package weblogic.server.channels;

import java.io.EOFException;
import java.io.IOException;
import java.io.InterruptedIOException;
import java.net.Socket;
import java.security.AccessController;
import weblogic.kernel.T3SrvrLogger;
import weblogic.management.provider.ManagementService;
import weblogic.protocol.ServerChannel;
import weblogic.security.SSL.SSLEngineFactory;
import weblogic.security.SSL.WeblogicSSLEngine;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.utils.SSLCipherUtility;
import weblogic.security.utils.SSLContextManager;
import weblogic.security.utils.SSLSetup;
import weblogic.socket.JSSEFilterImpl;
import weblogic.socket.JSSESocket;
import weblogic.socket.MuxableSocketDiscriminator;
import weblogic.socket.SocketMuxer;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:weblogic/server/channels/DynamicJSSEListenThread.class */
public final class DynamicJSSEListenThread extends DynamicListenThread {
    private static final String SSL_LISTEN_THREAD_NAME = "DynamicJSSEListenThread";
    private static final String ADMIN_LISTEN_THREAD_NAME = "AdminJSSEListenThread";
    private static final AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private final SSLEngineFactory sslEngineFactory;

    /* JADX INFO: Access modifiers changed from: package-private */
    public DynamicJSSEListenThread(ServerChannel[] serverChannelArr, DynamicListenThreadManager dynamicListenThreadManager) throws IOException {
        super(serverChannelArr, dynamicListenThreadManager);
        this.port = serverChannelArr[0].getPort();
        try {
            this.sslEngineFactory = SSLContextManager.getSSLEngineFactory(serverChannelArr[0], kernelId);
            this.loginTimeout = serverChannelArr[0].getLoginTimeoutMillis();
        } catch (Exception e) {
            T3SrvrLogger.logInconsistentSecurityConfig(e);
            throw ((IOException) new IOException(e.getMessage()).initCause(e));
        }
    }

    @Override // weblogic.server.channels.DynamicListenThread
    final String getName() {
        return "DynamicJSSEListenThread[" + getChannelName() + "]";
    }

    @Override // weblogic.server.channels.DynamicListenThread
    public void registerSocket(Socket socket) {
        try {
            socket.setSoTimeout(this.loginTimeout);
            WeblogicSSLEngine createSSLEngine = this.sslEngineFactory.createSSLEngine(socket.getInetAddress().getHostAddress(), socket.getPort());
            createSSLEngine.setUseClientMode(false);
            String[] removeNullCipherSuites = SSLCipherUtility.removeNullCipherSuites(ManagementService.getRuntimeAccess(kernelId).getServer().getSSL().getCiphersuites());
            if (removeNullCipherSuites != null && removeNullCipherSuites.length > 0) {
                createSSLEngine.setEnabledCipherSuites(removeNullCipherSuites);
            }
            if (SSLSetup.isDebugEnabled(3)) {
                String[] enabledCipherSuites = createSSLEngine.getEnabledCipherSuites();
                SSLSetup.info(getName() + " " + enabledCipherSuites.length + " cipher suites enabled:");
                for (String str : enabledCipherSuites) {
                    SSLSetup.info(str);
                }
            }
            createSSLEngine.setWantClientAuth(this.channels[0].isTwoWaySSLEnabled());
            if (this.channels[0].isTwoWaySSLEnabled() && this.channels[0].isClientCertificateEnforced()) {
                createSSLEngine.setNeedClientAuth(this.channels[0].isClientCertificateEnforced());
            } else if (!this.channels[0].isTwoWaySSLEnabled() && this.channels[0].isClientCertificateEnforced()) {
                T3SrvrLogger.logInconsistentSSLConfig();
            }
            JSSEFilterImpl jSSEFilterImpl = new JSSEFilterImpl(socket, createSSLEngine);
            MuxableSocketDiscriminator muxableSocketDiscriminator = new MuxableSocketDiscriminator(new JSSESocket(socket, jSSEFilterImpl), this.handlers, this.channels);
            jSSEFilterImpl.setDelegate(muxableSocketDiscriminator);
            muxableSocketDiscriminator.setSocketFilter(jSSEFilterImpl);
            SocketMuxer.getMuxer().register(jSSEFilterImpl);
            SocketMuxer.getMuxer().read(jSSEFilterImpl);
        } catch (EOFException e) {
            rejectCatastrophe(socket, "Client closed socket '" + socketInfo(socket) + "' before completing connection.", e);
        } catch (InterruptedIOException e2) {
            rejectCatastrophe(socket, "Login timed out after: '" + this.loginTimeout + "' ms on socket: '" + socketInfo(socket) + "'", e2);
        } catch (IOException e3) {
            rejectCatastrophe(socket, "Unable to read from socket: '" + socketInfo(socket) + "'", e3);
        }
    }
}
