package com.sun.enterprise.iiop;

import com.sun.corba.ee.impl.orbutil.ORBConstants;
import com.sun.corba.ee.pept.transport.Acceptor;
import com.sun.corba.ee.spi.orb.ORB;
import com.sun.corba.ee.spi.transport.ORBSocketFactory;
import com.sun.enterprise.Switch;
import com.sun.enterprise.config.serverbeans.IiopListener;
import com.sun.enterprise.config.serverbeans.IiopService;
import com.sun.enterprise.config.serverbeans.ServerBeansFactory;
import com.sun.enterprise.config.serverbeans.Ssl;
import com.sun.enterprise.security.CipherInfo;
import com.sun.enterprise.security.KeyTool;
import com.sun.enterprise.security.SSLUtils;
import com.sun.enterprise.security.ssl.J2EEKeyManager;
import com.sun.enterprise.server.ApplicationServer;
import com.sun.enterprise.server.J2EEServer;
import com.sun.jdo.spi.persistence.utility.generator.JavaClassWriterHelper;
import com.sun.logging.LogDomains;
import java.io.IOException;
import java.io.Serializable;
import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
import java.nio.channels.ServerSocketChannel;
import java.nio.channels.SocketChannel;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509KeyManager;

/* loaded from: input_file:119167-15/SUNWascmn/reloc/appserver/lib/appserv-rt.jar:com/sun/enterprise/iiop/IIOPSSLSocketFactory.class */
public class IIOPSSLSocketFactory implements ORBSocketFactory, Serializable {
    private static Logger _logger;
    private static final String TLS = "TLS";
    private static final String SSL3 = "SSLv3";
    private static final String SSL2 = "SSLv2";
    private static final String SSL = "SSL";
    private static final String SSL_MUTUALAUTH = "SSL_MUTUALAUTH";
    private static final String PERSISTENT_SSL = "PERSISTENT_SSL";
    private static SecureRandom sr;
    private Map portToSSLInfo = new Hashtable();
    private SSLInfo clientSslInfo;
    private ORB orb;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:119167-15/SUNWascmn/reloc/appserver/lib/appserv-rt.jar:com/sun/enterprise/iiop/IIOPSSLSocketFactory$SSLInfo.class */
    public class SSLInfo {
        private SSLContext ctx;
        private String[] ssl3TlsCiphers;
        private String[] ssl2Ciphers;
        private final IIOPSSLSocketFactory this$0;

        SSLInfo(IIOPSSLSocketFactory iIOPSSLSocketFactory, SSLContext sSLContext, String[] strArr, String[] strArr2) {
            this.this$0 = iIOPSSLSocketFactory;
            this.ssl3TlsCiphers = null;
            this.ssl2Ciphers = null;
            this.ctx = sSLContext;
            this.ssl3TlsCiphers = strArr;
            this.ssl2Ciphers = strArr2;
        }

        SSLContext getContext() {
            return this.ctx;
        }

        String[] getSsl3TlsCiphers() {
            return this.ssl3TlsCiphers;
        }

        String[] getSsl2Ciphers() {
            return this.ssl2Ciphers;
        }
    }

    public IIOPSSLSocketFactory() {
        Ssl ssl;
        this.clientSslInfo = null;
        try {
            if (Switch.getSwitch().getContainerType() == 2) {
                IiopService iiopServiceBean = ServerBeansFactory.getIiopServiceBean(ApplicationServer.getServerContext().getConfigContext());
                IiopListener[] iiopListener = iiopServiceBean.getIiopListener();
                int length = iiopListener != null ? iiopListener.length : 0;
                for (int i = 0; i < length; i++) {
                    Ssl ssl2 = iiopListener[i].getSsl();
                    if (iiopListener[i].isSecurityEnabled()) {
                        this.portToSSLInfo.put(new Integer(iiopListener[i].getPort()), ssl2 != null ? init(ssl2.getCertNickname(), ssl2.isSsl2Enabled(), ssl2.getSsl2Ciphers(), ssl2.isSsl3Enabled(), ssl2.getSsl3TlsCiphers(), ssl2.isTlsEnabled()) : getDefaultSslInfo());
                    }
                }
                if (iiopServiceBean.getSslClientConfig() != null && iiopServiceBean.getSslClientConfig().isEnabled() && (ssl = iiopServiceBean.getSslClientConfig().getSsl()) != null) {
                    this.clientSslInfo = init(ssl.getCertNickname(), ssl.isSsl2Enabled(), ssl.getSsl2Ciphers(), ssl.isSsl3Enabled(), ssl.getSsl3TlsCiphers(), ssl.isTlsEnabled());
                }
                if (this.clientSslInfo == null) {
                    this.clientSslInfo = getDefaultSslInfo();
                }
            } else {
                com.sun.enterprise.config.clientbeans.Ssl appclientSsl = SSLUtils.getAppclientSsl();
                if (appclientSsl != null) {
                    this.clientSslInfo = init(appclientSsl.getCertNickname(), appclientSsl.isSsl2Enabled(), appclientSsl.getSsl2Ciphers(), appclientSsl.isSsl3Enabled(), appclientSsl.getSsl3TlsCiphers(), appclientSsl.isTlsEnabled());
                } else {
                    this.clientSslInfo = getDefaultSslInfo();
                }
            }
        } catch (Exception e) {
            _logger.log(Level.SEVERE, "iiop.init_exception", (Throwable) e);
            throw new IllegalStateException(e.toString());
        }
    }

    private SSLInfo getDefaultSslInfo() throws Exception {
        return init(null, false, null, true, null, true);
    }

    private SSLInfo init(String str, boolean z, String str2, boolean z2, String str3, boolean z3) throws Exception {
        String str4 = z3 ? TLS : z2 ? SSL3 : z ? SSL2 : "SSL";
        String[] enabledCipherSuites = (z3 || z2) ? getEnabledCipherSuites(str3, false, z2, z3) : null;
        String[] enabledCipherSuites2 = z ? getEnabledCipherSuites(str2, true, false, false) : null;
        SSLContext sSLContext = SSLContext.getInstance(str4);
        KeyStore[] keyStores = SSLUtils.getKeyStores();
        if (str == null) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "Security: Alias unspecified! Keystore will fall back to default alias.");
            }
            KeyStore keyStore = keyStores[0];
            if (keyStore != null && keyStore.size() > 0) {
                Enumeration<String> aliases = keyStore.aliases();
                while (true) {
                    if (!aliases.hasMoreElements()) {
                        break;
                    }
                    String nextElement = aliases.nextElement();
                    if (keyStore.isKeyEntry(nextElement)) {
                        str = nextElement;
                        break;
                    }
                }
            }
        } else if (!SSLUtils.isTokenKeyAlias(str)) {
            throw new IllegalStateException(getFormatMessage("iiop.cannot_find_keyalias", new Object[]{str}));
        }
        KeyManager[] keyManagers = SSLUtils.getKeyManagers();
        int length = keyManagers != null ? keyManagers.length : 0;
        J2EEKeyManager[] j2EEKeyManagerArr = new J2EEKeyManager[length];
        for (int i = 0; i < length; i++) {
            if (_logger.isLoggable(Level.FINE)) {
                StringBuffer stringBuffer = new StringBuffer("Setting J2EEKeyManager for ");
                stringBuffer.append(new StringBuffer().append(" alias : ").append(str).toString());
                _logger.log(Level.FINE, stringBuffer.toString());
            }
            j2EEKeyManagerArr[i] = new J2EEKeyManager((X509KeyManager) keyManagers[i], str);
        }
        sSLContext.init(j2EEKeyManagerArr, SSLUtils.getTrustManagers(), sr);
        return new SSLInfo(this, sSLContext, enabledCipherSuites, enabledCipherSuites2);
    }

    @Override // com.sun.corba.ee.spi.transport.ORBSocketFactory
    public void setORB(ORB orb) {
        this.orb = orb;
    }

    @Override // com.sun.corba.ee.spi.transport.ORBSocketFactory
    public ServerSocket createServerSocket(String str, InetSocketAddress inetSocketAddress) throws IOException {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, new StringBuffer().append("Creating server socket for type =").append(str).append(" inetSocketAddress =").append(inetSocketAddress).toString());
        }
        if (str.equals(SSL_MUTUALAUTH) || str.equals("SSL") || str.equals(PERSISTENT_SSL)) {
            return createSSLServerSocket(str, inetSocketAddress);
        }
        ServerSocket socket = this.orb.getORBData().acceptorSocketType().equals(ORBConstants.SOCKETCHANNEL) ? ServerSocketChannel.open().socket() : new ServerSocket();
        socket.bind(inetSocketAddress);
        return socket;
    }

    @Override // com.sun.corba.ee.spi.transport.ORBSocketFactory
    public Socket createSocket(String str, InetSocketAddress inetSocketAddress) throws IOException {
        try {
            String hostName = inetSocketAddress.getHostName();
            int port = inetSocketAddress.getPort();
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, new StringBuffer().append("createSocket(").append(str).append(JavaClassWriterHelper.paramSeparator_).append(hostName).append(JavaClassWriterHelper.paramSeparator_).append(port).append(")").toString());
            }
            if (str.equals("SSL") || str.equals(SSL_MUTUALAUTH)) {
                return createSSLSocket(hostName, port);
            }
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, new StringBuffer().append("Creating CLEAR_TEXT socket for:").append(port).toString());
            }
            Socket socket = this.orb.getORBData().connectionSocketType().equals(ORBConstants.SOCKETCHANNEL) ? SocketChannel.open(inetSocketAddress).socket() : new Socket(inetSocketAddress.getHostName(), inetSocketAddress.getPort());
            socket.setTcpNoDelay(true);
            return socket;
        } catch (Exception e) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "Exception creating socket", (Throwable) e);
            }
            throw new RuntimeException(e);
        }
    }

    @Override // com.sun.corba.ee.spi.transport.ORBSocketFactory
    public void setAcceptedSocketOptions(Acceptor acceptor, ServerSocket serverSocket, Socket socket) throws SocketException {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, new StringBuffer().append("setAcceptedSocketOptions: ").append(acceptor).append(" ").append(serverSocket).append(" ").append(socket).toString());
        }
        socket.setTcpNoDelay(true);
    }

    private ServerSocket createSSLServerSocket(String str, InetSocketAddress inetSocketAddress) throws IOException {
        if (inetSocketAddress == null) {
            throw new IOException(getFormatMessage("iiop.invalid_sslserverport", new Object[]{null}));
        }
        int port = inetSocketAddress.getPort();
        Integer num = new Integer(port);
        SSLInfo sSLInfo = (SSLInfo) this.portToSSLInfo.get(num);
        if (sSLInfo == null) {
            throw new IOException(getFormatMessage("iiop.invalid_sslserverport", new Object[]{num}));
        }
        SSLServerSocketFactory serverSocketFactory = sSLInfo.getContext().getServerSocketFactory();
        String[] ssl3TlsCiphers = sSLInfo.getSsl3TlsCiphers();
        String[] ssl2Ciphers = sSLInfo.getSsl2Ciphers();
        String[] mergeCiphers = (ssl3TlsCiphers == null && ssl2Ciphers == null) ? null : mergeCiphers(serverSocketFactory.getDefaultCipherSuites(), ssl3TlsCiphers, ssl2Ciphers);
        if (_logger.isLoggable(Level.FINE)) {
            for (String str2 : serverSocketFactory.getSupportedCipherSuites()) {
                _logger.log(Level.FINE, new StringBuffer().append("Cipher Suite: ").append(str2).toString());
            }
        }
        try {
            ServerSocket createServerSocket = serverSocketFactory.createServerSocket(port);
            if (mergeCiphers != null) {
                ((SSLServerSocket) createServerSocket).setEnabledCipherSuites(mergeCiphers);
            }
            try {
                if (str.equals(SSL_MUTUALAUTH)) {
                    _logger.log(Level.FINE, "Setting Mutual auth");
                    ((SSLServerSocket) createServerSocket).setNeedClientAuth(true);
                }
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.log(Level.FINE, new StringBuffer().append("Created server socket:").append(createServerSocket).toString());
                }
                return createServerSocket;
            } catch (Exception e) {
                _logger.log(Level.SEVERE, "iiop.cipher_exception", (Throwable) e);
                throw new IOException(e.getMessage());
            }
        } catch (IOException e2) {
            _logger.log(Level.SEVERE, "iiop.createsocket_exception", new Object[]{str, String.valueOf(port)});
            _logger.log(Level.SEVERE, "", (Throwable) e2);
            throw e2;
        }
    }

    private Socket createSSLSocket(String str, int i) throws IOException {
        try {
            SSLSocketFactory socketFactory = this.clientSslInfo.getContext().getSocketFactory();
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, new StringBuffer().append("Creating SSL Socket for host:").append(str).append(" port:").append(i).toString());
            }
            String[] ssl3TlsCiphers = this.clientSslInfo.getSsl3TlsCiphers();
            String[] ssl2Ciphers = this.clientSslInfo.getSsl2Ciphers();
            String[] strArr = null;
            if (ssl3TlsCiphers != null || ssl2Ciphers != null) {
                strArr = mergeCiphers(socketFactory.getDefaultCipherSuites(), ssl3TlsCiphers, ssl2Ciphers);
            }
            SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(str, i);
            if (strArr != null) {
                sSLSocket.setEnabledCipherSuites(strArr);
            }
            return sSLSocket;
        } catch (Exception e) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "iiop.createsocket_exception", new Object[]{str, String.valueOf(i)});
                _logger.log(Level.FINE, "", (Throwable) e);
            }
            IOException iOException = new IOException(new StringBuffer().append("Error opening SSL socket to host=").append(str).append(" port=").append(i).toString());
            iOException.initCause(e);
            throw iOException;
        }
    }

    private String[] getEnabledCipherSuites(String str, boolean z, boolean z2, boolean z3) {
        String[] strArr = null;
        if (str != null && str.length() > 0) {
            ArrayList arrayList = new ArrayList();
            StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                if (nextToken.startsWith("+")) {
                    String substring = nextToken.substring(1);
                    CipherInfo cipherInfo = CipherInfo.getCipherInfo(substring);
                    if (cipherInfo == null || !isValidProtocolCipher(cipherInfo, z, z2, z3)) {
                        throw new IllegalStateException(getFormatMessage("iiop.unknown_cipher", new Object[]{substring}));
                    }
                    arrayList.add(cipherInfo.getCipherName());
                } else if (nextToken.startsWith("-")) {
                    String substring2 = nextToken.substring(1);
                    CipherInfo cipherInfo2 = CipherInfo.getCipherInfo(substring2);
                    if (cipherInfo2 == null || !isValidProtocolCipher(cipherInfo2, z, z2, z3)) {
                        throw new IllegalStateException(getFormatMessage("iiop.unknown_cipher", new Object[]{substring2}));
                    }
                } else if (nextToken.trim().length() > 0) {
                    throw new IllegalStateException(getFormatMessage("iiop.invalid_cipheraction", new Object[]{nextToken}));
                }
            }
            strArr = (String[]) arrayList.toArray(new String[arrayList.size()]);
        }
        return strArr;
    }

    private String[] mergeCiphers(String[] strArr, String[] strArr2, String[] strArr3) {
        if (strArr2 == null && strArr3 == null) {
            return null;
        }
        int length = strArr != null ? strArr.length : 0;
        if (_logger.isLoggable(Level.FINE)) {
            StringBuffer stringBuffer = new StringBuffer("Default socket ciphers: ");
            for (int i = 0; i < length; i++) {
                stringBuffer.append(new StringBuffer().append(strArr[i]).append(JavaClassWriterHelper.paramSeparator_).toString());
            }
            _logger.log(Level.FINE, stringBuffer.toString());
        }
        ArrayList arrayList = new ArrayList();
        if (strArr2 != null) {
            for (String str : strArr2) {
                arrayList.add(str);
            }
        } else {
            for (int i2 = 0; i2 < length; i2++) {
                String str2 = strArr[i2];
                CipherInfo cipherInfo = CipherInfo.getCipherInfo(str2);
                if (cipherInfo != null && (cipherInfo.isTLS() || cipherInfo.isSSL3())) {
                    arrayList.add(str2);
                }
            }
        }
        if (strArr3 != null) {
            for (String str3 : strArr3) {
                arrayList.add(str3);
            }
        } else {
            for (int i3 = 0; i3 < length; i3++) {
                String str4 = strArr[i3];
                CipherInfo cipherInfo2 = CipherInfo.getCipherInfo(str4);
                if (cipherInfo2 != null && cipherInfo2.isSSL2()) {
                    arrayList.add(str4);
                }
            }
        }
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, new StringBuffer().append("Merged socket ciphers: ").append(arrayList).toString());
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private boolean isValidProtocolCipher(CipherInfo cipherInfo, boolean z, boolean z2, boolean z3) {
        return (z3 && cipherInfo.isTLS()) || (z2 && cipherInfo.isSSL3()) || (z && cipherInfo.isSSL2());
    }

    private String getFormatMessage(String str, Object[] objArr) {
        return MessageFormat.format(_logger.getResourceBundle().getString(str), objArr);
    }

    static {
        _logger = null;
        _logger = LogDomains.getLogger(LogDomains.CORBA_LOGGER);
        KeyTool.initProvider();
        sr = J2EEServer.secureRandom;
    }
}
