package org.eclipse.jetty.server;

import defpackage.t27;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import org.eclipse.jetty.http.BadMessageException;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.http.HttpScheme;
import org.eclipse.jetty.http.PreEncodedHttpField;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.io.ssl.SslConnection;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.ProxyConnectionFactory;
import org.eclipse.jetty.util.TypeUtil;
import org.eclipse.jetty.util.annotation.Name;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.ssl.X509;

/* loaded from: classes6.dex */
public class SecureRequestCustomizer implements HttpConfiguration.Customizer {
    public String a;
    public boolean b;
    public long c;
    public boolean d;
    public PreEncodedHttpField e;
    public static final Logger f = Log.getLogger((Class<?>) SecureRequestCustomizer.class);
    public static final String CACHED_INFO_ATTR = t27.class.getName();

    public SecureRequestCustomizer() {
        this(true);
    }

    public SecureRequestCustomizer(@Name("sniHostCheck") boolean z) {
        this(z, -1L, false);
    }

    public SecureRequestCustomizer(@Name("sniHostCheck") boolean z, @Name("stsMaxAgeSeconds") long j, @Name("stsIncludeSubdomains") boolean z2) {
        this.a = "org.eclipse.jetty.servlet.request.ssl_session";
        this.b = z;
        this.c = j;
        this.d = z2;
        a();
    }

    public final void a() {
        if (this.c < 0) {
            this.e = null;
        } else {
            this.e = new PreEncodedHttpField(HttpHeader.STRICT_TRANSPORT_SECURITY, String.format("max-age=%d%s", Long.valueOf(this.c), this.d ? "; includeSubDomains" : ""));
        }
    }

    public void customize(SSLEngine sSLEngine, Request request) {
        X509Certificate[] certChain;
        Object obj;
        Object obj2;
        SSLSession session = sSLEngine.getSession();
        boolean z = this.b;
        Logger logger = f;
        if (z) {
            String serverName = request.getServerName();
            X509 x509 = (X509) session.getValue(SniX509ExtendedKeyManager.SNI_X509);
            if (x509 != null && !x509.matches(serverName)) {
                logger.warn("Host {} does not match SNI {}", serverName, x509);
                throw new BadMessageException(400, "Host does not match SNI");
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Host {} matched SNI {}", serverName, x509);
            }
        }
        try {
            String cipherSuite = session.getCipherSuite();
            String str = CACHED_INFO_ATTR;
            t27 t27Var = (t27) session.getValue(str);
            if (t27Var != null) {
                obj = t27Var.b;
                certChain = t27Var.a;
                obj2 = t27Var.c;
            } else {
                Integer valueOf = Integer.valueOf(SslContextFactory.deduceKeyLength(cipherSuite));
                certChain = SslContextFactory.getCertChain(session);
                String hexString = TypeUtil.toHexString(session.getId());
                session.putValue(str, new t27(valueOf, certChain, hexString));
                obj = valueOf;
                obj2 = hexString;
            }
            if (certChain != null) {
                request.setAttribute("javax.servlet.request.X509Certificate", certChain);
            }
            request.setAttribute("javax.servlet.request.cipher_suite", cipherSuite);
            request.setAttribute("javax.servlet.request.key_size", obj);
            request.setAttribute("javax.servlet.request.ssl_session_id", obj2);
            String sslSessionAttribute = getSslSessionAttribute();
            if (sslSessionAttribute == null || sslSessionAttribute.isEmpty()) {
                return;
            }
            request.setAttribute(sslSessionAttribute, session);
        } catch (Exception e) {
            logger.warn(Log.EXCEPTION, e);
        }
    }

    @Override // org.eclipse.jetty.server.HttpConfiguration.Customizer
    public void customize(Connector connector, HttpConfiguration httpConfiguration, Request request) {
        EndPoint endPoint = request.getHttpChannel().getEndPoint();
        if (endPoint instanceof SslConnection.DecryptedEndPoint) {
            customize(((SslConnection.DecryptedEndPoint) endPoint).getSslConnection().getSSLEngine(), request);
            if (request.getHttpURI().getScheme() == null) {
                request.setScheme(HttpScheme.HTTPS.asString());
            }
        } else if (endPoint instanceof ProxyConnectionFactory.ProxyEndPoint) {
            ProxyConnectionFactory.ProxyEndPoint proxyEndPoint = (ProxyConnectionFactory.ProxyEndPoint) endPoint;
            if (request.getHttpURI().getScheme() == null && proxyEndPoint.getAttribute(ProxyConnectionFactory.TLS_VERSION) != null) {
                request.setScheme(HttpScheme.HTTPS.asString());
            }
        }
        if (HttpScheme.HTTPS.is(request.getScheme())) {
            customizeSecure(request);
        }
    }

    public void customizeSecure(Request request) {
        request.setSecure(true);
        if (this.e != null) {
            request.getResponse().getHttpFields().add(this.e);
        }
    }

    public String getSslSessionAttribute() {
        return this.a;
    }

    public long getStsMaxAge() {
        return this.c;
    }

    public boolean isSniHostCheck() {
        return this.b;
    }

    public boolean isStsIncludeSubDomains() {
        return this.d;
    }

    public void setSniHostCheck(boolean z) {
        this.b = z;
    }

    public void setSslSessionAttribute(String str) {
        this.a = str;
    }

    public void setStsIncludeSubDomains(boolean z) {
        this.d = z;
        a();
    }

    public void setStsMaxAge(long j) {
        this.c = j;
        a();
    }

    public void setStsMaxAge(long j, TimeUnit timeUnit) {
        this.c = timeUnit.toSeconds(j);
        a();
    }

    public String toString() {
        return String.format("%s@%x", getClass().getSimpleName(), Integer.valueOf(hashCode()));
    }
}
