package eu.unicore.util.jetty;

import eu.emi.security.authn.x509.X509CertChainValidator;
import eu.emi.security.authn.x509.X509Credential;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import eu.emi.security.authn.x509.impl.X500NameUtils;
import eu.unicore.security.canl.SSLContextCreator;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import org.apache.log4j.Logger;
import org.eclipse.jetty.util.ssl.SslContextFactory;

/* loaded from: input_file:eu/unicore/util/jetty/JettyConnectorUtils.class */
public class JettyConnectorUtils {
    public static SslContextFactory createJettyContextFactory(X509CertChainValidator x509CertChainValidator, X509Credential x509Credential, Logger logger) throws NoSuchAlgorithmException, NoSuchProviderException, KeyManagementException {
        SslContextFactory sslContextFactory = new SslContextFactory();
        String property = System.getProperty("java.vm.vendor");
        String str = "TLS";
        if (property != null && property.trim().startsWith("IBM")) {
            str = "SSL_TLS";
        }
        sslContextFactory.setSslContext(SSLContextCreator.createSSLContext(x509Credential, x509CertChainValidator, str, "Jetty HTTP Server", logger));
        return sslContextFactory;
    }

    public static void logConnection(Socket socket, final Logger logger) {
        InetSocketAddress inetSocketAddress = (InetSocketAddress) socket.getRemoteSocketAddress();
        if (!logger.isDebugEnabled() || inetSocketAddress == null || inetSocketAddress.getAddress() == null) {
            return;
        }
        final String hostAddress = inetSocketAddress.getAddress().getHostAddress();
        logger.debug("Connection attempt from " + hostAddress);
        if (socket instanceof SSLSocket) {
            ((SSLSocket) socket).addHandshakeCompletedListener(new HandshakeCompletedListener() { // from class: eu.unicore.util.jetty.JettyConnectorUtils.1
                @Override // javax.net.ssl.HandshakeCompletedListener
                public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
                    try {
                        Logger.this.debug("SSL connection with " + X500NameUtils.getReadableForm(CertificateUtils.convertToX509Chain(handshakeCompletedEvent.getPeerCertificates())[0].getSubjectX500Principal()) + ", connected from " + hostAddress + " was established.");
                    } catch (SSLPeerUnverifiedException e) {
                        Logger.this.debug("An identity of the peer connecting from " + hostAddress + " was not established on TLS layer");
                    }
                }
            });
        }
    }
}
