package com.ibm.ctg.server;

import com.ibm.ctg.client.GatewayRequest;
import com.ibm.ctg.client.SSLContextFactory;
import com.ibm.ctg.client.SafeIP;
import com.ibm.ctg.client.T;
import com.ibm.ctg.security.JSSEServerSecurity;
import com.ibm.ctg.security.PasswordMask;
import com.ibm.ctg.server.ProtocolHandler;
import com.ibm.ctg.server.isc.headers.ISCHTTPHeader;
import com.ibm.ctg.server.logging.Log;
import com.ibm.ctg.util.BldLevel;
import com.ibm.ctg.util.OSInfo;
import com.ibm.ctg.util.OSVersion;
import java.io.IOException;
import java.io.InterruptedIOException;
import java.net.Socket;
import java.net.SocketTimeoutException;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.StringTokenizer;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.security.cert.X509Certificate;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:cicsctgoem.jar:com/ibm/ctg/server/SslHandler.class */
public class SslHandler extends ExtendedSocketHandler {
    public static final String CLASS_VERSION = "@(#) java/com/ibm/ctg/server/SslHandler.java, cd_gw_protocolhandlers, c900z-bsf c900-20130808-1542";
    static final String copyright_notice = "Licensed Materials - Property of IBM 5724-I81,5725-B65,5655-Y20 (c) Copyright IBM Corp. 1996, 2012 All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static final String strClientAuthentication = "clientauth=";
    private static final String strCipherSuites = "ciphersuites=";
    private String strClientAuthenticationValue;
    private String[] cipherSuites;
    private SSLSocket socToClient;

    SslHandler() {
        this.strClientAuthenticationValue = "false";
        this.cipherSuites = null;
        T.ln(this, "SslHandler Default CTOR");
        this.portNumber = 8050;
    }

    SslHandler(SSLSocket sSLSocket, ProtocolHandler.ProtocolHandlerParameters protocolHandlerParameters) throws IOException {
        super(sSLSocket, protocolHandlerParameters);
        this.strClientAuthenticationValue = "false";
        this.cipherSuites = null;
        T.in(this, "SslHandler CTOR");
        this.portNumber = 8050;
        this.socToClient = sSLSocket;
        T.out(this, "SslHandler CTOR");
    }

    @Override // com.ibm.ctg.server.ExtendedSocketHandler, com.ibm.ctg.server.SocketHandler, com.ibm.ctg.server.ProtocolHandler
    String initialize(ManagedResources managedResources, String str, String str2) throws Exception {
        T.in(this, "initialize", managedResources, str, str2);
        StringBuffer stringBuffer = new StringBuffer();
        if (str != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(str, ";");
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                if (nextToken.toLowerCase().startsWith(strClientAuthentication)) {
                    this.strClientAuthenticationValue = nextToken.substring(strClientAuthentication.length());
                    T.ln(this, str2 + ": {0} = {1}", nextToken, this.strClientAuthenticationValue);
                } else if (nextToken.toLowerCase().startsWith(strCipherSuites)) {
                    this.cipherSuites = makeCipherSuiteArray(nextToken.substring(strCipherSuites.length()));
                } else {
                    stringBuffer.append(nextToken);
                    stringBuffer.append(';');
                }
            }
        }
        String initialize = super.initialize(managedResources, stringBuffer.toString(), str2);
        if (System.getProperty("com.ibm.jsse2.sp800-131", "off").equals("transition")) {
            T.ln(this, "SP800-131 transition enabled,  setting protocol to TLS");
            SSLContextFactory.setProtocol("TLS");
        } else {
            SSLContextFactory.setProtocol("SSL_TLS");
        }
        String unmaskPassword = PasswordMask.unmaskPassword(GatewaySSL.getKeyRingPassword());
        if (unmaskPassword == null) {
            unmaskPassword = BldLevel.PRODUCT_LABEL;
        }
        SSLServerSocket sSLServerSocket = (SSLServerSocket) (GatewaySSL.useEsmKeyRing() ? SSLContextFactory.getSSLContext(GatewaySSL.getKeyRing(), GatewaySSL.useHardwareCrypto()) : SSLContextFactory.getSSLContext(GatewaySSL.getKeyRing(), unmaskPassword, GatewaySSL.useHardwareCrypto())).getServerSocketFactory().createServerSocket(this.portNumber, 8192, this.bindAddress);
        if (this.cipherSuites != null) {
            HashSet hashSet = new HashSet();
            String[] filterCipherSuites = GatewaySSL.filterCipherSuites(sSLServerSocket.getSupportedCipherSuites(), this.cipherSuites, hashSet);
            if (filterCipherSuites.length == 0) {
                throw new IllegalArgumentException(ServerMessages.getMessage("6495"));
            }
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                Log.printWarningLn("6497", 0, new Object[]{(String) it.next()});
            }
            sSLServerSocket.setEnabledCipherSuites(filterCipherSuites);
            Log.printInfoLn("8401", 0, null);
            String[] enabledCipherSuites = sSLServerSocket.getEnabledCipherSuites();
            for (int i = 0; i < enabledCipherSuites.length; i++) {
                Log.printInfoLn("\t" + enabledCipherSuites[i], i);
            }
        }
        if (this.strClientAuthenticationValue.equalsIgnoreCase("true") || this.strClientAuthenticationValue.equalsIgnoreCase("on") || this.strClientAuthenticationValue.equalsIgnoreCase("yes")) {
            sSLServerSocket.setNeedClientAuth(true);
            T.ln(this, "Client Authentication enabled for ssl: protocol");
        } else {
            sSLServerSocket.setNeedClientAuth(false);
            T.ln(this, "Server-only Authentication enabled for ssl: protocol");
        }
        super.setServerSocket(new JSSEServerSocket(sSLServerSocket));
        T.out(this, "initialize", initialize.toString());
        return initialize;
    }

    private String[] makeCipherSuiteArray(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        String[] strArr = new String[stringTokenizer.countTokens()];
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = stringTokenizer.nextToken();
        }
        return strArr;
    }

    @Override // com.ibm.ctg.server.SocketHandler
    ProtocolHandler createHandler(Socket socket) throws IOException {
        SslHandler sslHandler = new SslHandler((SSLSocket) socket, this.parAms);
        sslHandler.setHandlerName(this.handlerName);
        return sslHandler;
    }

    @Override // com.ibm.ctg.server.ProtocolHandler
    void specificAfterDecode(GatewayRequest gatewayRequest) throws IOException {
        T.in(this, "specificAfterDecode", gatewayRequest);
        if (this.serSecurity != null) {
            T.ln(this, "Calling this connection's ServerSecurity handler");
            try {
                if (this.serSecurity instanceof JSSEServerSecurity) {
                    X509Certificate[] x509CertificateArr = null;
                    try {
                        x509CertificateArr = this.socToClient.getSession().getPeerCertificateChain();
                    } catch (IOException e) {
                        T.ln(this, "No certificate chain found for JSSE Socket");
                    }
                    T.ln(this, "invoking JSSEServerSecurity extended AfterDecode with certificate chain");
                    ((JSSEServerSecurity) this.serSecurity).afterDecode(gatewayRequest, x509CertificateArr);
                } else {
                    T.ln(this, "invoking JSSEServerSecurity standard AfterDecode");
                    this.serSecurity.afterDecode(gatewayRequest);
                }
            } catch (Exception e2) {
                T.ex(this, e2);
                throw new IOException(e2.getMessage());
            }
        }
        T.out(this, "specificAfterDecode");
    }

    @Override // com.ibm.ctg.server.SocketHandler, com.ibm.ctg.server.ProtocolHandler
    public String toString() {
        return super.toString() + " using protocol " + this.socToClient.getSession().getProtocol();
    }

    @Override // com.ibm.ctg.server.SocketHandler, java.lang.Runnable
    public void run() {
        T.in(this, "run");
        this.bProtocolOpen = true;
        int i = 0;
        while (true) {
            try {
                try {
                    Socket accept = this.socListenOn.accept();
                    if (OSVersion.OPERATING_SYSTEM.equals(OSInfo.ZOS) && accept.getReceiveBufferSize() < 65536) {
                        accept.setReceiveBufferSize(65536);
                        T.ln(this, "Receive buffer size set to 64k");
                    }
                    if (i > 0) {
                        T.ln(this, "Reset accept error count, was {0}", new Integer(i));
                        i = 0;
                    }
                    String iPInformation = SafeIP.getIPInformation(accept);
                    Date date = new Date();
                    try {
                        if (this.lConnectTimeout == 0) {
                            accept.setSoTimeout(ISCHTTPHeader.CHAIN_MIDDLE);
                        } else {
                            accept.setSoTimeout((int) this.lConnectTimeout);
                        }
                        ((SSLSocket) accept).startHandshake();
                        SSLSession session = ((SSLSocket) accept).getSession();
                        if (session == null) {
                            T.ln(this, reportFailedConnection(iPInformation, null));
                            accept.close();
                        } else {
                            T.ln(this, "Client " + iPInformation + " connected using cipher suite " + session.getCipherSuite() + " and protocol " + session.getProtocol());
                            try {
                                ProtocolHandler createHandler = createHandler(accept);
                                Date date2 = new Date();
                                long j = 0;
                                if (this.lConnectTimeout > 0) {
                                    j = this.lConnectTimeout - (date2.getTime() - date.getTime());
                                }
                                ConnectionManager allocateConnectionManager = this.mgrResources.allocateConnectionManager(j);
                                if (allocateConnectionManager == null) {
                                    Log.printErrorLn("6562", 1, new Object[]{this.handlerName + ":@" + SafeIP.getIPInformation(accept)});
                                    try {
                                        accept.close();
                                    } catch (IOException e) {
                                        T.ex(this, e);
                                    }
                                } else {
                                    if (T.getLinesOn()) {
                                        T.ln(this, "Accepted connection to {0}", SafeIP.getIPInformation(accept));
                                    }
                                    allocateConnectionManager.kick(createHandler, this.mgrResources);
                                }
                            } catch (IOException e2) {
                                T.ex(this, e2);
                                if (T.bTrace) {
                                    T.ln(this, TraceMessages.getMessage(55, this.handlerName + ":@" + SafeIP.getIPInformation(accept), e2));
                                }
                                try {
                                    accept.close();
                                } catch (Exception e3) {
                                    T.ex(this, e3);
                                }
                            }
                        }
                    } catch (IOException e4) {
                        T.ex(this, e4);
                        T.ln(this, reportFailedConnection(iPInformation, e4));
                        accept.close();
                    }
                } catch (InterruptedIOException e5) {
                    synchronized (this) {
                        if (!this.bProtocolOpen) {
                            T.ln(this, "SO_TIMEOUT popped and handler has been closed");
                            break;
                        }
                    }
                } catch (IOException e6) {
                    T.ex(this, e6);
                    if (!this.bProtocolOpen) {
                        T.ln(this, "Closing the protocol handler as the Gateway is stopping");
                        break;
                    }
                    if (!(e6 instanceof ProtocolHandlerAbortException)) {
                        if (OSVersion.OPERATING_SYSTEM.equals(OSInfo.ZOS)) {
                            i++;
                            if (i >= ACCEPT_ERROR_LIMIT) {
                                Log.printErrorLn("6564", 1, new Object[]{this.handlerName});
                                this.bNeedsRestart = true;
                                break;
                            }
                        }
                    } else {
                        T.ln(this, "Protocol listener failed with fatal error. The Protocol handler will be closed.");
                        Log.printErrorLn("6563", 2, new Object[]{this.handlerName + ":", e6});
                        break;
                    }
                }
            } catch (Exception e7) {
                T.ex(this, e7);
                Log.printErrorLn("6563", 3, new Object[]{this.handlerName + ":", e7});
            }
        }
        synchronized (this) {
            this.bProtocolOpen = false;
        }
        T.out(this, "run");
    }

    private String reportFailedConnection(String str, IOException iOException) {
        String str2 = "possible handshake failure";
        if (iOException != null) {
            str2 = iOException.getMessage();
            if ((iOException instanceof SocketTimeoutException) && ConnectionManager.isConnectionLoggingEnabled()) {
                Log.printErrorLn("6566", 0, new Object[]{str, Long.valueOf(this.lConnectTimeout)});
            }
        }
        String str3 = "Client " + str + " failed to connect, " + str2;
        T.ln(this, str3);
        return str3;
    }
}
