package org.apache.synapse.transport.http.conn;

import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import org.apache.http.nio.reactor.IOSession;
import org.apache.http.nio.reactor.ssl.SSLSetupHandler;
import org.apache.synapse.transport.certificatevalidation.CertificateVerificationException;
import org.apache.synapse.transport.certificatevalidation.RevocationVerificationManager;

/* loaded from: input_file:WEB-INF/lib/synapse-nhttp-transport-2.1.7-wso2v199.jar:org/apache/synapse/transport/http/conn/ServerSSLSetupHandler.class */
public class ServerSSLSetupHandler implements SSLSetupHandler {
    private final SSLClientAuth clientAuth;
    private final String[] httpsProtocols;
    private RevocationVerificationManager verificationManager;
    private final String[] preferredCiphers;

    public ServerSSLSetupHandler(SSLClientAuth sSLClientAuth, String[] strArr, RevocationVerificationManager revocationVerificationManager, String[] strArr2) {
        this.clientAuth = sSLClientAuth;
        this.httpsProtocols = strArr;
        this.verificationManager = revocationVerificationManager;
        this.preferredCiphers = strArr2;
    }

    @Override // org.apache.http.nio.reactor.ssl.SSLSetupHandler
    public void initalize(SSLEngine sSLEngine) throws SSLException {
        if (this.clientAuth != null) {
            switch (this.clientAuth) {
                case OPTIONAL:
                    sSLEngine.setWantClientAuth(true);
                    break;
                case REQUIRED:
                    sSLEngine.setNeedClientAuth(true);
                    break;
            }
        }
        if (this.httpsProtocols != null) {
            sSLEngine.setEnabledProtocols(this.httpsProtocols);
        }
        if (this.preferredCiphers != null) {
            sSLEngine.setEnabledCipherSuites(this.preferredCiphers);
        }
    }

    @Override // org.apache.http.nio.reactor.ssl.SSLSetupHandler
    public void verify(IOSession iOSession, SSLSession sSLSession) throws SSLException {
        String obj;
        if (this.verificationManager != null) {
            try {
                this.verificationManager.verifyRevocationStatus(sSLSession.getPeerCertificateChain());
            } catch (CertificateVerificationException e) {
                SocketAddress remoteAddress = iOSession.getRemoteAddress();
                if (remoteAddress instanceof InetSocketAddress) {
                    InetSocketAddress inetSocketAddress = (InetSocketAddress) remoteAddress;
                    InetAddress address = inetSocketAddress.getAddress();
                    obj = address != null ? address.getHostAddress() : inetSocketAddress.getHostName();
                } else {
                    obj = remoteAddress.toString();
                }
                throw new SSLException("Certificate Chain Validation failed for host : " + obj, e);
            }
        }
    }
}
