package org.neo4j.server.security.ssl;

import java.util.List;
import java.util.UUID;
import org.eclipse.jetty.http.HttpScheme;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.neo4j.helpers.ListenSocketAddress;
import org.neo4j.kernel.configuration.Config;
import org.neo4j.server.ServerBootstrapper;
import org.neo4j.server.web.HttpConnectorFactory;
import org.neo4j.server.web.JettyThreadCalculator;
import org.neo4j.ssl.ClientAuth;
import org.neo4j.ssl.SslPolicy;

/* loaded from: input_file:org/neo4j/server/security/ssl/SslSocketConnectorFactory.class */
public class SslSocketConnectorFactory extends HttpConnectorFactory {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.neo4j.server.security.ssl.SslSocketConnectorFactory$1, reason: invalid class name */
    /* loaded from: input_file:org/neo4j/server/security/ssl/SslSocketConnectorFactory$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$neo4j$ssl$ClientAuth = new int[ClientAuth.values().length];

        static {
            try {
                $SwitchMap$org$neo4j$ssl$ClientAuth[ClientAuth.REQUIRE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$neo4j$ssl$ClientAuth[ClientAuth.OPTIONAL.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$neo4j$ssl$ClientAuth[ClientAuth.NONE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public SslSocketConnectorFactory(Config config) {
        super(config);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.neo4j.server.web.HttpConnectorFactory
    public HttpConfiguration createHttpConfig() {
        HttpConfiguration createHttpConfig = super.createHttpConfig();
        createHttpConfig.addCustomizer((connector, httpConfiguration, request) -> {
            request.setScheme(HttpScheme.HTTPS.asString());
        });
        return createHttpConfig;
    }

    public ServerConnector createConnector(Server server, SslPolicy sslPolicy, ListenSocketAddress listenSocketAddress, JettyThreadCalculator jettyThreadCalculator) {
        return super.createConnector(server, listenSocketAddress, jettyThreadCalculator, createSslConnectionFactory(sslPolicy), createHttpConnectionFactory());
    }

    private SslConnectionFactory createSslConnectionFactory(SslPolicy sslPolicy) {
        SslContextFactory sslContextFactory = new SslContextFactory();
        String uuid = UUID.randomUUID().toString();
        sslContextFactory.setKeyStore(sslPolicy.getKeyStore(uuid.toCharArray(), uuid.toCharArray()));
        sslContextFactory.setKeyStorePassword(uuid);
        sslContextFactory.setKeyManagerPassword(uuid);
        List cipherSuites = sslPolicy.getCipherSuites();
        if (cipherSuites != null) {
            sslContextFactory.setIncludeCipherSuites((String[]) cipherSuites.toArray(new String[cipherSuites.size()]));
            sslContextFactory.setExcludeCipherSuites(new String[0]);
        }
        String[] tlsVersions = sslPolicy.getTlsVersions();
        if (tlsVersions != null) {
            sslContextFactory.setIncludeProtocols(tlsVersions);
            sslContextFactory.setExcludeProtocols(new String[0]);
        }
        switch (AnonymousClass1.$SwitchMap$org$neo4j$ssl$ClientAuth[sslPolicy.getClientAuth().ordinal()]) {
            case ServerBootstrapper.WEB_SERVER_STARTUP_ERROR_CODE /* 1 */:
                sslContextFactory.setNeedClientAuth(true);
                break;
            case ServerBootstrapper.GRAPH_DATABASE_STARTUP_ERROR_CODE /* 2 */:
                sslContextFactory.setWantClientAuth(true);
                break;
            case 3:
                sslContextFactory.setWantClientAuth(false);
                sslContextFactory.setNeedClientAuth(false);
                break;
            default:
                throw new IllegalArgumentException("Not supported: " + sslPolicy.getClientAuth());
        }
        return new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString());
    }
}
