package org.smallmind.web.grizzly;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLEngine;
import org.glassfish.grizzly.filterchain.BaseFilter;
import org.glassfish.grizzly.filterchain.FilterChainContext;
import org.glassfish.grizzly.filterchain.NextAction;
import org.glassfish.grizzly.http.HttpContent;
import org.glassfish.grizzly.http.HttpHeader;
import org.glassfish.grizzly.http.HttpPacket;
import org.glassfish.grizzly.http.util.HeaderValue;
import org.glassfish.grizzly.ssl.SSLUtils;

/* loaded from: input_file:org/smallmind/web/grizzly/ClientAuthProxyFilter.class */
public class ClientAuthProxyFilter extends BaseFilter {
    public static final String SSL_CLIENT_S_DN = "SSL_CLIENT_S_DN";
    public static final String SSL_CLIENT_I_DN = "SSL_CLIENT_I_DN";
    public static final String SSL_CLIENT_VERIFY = "SSL_CLIENT_VERIFY";
    public static final String X_FORWARDED_FOR = "X-Forwarded-For";
    protected boolean proxyMode;

    public ClientAuthProxyFilter(boolean z) {
        this.proxyMode = z;
    }

    public NextAction handleRead(FilterChainContext filterChainContext) throws IOException {
        if (HttpPacket.isHttp(filterChainContext.getMessage())) {
            HttpContent httpContent = (HttpContent) filterChainContext.getMessage();
            if (this.proxyMode) {
                return filterChainContext.getInvokeAction();
            }
            if (httpContent.getHttpHeader().containsHeader(SSL_CLIENT_S_DN)) {
                httpContent.getHttpHeader().setHeader(SSL_CLIENT_S_DN, (HeaderValue) null);
            }
            if (httpContent.getHttpHeader().containsHeader(SSL_CLIENT_I_DN)) {
                httpContent.getHttpHeader().setHeader(SSL_CLIENT_I_DN, (HeaderValue) null);
            }
            if (httpContent.getHttpHeader().containsHeader(SSL_CLIENT_VERIFY)) {
                httpContent.getHttpHeader().setHeader(SSL_CLIENT_VERIFY, (HeaderValue) null);
            }
            if (httpContent.getHttpHeader().containsHeader(X_FORWARDED_FOR)) {
                httpContent.getHttpHeader().setHeader(X_FORWARDED_FOR, (HeaderValue) null);
            }
            extractIPAddress((InetSocketAddress) filterChainContext.getConnection().getPeerAddress(), httpContent.getHttpHeader());
            if (SSLUtils.getSSLEngine(filterChainContext.getConnection()) == null) {
                return filterChainContext.getInvokeAction();
            }
            X509Certificate[] extractX509Certs = extractX509Certs(getPeerCertificates(SSLUtils.getSSLEngine(filterChainContext.getConnection())));
            if (extractX509Certs == null || extractX509Certs.length == 0 || extractX509Certs[0].getSubjectDN() == null) {
                return filterChainContext.getInvokeAction();
            }
            httpContent.getHttpHeader().addHeader(SSL_CLIENT_S_DN, extractX509Certs[0].getSubjectDN().getName());
            if (extractX509Certs[0].getIssuerDN() != null) {
                httpContent.getHttpHeader().addHeader(SSL_CLIENT_I_DN, extractX509Certs[0].getIssuerDN().getName());
            }
            httpContent.getHttpHeader().addHeader(SSL_CLIENT_VERIFY, "SUCCESS");
        }
        return filterChainContext.getInvokeAction();
    }

    private X509Certificate[] extractX509Certs(Certificate[] certificateArr) {
        if (certificateArr == null) {
            return null;
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
        int length = certificateArr.length;
        for (int i = 0; i < length; i++) {
            if (certificateArr[i] instanceof X509Certificate) {
                x509CertificateArr[i] = (X509Certificate) certificateArr[i];
            } else {
                try {
                    x509CertificateArr[i] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certificateArr[i].getEncoded()));
                } catch (Exception e) {
                    return null;
                }
            }
        }
        return x509CertificateArr;
    }

    private Certificate[] getPeerCertificates(SSLEngine sSLEngine) {
        try {
            return sSLEngine.getSession().getPeerCertificates();
        } catch (Throwable th) {
            return null;
        }
    }

    private void extractIPAddress(InetSocketAddress inetSocketAddress, HttpHeader httpHeader) {
        if (inetSocketAddress == null || inetSocketAddress.getAddress() == null) {
            return;
        }
        httpHeader.setHeader(X_FORWARDED_FOR, inetSocketAddress.getAddress().getHostAddress());
    }
}
