package com.ibm.ws.security.orbssl;

import com.ibm.CORBA.iiop.ORBForTransports;
import com.ibm.CORBA.ras.ORBRas;
import com.ibm.ffdc.Manager;
import com.ibm.websphere.orbext.MinorCodes;
import com.ibm.websphere.ssl.JSSEHelper;
import com.ibm.ws.orb.transport.ServerConnectionData;
import com.ibm.ws.orb.transport.WSSSLServerSocketFactory;
import com.ibm.ws.orbimpl.transport.WSTransport;
import com.ibm.ws.ssl.config.SSLConfigManager;
import com.ibm.ws.ssl.core.Constants;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Properties;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.omg.CORBA.COMM_FAILURE;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.INTERNAL;

/* loaded from: input_file:com.ibm.ws.admin.client_7.0.0.jar:com/ibm/ws/security/orbssl/WSSSLServerSocketFactoryImpl.class */
public final class WSSSLServerSocketFactoryImpl implements WSSSLServerSocketFactory {
    private static final String SCCSID = " @(#) 1.22.2.1 ws/code/orbext/src/com/ibm/ws/security/orbssl/WSSSLServerSocketFactoryImpl.java, WAS.orbext, ASV 2/20/04 09:35:20 [2/20/04 16:38:57]";
    private static SSLContext sslContext;
    private static Properties sslProperties;
    private static String[] ENABLED_CIPHERS = null;
    private static String[] SUPPORTED_CIPHERS = null;
    private static int sslHandshakeReadTimeout = 10000;
    private static boolean sslHandshakeReadTimeoutInitialized = false;

    @Override // com.ibm.ws.orb.transport.WSSSLServerSocketFactory
    public synchronized ServerSocket createSSLServerSocket(ServerConnectionData serverConnectionData) {
        SSLServerSocket sSLServerSocket;
        SSLServerConnectionData sSLServerConnectionData = (SSLServerConnectionData) serverConnectionData;
        boolean messageLoggingEnabled = sSLServerConnectionData.getMessageLoggingEnabled();
        if (ORBRas.isTrcLogging) {
            ORBRas.orbTrcLogger.trace(16L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "IIOPSSLConnection.createSSLServerSocket", "\n[\n" + sSLServerConnectionData.toString() + "\n]\n");
        }
        try {
            String sSLConfigAlias = sSLServerConnectionData.getSSLConfigAlias();
            String endPointName = sSLServerConnectionData.getEndPointName();
            HashMap hashMap = new HashMap();
            hashMap.put("com.ibm.ssl.direction", "inbound");
            hashMap.put("com.ibm.ssl.endPointName", endPointName);
            sslContext = JSSEHelper.getInstance().getSSLContext(sSLConfigAlias, hashMap, WSTransport.getInstanceToRegisterListener());
            sslProperties = JSSEHelper.getInstance().getProperties(sSLConfigAlias, hashMap, null);
            short targetSupportsQOP = sSLServerConnectionData.getTargetSupportsQOP();
            short targetRequiresQOP = sSLServerConnectionData.getTargetRequiresQOP();
            if (targetSupportsQOP < 1) {
                if (messageLoggingEnabled) {
                    if (ORBRas.isMsgLogging) {
                        ORBRas.orbMsgLogger.msg(4L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.createSSLServerSocket"), (String) null, (Object[]) null);
                    }
                } else if (ORBRas.isTrcLogging) {
                    ORBRas.orbTrcLogger.trace(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", "The SSLServerConnectionData object that was passed to createSSLServerSocket returns a value for getTargetSupportsQOP() that is less than 1.");
                }
                throw new INTERNAL("SSLSERVERSOCKET_TARGET_SUPPORTS_LESS_THAN_1", MinorCodes.SSLSERVERSOCKET_TARGET_SUPPORTS_LESS_THAN_1, CompletionStatus.COMPLETED_NO);
            }
            if (targetRequiresQOP < 1) {
                if (messageLoggingEnabled) {
                    if (ORBRas.isMsgLogging) {
                        ORBRas.orbMsgLogger.msg(4L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.targetRequires"), (String) null, (Object[]) null);
                    }
                } else if (ORBRas.isTrcLogging) {
                    ORBRas.orbTrcLogger.trace(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", "The SSLServerConnectionData object that is passed to createSSLServerSocket returned a value from getTargetRequiresQOP() that is less than 1.");
                }
                throw new INTERNAL("SSLSERVERSOCKET_TARGET_REQUIRES_LESS_THAN_1", MinorCodes.SSLSERVERSOCKET_TARGET_REQUIRES_LESS_THAN_1, CompletionStatus.COMPLETED_NO);
            }
            if (targetSupportsQOP < targetRequiresQOP) {
                if (messageLoggingEnabled) {
                    if (ORBRas.isMsgLogging) {
                        ORBRas.orbMsgLogger.msg(4L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.targetSupports2"), (String) null, (Object[]) null);
                    }
                } else if (ORBRas.isTrcLogging) {
                    ORBRas.orbTrcLogger.trace(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", "The SSLServerConnectionData object that is passed to createSSLServerSocket contains a TargetSupportsQOP value that is less than its  TargetRequirsQOP value.");
                }
                throw new INTERNAL("SSLSERVERSOCKET_TARGET_LESS_THAN_TARGET_REQUIRES", MinorCodes.SSLSERVERSOCKET_TARGET_LESS_THAN_TARGET_REQUIRES, CompletionStatus.COMPLETED_NO);
            }
            SSLServerSocketFactory serverSocketFactory = sslContext.getServerSocketFactory();
            try {
                if (sSLServerConnectionData.getUseSingleNIC()) {
                    sSLServerSocket = (SSLServerSocket) serverSocketFactory.createServerSocket(sSLServerConnectionData.getServerPort(), sSLServerConnectionData.getServerServerQueueDepth(), InetAddress.getByName(sSLServerConnectionData.getServerHost()));
                    if (ORBRas.isTrcLogging && ORBRas.isTrcLogging) {
                        ORBRas.orbTrcLogger.trace(4112L, this, "createSSLServerSocket()", "Bind Server Socket To A Specific NIC card=" + sSLServerConnectionData.getUseSingleNIC() + ", Remote Port=" + sSLServerConnectionData.getServerPort() + ", Server Queue Depth=" + sSLServerConnectionData.getServerServerQueueDepth() + ", LocalHost=" + sSLServerConnectionData.getServerHost() + ", java.net.InetAddress.getByName( LocalHost )=" + InetAddress.getByName(sSLServerConnectionData.getServerHost()));
                    }
                } else {
                    sSLServerSocket = (SSLServerSocket) serverSocketFactory.createServerSocket(sSLServerConnectionData.getServerPort(), sSLServerConnectionData.getServerServerQueueDepth());
                    if (ORBRas.isTrcLogging && ORBRas.isTrcLogging) {
                        ORBRas.orbTrcLogger.trace(4112L, this, "createSSLServerSocket()", "Bind Server Socket To Multiple NIC cards=" + (!sSLServerConnectionData.getUseSingleNIC()) + ", Remote Port=" + sSLServerConnectionData.getServerPort() + ", Server Queue Depth=" + sSLServerConnectionData.getServerServerQueueDepth());
                    }
                }
                if (endPointName != null && endPointName.equals("CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS")) {
                    sSLServerSocket.setNeedClientAuth(true);
                } else if (endPointName == null || !endPointName.equals("CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS")) {
                    String property = sslProperties.getProperty(Constants.SSLPROP_CLIENT_AUTHENTICATION_SUPPORTED);
                    if (property != null && property.equals("true")) {
                        sSLServerSocket.setWantClientAuth(true);
                    }
                    String property2 = sslProperties.getProperty("com.ibm.ssl.clientAuthentication");
                    if (property2 != null && property2.equals("true")) {
                        sSLServerSocket.setNeedClientAuth(true);
                    }
                } else {
                    sSLServerSocket.setNeedClientAuth(false);
                    sSLServerSocket.setWantClientAuth(false);
                }
                if (sSLServerSocket != null) {
                    ENABLED_CIPHERS = SSLConfigManager.getInstance().parseEnabledCiphers(sslProperties.getProperty("com.ibm.ssl.enabledCipherSuites"));
                    if (ENABLED_CIPHERS == null) {
                        String property3 = sslProperties.getProperty("com.ibm.ssl.securityLevel");
                        SUPPORTED_CIPHERS = serverSocketFactory.getSupportedCipherSuites();
                        SUPPORTED_CIPHERS = SSLConfigManager.getInstance().adjustSupportedCiphersToSecurityLevel(SUPPORTED_CIPHERS, property3);
                    }
                    if (ENABLED_CIPHERS != null && ENABLED_CIPHERS.length > 0) {
                        sSLServerSocket.setEnabledCipherSuites(ENABLED_CIPHERS);
                    } else if (SUPPORTED_CIPHERS != null && SUPPORTED_CIPHERS.length > 0) {
                        sSLServerSocket.setEnabledCipherSuites(SUPPORTED_CIPHERS);
                    }
                }
                if (serverConnectionData.getServerPort() == 0) {
                    serverConnectionData.setServerPort(sSLServerSocket.getLocalPort());
                }
                if (ORBRas.isTrcLogging) {
                    ORBRas.orbTrcLogger.trace(16L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", "Setting local port = " + serverConnectionData.getServerPort());
                }
                return sSLServerSocket;
            } catch (IOException e) {
                Manager.Ffdc.log(e, this, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.createSSLServerSocket", "368", this);
                if (messageLoggingEnabled) {
                    if (ORBRas.isMsgLogging) {
                        ORBRas.orbMsgLogger.msg(4L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.createSSLServerSocket"), (String) null, e);
                    }
                } else if (ORBRas.isTrcLogging) {
                    ORBRas.orbTrcLogger.exception(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", e);
                }
                throw new INTERNAL("UNABLE_TO_CREATE_SSL_SERVER_SOCKET Exception=" + e, MinorCodes.UNABLE_TO_CREATE_SSL_SERVER_SOCKET, CompletionStatus.COMPLETED_NO);
            }
        } catch (Exception e2) {
            Manager.Ffdc.log(e2, this, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.createSSLServerSocket", "459", this);
            new String[1][0] = e2.toString();
            if (messageLoggingEnabled) {
                if (ORBRas.isMsgLogging) {
                    ORBRas.orbMsgLogger.msg(4L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.createSSLServerSocket"), (String) null, e2);
                }
            } else if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.exception(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", e2);
            }
            throw new INTERNAL("CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, Exception=" + e2, MinorCodes.CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, CompletionStatus.COMPLETED_NO);
        } catch (COMM_FAILURE e3) {
            Manager.Ffdc.log(e3, this, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.createSSLServerSocket", "426", this);
            if (messageLoggingEnabled) {
                if (ORBRas.isMsgLogging) {
                    ORBRas.orbMsgLogger.msg(4L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.createSSLServerSocket"), (String) null, e3);
                }
            } else if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.exception(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", e3);
            }
            throw e3;
        }
    }

    @Override // com.ibm.ws.orb.transport.WSSSLServerSocketFactory
    public X509Certificate[] getPeerCertificateChain(SSLSocket sSLSocket) {
        return getPeerCertificateChain(sSLSocket, null);
    }

    @Override // com.ibm.ws.orb.transport.WSSSLServerSocketFactory
    public X509Certificate[] getPeerCertificateChain(SSLSocket sSLSocket, ORBForTransports oRBForTransports) {
        X509Certificate[] x509CertificateArr;
        if (ORBRas.isTrcLogging) {
            ORBRas.orbTrcLogger.trace(16L, this, "getPeerCertificateChain(SSLSocket,ORBForTransports)", "theSocket=" + sSLSocket + ", orbForTransports=" + oRBForTransports);
        }
        int i = 0;
        if (oRBForTransports != null) {
            i = getSSLHandshakeReadTimeout(oRBForTransports);
        }
        if (i > 0) {
            try {
                sSLSocket.setSoTimeout(i);
                if (ORBRas.isTrcLogging) {
                    ORBRas.orbTrcLogger.trace(4112L, this, "getPeerCertificateChain(SSLSocket,ORBForTransports)", "The read timeout for this sslHandshake has been set to " + i + " milliseconds.");
                }
            } catch (Exception e) {
                ORBRas.orbTrcLogger.exception(8L, this, "getPeerCertificateChain", e);
            }
        }
        SSLSession session = sSLSocket.getSession();
        try {
            sSLSocket.setSoTimeout(0);
            if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.trace(4112L, this, "getPeerCertificateChain(SSLSocket,ORBForTransports)", "The SSL handshake getSession returns successfully, the read timeout for this sslHandshake has been set back to 0");
            }
        } catch (Exception e2) {
            ORBRas.orbTrcLogger.exception(8L, this, "getPeerCertificateChain", e2);
            if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.trace(4112L, this, "getPeerCertificateChain(SSLSocket,ORBForTransports)", "exception occured when trying to set the timeout back to 0, most likely the socket is closed since the handshake took too long and reader thread times it out, theSocket = " + sSLSocket);
            }
        }
        if (session == null) {
            if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.trace(16L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "IIOPSSLConnection.createSSLServerSocket", "theSocket.getSession returned null");
            }
            throw new INTERNAL("GET_SSL_SESSION_RETURNED_NULL", MinorCodes.GET_SSL_SESSION_RETURNED_NULL, CompletionStatus.COMPLETED_NO);
        }
        try {
            x509CertificateArr = (X509Certificate[]) session.getPeerCertificates();
        } catch (SSLPeerUnverifiedException e3) {
            if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.trace(16L, this, "getPeerCertificateChain(SSLSocket,ORBForTransports)", "Caught Exception from getPeerCertificateChain(),  returning a null for peerCertificateChain:  Exception=" + e3);
            }
            x509CertificateArr = null;
        }
        if (ORBRas.isTrcLogging) {
            ORBRas.orbTrcLogger.trace(16L, this, "getPeerCertificateChain(SSLSocket,ORBForTransports)", "About to return peerCertificateChain=" + x509CertificateArr);
        }
        return x509CertificateArr;
    }

    private static synchronized int getSSLHandshakeReadTimeout(ORBForTransports oRBForTransports) {
        if (!sslHandshakeReadTimeoutInitialized) {
            String property = oRBForTransports.getProperty("com.ibm.ws.orb.transport.SSLHandshakeTimeout");
            if (property != null) {
                try {
                } catch (NumberFormatException e) {
                    sslHandshakeReadTimeout = 10000;
                    if (ORBRas.isTrcLogging) {
                        ORBRas.orbTrcLogger.trace(4112L, WSSSLServerSocketFactoryImpl.class.getName(), "getSSLHandshakeReadTimeout(ORBForTransports)", "NumberFormatException thrown when retrieving user input value for ORB property com.ibm.ws.orb.transport.SSLHandshakeTimeout = " + property + ", will use default 10000 milliseconds.");
                    }
                }
                if (property.length() > 0 && Integer.parseInt(property) > 0) {
                    sslHandshakeReadTimeout = Integer.parseInt(property);
                    if (ORBRas.isTrcLogging) {
                        ORBRas.orbTrcLogger.trace(4112L, WSSSLServerSocketFactoryImpl.class.getName(), "getSSLHandshakeReadTimeout(ORBForTransports)", "The ORB property com.ibm.ws.orb.transport.SSLHandshakeTimeout= " + sslHandshakeReadTimeout + " milliseconds.");
                    }
                    sslHandshakeReadTimeoutInitialized = true;
                }
            }
            sslHandshakeReadTimeout = 10000;
            if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.trace(4112L, WSSSLServerSocketFactoryImpl.class.getName(), "getSSLHandshakeReadTimeout(ORBForTransports)", "The ORB property com.ibm.ws.orb.transport.SSLHandshakeTimeout is null or is not set, or set to be a non-positive number, will use default 10000 milliseconds.");
            }
            sslHandshakeReadTimeoutInitialized = true;
        }
        return sslHandshakeReadTimeout;
    }
}
