package winstone.ssl;

import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.Reader;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.RSAPrivateKeySpec;
import java.text.MessageFormat;
import java.util.Enumeration;
import java.util.Map;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.sonatype.aether.repository.Proxy;
import sun.security.util.DerInputStream;
import sun.security.util.DerValue;
import sun.security.x509.CertAndKeyGen;
import sun.security.x509.X500Name;
import winstone.HostGroup;
import winstone.HttpListener;
import winstone.Logger;
import winstone.ObjectPool;
import winstone.WinstoneException;
import winstone.WinstoneRequest;
import winstone.WinstoneResourceBundle;
import winstone.auth.BasicAuthenticationHandler;
import winstone.cmdline.Option;

/* loaded from: input_file:winstone.jar:winstone/ssl/HttpsListener.class */
public class HttpsListener extends HttpListener {
    private static final WinstoneResourceBundle SSL_RESOURCES = new WinstoneResourceBundle("winstone.ssl.LocalStrings");
    private final KeyStore keystore;
    private final char[] password;
    private final String keyManagerType;
    private boolean performClientAuth;

    public HttpsListener(Map map, ObjectPool objectPool, HostGroup hostGroup) throws IOException {
        super(map, objectPool, hostGroup);
        if (this.listenPort < 0) {
            this.keystore = null;
            this.password = null;
            this.keyManagerType = null;
            return;
        }
        try {
            this.performClientAuth = Option.HTTPS_VERIFY_CLIENT.get(map);
            File file = Option.HTTPS_CERTIFICATE.get(map);
            File file2 = Option.HTTPS_PRIVATE_KEY.get(map);
            File file3 = Option.HTTPS_KEY_STORE.get(map);
            String str = Option.HTTPS_KEY_STORE_PASSWORD.get(map);
            if ((file != null) ^ (file2 != null)) {
                throw new WinstoneException(MessageFormat.format("--{0} and --{1} need to be used together", Option.HTTPS_CERTIFICATE, Option.HTTPS_PRIVATE_KEY));
            }
            if (file3 != null && file2 != null) {
                throw new WinstoneException(MessageFormat.format("--{0} and --{1} are mutually exclusive", Option.HTTPS_KEY_STORE, Option.HTTPS_PRIVATE_KEY));
            }
            if (file3 != null) {
                if (!file3.exists() || !file3.isFile()) {
                    throw new WinstoneException(SSL_RESOURCES.getString("HttpsListener.KeyStoreNotFound", file3.getPath()));
                }
                this.password = str != null ? str.toCharArray() : null;
                this.keystore = KeyStore.getInstance("JKS");
                this.keystore.load(new FileInputStream(file3), this.password);
            } else if (file != null) {
                Certificate generateCertificate = CertificateFactory.getInstance("X509").generateCertificate(new FileInputStream(file));
                PrivateKey readPEMRSAPrivateKey = readPEMRSAPrivateKey(new FileReader(file2));
                this.password = "changeit".toCharArray();
                this.keystore = KeyStore.getInstance("JKS");
                this.keystore.load(null);
                this.keystore.setKeyEntry("hudson", readPEMRSAPrivateKey, this.password, new Certificate[]{generateCertificate});
            } else {
                this.password = "changeit".toCharArray();
                System.out.println("Using one-time self-signed certificate");
                CertAndKeyGen certAndKeyGen = new CertAndKeyGen("RSA", "SHA1WithRSA", (String) null);
                certAndKeyGen.generate(1024);
                PrivateKey privateKey = certAndKeyGen.getPrivateKey();
                X509Certificate selfCertificate = certAndKeyGen.getSelfCertificate(new X500Name("Test site", "Unknown", "Unknown", "Unknown"), 315360000L);
                this.keystore = KeyStore.getInstance("JKS");
                this.keystore.load(null);
                this.keystore.setKeyEntry("hudson", privateKey, this.password, new Certificate[]{selfCertificate});
            }
            this.keyManagerType = Option.HTTPS_KEY_MANAGER_TYPE.get(map);
        } catch (GeneralSecurityException e) {
            throw ((IOException) new IOException("Failed to handle keys").initCause(e));
        }
    }

    private static PrivateKey readPEMRSAPrivateKey(Reader reader) throws IOException, GeneralSecurityException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            BufferedReader bufferedReader = new BufferedReader(reader);
            boolean z = false;
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    DerValue[] sequence = new DerInputStream(byteArrayOutputStream.toByteArray()).getSequence(0);
                    return KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateKeySpec(sequence[1].getBigInteger(), sequence[3].getBigInteger()));
                }
                if (readLine.startsWith("-----")) {
                    z = !z;
                } else if (z) {
                    char[] charArray = readLine.toCharArray();
                    byte[] bArr = new byte[(charArray.length * 3) / 4];
                    byteArrayOutputStream.write(bArr, 0, BasicAuthenticationHandler.decodeBase64(charArray, bArr, 0, charArray.length, 0));
                }
            }
        } finally {
            reader.close();
        }
    }

    @Override // winstone.HttpListener
    protected int getDefaultPort() {
        return -1;
    }

    @Override // winstone.HttpListener
    protected String getConnectorScheme() {
        return Proxy.TYPE_HTTPS;
    }

    @Override // winstone.HttpListener
    protected ServerSocket getServerSocket() throws IOException {
        SSLServerSocketFactory serverSocketFactory = getSSLContext().getServerSocketFactory();
        SSLServerSocket sSLServerSocket = (SSLServerSocket) (this.listenAddress == null ? serverSocketFactory.createServerSocket(this.listenPort, BACKLOG_COUNT) : serverSocketFactory.createServerSocket(this.listenPort, BACKLOG_COUNT, InetAddress.getByName(this.listenAddress)));
        sSLServerSocket.setEnableSessionCreation(true);
        if (this.performClientAuth) {
            sSLServerSocket.setNeedClientAuth(true);
        }
        return sSLServerSocket;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // winstone.HttpListener
    public void parseSocketInfo(Socket socket, WinstoneRequest winstoneRequest) throws IOException {
        super.parseSocketInfo(socket, winstoneRequest);
        if (socket instanceof SSLSocket) {
            SSLSession session = ((SSLSocket) socket).getSession();
            if (session != null) {
                Certificate[] certificateArr = null;
                try {
                    certificateArr = session.getPeerCertificates();
                } catch (Throwable th) {
                }
                if (certificateArr != null) {
                    winstoneRequest.setAttribute("javax.servlet.request.X509Certificate", certificateArr);
                    winstoneRequest.setAttribute("javax.servlet.request.cipher_suite", session.getCipherSuite());
                    winstoneRequest.setAttribute("javax.servlet.request.ssl_session", new String(session.getId()));
                    winstoneRequest.setAttribute("javax.servlet.request.key_size", getKeySize(session.getCipherSuite()));
                }
            }
            winstoneRequest.setIsSecure(true);
        }
    }

    private Integer getKeySize(String str) {
        if (str.indexOf("_WITH_NULL_") != -1) {
            return 0;
        }
        if (str.indexOf("_WITH_IDEA_CBC_") != -1) {
            return 128;
        }
        if (str.indexOf("_WITH_RC2_CBC_40_") == -1 && str.indexOf("_WITH_RC4_40_") == -1) {
            if (str.indexOf("_WITH_RC4_128_") != -1) {
                return 128;
            }
            if (str.indexOf("_WITH_DES40_CBC_") != -1) {
                return 40;
            }
            if (str.indexOf("_WITH_DES_CBC_") != -1) {
                return 56;
            }
            return str.indexOf("_WITH_3DES_EDE_CBC_") != -1 ? 168 : null;
        }
        return 40;
    }

    public SSLContext getSSLContext() {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.keyManagerType);
            keyManagerFactory.init(this.keystore, this.password);
            Logger.log(Logger.FULL_DEBUG, SSL_RESOURCES, "HttpsListener.KeyCount", this.keystore.size() + "");
            Enumeration<String> aliases = this.keystore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Logger.log(Logger.FULL_DEBUG, SSL_RESOURCES, "HttpsListener.KeyFound", nextElement, this.keystore.getCertificate(nextElement) + "");
            }
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(keyManagerFactory.getKeyManagers(), null, null);
            return sSLContext;
        } catch (Throwable th) {
            throw new WinstoneException(SSL_RESOURCES.getString("HttpsListener.ErrorGettingContext"), th);
        }
    }
}
