package org.apache.catalina.valves;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateFactory;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.security.cert.X509Certificate;
import javax.servlet.ServletException;
import org.apache.catalina.Context;
import org.apache.catalina.Globals;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleListener;
import org.apache.catalina.Logger;
import org.apache.catalina.Request;
import org.apache.catalina.Response;
import org.apache.catalina.ValveContext;
import org.apache.catalina.connector.RequestWrapper;
import org.apache.catalina.connector.http.HttpHeader;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.util.LifecycleSupport;
import org.apache.catalina.util.StringManager;

/* loaded from: input_file:catalina.jar:org/apache/catalina/valves/CertificatesValve.class */
public final class CertificatesValve extends ValveBase implements Lifecycle {
    protected static final String info = "org.apache.catalina.valves.CertificatesValve/1.0";
    protected static final CipherData[] ciphers = {new CipherData("_WITH_NULL_", 0), new CipherData("_WITH_IDEA_CBC_", HttpHeader.MAX_NAME_SIZE), new CipherData("_WITH_RC2_CBC_40_", 40), new CipherData("_WITH_RC4_40_", 40), new CipherData("_WITH_RC4_128_", HttpHeader.MAX_NAME_SIZE), new CipherData("_WITH_DES40_CBC_", 40), new CipherData("_WITH_DES_CBC_", 56), new CipherData("_WITH_3DES_EDE_CBC_", 168)};
    protected static StringManager sm = StringManager.getManager(Constants.Package);
    protected boolean certificates = false;
    protected int debug = 0;
    protected LifecycleSupport lifecycle = new LifecycleSupport(this);
    protected boolean started = false;

    @Override // org.apache.catalina.Lifecycle
    public void addLifecycleListener(LifecycleListener lifecycleListener) {
        this.lifecycle.addLifecycleListener(lifecycleListener);
    }

    protected void expose(Request request, Request request2) {
        SSLSession session;
        if (request2.getSocket() == null || !(request2.getSocket() instanceof SSLSocket) || (session = ((SSLSocket) request2.getSocket()).getSession()) == null) {
            return;
        }
        String cipherSuite = session.getCipherSuite();
        if (cipherSuite != null) {
            request.getRequest().setAttribute(Globals.CIPHER_SUITE_ATTR, cipherSuite);
        }
        Integer num = (Integer) session.getValue(Globals.KEY_SIZE_ATTR);
        if (num == null) {
            int i = 0;
            int i2 = 0;
            while (true) {
                if (i2 >= ciphers.length) {
                    break;
                }
                if (cipherSuite.indexOf(ciphers[i2].phrase) >= 0) {
                    i = ciphers[i2].keySize;
                    break;
                }
                i2++;
            }
            num = new Integer(i);
            session.putValue(Globals.KEY_SIZE_ATTR, num);
        }
        request.getRequest().setAttribute(Globals.KEY_SIZE_ATTR, num);
        Object value = session.getValue(Globals.CERTIFICATES_ATTR);
        if (value != null) {
            request.getRequest().setAttribute(Globals.CERTIFICATES_ATTR, value);
            return;
        }
        try {
            X509Certificate[] peerCertificateChain = session.getPeerCertificateChain();
            if (peerCertificateChain == null) {
                peerCertificateChain = new X509Certificate[0];
            }
            java.security.cert.X509Certificate[] x509CertificateArr = new java.security.cert.X509Certificate[peerCertificateChain.length];
            for (int i3 = 0; i3 < x509CertificateArr.length; i3++) {
                x509CertificateArr[i3] = (java.security.cert.X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(peerCertificateChain[i3].getEncoded()));
            }
            if (x509CertificateArr == null || x509CertificateArr.length < 1) {
                return;
            }
            session.putValue(Globals.CERTIFICATES_ATTR, x509CertificateArr);
            log(" expose: Exposing converted certificates");
            request.getRequest().setAttribute(Globals.CERTIFICATES_ATTR, x509CertificateArr);
        } catch (Throwable unused) {
        }
    }

    public int getDebug() {
        return this.debug;
    }

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve
    public String getInfo() {
        return info;
    }

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve
    public void invoke(Request request, Response response, ValveContext valveContext) throws IOException, ServletException {
        Request request2;
        Request request3 = request;
        while (true) {
            request2 = request3;
            if (!(request2 instanceof RequestWrapper)) {
                break;
            } else {
                request3 = ((RequestWrapper) request2).getWrappedRequest();
            }
        }
        if (this.certificates) {
            verify(request, request2);
        }
        expose(request, request2);
        valveContext.invokeNext(request, response);
    }

    protected void log(String str) {
        Logger logger = this.container.getLogger();
        if (logger != null) {
            logger.log(new StringBuffer("CertificatesValve[").append(this.container.getName()).append("]: ").append(str).toString());
        } else {
            System.out.println(new StringBuffer("CertificatesValve[").append(this.container.getName()).append("]: ").append(str).toString());
        }
    }

    protected void log(String str, Throwable th) {
        Logger logger = this.container.getLogger();
        if (logger != null) {
            logger.log(new StringBuffer("CertificatesValve[").append(this.container.getName()).append("]: ").append(str).toString(), th);
        } else {
            System.out.println(new StringBuffer("CertificatesValve[").append(this.container.getName()).append("]: ").append(str).toString());
            th.printStackTrace(System.out);
        }
    }

    @Override // org.apache.catalina.Lifecycle
    public void removeLifecycleListener(LifecycleListener lifecycleListener) {
        this.lifecycle.removeLifecycleListener(lifecycleListener);
    }

    public void setDebug(int i) {
        this.debug = i;
    }

    @Override // org.apache.catalina.Lifecycle
    public void start() throws LifecycleException {
        LoginConfig loginConfig;
        if (this.started) {
            throw new LifecycleException(sm.getString("certificatesValve.alreadyStarted"));
        }
        this.started = true;
        if (this.debug >= 1) {
            log("Starting");
        }
        this.certificates = false;
        if ((this.container instanceof Context) && (loginConfig = ((Context) this.container).getLoginConfig()) != null && org.apache.catalina.authenticator.Constants.CERT_METHOD.equalsIgnoreCase(loginConfig.getAuthMethod())) {
            this.certificates = true;
        }
        this.lifecycle.fireLifecycleEvent(Lifecycle.START_EVENT, null);
    }

    @Override // org.apache.catalina.Lifecycle
    public void stop() throws LifecycleException {
        if (!this.started) {
            throw new LifecycleException(sm.getString("certificatesValve.notStarted"));
        }
        this.lifecycle.fireLifecycleEvent(Lifecycle.STOP_EVENT, null);
        this.started = false;
        if (this.debug >= 1) {
            log("Stopping");
        }
        this.certificates = false;
    }

    protected void verify(Request request, Request request2) {
        SSLSocket sSLSocket;
        SSLSession session;
        X509Certificate[] x509CertificateArr;
        if (request2.getSocket() == null || !(request2.getSocket() instanceof SSLSocket) || (session = (sSLSocket = (SSLSocket) request2.getSocket()).getSession()) == null) {
            return;
        }
        try {
            x509CertificateArr = session.getPeerCertificateChain();
            if (x509CertificateArr == null) {
                x509CertificateArr = new X509Certificate[0];
            }
        } catch (SSLPeerUnverifiedException unused) {
            log(" verify: SSLPeerUnverifiedException");
            x509CertificateArr = new X509Certificate[0];
        }
        if (x509CertificateArr.length > 0) {
            return;
        }
        session.invalidate();
        sSLSocket.setNeedClientAuth(true);
        try {
            sSLSocket.startHandshake();
        } catch (IOException e) {
            log(" verify: ", e);
        }
        SSLSession session2 = sSLSocket.getSession();
        if (session2 == null) {
            return;
        }
        try {
            if (session2.getPeerCertificateChain() == null) {
                X509Certificate[] x509CertificateArr2 = new X509Certificate[0];
            }
        } catch (SSLPeerUnverifiedException unused2) {
            log(" verify: SSLPeerUnverifiedException");
            X509Certificate[] x509CertificateArr3 = new X509Certificate[0];
        }
    }
}
