package weblogic.server.channels;

import java.io.EOFException;
import java.io.IOException;
import java.io.InterruptedIOException;
import java.net.Socket;
import java.security.AccessController;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import org.eclipse.persistence.jpa.jpql.parser.Expression;
import weblogic.kernel.T3SrvrLogger;
import weblogic.protocol.ServerChannel;
import weblogic.security.SSL.SSLEngineFactory;
import weblogic.security.SSL.WeblogicSSLEngine;
import weblogic.security.SecurityLogger;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.utils.SSLCipherUtility;
import weblogic.security.utils.SSLContextManager;
import weblogic.socket.JSSEFilterImpl;
import weblogic.socket.JSSESocket;
import weblogic.socket.MuxableSocket;
import weblogic.socket.MuxableSocketDiscriminator;
import weblogic.socket.SNIFilter;
import weblogic.socket.SNISecureConfigFactory;
import weblogic.socket.SNISocket;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:weblogic/server/channels/ServerSocketWrapperJSSE.class */
public final class ServerSocketWrapperJSSE extends ServerSocketWrapper {
    private static final String SSL_LISTEN_THREAD_NAME = "ServerSocketWrapperJSSE";
    private static final boolean SNI_MODE_ENABLED = Boolean.getBoolean("weblogic.socket.ssl.enableSNIMode");
    private static final AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private final SSLEngineFactory sslEngineFactory;
    private Map<String, String[]> enabledProtocolsCache;
    private final SNISecureConfigFactory defaultSecureConfigFactory;

    /* loaded from: input_file:weblogic/server/channels/ServerSocketWrapperJSSE$DefaultSNISecureConfigFactory.class */
    private class DefaultSNISecureConfigFactory implements SNISecureConfigFactory {
        private DefaultSNISecureConfigFactory() {
        }

        @Override // weblogic.socket.SNISecureConfigFactory
        public SSLEngine createSSLEngine(Socket socket, String str) throws SSLException {
            WeblogicSSLEngine createSSLEngine = ServerSocketWrapperJSSE.this.sslEngineFactory.createSSLEngine(socket.getInetAddress().getHostAddress(), socket.getPort(), false);
            createSSLEngine.setUseClientMode(false);
            String[] removeNullCipherSuites = SSLCipherUtility.removeNullCipherSuites(ServerSocketWrapperJSSE.this.channels[0].getCiphersuites());
            if (removeNullCipherSuites != null && removeNullCipherSuites.length > 0) {
                createSSLEngine.setEnabledCipherSuites(removeNullCipherSuites);
            }
            String str2 = ServerSocketWrapperJSSE.this.channels[0].getMinimumTLSProtocolVersion() + "_" + ServerSocketWrapperJSSE.this.channels[0].isSSLv2HelloEnabled();
            String[] strArr = (String[]) ServerSocketWrapperJSSE.this.enabledProtocolsCache.get(str2);
            if (strArr == null) {
                strArr = SslSupportFacade.getEnabledSslProtocols(createSSLEngine.getSupportedProtocols(), ServerSocketWrapperJSSE.this.channels[0].getMinimumTLSProtocolVersion(), ServerSocketWrapperJSSE.this.channels[0].isSSLv2HelloEnabled());
                if (strArr != null && strArr.length > 0) {
                    ServerSocketWrapperJSSE.this.enabledProtocolsCache.put(str2, strArr);
                }
            }
            createSSLEngine.setEnabledProtocols(strArr);
            SslSupportFacade.sslSetupLogInfo(ServerSocketWrapperJSSE.this.getName() + " - " + strArr.length + " SSL/TLS protocols enabled:");
            StringBuilder sb = new StringBuilder();
            for (int i = 0; i < strArr.length; i++) {
                sb.append(strArr[i]);
                if (i + 1 < strArr.length) {
                    sb.append(", ");
                }
            }
            if (SslSupportFacade.isDebugEnabled()) {
                String[] enabledCipherSuites = createSSLEngine.getEnabledCipherSuites();
                SslSupportFacade.sslSetupLogInfo(ServerSocketWrapperJSSE.this.getName() + " " + enabledCipherSuites.length + " cipher suites enabled:");
                for (String str3 : enabledCipherSuites) {
                    SslSupportFacade.sslSetupLogInfo(str3);
                }
            }
            createSSLEngine.setWantClientAuth(ServerSocketWrapperJSSE.this.channels[0].isTwoWaySSLEnabled());
            if (ServerSocketWrapperJSSE.this.channels[0].isClientCertificateEnforced()) {
                createSSLEngine.setNeedClientAuth(ServerSocketWrapperJSSE.this.channels[0].isClientCertificateEnforced());
            }
            return createSSLEngine;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerSocketWrapperJSSE(ServerChannel[] serverChannelArr) throws IOException {
        super(serverChannelArr);
        this.enabledProtocolsCache = new ConcurrentHashMap(2);
        this.defaultSecureConfigFactory = new DefaultSNISecureConfigFactory();
        this.port = serverChannelArr[0].getPort();
        try {
            this.sslEngineFactory = SSLContextManager.getSSLEngineFactory(serverChannelArr[0], kernelId);
            this.loginTimeout = serverChannelArr[0].getLoginTimeoutMillis();
        } catch (Exception e) {
            T3SrvrLogger.logInconsistentSecurityConfig(e);
            SecurityLogger.logNotListeningForSSLInfo(e.toString());
            throw ((IOException) new IOException(e.getMessage()).initCause(e));
        }
    }

    final String getName() {
        return "ServerSocketWrapperJSSE[" + getChannelName() + "]";
    }

    @Override // weblogic.server.channels.ServerSocketWrapper
    public MuxableSocket createMuxableSocketForRegister(Socket socket) {
        JSSESocket jSSESocket;
        JSSEFilterImpl jSSEFilterImpl = null;
        try {
            socket.setSoTimeout(this.loginTimeout);
            if (SNI_MODE_ENABLED) {
                SNIFilter sNIFilter = new SNIFilter(socket, SNISecureConfigFactory.NULL_FACTORY, this.defaultSecureConfigFactory);
                SNISocket sNISocket = new SNISocket(socket, sNIFilter);
                sNIFilter.setSNISocket(sNISocket);
                jSSEFilterImpl = sNIFilter;
                jSSESocket = sNISocket;
            } else {
                jSSEFilterImpl = new JSSEFilterImpl(socket, this.defaultSecureConfigFactory.createSSLEngine(socket, null), false, this.channels[0].isClientInitSecureRenegotiationAccepted());
                jSSESocket = new JSSESocket(socket, jSSEFilterImpl);
            }
            MuxableSocketDiscriminator muxableSocketDiscriminator = new MuxableSocketDiscriminator(jSSESocket, this.channels);
            jSSEFilterImpl.setDelegate(muxableSocketDiscriminator);
            muxableSocketDiscriminator.setSocketFilter(jSSEFilterImpl);
        } catch (EOFException e) {
            rejectCatastrophe(socket, "Client closed socket '" + socketInfo(socket) + "' before completing connection.", e);
        } catch (InterruptedIOException e2) {
            rejectCatastrophe(socket, "Login timed out after: '" + this.loginTimeout + "' ms on socket: '" + socketInfo(socket) + Expression.QUOTE, e2);
        } catch (IOException e3) {
            rejectCatastrophe(socket, "Unable to read from socket: '" + socketInfo(socket) + Expression.QUOTE, e3);
        }
        return jSSEFilterImpl;
    }
}
