package org.neo4j.server.security.ssl;

import java.util.List;
import java.util.UUID;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.io.ByteBufferPool;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.neo4j.configuration.Config;
import org.neo4j.configuration.helpers.SocketAddress;
import org.neo4j.kernel.api.net.NetworkConnectionTracker;
import org.neo4j.server.web.HttpConnectorFactory;
import org.neo4j.server.web.JettyThreadCalculator;
import org.neo4j.ssl.SslPolicy;

/* loaded from: input_file:org/neo4j/server/security/ssl/SslSocketConnectorFactory.class */
public class SslSocketConnectorFactory extends HttpConnectorFactory {
    private static final String NAME = "https";
    private final HttpConfiguration.Customizer requestCustomizer;

    public SslSocketConnectorFactory(NetworkConnectionTracker networkConnectionTracker, Config config, ByteBufferPool byteBufferPool) {
        super("https", networkConnectionTracker, config, byteBufferPool);
        this.requestCustomizer = new HttpsRequestCustomizer(config);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.neo4j.server.web.HttpConnectorFactory
    public HttpConfiguration createHttpConfig() {
        HttpConfiguration createHttpConfig = super.createHttpConfig();
        createHttpConfig.addCustomizer(this.requestCustomizer);
        return createHttpConfig;
    }

    public ServerConnector createConnector(Server server, SslPolicy sslPolicy, SocketAddress socketAddress, JettyThreadCalculator jettyThreadCalculator) {
        return createConnector(server, socketAddress, jettyThreadCalculator, createSslConnectionFactory(sslPolicy), createHttpConnectionFactory());
    }

    private static SslConnectionFactory createSslConnectionFactory(SslPolicy sslPolicy) {
        SslContextFactory.Server server = new SslContextFactory.Server();
        String uuid = UUID.randomUUID().toString();
        server.setKeyStore(sslPolicy.getKeyStore(uuid.toCharArray(), uuid.toCharArray()));
        server.setKeyStorePassword(uuid);
        server.setKeyManagerPassword(uuid);
        List<String> cipherSuites = sslPolicy.getCipherSuites();
        if (cipherSuites != null) {
            server.setIncludeCipherSuites((String[]) cipherSuites.toArray(new String[0]));
            server.setExcludeCipherSuites(new String[0]);
        }
        String[] tlsVersions = sslPolicy.getTlsVersions();
        if (tlsVersions != null) {
            server.setIncludeProtocols(tlsVersions);
            server.setExcludeProtocols(new String[0]);
        }
        switch (sslPolicy.getClientAuth()) {
            case REQUIRE:
                server.setNeedClientAuth(true);
                break;
            case OPTIONAL:
                server.setWantClientAuth(true);
                break;
            case NONE:
                server.setWantClientAuth(false);
                server.setNeedClientAuth(false);
                break;
            default:
                throw new IllegalArgumentException("Not supported: " + String.valueOf(sslPolicy.getClientAuth()));
        }
        return new SslConnectionFactory(server, HttpVersion.HTTP_1_1.asString());
    }
}
