package weblogic.servlet.internal;

import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import weblogic.protocol.ServerChannel;
import weblogic.security.service.ContextHandler;
import weblogic.servlet.HTTPLogger;
import weblogic.servlet.security.internal.WebAppSecurity;
import weblogic.utils.StringUtils;
import weblogic.utils.collections.SecondChanceCacheMap;
import weblogic.utils.encoders.BASE64Decoder;
import weblogic.utils.http.HttpConstants;
import weblogic.utils.io.UnsyncByteArrayInputStream;

/* loaded from: input_file:weblogic/servlet/internal/VirtualConnection.class */
public final class VirtualConnection {
    public static final String X509_CERTIFICATE = "javax.servlet.request.X509Certificate";
    public static final String CIPHER_SUITE = "javax.servlet.request.cipher_suite";
    public static final String KEY_SIZE = "javax.servlet.request.key_size";
    public static final String SSL_SESSION_ID = "javax.servlet.request.ssl_session_id";
    public static final String SSL_SESSION = "weblogic.servlet.request.sslsession";
    private static final String NETWORK_CHANNEL_HTTP_PORT = "weblogic.servlet.network_channel.port";
    private static final String NETWORK_CHANNEL_HTTPS_PORT = "weblogic.servlet.network_channel.sslport";
    private final ServletRequestImpl request;
    private final HttpConnectionHandler muxableSocket;
    private final boolean internalDispatch;
    private Socket socket;
    private InetAddress proxyHost;
    private InetAddress peer;
    private String remoteAddr;
    private String remoteHost;
    private byte[] x509ProxyClientCert;
    private boolean certExtracted;
    private boolean certsFromProxy;
    private boolean secure;
    private boolean ssl;
    private boolean isClosed;
    private int socketFD = -1;
    private int remotePort = -1;
    private final ArrayList perimeterAuthClientCert = new ArrayList(5);
    private final ArrayList perimeterAuthClientCertType = new ArrayList(5);
    private Object origCert = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:weblogic/servlet/internal/VirtualConnection$InetAddressCacheRecord.class */
    public static final class InetAddressCacheRecord {
        private static final SecondChanceCacheMap cache = new SecondChanceCacheMap(317);
        private final InetAddress address;
        private String remoteHost;
        private String remoteIP;

        static InetAddressCacheRecord getInstance(InetAddress inetAddress) {
            InetAddressCacheRecord inetAddressCacheRecord = (InetAddressCacheRecord) cache.get(inetAddress);
            if (inetAddressCacheRecord == null) {
                inetAddressCacheRecord = new InetAddressCacheRecord(inetAddress);
                cache.put(inetAddress, inetAddressCacheRecord);
            }
            return inetAddressCacheRecord;
        }

        InetAddressCacheRecord(InetAddress inetAddress) {
            this.address = inetAddress;
        }

        String getHostName() {
            if (this.remoteHost == null) {
                this.remoteHost = this.address.getHostName();
            }
            return this.remoteHost;
        }

        String getHostAddress() {
            if (this.remoteIP == null) {
                this.remoteIP = this.address.getHostAddress();
            }
            return this.remoteIP;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public VirtualConnection(ServletRequestImpl servletRequestImpl, HttpConnectionHandler httpConnectionHandler) {
        this.request = servletRequestImpl;
        this.muxableSocket = httpConnectionHandler;
        this.internalDispatch = this.muxableSocket == null;
        if (this.internalDispatch) {
            return;
        }
        initNetworkChannelPorts(this.muxableSocket.getChannel());
        this.socket = this.muxableSocket.getSocket();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void init() {
        if (this.internalDispatch || !this.muxableSocket.isSecure()) {
            return;
        }
        initSSLAttributes((SSLSocket) getSocket());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getLocalPort() {
        if (this.internalDispatch) {
            return 0;
        }
        return this.muxableSocket.getChannel().getPublicInetAddress().getPort();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getLocalAddr() {
        if (this.internalDispatch) {
            return null;
        }
        return this.muxableSocket.getChannel().getPublicInetAddress().getAddress().getHostAddress();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getLocalName() {
        if (this.internalDispatch) {
            return null;
        }
        return this.muxableSocket.getChannel().getPublicInetAddress().getHostName();
    }

    public int getSocketFD() {
        return this.socketFD;
    }

    public void setSocketFD(int i) {
        this.socketFD = i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isSSL() {
        return this.ssl;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isSecure() {
        return this.secure;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isClosed() {
        return this.isClosed;
    }

    public Socket getSocket() {
        return this.muxableSocket.getSocket();
    }

    public HttpConnectionHandler getConnectionHandler() {
        return this.muxableSocket;
    }

    public ServerChannel getChannel() {
        return this.muxableSocket.getChannel();
    }

    public ContextHandler getContextHandler() {
        return (ContextHandler) this.muxableSocket.getRawConnection();
    }

    public ArrayList getPerimeterAuthClientCert() {
        return this.perimeterAuthClientCert;
    }

    public ArrayList getPerimeterAuthClientCertType() {
        return this.perimeterAuthClientCertType;
    }

    public byte[] getX509ProxyClientCert() {
        return this.x509ProxyClientCert;
    }

    void setX509ProxyClientCert(byte[] bArr) {
        this.x509ProxyClientCert = bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void reset() {
        this.perimeterAuthClientCert.clear();
        this.perimeterAuthClientCertType.clear();
        this.x509ProxyClientCert = null;
        this.certExtracted = false;
        this.proxyHost = null;
        this.remoteAddr = null;
        this.remoteHost = null;
        this.remotePort = -1;
        this.peer = null;
        this.secure = this.ssl;
        if (this.certsFromProxy) {
            this.certsFromProxy = false;
            this.request.setAttribute(X509_CERTIFICATE, this.origCert);
        }
    }

    private void initNetworkChannelPorts(ServerChannel serverChannel) {
        if (serverChannel.supportsTLS()) {
            this.request.setAttribute(NETWORK_CHANNEL_HTTPS_PORT, new Integer(serverChannel.getPublicPort()));
        } else {
            this.request.setAttribute(NETWORK_CHANNEL_HTTP_PORT, new Integer(serverChannel.getPublicPort()));
        }
    }

    private void initSSLAttributes(SSLSocket sSLSocket) {
        this.secure = true;
        this.ssl = true;
        Object[] sSLAttributes = WebAppSecurity.getProvider().getSSLAttributes(sSLSocket);
        if (sSLAttributes == null || sSLAttributes.length == 0) {
            return;
        }
        if (sSLAttributes[0] != null && (sSLAttributes[0] instanceof SSLSession)) {
            this.request.setAttribute(SSL_SESSION, sSLAttributes[0]);
            this.request.setAttribute(SSL_SESSION_ID, ((SSLSession) sSLAttributes[0]).getId());
        }
        if (sSLAttributes[1] != null && (sSLAttributes[1] instanceof String)) {
            this.request.setAttribute(CIPHER_SUITE, sSLAttributes[1]);
        }
        if (sSLAttributes[2] != null && (sSLAttributes[2] instanceof Integer)) {
            this.request.setAttribute(KEY_SIZE, sSLAttributes[2]);
        }
        if (sSLAttributes[3] != null) {
            this.request.setAttribute(X509_CERTIFICATE, sSLAttributes[3]);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void initCerts() {
        if (this.request.getContext().getConfigManager().isClientCertProxyEnabled()) {
            initProxyClientCert();
        } else {
            setX509ProxyClientCert(null);
        }
    }

    private void initProxyClientCert() {
        if (this.certExtracted) {
            return;
        }
        this.certExtracted = true;
        if (this.x509ProxyClientCert != null) {
            try {
                X509Certificate[] x509CertificateArr = {(X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new UnsyncByteArrayInputStream(new BASE64Decoder().decodeBuffer(new UnsyncByteArrayInputStream(this.x509ProxyClientCert))))};
                saveOrigCert();
                this.request.setAttribute(X509_CERTIFICATE, x509CertificateArr);
            } catch (Exception e) {
                HTTPLogger.logIgnoringClientCert(HttpConstants.WL_PROXY_CLIENT_CERT, e);
                this.x509ProxyClientCert = null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void processProxyHeader(String str, byte[] bArr) {
        int length = str.length();
        switch (length) {
            case 12:
                if (ServletRequestImpl.eq(str, HttpConstants.WL_PROXY_SSL, 12)) {
                    String string = StringUtils.getString(bArr);
                    if (!"true".equalsIgnoreCase(string)) {
                        if ("false".equalsIgnoreCase(string)) {
                            this.secure = false;
                            break;
                        }
                    } else if (!this.muxableSocket.getHttpServer().isWeblogicPluginEnabled()) {
                        this.secure = false;
                        break;
                    } else {
                        this.secure = true;
                        break;
                    }
                }
                break;
            case 18:
                if (ServletRequestImpl.eq(str, HttpConstants.WL_PROXY_CLIENT_IP, 18)) {
                    try {
                        this.proxyHost = InetAddress.getByName(StringUtils.getString(bArr));
                        break;
                    } catch (UnknownHostException e) {
                        if (HTTPDebugLogger.isEnabled()) {
                            HTTPDebugLogger.debug("Failed to process the client header WL-Proxy-Client-IP:" + StringUtils.getString(bArr), e);
                            break;
                        }
                    }
                }
                break;
            case 20:
                if (ServletRequestImpl.eq(str, HttpConstants.WL_PROXY_CLIENT_CERT, 20)) {
                    setX509ProxyClientCert(bArr);
                    break;
                }
                break;
        }
        if (length <= 16 || !ServletRequestImpl.eq(str, HttpConstants.WL_PROXY_CLIENT_, 16) || bArr == null || bArr.length <= 0) {
            return;
        }
        getPerimeterAuthClientCertType().add(str.substring(16));
        getPerimeterAuthClientCert().add(bArr);
    }

    private void saveOrigCert() {
        this.certsFromProxy = true;
        this.origCert = this.request.getAttribute(X509_CERTIFICATE);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getRemoteAddr() {
        if (this.remoteAddr != null) {
            return this.remoteAddr;
        }
        if (this.internalDispatch) {
            return null;
        }
        if (this.muxableSocket.getHttpServer().isWeblogicPluginEnabled()) {
            this.peer = this.proxyHost;
        }
        if (this.peer == null) {
            InetAddress inetAddress = this.socket.getInetAddress();
            this.peer = inetAddress;
            if (inetAddress == null) {
                return null;
            }
        }
        this.remoteAddr = InetAddressCacheRecord.getInstance(this.peer).getHostAddress();
        return this.remoteAddr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getRemoteHost() {
        if (this.remoteHost != null) {
            return this.remoteHost;
        }
        getRemoteAddr();
        if (this.remoteAddr == null) {
            return "";
        }
        if (this.peer == null) {
            try {
                this.peer = InetAddress.getByName(this.remoteAddr);
            } catch (UnknownHostException e) {
                return getRemoteAddr();
            }
        }
        this.remoteHost = InetAddressCacheRecord.getInstance(this.peer).getHostName();
        return this.remoteHost;
    }

    public int getRemotePort() {
        if (this.remotePort != -1) {
            return this.remotePort;
        }
        if (this.internalDispatch) {
            return -1;
        }
        if (this.remotePort == -1) {
            this.remotePort = this.socket.getPort();
        }
        return this.remotePort;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isInternalDispatch() {
        return this.internalDispatch;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deliverHasException(IOException iOException) {
        this.muxableSocket.closeConnection(iOException);
        this.isClosed = true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void requeue() {
        this.muxableSocket.requeue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void close() {
        this.muxableSocket.closeConnection(null);
        this.isClosed = true;
    }
}
