package net.cnri.servletcontainer;

import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.cnri.servletcontainer.TlsRenegotiationEnablingSslConnectionFactory;
import org.eclipse.jetty.io.ssl.SslConnection;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnection;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.SecureRequestCustomizer;

/* loaded from: input_file:net/cnri/servletcontainer/TlsRenegotiationRequestorImpl.class */
public class TlsRenegotiationRequestorImpl implements TlsRenegotiationRequestor {
    private static final String PROCESSED_ATTRIBUTE_NAME = TlsRenegotiationRequestor.class.getName() + ".processed";
    private final SslConnection sslConnection;
    private final Request request;
    private final SecureRequestCustomizer secureRequestCustomizer;
    private final Connector connector;
    private final HttpConfiguration config;

    public TlsRenegotiationRequestorImpl(SslConnection sslConnection, Request request, SecureRequestCustomizer secureRequestCustomizer, Connector connector, HttpConfiguration httpConfiguration) {
        this.sslConnection = sslConnection;
        this.request = request;
        this.secureRequestCustomizer = secureRequestCustomizer;
        this.connector = connector;
        this.config = httpConfiguration;
    }

    public boolean isWantingTlsRenegotiation(Boolean bool, boolean z) {
        if ((!z && bool == null) || this.request.getAttribute(PROCESSED_ATTRIBUTE_NAME) != null) {
            return false;
        }
        SSLEngine sSLEngine = this.sslConnection.getSSLEngine();
        if (z) {
            return true;
        }
        if (bool.booleanValue()) {
            if (sSLEngine.getNeedClientAuth()) {
                return false;
            }
            return !sSLEngine.getWantClientAuth() || TlsRenegotiationRequestor.extractCertificate(this.request) == null;
        }
        if (sSLEngine.getNeedClientAuth() || sSLEngine.getWantClientAuth()) {
            return (sSLEngine.getWantClientAuth() && TlsRenegotiationRequestor.extractCertificate(this.request) == null) ? false : true;
        }
        return false;
    }

    public boolean isNeedClientAuth() {
        return this.sslConnection.getSSLEngine().getNeedClientAuth();
    }

    public boolean isRequestSupportsTlsRenegotiation() {
        return this.sslConnection.getSSLEngine().getSession().getProtocol().compareTo("TLSv1.3") < 0 && (this.sslConnection.getDecryptedEndPoint().getConnection() instanceof HttpConnection);
    }

    public void requestTlsRenegotiation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Boolean bool) throws SSLException {
        if (!isRequestSupportsTlsRenegotiation()) {
            throw new SSLException("Renegotiation requires using HTTP/1.1 over TLS 1.2");
        }
        this.request.setAttribute(PROCESSED_ATTRIBUTE_NAME, Boolean.TRUE);
        if (!(this.sslConnection.getDecryptedEndPoint() instanceof TlsRenegotiationEnablingSslConnectionFactory.TlsRenegotiationEnablingSslConnection.TlsRenegotiationEnablingDecryptedEndPoint)) {
            throw new AssertionError("unexpected object structure in requestTlsRenegotiation");
        }
        boolean isAsyncSupported = this.request.isAsyncSupported();
        this.request.setAsyncSupported(true, (String) null);
        try {
            this.request.startAsync(httpServletRequest, httpServletResponse);
            this.request.setAsyncSupported(isAsyncSupported, (String) null);
            SSLEngine sSLEngine = this.sslConnection.getSSLEngine();
            sSLEngine.getSession().invalidate();
            if (bool != null && !sSLEngine.getNeedClientAuth()) {
                sSLEngine.setWantClientAuth(bool.booleanValue());
            }
            ((TlsRenegotiationEnablingSslConnectionFactory.TlsRenegotiationEnablingSslConnection.TlsRenegotiationEnablingDecryptedEndPoint) this.sslConnection.getDecryptedEndPoint()).setRenegotiationHandshakeCallback(() -> {
                this.request.removeAttribute("javax.servlet.request.X509Certificate");
                this.secureRequestCustomizer.customize(this.connector, this.config, this.request);
                this.request.getAsyncContext().dispatch();
            });
            sSLEngine.beginHandshake();
            this.sslConnection.getDecryptedEndPoint().getConnection().onFillable();
        } catch (Throwable th) {
            this.request.setAsyncSupported(isAsyncSupported, (String) null);
            throw th;
        }
    }
}
