package com.ibm.ws.security.orbssl;

import com.ibm.CORBA.iiop.ORBForTransports;
import com.ibm.CORBA.ras.ORBRas;
import com.ibm.ffdc.Manager;
import com.ibm.websphere.orbext.MinorCodes;
import com.ibm.websphere.ssl.JSSEHelper;
import com.ibm.ws.orb.transport.ConnectionData;
import com.ibm.ws.orb.transport.KeyRingFileException;
import com.ibm.ws.orb.transport.WSSSLClientSocketFactory;
import com.ibm.ws.orbimpl.services.lsd.LocationServiceImpl;
import com.ibm.ws.orbimpl.transport.WSTransport;
import com.ibm.ws.scheduler.spi.TaskInfoRegistryUI;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.ssl.config.SSLConfigManager;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Properties;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLKeyException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.omg.CORBA.COMM_FAILURE;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.SystemException;

/* loaded from: input_file:lib/com.ibm.ws.runtime.jar:com/ibm/ws/security/orbssl/WSSSLClientSocketFactoryImpl.class */
public final class WSSSLClientSocketFactoryImpl implements WSSSLClientSocketFactory {
    private static final String CLASS_NAME = "com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl";
    private static String[] ENABLED_CIPHERS = null;
    private static String[] SUPPORTED_CIPHERS = null;
    private static int sslHandshakeReadTimeout = 10000;
    private static boolean sslHandshakeReadTimeoutInitialized = false;

    @Override // com.ibm.ws.orb.transport.WSSSLClientSocketFactory
    public Socket createSSLSocket(ConnectionData connectionData) throws KeyRingFileException, IOException {
        return createSSLSocket(connectionData, 0, null);
    }

    @Override // com.ibm.ws.orb.transport.WSSSLClientSocketFactory
    public Socket createSSLSocket(ConnectionData connectionData, int i) throws KeyRingFileException, IOException {
        return createSSLSocket(connectionData, i, null);
    }

    @Override // com.ibm.ws.orb.transport.WSSSLClientSocketFactory
    public Socket createSSLSocket(ConnectionData connectionData, int i, ORBForTransports oRBForTransports) throws KeyRingFileException, IOException {
        SSLConnectionData sSLConnectionData = (SSLConnectionData) connectionData;
        final String sSLConfigAlias = sSLConnectionData.getSSLConfigAlias();
        String connectionKey = sSLConnectionData.getConnectionKey();
        String hostFromKeyString = WSTransport.getHostFromKeyString(connectionKey);
        int portFromKeyString = WSTransport.getPortFromKeyString(connectionKey);
        String num = Integer.toString(portFromKeyString);
        try {
            final HashMap hashMap = new HashMap();
            hashMap.put("com.ibm.ssl.direction", "outbound");
            hashMap.put("com.ibm.ssl.remoteHost", hostFromKeyString);
            hashMap.put("com.ibm.ssl.remotePort", num);
            hashMap.put("com.ibm.ssl.endPointName", "IIOP");
            try {
                Properties properties = (Properties) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        return JSSEHelper.getInstance().getProperties(sSLConfigAlias, hashMap, null);
                    }
                });
                SSLSocketFactory socketFactory = JSSEHelper.getInstance().getSSLContext(hashMap, properties).getSocketFactory();
                SSLSocket tryToCreateConnectedSSLSocket = tryToCreateConnectedSSLSocket(i, hostFromKeyString, portFromKeyString, socketFactory, connectionData.getLocalHost(), sSLConnectionData.getUseSingleNIC());
                if (performSSLHandshakeAndGetSession(oRBForTransports, tryToCreateConnectedSSLSocket, properties, socketFactory) != null) {
                    return tryToCreateConnectedSSLSocket;
                }
                if (ORBRas.isTrcLogging) {
                    ORBRas.orbTrcLogger.trace(16L, CLASS_NAME, "IIOPSSLConnectionClient.createSSLSocket", "ssl_sock.getSession returned null");
                }
                throw new COMM_FAILURE("GET_SSL_SESSION_RETURNED_NULL", MinorCodes.GET_SSL_SESSION_RETURNED_NULL, CompletionStatus.COMPLETED_NO);
            } catch (PrivilegedActionException e) {
                throw e.getException();
            }
        } catch (IOException e2) {
            Manager.Ffdc.log(e2, this, "com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl.createSSLSocket", "222", new Object[]{this});
            Object[] createMessageMinorPair = createMessageMinorPair(e2, 1229066352, 1229066352, hostFromKeyString, num);
            throw new COMM_FAILURE("CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_CLIENT_SOCKET: " + ((String) createMessageMinorPair[0]), ((Integer) createMessageMinorPair[1]).intValue(), CompletionStatus.COMPLETED_NO);
        } catch (COMM_FAILURE e3) {
            if (LocationServiceImpl.threadLocalAvoidLogs.get() == null) {
                Manager.Ffdc.log(e3, this, "com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl.createSSLSocket", "234", new Object[]{this});
            }
            if (ORBRas.isMsgLogging) {
                if (((SystemException) e3).minor == 1229066368) {
                    ORBRas.orbTrcLogger.trace(4L, CLASS_NAME, "createSSLSocket", e3.getMessage());
                } else {
                    ORBRas.orbMsgLogger.msg(4L, CLASS_NAME, "createSSLSocket", SocketFactoryMessageUtility.getMessage("IIOPSSLConnectionClient.createSSLSocket"), (String) null, e3);
                }
            }
            throw e3;
        } catch (Exception e4) {
            if (LocationServiceImpl.threadLocalAvoidLogs.get() == null) {
                Manager.Ffdc.log(e4, this, "com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl.createSSLSocket", "248", new Object[]{this});
            }
            if (ORBRas.isMsgLogging && LocationServiceImpl.threadLocalAvoidLogs.get() == null) {
                ORBRas.orbMsgLogger.msg(4L, CLASS_NAME, "createSSLSocket", SocketFactoryMessageUtility.getMessage("IIOPSSLConnectionClient.createSSLSocket"), (String) null, e4);
            }
            throw new COMM_FAILURE("CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_CLIENT_SOCKET Exception=" + e4, 1229066352, CompletionStatus.COMPLETED_NO);
        }
    }

    private static synchronized int getSSLHandshakeReadTimeout(ORBForTransports oRBForTransports) {
        if (!sslHandshakeReadTimeoutInitialized) {
            String property = oRBForTransports.getProperty("com.ibm.ws.orb.transport.SSLHandshakeTimeout");
            if (property != null) {
                try {
                } catch (NumberFormatException e) {
                    sslHandshakeReadTimeout = 10000;
                    if (ORBRas.isTrcLogging) {
                        ORBRas.orbTrcLogger.trace(TaskInfoRegistryUI.OP_SCHEDULER_CREATETASKINFO, WSSSLClientSocketFactoryImpl.class.getName(), "getSSLHandshakeReadTimeout(ORBForTransports)", "NumberFormatException thrown when retrieving user input value for ORB property com.ibm.ws.orb.transport.SSLHandshakeTimeout = " + property + ", will use default 10000 milliseconds.");
                    }
                }
                if (property.length() > 0 && Integer.parseInt(property) > 0) {
                    sslHandshakeReadTimeout = Integer.parseInt(property);
                    if (ORBRas.isTrcLogging) {
                        ORBRas.orbTrcLogger.trace(TaskInfoRegistryUI.OP_SCHEDULER_CREATETASKINFO, WSSSLClientSocketFactoryImpl.class.getName(), "getSSLHandshakeReadTimeout(ORBForTransports)", "The ORB property com.ibm.ws.orb.transport.SSLHandshakeTimeout= " + sslHandshakeReadTimeout + " milliseconds.");
                    }
                    sslHandshakeReadTimeoutInitialized = true;
                }
            }
            sslHandshakeReadTimeout = 10000;
            if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.trace(TaskInfoRegistryUI.OP_SCHEDULER_CREATETASKINFO, WSSSLClientSocketFactoryImpl.class.getName(), "getSSLHandshakeReadTimeout(ORBForTransports)", "The ORB property com.ibm.ws.orb.transport.SSLHandshakeTimeout is null or is not set, or set to be a non-positive number, will use default 10000 milliseconds.");
            }
            sslHandshakeReadTimeoutInitialized = true;
        }
        return sslHandshakeReadTimeout;
    }

    protected SSLSocket tryToCreateConnectedSSLSocket(int i, String str, int i2, SSLSocketFactory sSLSocketFactory, String str2, boolean z) throws Exception {
        try {
            return createConnectedSSLSocket(i, str, i2, sSLSocketFactory, str2, z);
        } catch (IOException e) {
            Object[] createMessageMinorPair = createMessageMinorPair(e, 1229066352, 1229066368, str, Integer.toString(i2));
            String str3 = (String) createMessageMinorPair[0];
            int intValue = ((Integer) createMessageMinorPair[1]).intValue();
            if (LocationServiceImpl.threadLocalAvoidLogs.get() == null) {
                Manager.Ffdc.log(e, this, "com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl.createSSLSocket", "355", new Object[]{this});
            }
            throw new COMM_FAILURE("CONNECT_FAILURE_ON_SSL_CLIENT_SOCKET - " + str3, intValue, CompletionStatus.COMPLETED_NO);
        }
    }

    protected SSLSocket createConnectedSSLSocket(int i, String str, int i2, SSLSocketFactory sSLSocketFactory, String str2, boolean z) throws Exception {
        SSLSocket sSLSocket;
        InetSocketAddress inetSocketAddress = new InetSocketAddress(str, i2);
        if (z) {
            if (i == 0) {
                sSLSocket = (SSLSocket) sSLSocketFactory.createSocket(str, i2, InetAddress.getByName(str2), 0);
            } else {
                Socket socket = new Socket();
                socket.bind(new InetSocketAddress(str2, 0));
                socket.connect(inetSocketAddress, i);
                sSLSocket = (SSLSocket) sSLSocketFactory.createSocket(socket, str, i2, true);
            }
            if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.trace(TaskInfoRegistryUI.OP_SCHEDULER_CREATETASKINFO, this, "createSSLSocket(cd, connTimeout)", "Bind Client Socket To A Specific NIC card=" + z + ", Remote Host=" + str + ", Remote Port=" + i2 + ", LocalHost=" + str2 + ", java.net.InetAddress.getByName( LocalHost )=" + InetAddress.getByName(str2) + ", ConnectTimeout = " + i + " milliseconds.");
            }
        } else {
            if (i == 0) {
                sSLSocket = (SSLSocket) sSLSocketFactory.createSocket(str, i2);
            } else {
                Socket socket2 = new Socket();
                socket2.connect(inetSocketAddress, i);
                sSLSocket = (SSLSocket) sSLSocketFactory.createSocket(socket2, str, i2, true);
            }
            if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.trace(TaskInfoRegistryUI.OP_SCHEDULER_CREATETASKINFO, this, "createSSLSocket(cd, connTimeout)", "Bind Client Socket To Multiple NIC cards=" + (!z) + ", Remote Host=" + str + ", Remote Port=" + i2 + ", ConnectTimeout = " + i + " milliseconds.");
            }
        }
        try {
            sSLSocket.setKeepAlive(true);
        } catch (SocketException e) {
            if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.trace(16L, CLASS_NAME, "IIOPSSLConnectionClient.createSSLSocket", "\n[\nException calling setKeepAlive() " + e.getMessage() + "\n]");
            }
        }
        try {
            sSLSocket.setTcpNoDelay(true);
        } catch (SocketException e2) {
            if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.trace(16L, CLASS_NAME, "IIOPSSLConnectionClient.createSSLSocket", "\n[\nException calling setTcpNoDelay() " + e2.getMessage() + "\n]");
            }
        }
        return sSLSocket;
    }

    protected Object[] createMessageMinorPair(IOException iOException, int i, int i2, String str, String str2) {
        String message;
        int i3 = i;
        boolean z = false;
        if (iOException instanceof SSLHandshakeException) {
            message = SocketFactoryMessageUtility.getMessage("IIOPSSLConnectionClient.SSLHandshakeException", iOException.getMessage());
        } else if (iOException instanceof SSLProtocolException) {
            message = SocketFactoryMessageUtility.getMessage("IIOPSSLConnectionClient.SSLProtocolException", iOException.getMessage());
        } else if (iOException instanceof SSLPeerUnverifiedException) {
            message = SocketFactoryMessageUtility.getMessage("IIOPSSLConnectionClient.SSLPeerUnverifiedException", iOException.getMessage());
        } else if (iOException instanceof SSLKeyException) {
            message = SocketFactoryMessageUtility.getMessage("IIOPSSLConnectionClient.SSLKeyException", iOException.getMessage());
        } else if (iOException instanceof SSLException) {
            message = SocketFactoryMessageUtility.getMessage("IIOPSSLConnectionClient.SSLException", iOException.getMessage());
        } else {
            z = true;
            message = SocketFactoryMessageUtility.getMessage("IIOPSSLConnectionClient.IOException", new String[]{iOException.getMessage(), str, str2});
        }
        if (!z) {
            ORBRas.orbMsgLogger.msg(4L, CLASS_NAME, "createSSLSocket", message, (String) null, iOException);
        } else if (i != i2) {
            ORBRas.orbTrcLogger.trace(4L, CLASS_NAME, "createSSLSocket", message);
            i3 = i2;
        } else {
            ORBRas.orbMsgLogger.msg(4L, CLASS_NAME, "createSSLSocket", message, (String) null, iOException);
        }
        return new Object[]{message, Integer.valueOf(i3)};
    }

    private SSLSession performSSLHandshakeAndGetSession(ORBForTransports oRBForTransports, final SSLSocket sSLSocket, Properties properties, SSLSocketFactory sSLSocketFactory) throws IOException {
        SSLSession sSLSession = null;
        int i = Integer.MIN_VALUE;
        if (sSLSocket != null) {
            try {
                i = sSLSocket.getSoTimeout();
                if (ORBRas.isTrcLogging) {
                    ORBRas.orbTrcLogger.trace(TaskInfoRegistryUI.OP_SCHEDULER_CREATETASKINFO, this, "performSSLHandshakeAndGetSession", "Current timeout for ssl socket is: " + i);
                }
                ENABLED_CIPHERS = SSLConfigManager.getInstance().parseEnabledCiphers(properties.getProperty("com.ibm.ssl.enabledCipherSuites"));
                if (ENABLED_CIPHERS == null) {
                    String property = properties.getProperty("com.ibm.ssl.securityLevel");
                    SUPPORTED_CIPHERS = sSLSocketFactory.getSupportedCipherSuites();
                    SUPPORTED_CIPHERS = SSLConfigManager.getInstance().adjustSupportedCiphersToSecurityLevel(SUPPORTED_CIPHERS, property);
                }
                if (ENABLED_CIPHERS != null && ENABLED_CIPHERS.length > 0) {
                    sSLSocket.setEnabledCipherSuites(ENABLED_CIPHERS);
                } else if (SUPPORTED_CIPHERS != null && SUPPORTED_CIPHERS.length > 0) {
                    sSLSocket.setEnabledCipherSuites(SUPPORTED_CIPHERS);
                }
                int i2 = 0;
                if (oRBForTransports != null) {
                    i2 = getSSLHandshakeReadTimeout(oRBForTransports);
                }
                if (i2 > 0) {
                    try {
                        sSLSocket.setSoTimeout(i2);
                        if (ORBRas.isTrcLogging) {
                            ORBRas.orbTrcLogger.trace(TaskInfoRegistryUI.OP_SCHEDULER_CREATETASKINFO, this, "performSSLHandshakeAndGetSession", "The read timeout for this sslHandshake has been set to " + i2 + " milliseconds.");
                        }
                    } catch (Exception e) {
                        ORBRas.orbTrcLogger.exception(8L, this, "performSSLHandshakeAndGetSession", e);
                        if (ORBRas.isTrcLogging) {
                            ORBRas.orbTrcLogger.trace(TaskInfoRegistryUI.OP_SCHEDULER_CREATETASKINFO, this, "performSSLHandshakeAndGetSession", "Could NOT set socket timeout due to exception.");
                        }
                    }
                }
                sSLSocket.startHandshake();
                if (sSLSocket != null) {
                    try {
                        sSLSession = (SSLSession) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl.2
                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() {
                                return sSLSocket.getSession();
                            }
                        });
                    } catch (PrivilegedActionException e2) {
                        Manager.Ffdc.log(e2, this, "com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl.createSSLSocket", "297", new Object[]{this});
                    }
                }
                if (i != Integer.MIN_VALUE) {
                    try {
                        sSLSocket.setSoTimeout(i);
                        if (ORBRas.isTrcLogging) {
                            ORBRas.orbTrcLogger.trace(TaskInfoRegistryUI.OP_SCHEDULER_CREATETASKINFO, this, "performSSLHandshakeAndGetSession", "SSL handshake/getSession attempt ending, the read timeout for this socket has been set back to " + i);
                        }
                    } catch (Exception e3) {
                        ORBRas.orbTrcLogger.exception(8L, this, "performSSLHandshakeAndGetSession", e3);
                        if (ORBRas.isTrcLogging) {
                            ORBRas.orbTrcLogger.trace(TaskInfoRegistryUI.OP_SCHEDULER_CREATETASKINFO, this, "performSSLHandshakeAndGetSession", "Could NOT set socket timeout due to " + e3.toString());
                        }
                    }
                }
            } catch (Throwable th) {
                if (i != Integer.MIN_VALUE) {
                    try {
                        sSLSocket.setSoTimeout(i);
                        if (ORBRas.isTrcLogging) {
                            ORBRas.orbTrcLogger.trace(TaskInfoRegistryUI.OP_SCHEDULER_CREATETASKINFO, this, "performSSLHandshakeAndGetSession", "SSL handshake/getSession attempt ending, the read timeout for this socket has been set back to " + i);
                        }
                    } catch (Exception e4) {
                        ORBRas.orbTrcLogger.exception(8L, this, "performSSLHandshakeAndGetSession", e4);
                        if (ORBRas.isTrcLogging) {
                            ORBRas.orbTrcLogger.trace(TaskInfoRegistryUI.OP_SCHEDULER_CREATETASKINFO, this, "performSSLHandshakeAndGetSession", "Could NOT set socket timeout due to " + e4.toString());
                        }
                    }
                }
                throw th;
            }
        }
        return sSLSession;
    }
}
