package com.sun.enterprise.security.ssl;

import com.sun.enterprise.security.SecurityLoggerInfo;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.glassfish.grizzly.ssl.SSLSupport;

/* loaded from: input_file:com/sun/enterprise/security/ssl/GlassfishSSLSupport.class */
public class GlassfishSSLSupport implements SSLSupport {
    private static final Logger LOG = SecurityLoggerInfo.getLogger();
    private static final SSLSupport.CipherData[] ciphers = {new SSLSupport.CipherData("_WITH_NULL_", 0), new SSLSupport.CipherData("_WITH_IDEA_CBC_", 128), new SSLSupport.CipherData("_WITH_RC2_CBC_40_", 40), new SSLSupport.CipherData("_WITH_RC4_40_", 40), new SSLSupport.CipherData("_WITH_RC4_128_", 128), new SSLSupport.CipherData("_WITH_DES40_CBC_", 40), new SSLSupport.CipherData("_WITH_DES_CBC_", 56), new SSLSupport.CipherData("_WITH_3DES_EDE_CBC_", 168), new SSLSupport.CipherData("_WITH_AES_128_", 128), new SSLSupport.CipherData("_WITH_AES_256_", 256)};
    private final SSLSocket socket;
    private final SSLEngine engine;
    private SSLSession session;

    public GlassfishSSLSupport(SSLSocket sSLSocket) {
        this.socket = sSLSocket;
        this.engine = null;
        this.session = sSLSocket.getSession();
    }

    public GlassfishSSLSupport(SSLEngine sSLEngine) {
        this.socket = null;
        this.engine = sSLEngine;
        if (sSLEngine != null) {
            this.session = sSLEngine.getSession();
        }
    }

    @Override // org.glassfish.grizzly.ssl.SSLSupport
    public String getCipherSuite() throws IOException {
        if (this.session == null) {
            return null;
        }
        return this.session.getCipherSuite();
    }

    @Override // org.glassfish.grizzly.ssl.SSLSupport
    public Certificate[] getPeerCertificates() throws IOException {
        return getPeerCertificates(false);
    }

    @Override // org.glassfish.grizzly.ssl.SSLSupport
    public Certificate[] getPeerCertificates(boolean z) throws IOException {
        if (this.session == null) {
            LOG.log(Level.FINEST, "SSL session is null, no certificates available.");
            return null;
        }
        Certificate[] peerCertificates = this.session.getPeerCertificates();
        if (peerCertificates == null) {
            peerCertificates = new X509Certificate[0];
        }
        if (peerCertificates.length == 0 && z) {
            this.session.invalidate();
            handshake();
            if (this.socket == null) {
                this.session = this.engine.getSession();
            } else {
                this.session = this.socket.getSession();
            }
        }
        return getX509Certs();
    }

    @Override // org.glassfish.grizzly.ssl.SSLSupport
    public Integer getKeySize() throws IOException {
        if (this.session == null) {
            return null;
        }
        Integer num = (Integer) this.session.getValue("jakarta.servlet.request.key_size");
        if (num == null) {
            int i = 0;
            String cipherSuite = this.session.getCipherSuite();
            SSLSupport.CipherData[] cipherDataArr = ciphers;
            int length = cipherDataArr.length;
            int i2 = 0;
            while (true) {
                if (i2 >= length) {
                    break;
                }
                SSLSupport.CipherData cipherData = cipherDataArr[i2];
                if (cipherSuite.contains(cipherData.phrase)) {
                    i = cipherData.keySize;
                    break;
                }
                i2++;
            }
            num = Integer.valueOf(i);
            this.session.putValue("jakarta.servlet.request.key_size", num);
        }
        return num;
    }

    @Override // org.glassfish.grizzly.ssl.SSLSupport
    public String getSessionId() throws IOException {
        byte[] id;
        if (this.session == null || (id = this.session.getId()) == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        for (byte b : id) {
            String hexString = Integer.toHexString(b);
            if (hexString.length() < 2) {
                sb.append('0');
            } else if (hexString.length() > 2) {
                hexString = hexString.substring(hexString.length() - 2);
            }
            sb.append(hexString);
        }
        return sb.toString();
    }

    private void handshake() throws IOException {
        this.socket.setNeedClientAuth(true);
        this.socket.startHandshake();
    }

    private Certificate[] getX509Certs() {
        Certificate[] certificateArr = null;
        try {
            certificateArr = this.session.getPeerCertificates();
        } catch (SSLPeerUnverifiedException e) {
            LOG.log(Level.FINE, "Could not get peer certificates.", (Throwable) e);
        }
        if (certificateArr == null) {
            certificateArr = new X509Certificate[0];
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            try {
                x509CertificateArr[i] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certificateArr[i].getEncoded()));
                LOG.log(Level.FINE, "Cert #{0} = {1}", new Object[]{Integer.valueOf(i), x509CertificateArr[i]});
            } catch (Exception e2) {
                LOG.log(Level.INFO, SecurityLoggerInfo.convertingCertError, new Object[]{certificateArr[i], e2.toString()});
                return null;
            }
        }
        if (x509CertificateArr.length < 1) {
            return null;
        }
        return x509CertificateArr;
    }
}
