package org.kaazing.gateway.transport.ssl;

import java.io.IOException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.Callable;
import javax.annotation.Resource;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import org.apache.mina.core.filterchain.IoFilterChain;
import org.apache.mina.core.future.ConnectFuture;
import org.apache.mina.core.future.DefaultConnectFuture;
import org.apache.mina.core.future.IoFutureListener;
import org.apache.mina.core.service.IoHandler;
import org.apache.mina.core.service.TransportMetadata;
import org.apache.mina.core.session.IdleStatus;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.core.session.IoSessionInitializer;
import org.apache.mina.filter.ssl.SslContextFactory;
import org.kaazing.gateway.resource.address.ResourceAddress;
import org.kaazing.gateway.resource.address.ResourceAddressFactory;
import org.kaazing.gateway.resource.address.ssl.SslResourceAddress;
import org.kaazing.gateway.security.KeySelector;
import org.kaazing.gateway.security.SecurityContext;
import org.kaazing.gateway.transport.AbstractBridgeConnector;
import org.kaazing.gateway.transport.AbstractBridgeSession;
import org.kaazing.gateway.transport.BridgeServiceFactory;
import org.kaazing.gateway.transport.BridgeSession;
import org.kaazing.gateway.transport.BridgeSessionInitializerAdapter;
import org.kaazing.gateway.transport.DefaultIoSessionConfigEx;
import org.kaazing.gateway.transport.DefaultTransportMetadata;
import org.kaazing.gateway.transport.IoHandlerAdapter;
import org.kaazing.gateway.transport.TransportKeySelector;
import org.kaazing.gateway.transport.TypedAttributeKey;
import org.kaazing.gateway.transport.ssl.bridge.filter.SslCertificateSelectionFilter;
import org.kaazing.gateway.transport.ssl.bridge.filter.SslFilter;
import org.kaazing.gateway.transport.ssl.cert.VirtualHostKeySelector;
import org.kaazing.gateway.util.ssl.SslCipherSuites;
import org.kaazing.mina.core.service.IoProcessorEx;
import org.kaazing.mina.core.session.IoSessionEx;

/* loaded from: input_file:org/kaazing/gateway/transport/ssl/SslConnector.class */
public class SslConnector extends AbstractBridgeConnector<SslSession> {
    private static final TypedAttributeKey<Callable<SslSession>> SSL_SESSION_FACTORY_KEY = new TypedAttributeKey<>(SslConnector.class, "sslSessionFactory");
    private static final TypedAttributeKey<ConnectFuture> SSL_CONNECT_FUTURE_KEY = new TypedAttributeKey<>(SslConnector.class, "sslConnectFuture");
    private static final TypedAttributeKey<SslSession> SSL_SESSION_KEY = new TypedAttributeKey<>(SslConnector.class, "sslSession");
    private static final String CODEC_FILTER = "ssl#codec";
    private static final String CERTIFICATE_SELECTION_FILTER = "ssl#certificate_selection";
    private BridgeServiceFactory bridgeServiceFactory;
    private SslContextFactory sslContextFactory;
    private SSLContext sslContext;
    private SslCertificateSelectionFilter certificateSelection;
    private ResourceAddressFactory resourceAddressFactory;
    private VirtualHostKeySelector vhostKeySelector;
    private IoHandler bridgeHandler;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.kaazing.gateway.transport.ssl.SslConnector$3, reason: invalid class name */
    /* loaded from: input_file:org/kaazing/gateway/transport/ssl/SslConnector$3.class */
    public class AnonymousClass3 implements IoSessionInitializer<ConnectFuture> {
        final /* synthetic */ IoHandler val$handler;
        final /* synthetic */ IoSessionInitializer val$initializer;
        final /* synthetic */ ResourceAddress val$connectAddress;
        final /* synthetic */ DefaultConnectFuture val$sslConnectFuture;

        AnonymousClass3(IoHandler ioHandler, IoSessionInitializer ioSessionInitializer, ResourceAddress resourceAddress, DefaultConnectFuture defaultConnectFuture) {
            this.val$handler = ioHandler;
            this.val$initializer = ioSessionInitializer;
            this.val$connectAddress = resourceAddress;
            this.val$sslConnectFuture = defaultConnectFuture;
        }

        public void initializeSession(final IoSession ioSession, ConnectFuture connectFuture) {
            final IoSessionInitializer<T> ioSessionInitializer = new IoSessionInitializer<T>() { // from class: org.kaazing.gateway.transport.ssl.SslConnector.3.1
                /* JADX WARN: Incorrect types in method signature: (Lorg/apache/mina/core/session/IoSession;TT;)V */
                public void initializeSession(IoSession ioSession2, ConnectFuture connectFuture2) {
                    ((AbstractBridgeSession) ioSession2).setHandler(AnonymousClass3.this.val$handler);
                    if (AnonymousClass3.this.val$initializer != null) {
                        AnonymousClass3.this.val$initializer.initializeSession(ioSession2, connectFuture2);
                    }
                }
            };
            SslConnector.SSL_SESSION_FACTORY_KEY.set(ioSession, new Callable<SslSession>() { // from class: org.kaazing.gateway.transport.ssl.SslConnector.3.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public SslSession call() throws Exception {
                    return (SslSession) SslConnector.this.newSession(ioSessionInitializer, AnonymousClass3.this.val$sslConnectFuture, new Callable<SslSession>() { // from class: org.kaazing.gateway.transport.ssl.SslConnector.3.2.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.util.concurrent.Callable
                        public SslSession call() throws Exception {
                            return new SslSession(SslConnector.this, SslConnector.this.getProcessor(), SslConnector.this.resourceAddressFactory.newResourceAddress(AnonymousClass3.this.val$connectAddress, (ResourceAddress) BridgeSession.LOCAL_ADDRESS.get(ioSession)), AnonymousClass3.this.val$connectAddress, ioSession);
                        }
                    });
                }
            });
            SslConnector.SSL_CONNECT_FUTURE_KEY.set(ioSession, this.val$sslConnectFuture);
        }
    }

    public SslConnector() {
        super(new DefaultIoSessionConfigEx());
        this.bridgeHandler = new IoHandlerAdapter<IoSessionEx>() { // from class: org.kaazing.gateway.transport.ssl.SslConnector.4
            /* JADX INFO: Access modifiers changed from: protected */
            public void doSessionOpened(IoSessionEx ioSessionEx) throws Exception {
                ioSessionEx.setAttribute(SslFilter.USE_NOTIFICATION);
                SslConnector.this.addBridgeFilters(ioSessionEx.getFilterChain());
            }

            /* JADX INFO: Access modifiers changed from: protected */
            public void doSessionClosed(IoSessionEx ioSessionEx) throws Exception {
                if (!ioSessionEx.isClosing()) {
                    SslConnector.this.removeBridgeFilters(ioSessionEx.getFilterChain());
                }
                SslSession sslSession = (SslSession) SslConnector.SSL_SESSION_KEY.get(ioSessionEx);
                if (sslSession != null) {
                    if (sslSession.isClosing()) {
                        return;
                    }
                    sslSession.reset(new IOException("Early termination of IO session").fillInStackTrace());
                } else {
                    ConnectFuture connectFuture = (ConnectFuture) SslConnector.SSL_CONNECT_FUTURE_KEY.remove(ioSessionEx);
                    if (connectFuture != null) {
                        connectFuture.setException(new Exception("SSL connection failed"));
                    }
                }
            }

            /* JADX INFO: Access modifiers changed from: protected */
            public void doMessageReceived(IoSessionEx ioSessionEx, Object obj) throws Exception {
                if (obj == SslFilter.SESSION_SECURED) {
                    SslConnector.this.removeFilter(ioSessionEx.getFilterChain(), SslConnector.this.certificateSelection);
                    ioSessionEx.setAttribute(SslConnector.SSL_SESSION_KEY, (SslSession) ((Callable) SslConnector.SSL_SESSION_FACTORY_KEY.get(ioSessionEx)).call());
                    return;
                }
                if (obj == SslFilter.SESSION_UNSECURED) {
                    ((SslSession) SslConnector.SSL_SESSION_KEY.get(ioSessionEx)).close(false);
                } else {
                    ((SslSession) SslConnector.SSL_SESSION_KEY.get(ioSessionEx)).getFilterChain().fireMessageReceived(obj);
                }
            }

            /* JADX INFO: Access modifiers changed from: protected */
            public void doExceptionCaught(IoSessionEx ioSessionEx, Throwable th) throws Exception {
                if (SslConnector.this.logger.isDebugEnabled()) {
                    String format = String.format("Error on SSL connection attempt: %s", th);
                    if (SslConnector.this.logger.isTraceEnabled()) {
                        SslConnector.this.logger.debug(format, th);
                    } else {
                        SslConnector.this.logger.debug(format);
                    }
                }
                ioSessionEx.close(true);
                ConnectFuture connectFuture = (ConnectFuture) SslConnector.SSL_CONNECT_FUTURE_KEY.remove(ioSessionEx);
                if (connectFuture != null) {
                    connectFuture.setException(th);
                }
            }

            /* JADX INFO: Access modifiers changed from: protected */
            public void doSessionIdle(IoSessionEx ioSessionEx, IdleStatus idleStatus) throws Exception {
                ((IoSession) ioSessionEx.getAttribute(SslConnector.SSL_SESSION_KEY)).getFilterChain().fireSessionIdle(idleStatus);
            }
        };
    }

    @Resource(name = "resourceAddressFactory")
    public void setResourceAddressFactory(ResourceAddressFactory resourceAddressFactory) {
        this.resourceAddressFactory = resourceAddressFactory;
    }

    @Resource(name = "bridgeServiceFactory")
    public void setBridgeServiceFactory(BridgeServiceFactory bridgeServiceFactory) {
        this.bridgeServiceFactory = bridgeServiceFactory;
    }

    @Resource(name = "securityContext")
    public void setSecurityContext(SecurityContext securityContext) {
        this.vhostKeySelector = new VirtualHostKeySelector();
        try {
            this.vhostKeySelector.init(securityContext.getKeyStore(), securityContext.getKeyStorePassword());
            try {
                this.sslContextFactory = new SslContextFactory();
                this.sslContextFactory.setTrustManagerFactoryKeyStore(securityContext.getTrustStore());
                char[] keyStorePassword = securityContext.getKeyStorePassword();
                this.sslContextFactory.setKeyManagerFactoryKeyStorePassword(keyStorePassword == null ? null : new String(keyStorePassword));
                this.sslContextFactory.setKeyManagerFactoryKeyStore(securityContext.getKeyStore());
                this.sslContextFactory.setKeyManagerFactory(KeyManagerFactory.getInstance("SslTransport", new SslProvider()));
                this.sslContextFactory.setServerSessionCacheSize(1);
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        } catch (KeyStoreException e2) {
            throw new RuntimeException(e2);
        }
    }

    public TransportMetadata getTransportMetadata() {
        return new DefaultTransportMetadata(SslProtocol.NAME);
    }

    protected void init() {
        super.init();
        try {
            this.sslContext = this.sslContextFactory.newInstance();
        } catch (Exception e) {
            this.logger.error("Exception while creating SSL context: ", e);
        }
        this.certificateSelection = new SslCertificateSelectionFilter(true);
    }

    protected IoProcessorEx<SslSession> initProcessor() {
        return new SslConnectProcessor();
    }

    public void addBridgeFilters(IoFilterChain ioFilterChain) {
        IoSession session = ioFilterChain.getSession();
        ResourceAddress resourceAddress = (ResourceAddress) SslAcceptor.SSL_RESOURCE_ADDRESS.remove(session);
        if (resourceAddress != null) {
            if (!((Boolean) resourceAddress.getOption(SslResourceAddress.ENCRYPTION_ENABLED)).booleanValue()) {
                try {
                    session.setAttribute(SSL_SESSION_KEY, (SslSession) ((Callable) SSL_SESSION_FACTORY_KEY.get(session)).call());
                    return;
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
            SslFilter sslFilter = new SslFilter(this.sslContext, true, this.logger);
            sslFilter.setUseClientMode(true);
            boolean booleanValue = ((Boolean) resourceAddress.getOption(SslResourceAddress.WANT_CLIENT_AUTH)).booleanValue();
            boolean booleanValue2 = ((Boolean) resourceAddress.getOption(SslResourceAddress.NEED_CLIENT_AUTH)).booleanValue();
            List resolve = SslCipherSuites.resolve(toCipherList((String[]) resourceAddress.getOption(SslResourceAddress.CIPHERS)));
            String[] strArr = (String[]) resolve.toArray(new String[resolve.size()]);
            if (this.logger.isTraceEnabled()) {
                this.logger.trace(String.format("Configured SSL/TLS ciphersuites:\n  %s", toCipherString(toCipherList(strArr))));
            }
            sslFilter.setWantClientAuth(booleanValue);
            sslFilter.setNeedClientAuth(booleanValue2);
            sslFilter.setEnabledCipherSuites(strArr);
            sslFilter.setEnabledProtocols((String[]) resourceAddress.getOption(SslResourceAddress.PROTOCOLS));
            ioFilterChain.addFirst(CERTIFICATE_SELECTION_FILTER, this.certificateSelection);
            ioFilterChain.addAfter(CERTIFICATE_SELECTION_FILTER, CODEC_FILTER, sslFilter);
        }
    }

    private List<String> toCipherList(String[] strArr) {
        if (strArr == null || strArr.length == 0) {
            return null;
        }
        ArrayList arrayList = new ArrayList(strArr.length);
        Collections.addAll(arrayList, strArr);
        return arrayList;
    }

    private String toCipherString(List<String> list) {
        if (list == null || list.size() == 0) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            sb.append("  ").append(it.next()).append("\n");
        }
        return sb.toString().trim();
    }

    public void removeBridgeFilters(IoFilterChain ioFilterChain) {
        removeFilter(ioFilterChain, CODEC_FILTER);
        removeFilter(ioFilterChain, CERTIFICATE_SELECTION_FILTER);
    }

    protected boolean canConnect(String str) {
        return str.equals(SslProtocol.NAME);
    }

    protected <T extends ConnectFuture> ConnectFuture connectInternal(final ResourceAddress resourceAddress, IoHandler ioHandler, IoSessionInitializer<T> ioSessionInitializer) {
        if (((Boolean) resourceAddress.getOption(SslResourceAddress.ENCRYPTION_ENABLED)).booleanValue()) {
            try {
                VirtualHostKeySelector virtualHostKeySelector = (KeySelector) resourceAddress.getOption(SslResourceAddress.KEY_SELECTOR);
                if (virtualHostKeySelector == null) {
                    virtualHostKeySelector = this.vhostKeySelector;
                }
                TransportKeySelector transportKeySelector = (TransportKeySelector) TransportKeySelector.class.cast(virtualHostKeySelector);
                this.certificateSelection.setKeySelector(transportKeySelector);
                transportKeySelector.connect(resourceAddress);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        final DefaultConnectFuture defaultConnectFuture = new DefaultConnectFuture();
        IoFutureListener<ConnectFuture> ioFutureListener = new IoFutureListener<ConnectFuture>() { // from class: org.kaazing.gateway.transport.ssl.SslConnector.1
            public void operationComplete(ConnectFuture connectFuture) {
                if (connectFuture.isConnected()) {
                    return;
                }
                defaultConnectFuture.setException(connectFuture.getException());
            }
        };
        final IoSessionInitializer<ConnectFuture> createParentInitializer = createParentInitializer(resourceAddress, ioHandler, ioSessionInitializer, defaultConnectFuture);
        this.bridgeServiceFactory.newBridgeConnector(resourceAddress.getTransport()).connect(resourceAddress.getTransport(), this.bridgeHandler, new BridgeSessionInitializerAdapter<T>() { // from class: org.kaazing.gateway.transport.ssl.SslConnector.2
            /* JADX WARN: Incorrect types in method signature: (Lorg/apache/mina/core/session/IoSession;TT;)V */
            public void initializeSession(IoSession ioSession, ConnectFuture connectFuture) {
                SslAcceptor.SSL_RESOURCE_ADDRESS.set(ioSession, resourceAddress);
                if (createParentInitializer != null) {
                    createParentInitializer.initializeSession(ioSession, connectFuture);
                }
            }
        }).addListener(ioFutureListener);
        return defaultConnectFuture;
    }

    private <T extends ConnectFuture> IoSessionInitializer<ConnectFuture> createParentInitializer(ResourceAddress resourceAddress, IoHandler ioHandler, IoSessionInitializer<T> ioSessionInitializer, DefaultConnectFuture defaultConnectFuture) {
        return new AnonymousClass3(ioHandler, ioSessionInitializer, resourceAddress, defaultConnectFuture);
    }
}
