package com.sun.messaging.jmq.jmsserver.net.tls;

import com.sun.messaging.jmq.jmsserver.Broker;
import com.sun.messaging.jmq.jmsserver.Globals;
import com.sun.messaging.jmq.jmsserver.config.BrokerConfig;
import com.sun.messaging.jmq.jmsserver.license.LicenseBase;
import com.sun.messaging.jmq.jmsserver.net.ProtocolStreams;
import com.sun.messaging.jmq.jmsserver.net.tcp.TcpProtocol;
import com.sun.messaging.jmq.jmsserver.resources.BrokerResources;
import com.sun.messaging.jmq.jmsserver.util.BrokerException;
import com.sun.messaging.jmq.util.Password;
import com.sun.messaging.jmq.util.StringUtil;
import com.sun.messaging.jmq.util.log.Logger;
import com.sun.net.ssl.internal.ssl.Provider;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Security;
import javax.net.ServerSocketFactory;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;

/* loaded from: input_file:119133-06/SUNWiqu/reloc/usr/share/lib/imq/imqbroker.jar:com/sun/messaging/jmq/jmsserver/net/tls/TLSProtocol.class */
public class TLSProtocol extends TcpProtocol {
    public static final String KEYSTORE_DIR_PROP = "imq.keystore.file.dirpath";
    public static final String KEYSTORE_FILE_PROP = "imq.keystore.file.name";
    public static final String KEYSTORE_PASSWORD_PROP = "imq.keystore.password";
    private static final int defaultPort = 11001;
    protected static boolean TLS_ALLOWED;
    private static SSLServerSocketFactory ssfactory = null;
    protected static Logger logger = Globals.getLogger();
    protected static BrokerResources br = Globals.getBrokerResources();
    private SSLServerSocket serversocket = null;
    private static boolean registered;
    private static final Object classlock;

    public TLSProtocol() {
        this.CanChangeBlocking = false;
        this.port = defaultPort;
        if (TLS_ALLOWED) {
            return;
        }
        Globals.getLogger().log(32, BrokerResources.E_FATAL_FEATURE_UNAVAILABLE, Globals.getBrokerResources().getString(BrokerResources.M_SSL_JMS));
        Broker.exit(1);
    }

    @Override // com.sun.messaging.jmq.jmsserver.net.tcp.TcpProtocol, com.sun.messaging.jmq.jmsserver.net.Protocol
    public ProtocolStreams accept() throws IOException {
        if (this.serversocket == null) {
            throw new IOException(Globals.getBrokerResources().getString(BrokerResources.X_INTERNAL_EXCEPTION, "Unable to accept on un-opened protocol"));
        }
        SSLSocket sSLSocket = (SSLSocket) this.serversocket.accept();
        sSLSocket.setTcpNoDelay(this.nodelay);
        return createConnection(sSLSocket);
    }

    @Override // com.sun.messaging.jmq.jmsserver.net.tcp.TcpProtocol
    public String toString() {
        return new StringBuffer().append("SSL/TLS [ ").append(this.port).append(",").append(this.backlog).append("]").toString();
    }

    @Override // com.sun.messaging.jmq.jmsserver.net.tcp.TcpProtocol
    protected ServerSocket createSocket(String str, int i, int i2, boolean z, boolean z2) throws IOException {
        registerSSLProvider();
        SSLServerSocketFactory sSLServerSocketFactory = (SSLServerSocketFactory) getServerSocketFactory();
        if (str == null || str.equals(Globals.HOSTNAME_ALL)) {
            this.serversocket = (SSLServerSocket) sSLServerSocketFactory.createServerSocket(i, i2);
        } else {
            this.serversocket = (SSLServerSocket) sSLServerSocketFactory.createServerSocket(i, i2, InetAddress.getByName(str));
        }
        return this.serversocket;
    }

    protected TLSStreams createConnection(SSLSocket sSLSocket) throws IOException {
        return new TLSStreams(sSLSocket, this.inputBufferSize, this.outputBufferSize);
    }

    public static ServerSocketFactory getServerSocketFactory() throws IOException {
        SSLServerSocketFactory sSLServerSocketFactory;
        synchronized (classlock) {
            if (ssfactory == null) {
                try {
                    BrokerConfig config = Globals.getConfig();
                    String property = System.getProperty("file.separator");
                    String property2 = config.getProperty(KEYSTORE_DIR_PROP);
                    String stringBuffer = new StringBuffer().append(property2 != null ? StringUtil.expandVariables(property2, config) : new StringBuffer().append(config.getProperty("imq.varhome")).append(property).append("security").toString()).append(property).append(config.getProperty(KEYSTORE_FILE_PROP)).toString();
                    if (!new File(stringBuffer).exists()) {
                        throw new IOException(br.getKString(BrokerResources.E_KEYSTORE_NOT_EXIST, stringBuffer));
                    }
                    String property3 = config.getProperty(KEYSTORE_PASSWORD_PROP);
                    int i = 0;
                    Password password = new Password();
                    while (true) {
                        if ((property3 != null && !property3.equals("")) || i > 5) {
                            break;
                        }
                        System.err.print(br.getString(BrokerResources.M_ENTER_KEY_PWD, stringBuffer));
                        System.err.flush();
                        if (Broker.background) {
                            System.err.print("\n");
                            break;
                        }
                        property3 = password.getPassword();
                        i++;
                    }
                    if (property3 == null) {
                        property3 = new String();
                        logger.log(32, br.getKString(BrokerResources.E_PASS_PHRASE_NULL));
                    }
                    char[] charArray = property3.toCharArray();
                    SSLContext sSLContext = SSLContext.getInstance("TLS");
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                    KeyStore keyStore = KeyStore.getInstance("JKS");
                    keyStore.load(new FileInputStream(stringBuffer), charArray);
                    keyManagerFactory.init(keyStore, charArray);
                    sSLContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{new DefaultTrustManager()}, SecureRandom.getInstance("SHA1PRNG"));
                    ssfactory = sSLContext.getServerSocketFactory();
                } catch (IOException e) {
                    throw e;
                } catch (Exception e2) {
                    logger.logStack(32, br.getKString(BrokerResources.X_GET_SSL_SOCKET_FACT), e2);
                    throw new IOException(e2.getMessage());
                }
            }
            sSLServerSocketFactory = ssfactory;
        }
        return sSLServerSocketFactory;
    }

    public static void registerSSLProvider() {
        if (registered) {
            return;
        }
        synchronized (classlock) {
            if (!registered) {
                Security.addProvider(new Provider());
                registered = true;
            }
        }
    }

    static {
        TLS_ALLOWED = false;
        try {
            TLS_ALLOWED = Globals.getCurrentLicense(null).getBooleanProperty(LicenseBase.PROP_ENABLE_SSL, false);
        } catch (BrokerException e) {
            TLS_ALLOWED = false;
        }
        registered = false;
        classlock = new Object();
    }
}
