package net.jini.jeri.ssl;

import com.sun.jini.action.GetLongAction;
import com.sun.jini.constants.TimeConstants;
import com.sun.jini.jeri.internal.connection.BasicServerConnManager;
import com.sun.jini.jeri.internal.connection.ServerConnManager;
import com.sun.jini.jeri.internal.runtime.Util;
import com.sun.jini.logging.Levels;
import com.sun.jini.thread.Executor;
import com.sun.jini.thread.GetThreadPoolAction;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.UnknownHostException;
import java.nio.channels.SocketChannel;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permission;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ServerSocketFactory;
import javax.net.SocketFactory;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import javax.security.auth.x500.X500PrivateCredential;
import net.jini.core.constraint.InvocationConstraints;
import net.jini.io.UnsupportedConstraintException;
import net.jini.jeri.Endpoint;
import net.jini.jeri.RequestDispatcher;
import net.jini.jeri.ServerEndpoint;
import net.jini.jeri.connection.InboundRequestHandle;
import net.jini.jeri.connection.ServerConnection;
import net.jini.jeri.ssl.SubjectCredentials;
import net.jini.jeri.ssl.Utilities;
import net.jini.security.AuthenticationPermission;
import net.jini.security.Security;
import net.jini.security.SecurityContext;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:net/jini/jeri/ssl/SslServerEndpointImpl.class */
public class SslServerEndpointImpl extends Utilities {
    static final Logger logger;
    static long maxServerSessionDuration;
    static final Executor systemExecutor;
    private static final ServerConnManager defaultServerConnectionManager;
    final ServerEndpoint serverEndpoint;
    final Subject serverSubject;
    final Set serverPrincipals;
    final String serverHost;
    final int port;
    final SocketFactory socketFactory;
    final ServerSocketFactory serverSocketFactory;
    Permission[] listenPermissions;
    private final ServerEndpoint.ListenEndpoint listenEndpoint;
    private SSLSocketFactory sslSocketFactory;
    private ServerAuthManager authManager;
    ServerConnManager serverConnectionManager = defaultServerConnectionManager;
    static final boolean $assertionsDisabled;
    static Class class$net$jini$jeri$ssl$SslServerEndpointImpl;
    static Class class$net$jini$jeri$ssl$SslServerEndpoint;
    static Class class$javax$security$auth$x500$X500Principal;
    static Class class$java$security$cert$CertPath;
    static Class class$net$jini$jeri$ssl$SslServerEndpointImpl$SslListenHandle;
    static Class class$net$jini$jeri$ssl$SslServerEndpointImpl$SslServerConnection;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:net/jini/jeri/ssl/SslServerEndpointImpl$SslListenCookie.class */
    public final class SslListenCookie implements ServerEndpoint.ListenCookie {
        private final int port;
        private final SslServerEndpointImpl this$0;

        SslListenCookie(SslServerEndpointImpl sslServerEndpointImpl, int i) {
            this.this$0 = sslServerEndpointImpl;
            this.port = i;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public final int getPort() {
            return this.port;
        }

        final ServerEndpoint getServerEndpoint() {
            return this.this$0.serverEndpoint;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:net/jini/jeri/ssl/SslServerEndpointImpl$SslListenEndpoint.class */
    public class SslListenEndpoint extends Utilities implements ServerEndpoint.ListenEndpoint {
        private final SslServerEndpointImpl this$0;

        /* JADX INFO: Access modifiers changed from: package-private */
        public SslListenEndpoint(SslServerEndpointImpl sslServerEndpointImpl) {
            this.this$0 = sslServerEndpointImpl;
        }

        @Override // net.jini.jeri.ServerEndpoint.ListenEndpoint
        public void checkPermissions() {
            this.this$0.checkListenPermissions(true);
        }

        @Override // net.jini.jeri.ServerEndpoint.ListenEndpoint
        public ServerEndpoint.ListenHandle listen(RequestDispatcher requestDispatcher) throws IOException {
            if (requestDispatcher == null) {
                throw new NullPointerException("Request dispatcher cannot be null");
            }
            checkCredentials();
            return createListenHandle(requestDispatcher, this.this$0.serverSocketFactory != null ? this.this$0.serverSocketFactory.createServerSocket(this.this$0.port) : new ServerSocket(this.this$0.port));
        }

        private void checkCredentials() throws UnsupportedConstraintException {
            Class cls;
            Class cls2;
            Class cls3;
            Class cls4;
            if (this.this$0.serverSubject == null) {
                return;
            }
            this.this$0.checkListenPermissions(false);
            Set<Principal> principals = this.this$0.serverSubject.getPrincipals();
            HashMap hashMap = new HashMap(this.this$0.serverPrincipals.size());
            for (X500Principal x500Principal : this.this$0.serverPrincipals) {
                if (!principals.contains(x500Principal)) {
                    throw new UnsupportedConstraintException(new StringBuffer().append("Missing principal: ").append(x500Principal).toString());
                }
                if (SslServerEndpointImpl.class$javax$security$auth$x500$X500Principal == null) {
                    cls4 = SslServerEndpointImpl.class$("javax.security.auth.x500.X500Principal");
                    SslServerEndpointImpl.class$javax$security$auth$x500$X500Principal = cls4;
                } else {
                    cls4 = SslServerEndpointImpl.class$javax$security$auth$x500$X500Principal;
                }
                hashMap.put(x500Principal, cls4);
            }
            X500PrivateCredential[] x500PrivateCredentialArr = (X500PrivateCredential[]) AccessController.doPrivileged(new SubjectCredentials.GetAllPrivateCredentialsAction(this.this$0.serverSubject));
            List certificateChains = SubjectCredentials.getCertificateChains(this.this$0.serverSubject);
            if (certificateChains != null) {
                int size = certificateChains.size();
                while (true) {
                    size--;
                    if (size < 0) {
                        break;
                    }
                    CertPath certPath = (CertPath) certificateChains.get(size);
                    X509Certificate firstX509Cert = Utilities.firstX509Cert(certPath);
                    X500Principal subjectX500Principal = firstX509Cert.getSubjectX500Principal();
                    if (hashMap.containsKey(subjectX500Principal)) {
                        try {
                            Utilities.checkValidity(certPath, null);
                            if (SslServerEndpointImpl.class$java$security$cert$CertPath == null) {
                                cls3 = SslServerEndpointImpl.class$("java.security.cert.CertPath");
                                SslServerEndpointImpl.class$java$security$cert$CertPath = cls3;
                            } else {
                                cls3 = SslServerEndpointImpl.class$java$security$cert$CertPath;
                            }
                            hashMap.put(subjectX500Principal, cls3);
                            int length = x500PrivateCredentialArr.length;
                            while (true) {
                                length--;
                                if (length >= 0) {
                                    if (firstX509Cert.equals(x500PrivateCredentialArr[length].getCertificate())) {
                                        hashMap.remove(subjectX500Principal);
                                        break;
                                    }
                                }
                            }
                        } catch (CertificateException e) {
                            hashMap.put(subjectX500Principal, e);
                        }
                    }
                }
            }
            if (hashMap.isEmpty()) {
                return;
            }
            X500Principal x500Principal2 = (X500Principal) hashMap.keySet().iterator().next();
            Object obj = hashMap.get(x500Principal2);
            if (SslServerEndpointImpl.class$javax$security$auth$x500$X500Principal == null) {
                cls = SslServerEndpointImpl.class$("javax.security.auth.x500.X500Principal");
                SslServerEndpointImpl.class$javax$security$auth$x500$X500Principal = cls;
            } else {
                cls = SslServerEndpointImpl.class$javax$security$auth$x500$X500Principal;
            }
            if (obj == cls) {
                throw new UnsupportedConstraintException(new StringBuffer().append("Missing public credentials: ").append(x500Principal2).toString());
            }
            if (SslServerEndpointImpl.class$java$security$cert$CertPath == null) {
                cls2 = SslServerEndpointImpl.class$("java.security.cert.CertPath");
                SslServerEndpointImpl.class$java$security$cert$CertPath = cls2;
            } else {
                cls2 = SslServerEndpointImpl.class$java$security$cert$CertPath;
            }
            if (obj != cls2) {
                throw new UnsupportedConstraintException(new StringBuffer().append("Problem with certificates: ").append(x500Principal2).append("\n").append(obj).toString(), (CertificateException) obj);
            }
            throw new UnsupportedConstraintException(new StringBuffer().append("Missing private credentials: ").append(x500Principal2).toString());
        }

        ServerEndpoint.ListenHandle createListenHandle(RequestDispatcher requestDispatcher, ServerSocket serverSocket) throws IOException {
            return new SslListenHandle(this.this$0, requestDispatcher, serverSocket);
        }

        public int hashCode() {
            return (((getClass().hashCode() ^ System.identityHashCode(this.this$0.serverSubject)) ^ (this.this$0.serverPrincipals == null ? 0 : this.this$0.serverPrincipals.hashCode())) ^ this.this$0.port) ^ (this.this$0.serverSocketFactory != null ? this.this$0.serverSocketFactory.hashCode() : 0);
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            SslServerEndpointImpl impl = ((SslListenEndpoint) obj).getImpl();
            return this.this$0.serverSubject == impl.serverSubject && Utilities.safeEquals(this.this$0.serverPrincipals, impl.serverPrincipals) && this.this$0.port == impl.port && Util.sameClassAndEquals(this.this$0.serverSocketFactory, impl.serverSocketFactory);
        }

        private SslServerEndpointImpl getImpl() {
            return this.this$0;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:net/jini/jeri/ssl/SslServerEndpointImpl$SslListenHandle.class */
    public class SslListenHandle extends Utilities implements ServerEndpoint.ListenHandle {
        private final RequestDispatcher requestDispatcher;
        final ServerSocket serverSocket;
        private int acceptFailureCount;
        private final SslServerEndpointImpl this$0;
        private boolean closed = false;
        private final Set connections = new HashSet();
        private long acceptFailureTime = 0;
        private final SecurityContext securityContext = Security.getContext();

        /* JADX INFO: Access modifiers changed from: package-private */
        public SslListenHandle(SslServerEndpointImpl sslServerEndpointImpl, RequestDispatcher requestDispatcher, ServerSocket serverSocket) throws IOException {
            this.this$0 = sslServerEndpointImpl;
            this.requestDispatcher = requestDispatcher;
            this.serverSocket = serverSocket;
            SslServerEndpointImpl.systemExecutor.execute(new Runnable(this) { // from class: net.jini.jeri.ssl.SslServerEndpointImpl.3
                private final SslListenHandle this$1;

                {
                    this.this$1 = this;
                }

                @Override // java.lang.Runnable
                public void run() {
                    this.this$1.acceptLoop();
                }
            }, toString());
            SslServerEndpointImpl.logger.log(Level.FINE, "created {0}", this);
        }

        /* JADX WARN: Code restructure failed: missing block: B:30:0x0067, code lost:
        
            java.security.AccessController.doPrivileged(r10.securityContext.wrap(new net.jini.jeri.ssl.SslServerEndpointImpl.AnonymousClass4(r10, r13)), r10.securityContext.getAccessControlContext());
         */
        /* JADX WARN: Removed duplicated region for block: B:49:0x00a2 A[EXC_TOP_SPLITTER, SYNTHETIC] */
        /* JADX WARN: Removed duplicated region for block: B:59:0x00d2  */
        /* JADX WARN: Removed duplicated region for block: B:62:0x00e5  */
        /* JADX WARN: Removed duplicated region for block: B:64:0x00f1  */
        /* JADX WARN: Removed duplicated region for block: B:69:0x011d  */
        /* JADX WARN: Removed duplicated region for block: B:88:0x0153 A[SYNTHETIC] */
        /* JADX WARN: Removed duplicated region for block: B:90:0x0109 A[EXC_TOP_SPLITTER, SYNTHETIC] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        final void acceptLoop() {
            /*
                Method dump skipped, instructions count: 340
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: net.jini.jeri.ssl.SslServerEndpointImpl.SslListenHandle.acceptLoop():void");
        }

        private boolean continueAfterAcceptFailure(Throwable th) {
            long currentTimeMillis = System.currentTimeMillis();
            if (this.acceptFailureTime == 0 || currentTimeMillis - this.acceptFailureTime > 5000) {
                this.acceptFailureTime = currentTimeMillis;
                this.acceptFailureCount = 0;
                return true;
            }
            this.acceptFailureCount++;
            if (this.acceptFailureCount < 10) {
                return true;
            }
            try {
                Thread.sleep(10000L);
                return true;
            } catch (InterruptedException e) {
                return true;
            }
        }

        public String toString() {
            return new StringBuffer().append(Utilities.getClassName(this)).append("[").append(this.this$0.serverHost).append(":").append(getPort()).append("]").toString();
        }

        SslServerConnection serverConnection(Socket socket) throws IOException {
            return new SslServerConnection(this.this$0, this, socket);
        }

        void handleConnection(SslServerConnection sslServerConnection, RequestDispatcher requestDispatcher) {
            this.this$0.serverConnectionManager.handleConnection(sslServerConnection, requestDispatcher);
        }

        private int getPort() {
            return this.serverSocket.getLocalPort();
        }

        @Override // net.jini.jeri.ServerEndpoint.ListenHandle
        public synchronized void close() {
            if (this.closed) {
                return;
            }
            SslServerEndpointImpl.logger.log(Level.FINE, "closing {0}", this);
            this.closed = true;
            try {
                this.serverSocket.close();
            } catch (IOException e) {
            }
            Iterator it = this.connections.iterator();
            while (it.hasNext()) {
                try {
                    ((SslServerConnection) it.next()).closeInternal(false);
                } catch (IOException e2) {
                }
                it.remove();
            }
        }

        synchronized void noteConnectionClosed(SslServerConnection sslServerConnection) {
            this.connections.remove(sslServerConnection);
        }

        @Override // net.jini.jeri.ServerEndpoint.ListenHandle
        public ServerEndpoint.ListenCookie getCookie() {
            return new SslListenCookie(this.this$0, getPort());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:net/jini/jeri/ssl/SslServerEndpointImpl$SslServerConnection.class */
    public class SslServerConnection extends Utilities implements ServerConnection {
        private final SslListenHandle listenHandle;
        final SSLSocket sslSocket;
        private final InboundRequestHandle requestHandle = new InboundRequestHandle(this) { // from class: net.jini.jeri.ssl.SslServerEndpointImpl.5
            private final SslServerConnection this$1;

            {
                this.this$1 = this;
            }
        };
        private SSLSession session;
        private Subject clientSubject;
        private X500Principal clientPrincipal;
        private X500Principal serverPrincipal;
        private AuthenticationPermission authPermission;
        private String cipherSuite;
        boolean closed;
        private final SslServerEndpointImpl this$0;

        /* JADX INFO: Access modifiers changed from: package-private */
        public SslServerConnection(SslServerEndpointImpl sslServerEndpointImpl, SslListenHandle sslListenHandle, Socket socket) throws IOException {
            this.this$0 = sslServerEndpointImpl;
            this.listenHandle = sslListenHandle;
            this.sslSocket = (SSLSocket) sslServerEndpointImpl.getSSLSocketFactory().createSocket(socket, socket.getInetAddress().getHostName(), socket.getPort(), true);
            this.sslSocket.setEnabledCipherSuites(Utilities.getSupportedCipherSuites());
            this.sslSocket.setUseClientMode(false);
            this.sslSocket.setWantClientAuth(true);
            SslServerEndpointImpl.logger.log(Level.FINE, "created {0}", this);
        }

        public String toString() {
            String stringBuffer;
            synchronized (this) {
                stringBuffer = this.session == null ? "" : new StringBuffer().append(this.session).append(", ").toString();
            }
            return new StringBuffer().append(Utilities.getClassName(this)).append("[").append(stringBuffer).append(this.this$0.serverHost).append(":").append(this.sslSocket.getLocalPort()).append("<=").append(this.sslSocket.getInetAddress().getHostName()).append(":").append(this.sslSocket.getPort()).append("]").toString();
        }

        @Override // net.jini.jeri.connection.ServerConnection
        public InputStream getInputStream() throws IOException {
            return this.sslSocket.getInputStream();
        }

        @Override // net.jini.jeri.connection.ServerConnection
        public OutputStream getOutputStream() throws IOException {
            return this.sslSocket.getOutputStream();
        }

        @Override // net.jini.jeri.connection.ServerConnection
        public SocketChannel getChannel() {
            return null;
        }

        /* JADX WARN: Removed duplicated region for block: B:25:0x00ad  */
        @Override // net.jini.jeri.connection.ServerConnection
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public net.jini.jeri.connection.InboundRequestHandle processRequestData(java.io.InputStream r11, java.io.OutputStream r12) {
            /*
                Method dump skipped, instructions count: 231
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: net.jini.jeri.ssl.SslServerEndpointImpl.SslServerConnection.processRequestData(java.io.InputStream, java.io.OutputStream):net.jini.jeri.connection.InboundRequestHandle");
        }

        private void decacheSession() {
            synchronized (this) {
                SSLSession session = this.sslSocket.getSession();
                if (this.session == session) {
                    return;
                }
                if (this.session != null) {
                    throw new SecurityException("New handshake occurred on socket");
                }
                this.session = session;
                this.sslSocket.setEnableSessionCreation(false);
                this.cipherSuite = this.session.getCipherSuite();
                if ("NULL".equals(Utilities.getKeyExchangeAlgorithm(this.cipherSuite))) {
                    throw new SecurityException("Handshake failed");
                }
                this.clientSubject = getClientSubject(this.sslSocket);
                this.clientPrincipal = this.clientSubject != null ? (X500Principal) this.clientSubject.getPrincipals().iterator().next() : null;
                X509Certificate serverCertificate = this.this$0.getAuthManager().getServerCertificate(this.session);
                this.serverPrincipal = serverCertificate != null ? serverCertificate.getSubjectX500Principal() : null;
                if (this.serverPrincipal != null) {
                    this.authPermission = new AuthenticationPermission(Collections.singleton(this.serverPrincipal), this.clientPrincipal != null ? Collections.singleton(this.clientPrincipal) : null, "accept");
                }
            }
        }

        private Subject getClientSubject(SSLSocket sSLSocket) {
            try {
                Certificate[] peerCertificates = sSLSocket.getSession().getPeerCertificates();
                if (peerCertificates == null || peerCertificates.length <= 0 || !(peerCertificates[0] instanceof X509Certificate)) {
                    return null;
                }
                return new Subject(true, Collections.singleton(((X509Certificate) peerCertificates[0]).getSubjectX500Principal()), Collections.singleton(Utilities.getCertFactory().generateCertPath(Arrays.asList(peerCertificates))), Collections.EMPTY_SET);
            } catch (CertificateException e) {
                SslServerEndpointImpl.logger.log(Levels.HANDLED, "get client subject caught exception", (Throwable) e);
                return null;
            } catch (SSLPeerUnverifiedException e2) {
                return null;
            }
        }

        @Override // net.jini.jeri.connection.ServerConnection
        public void checkPermissions(InboundRequestHandle inboundRequestHandle) {
            Class cls;
            check(inboundRequestHandle);
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager != null) {
                try {
                    securityManager.checkAccept(this.sslSocket.getInetAddress().getHostName(), this.sslSocket.getPort());
                    if (this.authPermission != null) {
                        securityManager.checkPermission(this.authPermission);
                    }
                } catch (SecurityException e) {
                    if (SslServerEndpointImpl.logger.isLoggable(Levels.FAILED)) {
                        Logger logger = SslServerEndpointImpl.logger;
                        Level level = Levels.FAILED;
                        if (SslServerEndpointImpl.class$net$jini$jeri$ssl$SslServerEndpointImpl$SslServerConnection == null) {
                            cls = SslServerEndpointImpl.class$("net.jini.jeri.ssl.SslServerEndpointImpl$SslServerConnection");
                            SslServerEndpointImpl.class$net$jini$jeri$ssl$SslServerEndpointImpl$SslServerConnection = cls;
                        } else {
                            cls = SslServerEndpointImpl.class$net$jini$jeri$ssl$SslServerEndpointImpl$SslServerConnection;
                        }
                        Utilities.logThrow(logger, level, cls, "checkPermissions", "check permissions for {0} throws", new Object[]{this}, e);
                    }
                    throw e;
                }
            }
        }

        private void check(InboundRequestHandle inboundRequestHandle) {
            if (inboundRequestHandle == null) {
                throw new NullPointerException("Request handle cannot be null");
            }
            if (inboundRequestHandle != this.requestHandle) {
                throw new IllegalArgumentException(new StringBuffer().append("Wrong request handle: found ").append(inboundRequestHandle).append(", expected ").append(this.requestHandle).toString());
            }
        }

        @Override // net.jini.jeri.connection.ServerConnection
        public InvocationConstraints checkConstraints(InboundRequestHandle inboundRequestHandle, InvocationConstraints invocationConstraints) throws UnsupportedConstraintException {
            Class cls;
            check(inboundRequestHandle);
            if (invocationConstraints == null) {
                throw new NullPointerException("Constraints cannot be null");
            }
            InvocationConstraints unfulfilledConstraints = SslServerEndpointImpl.getUnfulfilledConstraints(this.cipherSuite, this.clientPrincipal, this.serverPrincipal, invocationConstraints);
            if (unfulfilledConstraints != null) {
                if (SslServerEndpointImpl.logger.isLoggable(Level.FINE)) {
                    SslServerEndpointImpl.logger.log(Level.FINE, "check constraints for {0}\nwith {1}\nreturns {2}", new Object[]{this, invocationConstraints, unfulfilledConstraints});
                }
                return unfulfilledConstraints;
            }
            UnsupportedConstraintException unsupportedConstraintException = new UnsupportedConstraintException(new StringBuffer().append("Constraints are not supported: ").append(invocationConstraints).toString());
            if (SslServerEndpointImpl.logger.isLoggable(Levels.FAILED)) {
                Logger logger = SslServerEndpointImpl.logger;
                Level level = Levels.FAILED;
                if (SslServerEndpointImpl.class$net$jini$jeri$ssl$SslServerEndpointImpl$SslServerConnection == null) {
                    cls = SslServerEndpointImpl.class$("net.jini.jeri.ssl.SslServerEndpointImpl$SslServerConnection");
                    SslServerEndpointImpl.class$net$jini$jeri$ssl$SslServerEndpointImpl$SslServerConnection = cls;
                } else {
                    cls = SslServerEndpointImpl.class$net$jini$jeri$ssl$SslServerEndpointImpl$SslServerConnection;
                }
                Utilities.logThrow(logger, level, cls, "checkConstraints", "check constraints for {0}\nwith {1}\nthrows", new Object[]{this, invocationConstraints}, unsupportedConstraintException);
            }
            throw unsupportedConstraintException;
        }

        @Override // net.jini.jeri.connection.ServerConnection
        public void populateContext(InboundRequestHandle inboundRequestHandle, Collection collection) {
            check(inboundRequestHandle);
            Util.populateContext(collection, this.sslSocket.getInetAddress());
            Util.populateContext(collection, this.clientSubject);
        }

        @Override // net.jini.jeri.connection.ServerConnection
        public void close() throws IOException {
            closeInternal(true);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void closeInternal(boolean z) throws IOException {
            synchronized (this) {
                if (this.closed) {
                    return;
                }
                SslServerEndpointImpl.logger.log(Level.FINE, "closing {0}", this);
                this.closed = true;
                this.sslSocket.close();
                if (z) {
                    this.listenHandle.noteConnectionClosed(this);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SslServerEndpointImpl(ServerEndpoint serverEndpoint, Subject subject, X500Principal[] x500PrincipalArr, String str, int i, SocketFactory socketFactory, ServerSocketFactory serverSocketFactory) {
        this.serverEndpoint = serverEndpoint;
        boolean z = subject == null;
        subject = z ? (Subject) AccessController.doPrivileged(new PrivilegedAction(this, AccessController.getContext()) { // from class: net.jini.jeri.ssl.SslServerEndpointImpl.1
            private final AccessControlContext val$acc;
            private final SslServerEndpointImpl this$0;

            {
                this.this$0 = this;
                this.val$acc = r5;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return Subject.getSubject(this.val$acc);
            }
        }) : subject;
        this.serverPrincipals = x500PrincipalArr == null ? computePrincipals(subject) : checkPrincipals(x500PrincipalArr);
        if (this.serverPrincipals == null) {
            this.listenPermissions = null;
        } else {
            this.listenPermissions = new AuthenticationPermission[this.serverPrincipals.size()];
            int i2 = 0;
            Iterator it = this.serverPrincipals.iterator();
            while (it.hasNext()) {
                this.listenPermissions[i2] = new AuthenticationPermission(Collections.singleton((Principal) it.next()), null, "listen");
                i2++;
            }
        }
        if (this.serverPrincipals == null || !(!z || x500PrincipalArr == null || hasListenPermissions())) {
            this.serverSubject = null;
            this.listenPermissions = null;
        } else {
            this.serverSubject = subject;
        }
        this.serverHost = str;
        if (i < 0 || i > 65535) {
            throw new IllegalArgumentException(new StringBuffer().append("Invalid port: ").append(i).toString());
        }
        this.port = i;
        this.socketFactory = socketFactory;
        this.serverSocketFactory = serverSocketFactory;
        this.listenEndpoint = createListenEndpoint();
    }

    private static Set computePrincipals(Subject subject) {
        if (subject == null) {
            return null;
        }
        Set principals = SubjectCredentials.getPrincipals(subject, -1, (X500PrivateCredential[]) AccessController.doPrivileged(new SubjectCredentials.GetAllPrivateCredentialsAction(subject)));
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            Iterator it = principals.iterator();
            while (it.hasNext()) {
                try {
                    securityManager.checkPermission(new AuthenticationPermission(Collections.singleton((Principal) it.next()), null, "listen"));
                } catch (SecurityException e) {
                    logger.log(Levels.HANDLED, "compute principals for server endpoint caught exception", (Throwable) e);
                    it.remove();
                }
            }
        }
        if (principals.isEmpty()) {
            return null;
        }
        return principals;
    }

    private boolean hasListenPermissions() {
        try {
            checkListenPermissions(false);
            return true;
        } catch (SecurityException e) {
            logger.log(Levels.HANDLED, "check listen permissions for server endpoint caught exception", (Throwable) e);
            return false;
        }
    }

    private static Set checkPrincipals(X500Principal[] x500PrincipalArr) {
        if (x500PrincipalArr.length == 0) {
            return null;
        }
        HashSet hashSet = new HashSet(x500PrincipalArr.length);
        int length = x500PrincipalArr.length;
        while (true) {
            length--;
            if (length < 0) {
                return hashSet;
            }
            X500Principal x500Principal = x500PrincipalArr[length];
            if (x500Principal == null) {
                throw new NullPointerException("Server principal cannot be null");
            }
            hashSet.add(x500Principal);
        }
    }

    private void sslInit() {
        if (!$assertionsDisabled && !Thread.holdsLock(this)) {
            throw new AssertionError();
        }
        Utilities.SSLContextInfo serverSSLContextInfo = Utilities.getServerSSLContextInfo(this.serverSubject, this.serverPrincipals);
        this.sslSocketFactory = serverSSLContextInfo.sslContext.getSocketFactory();
        this.authManager = (ServerAuthManager) serverSSLContextInfo.authManager;
    }

    final SSLSocketFactory getSSLSocketFactory() {
        synchronized (this) {
            if (this.sslSocketFactory == null) {
                sslInit();
            }
        }
        return this.sslSocketFactory;
    }

    final ServerAuthManager getAuthManager() {
        synchronized (this) {
            if (this.authManager == null) {
                sslInit();
            }
        }
        return this.authManager;
    }

    public int hashCode() {
        return (((((getClass().hashCode() ^ System.identityHashCode(this.serverSubject)) ^ (this.serverPrincipals == null ? 0 : this.serverPrincipals.hashCode())) ^ (this.serverHost == null ? 0 : this.serverHost.hashCode())) ^ this.port) ^ (this.socketFactory != null ? this.socketFactory.hashCode() : 0)) ^ (this.serverSocketFactory != null ? this.serverSocketFactory.hashCode() : 0);
    }

    public boolean equals(Object obj) {
        if (obj == null || obj.getClass() != getClass()) {
            return false;
        }
        SslServerEndpointImpl sslServerEndpointImpl = (SslServerEndpointImpl) obj;
        return this.serverSubject == sslServerEndpointImpl.serverSubject && Utilities.safeEquals(this.serverPrincipals, sslServerEndpointImpl.serverPrincipals) && Utilities.safeEquals(this.serverHost, sslServerEndpointImpl.serverHost) && this.port == sslServerEndpointImpl.port && Util.sameClassAndEquals(this.socketFactory, sslServerEndpointImpl.socketFactory) && Util.sameClassAndEquals(this.serverSocketFactory, sslServerEndpointImpl.serverSocketFactory);
    }

    public String toString() {
        return new StringBuffer().append(Utilities.getClassName(this)).append(fieldsToString()).toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String fieldsToString() {
        return new StringBuffer().append("[").append(this.serverPrincipals == null ? "" : new StringBuffer().append(this.serverPrincipals.toString()).append(", ").toString()).append(this.serverHost == null ? "" : new StringBuffer().append(this.serverHost).append(":").toString()).append(this.port).append(this.serverSocketFactory != null ? new StringBuffer().append(", ").append(this.serverSocketFactory).toString() : "").append(this.socketFactory != null ? new StringBuffer().append(", ").append(this.socketFactory).toString() : "").append("]").toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Code restructure failed: missing block: B:42:0x0155, code lost:
    
        if (r0.contains(r0) != false) goto L47;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final net.jini.core.constraint.InvocationConstraints checkConstraints(net.jini.core.constraint.InvocationConstraints r11) throws net.jini.io.UnsupportedConstraintException {
        /*
            Method dump skipped, instructions count: 577
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: net.jini.jeri.ssl.SslServerEndpointImpl.checkConstraints(net.jini.core.constraint.InvocationConstraints):net.jini.core.constraint.InvocationConstraints");
    }

    static InvocationConstraints getUnfulfilledConstraints(String str, Principal principal, Principal principal2, InvocationConstraints invocationConstraints) {
        boolean z = false;
        int i = 2;
        while (true) {
            i--;
            if (i < 0) {
                if (z) {
                    return InvocationConstraints.EMPTY;
                }
                return null;
            }
            ConnectionContext connectionContext = ConnectionContext.getInstance(str, principal, principal2, i == 0, false, invocationConstraints);
            if (connectionContext != null) {
                if (connectionContext.getIntegrityRequired()) {
                    return Utilities.INTEGRITY_REQUIRED;
                }
                if (connectionContext.getIntegrityPreferred()) {
                    return Utilities.INTEGRITY_PREFERRED;
                }
                z = true;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final Endpoint enumerateListenEndpoints(ServerEndpoint.ListenContext listenContext) throws IOException {
        Class cls;
        Class cls2;
        try {
            String str = this.serverHost;
            if (str == null) {
                try {
                    InetAddress inetAddress = (InetAddress) AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: net.jini.jeri.ssl.SslServerEndpointImpl.2
                        private final SslServerEndpointImpl this$0;

                        {
                            this.this$0 = this;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws UnknownHostException {
                            return InetAddress.getLocalHost();
                        }
                    });
                    SecurityManager securityManager = System.getSecurityManager();
                    if (securityManager != null) {
                        try {
                            securityManager.checkConnect(inetAddress.getHostName(), -1);
                        } catch (SecurityException e) {
                            throw new SecurityException("Access to resolve local host denied");
                        }
                    }
                    str = inetAddress.getHostAddress();
                } catch (PrivilegedActionException e2) {
                    throw ((UnknownHostException) ((Exception) e2.getCause()));
                }
            }
            Endpoint createEndpoint = createEndpoint(str, checkCookie(listenContext.addListenEndpoint(this.listenEndpoint)));
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "enumerate listen endpoints for {0}\nreturns {1}", new Object[]{this, createEndpoint});
            }
            if (0 != 0 && logger.isLoggable(Levels.FAILED)) {
                Logger logger2 = logger;
                Level level = Levels.FAILED;
                if (class$net$jini$jeri$ssl$SslServerEndpointImpl == null) {
                    cls2 = class$("net.jini.jeri.ssl.SslServerEndpointImpl");
                    class$net$jini$jeri$ssl$SslServerEndpointImpl = cls2;
                } else {
                    cls2 = class$net$jini$jeri$ssl$SslServerEndpointImpl;
                }
                Utilities.logThrow(logger2, level, cls2, "enumerateListenEndpoints", "enumerate listen endpoints for {0}\nthrows", new Object[]{this}, null);
            }
            return createEndpoint;
        } catch (Throwable th) {
            if (0 != 0 && logger.isLoggable(Levels.FAILED)) {
                Logger logger3 = logger;
                Level level2 = Levels.FAILED;
                if (class$net$jini$jeri$ssl$SslServerEndpointImpl == null) {
                    cls = class$("net.jini.jeri.ssl.SslServerEndpointImpl");
                    class$net$jini$jeri$ssl$SslServerEndpointImpl = cls;
                } else {
                    cls = class$net$jini$jeri$ssl$SslServerEndpointImpl;
                }
                Utilities.logThrow(logger3, level2, cls, "enumerateListenEndpoints", "enumerate listen endpoints for {0}\nthrows", new Object[]{this}, null);
            }
            throw th;
        }
    }

    ServerEndpoint.ListenEndpoint createListenEndpoint() {
        return new SslListenEndpoint(this);
    }

    Endpoint createEndpoint(String str, SslListenCookie sslListenCookie) {
        return SslEndpoint.getInstance(str, sslListenCookie.getPort(), this.socketFactory);
    }

    private SslListenCookie checkCookie(ServerEndpoint.ListenCookie listenCookie) {
        if (!(listenCookie instanceof SslListenCookie)) {
            throw new IllegalArgumentException(new StringBuffer().append("Cookie must be of type SslListenCookie: ").append(listenCookie).toString());
        }
        SslListenCookie sslListenCookie = (SslListenCookie) listenCookie;
        ServerEndpoint serverEndpoint = sslListenCookie.getServerEndpoint();
        if (this.serverEndpoint.equals(serverEndpoint)) {
            return sslListenCookie;
        }
        throw new IllegalArgumentException(new StringBuffer().append("Cookie has wrong server endpoint: found ").append(serverEndpoint).append(", expected ").append(this.serverEndpoint).toString());
    }

    final void checkListenPermissions(boolean z) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager == null) {
            return;
        }
        if (z) {
            securityManager.checkListen(this.port);
        }
        if (this.listenPermissions == null) {
            return;
        }
        int length = this.listenPermissions.length;
        while (true) {
            length--;
            if (length < 0) {
                return;
            } else {
                securityManager.checkPermission(this.listenPermissions[length]);
            }
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$net$jini$jeri$ssl$SslServerEndpointImpl == null) {
            cls = class$("net.jini.jeri.ssl.SslServerEndpointImpl");
            class$net$jini$jeri$ssl$SslServerEndpointImpl = cls;
        } else {
            cls = class$net$jini$jeri$ssl$SslServerEndpointImpl;
        }
        $assertionsDisabled = !cls.desiredAssertionStatus();
        logger = Utilities.serverLogger;
        maxServerSessionDuration = ((Long) Security.doPrivileged(new GetLongAction("com.sun.jini.jeri.ssl.maxServerSessionDuration", TimeConstants.DAYS))).longValue();
        systemExecutor = (Executor) Security.doPrivileged(new GetThreadPoolAction(false));
        defaultServerConnectionManager = new BasicServerConnManager();
    }
}
