package com.ds.server.httpproxy.core;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;

/* loaded from: input_file:com/ds/server/httpproxy/core/SSLServerSocketEndPoint.class */
public class SSLServerSocketEndPoint extends ServerSocketEndPoint {
    private static final Logger log = Logger.getLogger(ServerSocketEndPoint.class.getName());
    private static final ConfigOption KEYSTORE_OPTION = new ConfigOption("keystore", true, "The keystore used by the SSL server.");
    private static final ConfigOption STOREPASS_OPTION = new ConfigOption("storepass", true, "The keystore password.");
    private static final ConfigOption KEYPASS_OPTION = new ConfigOption("keypass", false, "The password for the key in the keystore.");
    private static final ConfigOption ALIAS_OPTION = new ConfigOption("alias", "sslkey", "The alias to the key used by the SSL server.");
    private static final ConfigOption CIPHERS_OPTION = new ConfigOption("ciphers", false, "Comma seperated list of ciphers to use for the SSL server.");
    private static final ConfigOption PROTOCOLS_OPTION = new ConfigOption("protocols", false, "Comma seperated list of protocols for SSL server.");
    private static final ConfigOption CLIENT_AUTH_OPTION = new ConfigOption("clientauth", "false", "Require client authentication during SSL handshake.");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ds/server/httpproxy/core/SSLServerSocketEndPoint$AliasForcingKeyManager.class */
    public class AliasForcingKeyManager implements X509KeyManager {
        X509KeyManager baseKM;
        String alias;

        public AliasForcingKeyManager(X509KeyManager x509KeyManager, String str) {
            this.baseKM = null;
            this.alias = null;
            this.baseKM = x509KeyManager;
            this.alias = str;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return this.baseKM.chooseClientAlias(strArr, principalArr, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            String[] serverAliases = this.baseKM.getServerAliases(str, principalArr);
            if (serverAliases != null) {
                for (String str2 : serverAliases) {
                    if (str2.equals(this.alias)) {
                        return this.alias;
                    }
                }
            }
            return this.baseKM.chooseServerAlias(str, principalArr, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.baseKM.getCertificateChain(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return this.baseKM.getClientAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.baseKM.getPrivateKey(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return this.baseKM.getServerAliases(str, principalArr);
        }
    }

    @Override // com.ds.server.httpproxy.core.ServerSocketEndPoint, com.ds.server.httpproxy.core.EndPoint
    public void initialize(String str, Server server) throws IOException {
        super.initialize(str, server);
        try {
            File file = new File(KEYSTORE_OPTION.getProperty(server, this.endpointName));
            String property = STOREPASS_OPTION.getProperty(server, this.endpointName);
            String property2 = KEYPASS_OPTION.getProperty(server, this.endpointName);
            String str2 = property2 == null ? property : property2;
            KeyStore loadKeystoreFromFile = loadKeystoreFromFile(file, property.toCharArray());
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(getKeyManagers(loadKeystoreFromFile, str2.toCharArray(), ALIAS_OPTION.getProperty(server, this.endpointName)), getTrustManagers(loadKeystoreFromFile), null);
            this.factory = sSLContext.getServerSocketFactory();
        } catch (GeneralSecurityException e) {
            log.log(Level.SEVERE, "Security Exception while initializing.", (Throwable) e);
            throw ((IOException) new IOException().initCause(e));
        }
    }

    @Override // com.ds.server.httpproxy.core.ServerSocketEndPoint
    protected String getProtocol() {
        return "https";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ds.server.httpproxy.core.ServerSocketEndPoint
    public ServerSocket createSocket(int i) throws IOException {
        ServerSocket createSocket = super.createSocket(i);
        String property = CIPHERS_OPTION.getProperty(this.server, getName());
        if (property != null) {
            ((SSLServerSocket) createSocket).setEnabledCipherSuites(property.split(","));
        }
        String property2 = PROTOCOLS_OPTION.getProperty(this.server, getName());
        if (property2 != null) {
            ((SSLServerSocket) createSocket).setEnabledProtocols(property2.split(","));
        }
        if (CLIENT_AUTH_OPTION.getBoolean(this.server, getName()).booleanValue()) {
            ((SSLServerSocket) createSocket).setNeedClientAuth(true);
        }
        return createSocket;
    }

    private KeyStore loadKeystoreFromFile(File file, char[] cArr) throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        FileInputStream fileInputStream = new FileInputStream(file);
        keyStore.load(fileInputStream, cArr);
        fileInputStream.close();
        return keyStore;
    }

    private TrustManager[] getTrustManagers(KeyStore keyStore) throws GeneralSecurityException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    private KeyManager[] getKeyManagers(KeyStore keyStore, char[] cArr, String str) throws GeneralSecurityException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, cArr);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (str != null) {
            for (int i = 0; i < keyManagers.length; i++) {
                if (keyManagers[i] instanceof X509KeyManager) {
                    keyManagers[i] = new AliasForcingKeyManager((X509KeyManager) keyManagers[i], str);
                }
            }
        }
        return keyManagers;
    }
}
