package org.eclipse.jetty.server.ssl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.util.TypeUtil;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.opensaml.security.messaging.ServletRequestX509CredentialAdapter;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-329-07.zip:modules/system/layers/fuse/net/sf/ehcache/main/ehcache-2.10.1.jar:rest-management-private-classpath/org/eclipse/jetty/server/ssl/SslCertificates.class_terracotta */
public class SslCertificates {
    private static final Logger LOG = Log.getLogger((Class<?>) SslCertificates.class);
    static final String CACHED_INFO_ATTR = CachedInfo.class.getName();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-329-07.zip:modules/system/layers/fuse/net/sf/ehcache/main/ehcache-2.10.1.jar:rest-management-private-classpath/org/eclipse/jetty/server/ssl/SslCertificates$CachedInfo.class_terracotta */
    public static class CachedInfo {
        private final X509Certificate[] _certs;
        private final Integer _keySize;
        private final String _idStr;

        CachedInfo(Integer num, X509Certificate[] x509CertificateArr, String str) {
            this._keySize = num;
            this._certs = x509CertificateArr;
            this._idStr = str;
        }

        X509Certificate[] getCerts() {
            return this._certs;
        }

        Integer getKeySize() {
            return this._keySize;
        }

        String getIdStr() {
            return this._idStr;
        }
    }

    public static X509Certificate[] getCertChain(SSLSession sSLSession) {
        try {
            javax.security.cert.X509Certificate[] peerCertificateChain = sSLSession.getPeerCertificateChain();
            if (peerCertificateChain == null || peerCertificateChain.length == 0) {
                return null;
            }
            int length = peerCertificateChain.length;
            X509Certificate[] x509CertificateArr = new X509Certificate[length];
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            for (int i = 0; i < length; i++) {
                x509CertificateArr[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(peerCertificateChain[i].getEncoded()));
            }
            return x509CertificateArr;
        } catch (SSLPeerUnverifiedException e) {
            return null;
        } catch (Exception e2) {
            LOG.warn(Log.EXCEPTION, e2);
            return null;
        }
    }

    public static void customize(SSLSession sSLSession, EndPoint endPoint, Request request) throws IOException {
        Integer num;
        X509Certificate[] certChain;
        String hexString;
        request.setScheme("https");
        try {
            String cipherSuite = sSLSession.getCipherSuite();
            CachedInfo cachedInfo = (CachedInfo) sSLSession.getValue(CACHED_INFO_ATTR);
            if (cachedInfo != null) {
                num = cachedInfo.getKeySize();
                certChain = cachedInfo.getCerts();
                hexString = cachedInfo.getIdStr();
            } else {
                num = new Integer(ServletSSL.deduceKeyLength(cipherSuite));
                certChain = getCertChain(sSLSession);
                hexString = TypeUtil.toHexString(sSLSession.getId());
                sSLSession.putValue(CACHED_INFO_ATTR, new CachedInfo(num, certChain, hexString));
            }
            if (certChain != null) {
                request.setAttribute(ServletRequestX509CredentialAdapter.X509_CERT_REQUEST_ATTRIBUTE, certChain);
            }
            request.setAttribute("javax.servlet.request.cipher_suite", cipherSuite);
            request.setAttribute("javax.servlet.request.key_size", num);
            request.setAttribute("javax.servlet.request.ssl_session_id", hexString);
        } catch (Exception e) {
            LOG.warn(Log.EXCEPTION, e);
        }
    }
}
