package org.jacorb.security.ssl.sun_jsse;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CRL;
import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.jacorb.config.Configurable;
import org.jacorb.config.Configuration;
import org.jacorb.config.ConfigurationException;
import org.jacorb.orb.factory.ServerSocketFactory;

/* loaded from: input_file:org/jacorb/security/ssl/sun_jsse/SSLServerSocketFactory.class */
public class SSLServerSocketFactory extends SSLRandom implements ServerSocketFactory, Configurable {
    private javax.net.ServerSocketFactory factory = null;
    private boolean require_mutual_auth = false;
    private boolean request_mutual_auth = false;
    private boolean trusteesFromKS = false;
    private String[] cipher_suites = null;
    private String[] enabledProtocols = null;
    private TrustManager trustManager = null;
    private int serverSupportedOptions = 0;
    private int serverRequiredOptions = 0;
    private String keystore_location = null;
    private String keystore_passphrase = null;
    private String keystore_type = null;
    private String keyManagerAlgorithm = null;
    private String trustManagerAlgorithm = null;
    private String keystore_provider = null;
    private String truststore_type = null;
    private String truststore_location = null;
    private String truststore_passphrase = null;
    private String truststore_provider = null;
    private boolean support_crl = false;
    private String crl_file = null;

    @Override // org.jacorb.security.ssl.sun_jsse.SSLRandom, org.jacorb.config.Configurable
    public void configure(Configuration configuration) throws ConfigurationException {
        super.configure(configuration);
        this.trusteesFromKS = configuration.getAttributeAsBoolean("jacorb.security.jsse.trustees_from_ks", false);
        this.serverSupportedOptions = configuration.getAttributeAsInteger("jacorb.security.ssl.server.supported_options", 32, 16);
        this.serverRequiredOptions = configuration.getAttributeAsInteger("jacorb.security.ssl.server.required_options", 0, 16);
        if ((this.serverSupportedOptions & 64) != 0) {
            if (this.logger.isInfoEnabled()) {
                this.logger.info("Will create SSL sockets that request client authentication");
            }
            this.request_mutual_auth = true;
        }
        if ((this.serverRequiredOptions & 64) != 0) {
            this.require_mutual_auth = true;
            this.request_mutual_auth = false;
            if (this.logger.isInfoEnabled()) {
                this.logger.info("Will create SSL sockets that require client authentication");
            }
        }
        this.keystore_location = configuration.getAttribute("jacorb.security.keystore");
        this.keystore_passphrase = configuration.getAttribute("jacorb.security.keystore_password");
        this.keystore_type = configuration.getAttribute("jacorb.security.keystore_type", "JKS");
        this.keyManagerAlgorithm = configuration.getAttribute("jacorb.security.jsse.server.key_manager_algorithm", "SunX509");
        this.trustManagerAlgorithm = configuration.getAttribute("jacorb.security.jsse.server.trust_manager_algorithm", "SunX509");
        this.keystore_provider = configuration.getAttribute("jacorb.security.keystore_provider", null);
        this.truststore_type = configuration.getAttribute("jacorb.security.truststore_type", null);
        this.truststore_location = configuration.getAttribute("jacorb.security.truststore", null);
        this.truststore_passphrase = configuration.getAttribute("jacorb.security.truststore_password", null);
        this.truststore_provider = configuration.getAttribute("jacorb.security.truststore_provider", null);
        this.crl_file = configuration.getAttribute("jacorb.security.crl_file", null);
        this.support_crl = configuration.getAttributeAsBoolean("jacorb.security.support_crl", false);
        try {
            this.trustManager = (TrustManager) configuration.getAttributeAsObject("jacorb.security.ssl.server.trust_manager");
        } catch (ConfigurationException e) {
            if (this.logger.isErrorEnabled()) {
                this.logger.error("TrustManager object creation failed. Please check value of property 'jacorb.security.ssl.server.trust_manager'. Current value: " + configuration.getAttribute("jacorb.security.ssl.server.trust_manager", ""), e);
            }
        }
        this.enabledProtocols = configuration.getAttributeAsStringsArray("jacorb.security.ssl.server.protocols");
        if (this.enabledProtocols != null && this.logger.isDebugEnabled()) {
            this.logger.debug("Setting user specified server enabled protocols : " + configuration.getAttribute("jacorb.security.ssl.server.protocols", ""));
        }
        try {
            this.factory = createServerSocketFactory();
            this.cipher_suites = configuration.getAttributeAsStringsArray("jacorb.security.ssl.server.cipher_suites");
        } catch (Exception e2) {
            this.logger.warn("Unable to create ServerSocketFactory : {}", e2.getMessage(), e2);
            throw new ConfigurationException("Unable to create ServerSocketFactory!", e2);
        }
    }

    @Override // org.jacorb.orb.factory.ServerSocketFactory
    public ServerSocket createServerSocket(int i) throws IOException {
        SSLServerSocket sSLServerSocket = (SSLServerSocket) this.factory.createServerSocket(i);
        if (this.request_mutual_auth) {
            sSLServerSocket.setWantClientAuth(this.request_mutual_auth);
        } else if (this.require_mutual_auth) {
            sSLServerSocket.setNeedClientAuth(this.require_mutual_auth);
        }
        if (this.cipher_suites != null) {
            sSLServerSocket.setEnabledCipherSuites(this.cipher_suites);
        }
        if (this.enabledProtocols != null) {
            sSLServerSocket.setEnabledProtocols(this.enabledProtocols);
        }
        return sSLServerSocket;
    }

    @Override // org.jacorb.orb.factory.ServerSocketFactory
    public ServerSocket createServerSocket(int i, int i2) throws IOException {
        SSLServerSocket sSLServerSocket = (SSLServerSocket) this.factory.createServerSocket(i, i2);
        if (this.request_mutual_auth) {
            sSLServerSocket.setWantClientAuth(this.request_mutual_auth);
        } else if (this.require_mutual_auth) {
            sSLServerSocket.setNeedClientAuth(this.require_mutual_auth);
        }
        if (this.cipher_suites != null) {
            sSLServerSocket.setEnabledCipherSuites(this.cipher_suites);
        }
        if (this.enabledProtocols != null) {
            sSLServerSocket.setEnabledProtocols(this.enabledProtocols);
        }
        return sSLServerSocket;
    }

    @Override // org.jacorb.orb.factory.ServerSocketFactory
    public ServerSocket createServerSocket(int i, int i2, InetAddress inetAddress) throws IOException {
        SSLServerSocket sSLServerSocket = (SSLServerSocket) this.factory.createServerSocket(i, i2, inetAddress);
        if (this.request_mutual_auth) {
            sSLServerSocket.setWantClientAuth(this.request_mutual_auth);
        } else if (this.require_mutual_auth) {
            sSLServerSocket.setNeedClientAuth(this.require_mutual_auth);
        }
        if (this.cipher_suites != null) {
            sSLServerSocket.setEnabledCipherSuites(this.cipher_suites);
        }
        if (this.enabledProtocols != null) {
            sSLServerSocket.setEnabledProtocols(this.enabledProtocols);
        }
        return sSLServerSocket;
    }

    public boolean isSSL(ServerSocket serverSocket) {
        return serverSocket instanceof SSLServerSocket;
    }

    private javax.net.ServerSocketFactory createServerSocketFactory() throws IOException, GeneralSecurityException {
        TrustManager[] trustManagerArr;
        KeyStore keyStore = KeyStoreUtil.getKeyStore(this.keystore_location, this.keystore_passphrase.toCharArray(), this.keystore_type, this.keystore_provider);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.keyManagerAlgorithm);
        if ("WINDOWS-MY".equalsIgnoreCase(this.keystore_type)) {
            keyManagerFactory.init(keyStore, null);
        } else {
            keyManagerFactory.init(keyStore, this.keystore_passphrase.toCharArray());
        }
        TrustManagerFactory trustManagerFactory = null;
        KeyStore keyStore2 = null;
        if ((this.serverRequiredOptions & 64) != 0 || (this.serverSupportedOptions & 64) != 0) {
            trustManagerFactory = TrustManagerFactory.getInstance(this.trustManagerAlgorithm);
            if (this.trusteesFromKS) {
                keyStore2 = keyStore;
            } else {
                if ("PKCS11".equalsIgnoreCase(this.truststore_type)) {
                    keyStore2 = KeyStore.getInstance(this.truststore_type, this.truststore_provider);
                    keyStore2.load(null, this.truststore_passphrase.toCharArray());
                } else if ("WINDOWS-ROOT".equalsIgnoreCase(this.truststore_type)) {
                    keyStore2 = KeyStore.getInstance("WINDOWS-ROOT");
                    keyStore2.load(null, null);
                } else if (this.truststore_location != null && this.truststore_passphrase != null) {
                    keyStore2 = KeyStoreUtil.getKeyStore(this.truststore_location, this.truststore_passphrase.toCharArray(), this.truststore_type);
                }
                this.logger.debug("SSLServerSocketFactory: loaded trust store: " + (keyStore2 != null ? keyStore2.getProvider() : "default (null)"));
            }
            if (keyStore2 == null || !this.support_crl) {
                trustManagerFactory.init(keyStore2);
            } else {
                X509CertSelector x509CertSelector = new X509CertSelector();
                x509CertSelector.setCertificateValid(new Date());
                PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore2, x509CertSelector);
                CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(getCRLs()));
                pKIXBuilderParameters.setRevocationEnabled(true);
                pKIXBuilderParameters.addCertStore(certStore);
                trustManagerFactory.init(new CertPathTrustManagerParameters(pKIXBuilderParameters));
            }
        }
        if (this.trustManager == null) {
            trustManagerArr = trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers();
        } else {
            trustManagerArr = new TrustManager[]{this.trustManager};
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Setting user specified server TrustManger : " + this.trustManager.getClass().toString());
            }
        }
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerArr, getSecureRandom());
        return sSLContext.getServerSocketFactory();
    }

    private Collection<? extends CRL> getCRLs() throws IOException, GeneralSecurityException {
        this.logger.debug("SSLServerSocketFactory: Loading the CRLs from file: " + this.crl_file);
        File file = new File(this.crl_file);
        FileInputStream fileInputStream = null;
        try {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                fileInputStream = new FileInputStream(file);
                Collection<? extends CRL> generateCRLs = certificateFactory.generateCRLs(fileInputStream);
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("SSLServerSocketFactory: Found CLRs:");
                    Iterator<? extends CRL> it = generateCRLs.iterator();
                    while (it.hasNext()) {
                        this.logger.debug(it.next().toString());
                    }
                }
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e) {
                    }
                }
                return generateCRLs;
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e2) {
                    }
                }
                throw th;
            }
        } catch (IOException e3) {
            this.logger.error("SSLServerSocketFactory: CLRs loading failed: ", e3);
            throw e3;
        } catch (GeneralSecurityException e4) {
            this.logger.error("SSLServerSocketFactory: CLRs security error: ", e4);
            throw e4;
        }
    }
}
