package org.apache.qpid.server.management.plugin.connector;

import java.io.IOException;
import java.nio.channels.SelectionKey;
import java.nio.channels.SocketChannel;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import org.eclipse.jetty.io.AsyncEndPoint;
import org.eclipse.jetty.io.Buffer;
import org.eclipse.jetty.io.Connection;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.io.nio.AsyncConnection;
import org.eclipse.jetty.io.nio.IndirectNIOBuffer;
import org.eclipse.jetty.io.nio.SelectChannelEndPoint;
import org.eclipse.jetty.io.nio.SelectorManager;
import org.eclipse.jetty.io.nio.SslConnection;
import org.eclipse.jetty.server.AsyncHttpConnection;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.nio.SelectChannelConnector;
import org.eclipse.jetty.server.ssl.SslCertificates;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.ssl.SslContextFactory;

/* loaded from: input_file:org/apache/qpid/server/management/plugin/connector/TcpAndSslSelectChannelConnector.class */
public class TcpAndSslSelectChannelConnector extends SelectChannelConnector {
    private static final Logger LOG = Log.getLogger(TcpAndSslSelectChannelConnector.class);
    private final SslContextFactory _sslContextFactory;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/qpid/server/management/plugin/connector/TcpAndSslSelectChannelConnector$Protocol.class */
    public enum Protocol {
        UNKNOWN,
        TCP,
        SSL
    }

    /* loaded from: input_file:org/apache/qpid/server/management/plugin/connector/TcpAndSslSelectChannelConnector$ProtocolIdentifyingConnection.class */
    private class ProtocolIdentifyingConnection implements AsyncConnection {
        private final ProtocolIdentifyingEndpoint _endpoint;
        private AsyncConnection _delegate;
        private final long _timestamp;
        private IOException _exception;

        private ProtocolIdentifyingConnection(ProtocolIdentifyingEndpoint protocolIdentifyingEndpoint) {
            this._endpoint = protocolIdentifyingEndpoint;
            this._timestamp = System.currentTimeMillis();
        }

        public void onInputShutdown() throws IOException {
            if (this._delegate == null) {
                createDelegate(true);
            }
            this._delegate.onInputShutdown();
        }

        private boolean createDelegate(boolean z) throws IOException {
            if (this._exception != null) {
                throw this._exception;
            }
            Protocol protocol = this._endpoint.getProtocol();
            if (protocol == Protocol.TCP || (z && protocol == Protocol.UNKNOWN)) {
                this._delegate = new AsyncHttpConnection(TcpAndSslSelectChannelConnector.this, this._endpoint, TcpAndSslSelectChannelConnector.this.getServer());
                return true;
            }
            if (protocol != Protocol.SSL) {
                return false;
            }
            SslConnection sslConnection = new SslConnection(TcpAndSslSelectChannelConnector.this.createSSLEngine(this._endpoint.getSocketChannel()), this._endpoint);
            sslConnection.getSslEndPoint().setConnection(new AsyncHttpConnection(TcpAndSslSelectChannelConnector.this, sslConnection.getSslEndPoint(), TcpAndSslSelectChannelConnector.this.getServer()));
            sslConnection.setAllowRenegotiate(TcpAndSslSelectChannelConnector.this._sslContextFactory.isAllowRenegotiate());
            this._delegate = sslConnection;
            return true;
        }

        private boolean createDelegateNoException() {
            try {
                return createDelegate(false);
            } catch (IOException e) {
                this._exception = e;
                return false;
            }
        }

        public Connection handle() throws IOException {
            return (this._delegate != null || createDelegate(false)) ? this._delegate.handle() : this;
        }

        public long getTimeStamp() {
            return this._timestamp;
        }

        public boolean isIdle() {
            if (this._delegate != null || createDelegateNoException()) {
                return this._delegate.isIdle();
            }
            return false;
        }

        public boolean isSuspended() {
            if (this._delegate != null || createDelegateNoException()) {
                return this._delegate.isSuspended();
            }
            return false;
        }

        public void onClose() {
            if (this._delegate != null) {
                this._delegate.onClose();
            }
        }

        public void onIdleExpired(long j) {
            try {
                if (this._delegate != null || createDelegate(true)) {
                    this._delegate.onIdleExpired(j);
                }
            } catch (IOException e) {
                TcpAndSslSelectChannelConnector.LOG.ignore(e);
                try {
                    this._endpoint.close();
                } catch (IOException e2) {
                    TcpAndSslSelectChannelConnector.LOG.ignore(e2);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/qpid/server/management/plugin/connector/TcpAndSslSelectChannelConnector$ProtocolIdentifyingEndpoint.class */
    public class ProtocolIdentifyingEndpoint extends SelectChannelEndPoint {
        private Protocol _protocol;
        private Buffer _preBuffer;

        public ProtocolIdentifyingEndpoint(SocketChannel socketChannel, SelectorManager.SelectSet selectSet, SelectionKey selectionKey, int i) throws IOException {
            super(socketChannel, selectSet, selectionKey, i);
            this._protocol = Protocol.UNKNOWN;
            this._preBuffer = new IndirectNIOBuffer(6);
        }

        public Protocol getProtocol() throws IOException {
            if (this._protocol == Protocol.UNKNOWN && this._preBuffer.space() != 0) {
                super.fill(this._preBuffer);
                this._protocol = identifyFromPreBuffer();
            }
            return this._protocol;
        }

        public SocketChannel getSocketChannel() {
            return (SocketChannel) getChannel();
        }

        private Protocol identifyFromPreBuffer() {
            if (this._preBuffer.space() != 0) {
                return Protocol.UNKNOWN;
            }
            byte[] array = this._preBuffer.array();
            return (looksLikeSSLv2ClientHello(array) || looksLikeSSLv3ClientHello(array)) ? Protocol.SSL : Protocol.TCP;
        }

        private boolean looksLikeSSLv3ClientHello(byte[] bArr) {
            return bArr[0] == 22 && bArr[1] == 3 && (bArr[2] == 0 || bArr[2] == 1 || bArr[2] == 2 || bArr[2] == 3) && bArr[5] == 1;
        }

        private boolean looksLikeSSLv2ClientHello(byte[] bArr) {
            return bArr[0] == Byte.MIN_VALUE && bArr[3] == 3 && (bArr[4] == 0 || bArr[4] == 1 || bArr[4] == 2 || bArr[4] == 3);
        }

        public int fill(Buffer buffer) throws IOException {
            int i = 0;
            if (getProtocol() != Protocol.UNKNOWN) {
                if (this._preBuffer.hasContent()) {
                    i = buffer.put(this._preBuffer);
                    this._preBuffer.skip(i);
                }
                if (buffer.space() != 0) {
                    i += super.fill(buffer);
                }
            }
            return i;
        }
    }

    public TcpAndSslSelectChannelConnector(SslContextFactory sslContextFactory) {
        this._sslContextFactory = sslContextFactory;
        addBean(this._sslContextFactory);
        setUseDirectBuffers(false);
        setSoLingerTime(30000);
    }

    public void customize(EndPoint endPoint, Request request) throws IOException {
        if (endPoint instanceof SslConnection.SslEndPoint) {
            request.setScheme("https");
        }
        super.customize(endPoint, request);
        if (endPoint instanceof SslConnection.SslEndPoint) {
            SslCertificates.customize(((SslConnection.SslEndPoint) endPoint).getSslEngine().getSession(), endPoint, request);
        }
    }

    protected AsyncConnection newConnection(SocketChannel socketChannel, AsyncEndPoint asyncEndPoint) {
        return new ProtocolIdentifyingConnection((ProtocolIdentifyingEndpoint) asyncEndPoint);
    }

    protected SelectChannelEndPoint newEndPoint(SocketChannel socketChannel, SelectorManager.SelectSet selectSet, SelectionKey selectionKey) throws IOException {
        ProtocolIdentifyingEndpoint protocolIdentifyingEndpoint = new ProtocolIdentifyingEndpoint(socketChannel, selectSet, selectionKey, getMaxIdleTime());
        protocolIdentifyingEndpoint.setConnection(selectSet.getManager().newConnection(socketChannel, protocolIdentifyingEndpoint, selectionKey.attachment()));
        return protocolIdentifyingEndpoint;
    }

    protected SSLEngine createSSLEngine(SocketChannel socketChannel) throws IOException {
        SSLEngine newSslEngine;
        if (socketChannel != null) {
            newSslEngine = this._sslContextFactory.newSslEngine(socketChannel.socket().getInetAddress().getHostAddress(), socketChannel.socket().getPort());
        } else {
            newSslEngine = this._sslContextFactory.newSslEngine();
        }
        newSslEngine.setUseClientMode(false);
        return newSslEngine;
    }

    protected void doStart() throws Exception {
        this._sslContextFactory.checkKeyStore();
        this._sslContextFactory.start();
        SSLEngine newSslEngine = this._sslContextFactory.newSslEngine();
        newSslEngine.setUseClientMode(false);
        SSLSession session = newSslEngine.getSession();
        if (getRequestHeaderSize() < session.getApplicationBufferSize()) {
            setRequestHeaderSize(session.getApplicationBufferSize());
        }
        if (getRequestBufferSize() < session.getApplicationBufferSize()) {
            setRequestBufferSize(session.getApplicationBufferSize());
        }
        super.doStart();
    }

    public boolean isConfidential(Request request) {
        if (!request.getScheme().equals("https")) {
            return super.isConfidential(request);
        }
        int confidentialPort = getConfidentialPort();
        return confidentialPort == 0 || confidentialPort == request.getServerPort();
    }
}
