package org.jsslutils.extra.apachetomcat5;

import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
import java.security.KeyStore;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.tomcat.util.net.ServerSocketFactory;
import org.jsslutils.keystores.KeyStoreLoader;
import org.jsslutils.sslcontext.PKIXSSLContextFactory;
import org.jsslutils.sslcontext.X509TrustManagerWrapper;
import org.jsslutils.sslcontext.trustmanagers.TrustAllClientsWrappingTrustManager;

/* loaded from: input_file:org/jsslutils/extra/apachetomcat5/JSSLutilsJSSESocketFactory.class */
public class JSSLutilsJSSESocketFactory extends ServerSocketFactory {
    static String defaultProtocol = "TLS";
    static boolean defaultClientAuth = false;
    static Log log = LogFactory.getLog(JSSLutilsJSSESocketFactory.class);
    protected boolean initialized;
    protected String[] enabledCiphers;
    protected String clientAuth = "false";
    protected SSLServerSocketFactory sslProxy = null;
    protected boolean requireClientAuth = false;
    protected boolean wantClientAuth = false;

    public ServerSocket createSocket(int i) throws IOException {
        if (!this.initialized) {
            init();
        }
        ServerSocket createServerSocket = this.sslProxy.createServerSocket(i);
        initServerSocket(createServerSocket);
        return createServerSocket;
    }

    public ServerSocket createSocket(int i, int i2) throws IOException {
        if (!this.initialized) {
            init();
        }
        ServerSocket createServerSocket = this.sslProxy.createServerSocket(i, i2);
        initServerSocket(createServerSocket);
        return createServerSocket;
    }

    public ServerSocket createSocket(int i, int i2, InetAddress inetAddress) throws IOException {
        if (!this.initialized) {
            init();
        }
        ServerSocket createServerSocket = this.sslProxy.createServerSocket(i, i2, inetAddress);
        initServerSocket(createServerSocket);
        return createServerSocket;
    }

    public Socket acceptSocket(ServerSocket serverSocket) throws IOException {
        try {
            SSLSocket sSLSocket = (SSLSocket) serverSocket.accept();
            configureClientAuth(sSLSocket);
            return sSLSocket;
        } catch (SSLException e) {
            throw new SocketException("SSL handshake error" + e.toString());
        }
    }

    public void handshake(Socket socket) throws IOException {
        ((SSLSocket) socket).startHandshake();
    }

    protected String[] getEnabledCiphers(String str, String[] strArr) {
        String[] strArr2 = null;
        if (str != null) {
            Vector vector = null;
            String str2 = str;
            int indexOf = str.indexOf(44);
            if (indexOf != -1) {
                int i = 0;
                while (indexOf != -1) {
                    String trim = str.substring(i, indexOf).trim();
                    if (trim.length() > 0) {
                        int i2 = 0;
                        while (true) {
                            if (strArr != null && i2 < strArr.length) {
                                if (strArr[i2].equals(trim)) {
                                    if (vector == null) {
                                        vector = new Vector();
                                    }
                                    vector.addElement(trim);
                                } else {
                                    i2++;
                                }
                            }
                        }
                    }
                    i = indexOf + 1;
                    indexOf = str.indexOf(44, i);
                }
                str2 = str.substring(i);
            }
            if (str2 != null) {
                String trim2 = str2.trim();
                if (trim2.length() > 0) {
                    int i3 = 0;
                    while (true) {
                        if (strArr == null || i3 >= strArr.length) {
                            break;
                        }
                        if (strArr[i3].equals(trim2)) {
                            if (vector == null) {
                                vector = new Vector();
                            }
                            vector.addElement(trim2);
                        } else {
                            i3++;
                        }
                    }
                }
            }
            if (vector != null) {
                strArr2 = new String[vector.size()];
                vector.copyInto(strArr2);
            }
        } else {
            strArr2 = this.sslProxy.getDefaultCipherSuites();
        }
        return strArr2;
    }

    void init() throws IOException {
        try {
            String str = (String) this.attributes.get("clientauth");
            if ("true".equalsIgnoreCase(str) || "yes".equalsIgnoreCase(str)) {
                this.requireClientAuth = true;
            } else if ("want".equalsIgnoreCase(str)) {
                this.wantClientAuth = true;
            }
            String str2 = (String) this.attributes.get("protocol");
            if (str2 == null) {
                str2 = defaultProtocol;
            }
            String str3 = (String) this.attributes.get("keypass");
            KeyStoreLoader keyStoreDefaultLoader = KeyStoreLoader.getKeyStoreDefaultLoader();
            String str4 = (String) this.attributes.get("keystoreFile");
            if (str4 == null) {
                str4 = (String) this.attributes.get("keystore");
            }
            if (str4 != null) {
                keyStoreDefaultLoader.setKeyStorePath(str4.length() == 0 ? null : str4);
            }
            String str5 = (String) this.attributes.get("keystorePass");
            if (str5 == null) {
                str5 = str3;
            }
            if (str5 != null) {
                keyStoreDefaultLoader.setKeyStorePassword(str5);
            }
            String str6 = (String) this.attributes.get("keystoreType");
            keyStoreDefaultLoader.setKeyStoreType(str6 != null ? str6 : KeyStore.getDefaultType());
            String str7 = (String) this.attributes.get("keystoreProvider");
            if (str7 != null) {
                keyStoreDefaultLoader.setKeyStoreProvider(str7.length() == 0 ? null : str7);
            }
            KeyStoreLoader trustStoreDefaultLoader = KeyStoreLoader.getTrustStoreDefaultLoader();
            String str8 = (String) this.attributes.get("truststoreFile");
            if (str8 != null) {
                trustStoreDefaultLoader.setKeyStorePath(str8.length() == 0 ? null : str8);
            }
            String str9 = (String) this.attributes.get("truststorePass");
            if (str9 != null) {
                trustStoreDefaultLoader.setKeyStorePassword(str9);
            }
            String str10 = (String) this.attributes.get("truststoreType");
            trustStoreDefaultLoader.setKeyStoreType(str10 != null ? str10 : KeyStore.getDefaultType());
            String str11 = (String) this.attributes.get("truststoreProvider");
            if (str11 != null) {
                trustStoreDefaultLoader.setKeyStoreProvider(str11.length() == 0 ? null : str11);
            }
            PKIXSSLContextFactory pKIXSSLContextFactory = new PKIXSSLContextFactory(keyStoreDefaultLoader.loadKeyStore(), str3, trustStoreDefaultLoader.loadKeyStore());
            String str12 = (String) this.attributes.get("crlURLs");
            if (str12 != null) {
                StringTokenizer stringTokenizer = new StringTokenizer(str12, " ");
                while (stringTokenizer.hasMoreTokens()) {
                    pKIXSSLContextFactory.addCrl(stringTokenizer.nextToken());
                }
            }
            String str13 = (String) this.attributes.get("acceptAnyCert");
            if ("true".equalsIgnoreCase(str13) || "yes".equalsIgnoreCase(str13)) {
                pKIXSSLContextFactory.setTrustManagerWrapper(new TrustAllClientsWrappingTrustManager.Wrapper());
            } else {
                String str14 = (String) this.attributes.get("acceptProxyCerts");
                if (str14 != null && str14.length() > 0) {
                    boolean z = false;
                    boolean z2 = false;
                    boolean z3 = false;
                    String[] split = str14.split(",");
                    for (int i = 0; i < split.length; i++) {
                        if ("legacy".equalsIgnoreCase(split[i].trim())) {
                            z = true;
                        }
                        if ("prerfc".equalsIgnoreCase(split[i].trim())) {
                            z2 = true;
                        }
                        if ("rfc3820".equalsIgnoreCase(split[i].trim())) {
                            z3 = true;
                        }
                    }
                    if (z || z2 || z3) {
                        try {
                            try {
                                pKIXSSLContextFactory.setTrustManagerWrapper((X509TrustManagerWrapper) Class.forName("org.jsslutils.extra.gsi.GsiWrappingTrustManager").getConstructor(Boolean.TYPE, Boolean.TYPE, Boolean.TYPE).newInstance(Boolean.valueOf(z), Boolean.valueOf(z2), Boolean.valueOf(z3)));
                            } catch (ClassCastException e) {
                                throw new Exception("Unable to load org.jsslutils.extra.gsi.GsiWrappingTrustManager, please put the required files on the class path.", e);
                            } catch (ClassNotFoundException e2) {
                                throw new Exception("Unable to load org.jsslutils.extra.gsi.GsiWrappingTrustManager, please put the required files on the class path.", e2);
                            }
                        } catch (NoSuchMethodException e3) {
                            throw new Exception("Unable to load org.jsslutils.extra.gsi.GsiWrappingTrustManager, please put the required files on the class path.", e3);
                        } catch (SecurityException e4) {
                            throw new Exception("Unable to load org.jsslutils.extra.gsi.GsiWrappingTrustManager, please put the required files on the class path.", e4);
                        }
                    }
                }
            }
            this.sslProxy = pKIXSSLContextFactory.buildSSLContext(str2).getServerSocketFactory();
            this.enabledCiphers = getEnabledCiphers((String) this.attributes.get("ciphers"), this.sslProxy.getSupportedCipherSuites());
        } catch (Exception e5) {
            if (!(e5 instanceof IOException)) {
                throw new IOException(e5.getMessage());
            }
            throw ((IOException) e5);
        }
    }

    protected void setEnabledProtocols(SSLServerSocket sSLServerSocket, String[] strArr) {
        if (strArr != null) {
            sSLServerSocket.setEnabledProtocols(strArr);
        }
    }

    protected String[] getEnabledProtocols(SSLServerSocket sSLServerSocket, String str) {
        String[] supportedProtocols = sSLServerSocket.getSupportedProtocols();
        String[] strArr = null;
        if (str != null) {
            Vector vector = null;
            String str2 = str;
            int indexOf = str.indexOf(44);
            if (indexOf != -1) {
                int i = 0;
                while (indexOf != -1) {
                    String trim = str.substring(i, indexOf).trim();
                    if (trim.length() > 0) {
                        int i2 = 0;
                        while (true) {
                            if (supportedProtocols != null && i2 < supportedProtocols.length) {
                                if (supportedProtocols[i2].equals(trim)) {
                                    if (vector == null) {
                                        vector = new Vector();
                                    }
                                    vector.addElement(trim);
                                } else {
                                    i2++;
                                }
                            }
                        }
                    }
                    i = indexOf + 1;
                    indexOf = str.indexOf(44, i);
                }
                str2 = str.substring(i);
            }
            if (str2 != null) {
                String trim2 = str2.trim();
                if (trim2.length() > 0) {
                    int i3 = 0;
                    while (true) {
                        if (supportedProtocols == null || i3 >= supportedProtocols.length) {
                            break;
                        }
                        if (supportedProtocols[i3].equals(trim2)) {
                            if (vector == null) {
                                vector = new Vector();
                            }
                            vector.addElement(trim2);
                        } else {
                            i3++;
                        }
                    }
                }
            }
            if (vector != null) {
                strArr = new String[vector.size()];
                vector.copyInto(strArr);
            }
        }
        return strArr;
    }

    protected void configureClientAuth(SSLServerSocket sSLServerSocket) {
        if (this.wantClientAuth) {
            sSLServerSocket.setWantClientAuth(this.wantClientAuth);
        } else {
            sSLServerSocket.setNeedClientAuth(this.requireClientAuth);
        }
    }

    protected void configureClientAuth(SSLSocket sSLSocket) {
    }

    private void initServerSocket(ServerSocket serverSocket) {
        SSLServerSocket sSLServerSocket = (SSLServerSocket) serverSocket;
        if (this.enabledCiphers != null) {
            sSLServerSocket.setEnabledCipherSuites(this.enabledCiphers);
        }
        setEnabledProtocols(sSLServerSocket, getEnabledProtocols(sSLServerSocket, (String) this.attributes.get("protocols")));
        configureClientAuth(sSLServerSocket);
    }
}
