package org.apache.catalina.valves;

import cn.hutool.crypto.KeyUtil;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.servlet.ServletException;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;

/* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-9.0.46.jar:org/apache/catalina/valves/SSLValve.class */
public class SSLValve extends ValveBase {
    private static final Log log = LogFactory.getLog((Class<?>) SSLValve.class);
    private String sslClientCertHeader;
    private String sslCipherHeader;
    private String sslSessionIdHeader;
    private String sslCipherUserKeySizeHeader;

    public SSLValve() {
        super(true);
        this.sslClientCertHeader = "ssl_client_cert";
        this.sslCipherHeader = "ssl_cipher";
        this.sslSessionIdHeader = "ssl_session_id";
        this.sslCipherUserKeySizeHeader = "ssl_cipher_usekeysize";
    }

    public String getSslClientCertHeader() {
        return this.sslClientCertHeader;
    }

    public void setSslClientCertHeader(String str) {
        this.sslClientCertHeader = str;
    }

    public String getSslCipherHeader() {
        return this.sslCipherHeader;
    }

    public void setSslCipherHeader(String str) {
        this.sslCipherHeader = str;
    }

    public String getSslSessionIdHeader() {
        return this.sslSessionIdHeader;
    }

    public void setSslSessionIdHeader(String str) {
        this.sslSessionIdHeader = str;
    }

    public String getSslCipherUserKeySizeHeader() {
        return this.sslCipherUserKeySizeHeader;
    }

    public void setSslCipherUserKeySizeHeader(String str) {
        this.sslCipherUserKeySizeHeader = str;
    }

    public String mygetHeader(Request request, String str) {
        String header = request.getHeader(str);
        if (header == null || "(null)".equals(header)) {
            return null;
        }
        return header;
    }

    @Override // org.apache.catalina.Valve
    public void invoke(Request request, Response response) throws IOException, ServletException {
        String mygetHeader = mygetHeader(request, this.sslClientCertHeader);
        if (mygetHeader != null) {
            String trim = mygetHeader.trim();
            if (trim.length() > 27) {
                String concat = "-----BEGIN CERTIFICATE-----\n".concat(trim.substring(27));
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(concat.getBytes(StandardCharsets.ISO_8859_1));
                X509Certificate[] x509CertificateArr = null;
                String str = (String) request.getConnector().getProperty("clientCertProvider");
                try {
                    x509CertificateArr = new X509Certificate[]{(X509Certificate) (str == null ? CertificateFactory.getInstance(KeyUtil.CERT_TYPE_X509) : CertificateFactory.getInstance(KeyUtil.CERT_TYPE_X509, str)).generateCertificate(byteArrayInputStream)};
                } catch (NoSuchProviderException e) {
                    log.error(sm.getString("sslValve.invalidProvider", str), e);
                } catch (CertificateException e2) {
                    log.warn(sm.getString("sslValve.certError", concat), e2);
                }
                request.setAttribute("javax.servlet.request.X509Certificate", x509CertificateArr);
            }
        }
        String mygetHeader2 = mygetHeader(request, this.sslCipherHeader);
        if (mygetHeader2 != null) {
            request.setAttribute("javax.servlet.request.cipher_suite", mygetHeader2);
        }
        String mygetHeader3 = mygetHeader(request, this.sslSessionIdHeader);
        if (mygetHeader3 != null) {
            request.setAttribute("javax.servlet.request.ssl_session_id", mygetHeader3);
        }
        String mygetHeader4 = mygetHeader(request, this.sslCipherUserKeySizeHeader);
        if (mygetHeader4 != null) {
            request.setAttribute("javax.servlet.request.key_size", Integer.valueOf(mygetHeader4));
        }
        getNext().invoke(request, response);
    }
}
