } catch (NoSuchAlgorithmException e2) {
        } catch (NoSuchProviderException e3) {
        }
        return sslContextFactory;
    }

    protected ServerSocket newServerSocket(String str, int i, int i2) throws IOException {
        SSLServerSocket sSLServerSocket;
        String[] strArr;
        logIfDebug("Creating new KrbServerSocket for: " + str);
        if (this.useCerts) {
            sSLServerSocket = (SSLServerSocket) super.newServerSocket(str, i, i2);
        } else {
            try {
                sSLServerSocket = (SSLServerSocket) super.newServerSocket(str, i, i2);
            } catch (Exception e) {
                LOG.warn("Could not create KRB5 Listener", (Throwable) e);
                throw new IOException("Could not create KRB5 Listener: " + e.toString());
            }
        }
        if (this.useKrb) {
            sSLServerSocket.setNeedClientAuth(true);
            if (this.useCerts) {
                String[] enabledCipherSuites = sSLServerSocket.getEnabledCipherSuites();
                strArr = new String[enabledCipherSuites.length + KRB5_CIPHER_SUITES.size()];
                System.arraycopy(enabledCipherSuites, 0, strArr, 0, enabledCipherSuites.length);
                System.arraycopy(KRB5_CIPHER_SUITES.toArray(new String[0]), 0, strArr, enabledCipherSuites.length, KRB5_CIPHER_SUITES.size());
            } else {
                strArr = (String[]) KRB5_CIPHER_SUITES.toArray(new String[0]);
            }
            sSLServerSocket.setEnabledCipherSuites(strArr);
        }
        return sSLServerSocket;
    }

    public void customize(EndPoint endPoint, Request request) throws IOException {
        if (this.useKrb) {
            SSLSocket sSLSocket = (SSLSocket) endPoint.getTransport();
            Principal peerPrincipal = sSLSocket.getSession().getPeerPrincipal();
            logIfDebug("Remote principal = " + peerPrincipal);
            request.setScheme("https");
            request.setAttribute(REMOTE_PRINCIPAL, peerPrincipal);
            if (!this.useCerts) {
                String cipherSuite = sSLSocket.getSession().getCipherSuite();
                Integer valueOf = Integer.valueOf(ServletSSL.deduceKeyLength(cipherSuite));
                request.setAttribute("javax.servlet.request.cipher_suite", cipherSuite);
                request.setAttribute("javax.servlet.request.key_size", valueOf);
            }
        }
        if (this.useCerts) {
            super.customize(endPoint, request);
        }
    }

    private void logIfDebug(String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug(str);
        }
    }

    static {
        System.setProperty("https.cipherSuites", KRB5_CIPHER_SUITES.get(0));
        LOG = LoggerFactory.getLogger(Krb5AndCertsSslSocketConnector.class);
    }
}
