package com.sun.portal.rproxy.server;

import com.sun.portal.desktop.dp.xml.XMLDPAttrs;
import com.sun.portal.perf.rproxy.PerfContextObject;
import com.sun.portal.perf.rproxy.SocketCount;
import com.sun.portal.rproxy.configservlet.client.GatewayProfile;
import com.sun.portal.util.GWDebug;
import com.sun.portal.util.GWNSSInit;
import com.sun.portal.util.SRAPServerSocket;
import com.sun.portal.util.ServiceIdentifier;
import com.sun.portal.util.SystemProperties;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.SocketException;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.List;
import org.mozilla.jss.ssl.SSLServerSocket;
import org.mozilla.jss.ssl.SSLSocket;

/* JADX WARN: Classes with same name are omitted:
  input_file:116856-10/SUNWpsgw/reloc/SUNWps/lib/gateway.jar:com/sun/portal/rproxy/server/ServerSocketFactory.class
  input_file:116856-10/SUNWpsnlp/reloc/SUNWps/lib/netletproxy.jar:com/sun/portal/rproxy/server/ServerSocketFactory.class
 */
/* loaded from: input_file:116856-10/SUNWpsrwp/reloc/SUNWps/lib/gateway.jar:com/sun/portal/rproxy/server/ServerSocketFactory.class */
public class ServerSocketFactory {
    private static final String HTTPPROXY_PORT = "HTTPProxyPort";
    private static final int HTTPPROXY_DEFAULT_PORT = 10443;
    private static boolean enableSSLV2;
    private static boolean enableSSLV3;
    private static boolean disableNullCiphers;
    private static List enabledSSL2CipherList;
    private static List enabledSSL3CipherList;
    private static List enabledTLSCipherList;
    private static boolean allow40bitBrowser = GatewayProfile.getString("Allow40BitConnections", XMLDPAttrs.TRUE_ATTR).equals(XMLDPAttrs.TRUE_ATTR);
    private static boolean individualCipherSelectionMode = GatewayProfile.getString("EnableIndividualCipherSelectionMode", XMLDPAttrs.FALSE_ATTR).equals(XMLDPAttrs.TRUE_ATTR);

    private ServerSocketFactory() {
    }

    public static ServerSocket createNormalServerSocket(int i) {
        try {
            ServerSocket serverSocket = new ServerSocket(i, 50, InetAddress.getByName("127.0.0.1"));
            if (PerfContextObject.ENABLE_PERF) {
                SocketCount.incrementServerSockets();
            }
            return serverSocket;
        } catch (IOException e) {
            if (!GWDebug.debug.errorEnabled()) {
                return null;
            }
            GWDebug.debug.error(new StringBuffer().append("FATAL: Not able to create Http Server Socket:").append(i).toString(), e);
            return null;
        }
    }

    public static ServerSocket createSSLSocketServer(int i) {
        SSLServerSocket sSLServerSocket;
        SSLServerSocket.configServerSessionIDCache(15000, 86400, 86400, (String) null);
        certificationAdministration();
        int i2 = GatewayProfile.getInt("EProxyConnectionQueue", 50);
        String str = SystemProperties.get("gateway.bindipaddress");
        if (str == null) {
            str = "127.0.0.1";
        }
        try {
            sSLServerSocket = new SSLServerSocket(i, i2, InetAddress.getByName(str));
            if (GWDebug.debug.messageEnabled()) {
                GWDebug.debug.message(new StringBuffer().append("ServerSocketFactory:createSSLSocketServer  nickname = ").append(GWNSSInit.nickname).toString());
            }
            sSLServerSocket.setServerCertNickname(GWNSSInit.nickname);
            if (PerfContextObject.ENABLE_PERF) {
                SocketCount.incrementServerSockets();
            }
        } catch (UnknownHostException e) {
            if (GWDebug.debug.errorEnabled()) {
                GWDebug.debug.error("ServerSocketFactory:createSSLSocketServer localhost unknown host", e);
            }
            sSLServerSocket = null;
        } catch (IOException e2) {
            if (GWDebug.debug.errorEnabled()) {
                GWDebug.debug.error("ServerSocketFactory:createSSLSocketServer cannot create server socket", e2);
            }
            sSLServerSocket = null;
        }
        if (toLowerCase(GatewayProfile.getStringList("CertificateEnabledList")).contains(SystemProperties.get("gateway.host", null).toLowerCase()) && ServiceIdentifier.isGateway()) {
            if (GWDebug.debug.messageEnabled()) {
                GWDebug.debug.message("Doing PDC");
            }
            try {
                sSLServerSocket.requestClientAuth(true);
            } catch (SocketException e3) {
                if (GWDebug.debug.errorEnabled()) {
                    GWDebug.debug.error("Unable to request client authentication");
                }
            }
        }
        return sSLServerSocket;
    }

    private static void certificationAdministration() {
        if (individualCipherSelectionMode) {
            GWNSSInit.disableAllCiphers();
            enableCipherList(enabledSSL2CipherList);
            enableCipherList(enabledSSL3CipherList);
            enableCipherList(enabledTLSCipherList);
            return;
        }
        if (!enableSSLV2) {
            GWNSSInit.disableCipher(GWNSSInit.cipherSuites128BitSSL2);
        }
        if (!enableSSLV3) {
            GWNSSInit.disableCipher(GWNSSInit.cipherSuites128BitSSL3);
        }
        if (disableNullCiphers || !allow40bitBrowser) {
            GWNSSInit.disableCipher(GWNSSInit.cipherSuitesSSL3Null);
        }
        if (!allow40bitBrowser) {
            GWNSSInit.disableCipher(GWNSSInit.cipherSuites40BitSSL2);
            GWNSSInit.disableCipher(GWNSSInit.cipherSuites40BitSSL3);
            GWNSSInit.disableCipher(GWNSSInit.cipherSuitesOthersSSL2);
            GWNSSInit.disableCipher(GWNSSInit.cipherSuitesOthersSSL3);
            GWNSSInit.disableCipher(GWNSSInit.cipherSuitesOthersTLS);
            return;
        }
        if (!enableSSLV2) {
            GWNSSInit.disableCipher(GWNSSInit.cipherSuites40BitSSL2);
            GWNSSInit.disableCipher(GWNSSInit.cipherSuitesOthersSSL2);
        }
        if (enableSSLV3) {
            return;
        }
        GWNSSInit.disableCipher(GWNSSInit.cipherSuites40BitSSL3);
        GWNSSInit.disableCipher(GWNSSInit.cipherSuitesOthersSSL3);
        GWNSSInit.disableCipher(GWNSSInit.cipherSuitesSSL3Null);
        GWNSSInit.disableCipher(GWNSSInit.cipherSuitesOthersTLS);
    }

    private static void enableCipherList(List list) {
        int size = list.size();
        for (int i = 0; i < size; i++) {
            enableCipher((String) list.get(i));
        }
    }

    private static void enableCipher(String str) {
        if (enableSSLV2 || str.toLowerCase().indexOf("ssl2") == -1) {
            if (enableSSLV3 || str.toLowerCase().indexOf("ssl3") == -1) {
                if (enableSSLV3 || str.toLowerCase().indexOf("ssl_rsa_fips") == -1) {
                    if (!disableNullCiphers || str.toLowerCase().indexOf("null") == -1) {
                        String trim = str.trim();
                        if (allow40bitBrowser || !(trim.equalsIgnoreCase("SSL2_RC2_128_CBC_EXPORT40_WITH_MD5") || trim.equalsIgnoreCase("SSL2_RC4_128_EXPORT40_WITH_MD5") || trim.equalsIgnoreCase("SSL3_RSA_EXPORT_WITH_RC4_40_MD5") || trim.equalsIgnoreCase("SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5") || trim.equalsIgnoreCase("SSL2_DES_64_CBC_WITH_MD5") || trim.equalsIgnoreCase("SSL3_RSA_WITH_DES_CBC_SHA") || trim.equalsIgnoreCase("SSL3_RSA_WITH_NULL_MD5") || trim.equalsIgnoreCase("TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA") || trim.equalsIgnoreCase("TLS_RSA_EXPORT1024_WITH_RC4_56_SHA") || trim.equalsIgnoreCase("SSL_RSA_FIPS_WITH_DES_CBC_SHA") || trim.equalsIgnoreCase("SSL3_FORTEZZA_DMS_WITH_NULL_SHA") || trim.equalsIgnoreCase("SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA"))) {
                            if (trim.equalsIgnoreCase("SSL2_RC2_128_CBC_WITH_MD5")) {
                                SSLSocket.setCipherPreference(65283, true);
                                return;
                            }
                            if (trim.equalsIgnoreCase("SSL2_DES_192_EDE3_CBC_WITH_MD5")) {
                                SSLSocket.setCipherPreference(65287, true);
                                return;
                            }
                            if (trim.equalsIgnoreCase("SSL2_RC4_128_WITH_MD5")) {
                                SSLSocket.setCipherPreference(65281, true);
                                return;
                            }
                            if (trim.equalsIgnoreCase("SSL3_RSA_WITH_3DES_EDE_CBC_SHA")) {
                                SSLSocket.setCipherPreference(10, true);
                                return;
                            }
                            if (trim.equalsIgnoreCase("SSL3_RSA_WITH_RC4_128_MD5")) {
                                SSLSocket.setCipherPreference(4, true);
                                return;
                            }
                            if (trim.equalsIgnoreCase("SSL3_RSA_WITH_RC4_128_SHA")) {
                                SSLSocket.setCipherPreference(5, true);
                                return;
                            }
                            if (trim.equalsIgnoreCase("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA")) {
                                SSLSocket.setCipherPreference(65279, true);
                                return;
                            }
                            if (trim.equalsIgnoreCase("SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA")) {
                                SSLSocket.setCipherPreference(30, true);
                                return;
                            }
                            if (trim.equalsIgnoreCase("SSL2_RC2_128_CBC_EXPORT40_WITH_MD5")) {
                                SSLSocket.setCipherPreference(65284, true);
                                return;
                            }
                            if (trim.equalsIgnoreCase("SSL2_RC4_128_EXPORT40_WITH_MD5")) {
                                SSLSocket.setCipherPreference(65282, true);
                                return;
                            }
                            if (trim.equalsIgnoreCase("SSL3_RSA_EXPORT_WITH_RC4_40_MD5")) {
                                SSLSocket.setCipherPreference(3, true);
                                return;
                            }
                            if (trim.equalsIgnoreCase("SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5")) {
                                SSLSocket.setCipherPreference(6, true);
                                return;
                            }
                            if (trim.equalsIgnoreCase("SSL2_DES_64_CBC_WITH_MD5")) {
                                SSLSocket.setCipherPreference(65286, true);
                                return;
                            }
                            if (trim.equalsIgnoreCase("SSL3_RSA_WITH_DES_CBC_SHA")) {
                                SSLSocket.setCipherPreference(9, true);
                                return;
                            }
                            if (trim.equalsIgnoreCase("SSL3_RSA_WITH_NULL_MD5")) {
                                SSLSocket.setCipherPreference(1, true);
                                return;
                            }
                            if (trim.equalsIgnoreCase("TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA")) {
                                SSLSocket.setCipherPreference(98, true);
                                return;
                            }
                            if (trim.equalsIgnoreCase("TLS_RSA_EXPORT1024_WITH_RC4_56_SHA")) {
                                SSLSocket.setCipherPreference(100, true);
                                return;
                            }
                            if (trim.equalsIgnoreCase("SSL_RSA_FIPS_WITH_DES_CBC_SHA")) {
                                SSLSocket.setCipherPreference(65278, true);
                            } else if (trim.equalsIgnoreCase("SSL3_FORTEZZA_DMS_WITH_NULL_SHA")) {
                                SSLSocket.setCipherPreference(28, true);
                            } else if (trim.equalsIgnoreCase("SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA")) {
                                SSLSocket.setCipherPreference(29, true);
                            }
                        }
                    }
                }
            }
        }
    }

    private static List toLowerCase(List list) {
        int size = list.size();
        ArrayList arrayList = new ArrayList(size);
        for (int i = 0; i < size; i++) {
            arrayList.add(((String) list.get(i)).toLowerCase());
        }
        return arrayList;
    }

    public static ServerSocket createSRAPServerSocket(int i) {
        int i2 = GatewayProfile.getInt("EProxyConnectionQueue", 50);
        String str = SystemProperties.get("gateway.bindipaddress");
        if (str == null) {
            str = "127.0.0.1";
        }
        try {
            SRAPServerSocket sRAPServerSocket = new SRAPServerSocket(i, i2, InetAddress.getByName(str));
            if (PerfContextObject.ENABLE_PERF) {
                SocketCount.incrementServerSockets();
            }
            return sRAPServerSocket;
        } catch (IOException e) {
            if (!GWDebug.debug.errorEnabled()) {
                return null;
            }
            GWDebug.debug.error(new StringBuffer().append("EProxyConnection cannot create server socket on ").append(i).toString(), e);
            return null;
        }
    }

    static {
        enableSSLV2 = true;
        enableSSLV3 = true;
        disableNullCiphers = false;
        enabledSSL2CipherList = null;
        enabledSSL3CipherList = null;
        enabledTLSCipherList = null;
        enableSSLV2 = GatewayProfile.getString("EnableSSLv2", XMLDPAttrs.TRUE_ATTR).equals(XMLDPAttrs.TRUE_ATTR);
        enableSSLV3 = GatewayProfile.getString("EnableSSLv3", XMLDPAttrs.TRUE_ATTR).equals(XMLDPAttrs.TRUE_ATTR);
        disableNullCiphers = GatewayProfile.getString("DisableNull", XMLDPAttrs.FALSE_ATTR).equals(XMLDPAttrs.TRUE_ATTR);
        if (individualCipherSelectionMode) {
            enabledSSL2CipherList = GatewayProfile.getStringList("EnabledSSL2CipherList");
            enabledSSL3CipherList = GatewayProfile.getStringList("EnabledSSL3CipherList");
            enabledTLSCipherList = GatewayProfile.getStringList("EnabledTLSCipherList");
        }
    }
}
