package org.jacorb.security.ssl.sun_jsse;

import fr.esrf.TangoDs.TangoConst;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.StringTokenizer;
import javax.net.SocketFactory;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.ConfigurationException;
import org.jacorb.orb.ORB;
import org.jacorb.orb.factory.AbstractSocketFactory;
import org.jacorb.orb.listener.SSLHandshakeListener;
import org.jacorb.orb.listener.SSLSessionListener;

/* loaded from: input_file:org/jacorb/security/ssl/sun_jsse/SSLSocketFactory.class */
public class SSLSocketFactory extends AbstractSocketFactory {
    private SocketFactory factory = null;
    private String[] cipher_suites = null;
    private String[] enabledProtocols = null;
    private TrustManager trustManager = null;
    private boolean trusteesFromKS = false;
    private short clientSupportedOptions = 0;
    private String keystore_location = null;
    private String keystore_passphrase = null;
    private final SSLSessionListener sslListener;
    private SSLRandom sslRandom;

    public SSLSocketFactory(ORB orb) {
        this.sslListener = orb.getTransportManager().getSocketFactoryManager().getSSLListener();
    }

    @Override // org.jacorb.orb.factory.AbstractSocketFactory, org.apache.avalon.framework.configuration.Configurable
    public void configure(Configuration configuration) throws ConfigurationException {
        super.configure(configuration);
        this.sslRandom = new SSLRandom();
        this.sslRandom.configure(configuration);
        this.trusteesFromKS = configuration.getAttributeAsBoolean("jacorb.security.jsse.trustees_from_ks", false);
        this.keystore_location = configuration.getAttribute("jacorb.security.keystore", "UNSET");
        this.keystore_passphrase = configuration.getAttribute("jacorb.security.keystore_password", "UNSET");
        this.clientSupportedOptions = Short.parseShort(configuration.getAttribute("jacorb.security.ssl.client.supported_options", TangoConst.Tango_ResNotDefined), 16);
        try {
            this.trustManager = (TrustManager) ((org.jacorb.config.Configuration) configuration).getAttributeAsObject("jacorb.security.ssl.client.trust_manager");
        } catch (ConfigurationException e) {
            if (this.logger.isErrorEnabled()) {
                this.logger.error(new StringBuffer().append("TrustManager object creation failed. Please check value of property 'jacorb.security.ssl.client.trust_manager'. Current value: ").append(configuration.getAttribute("jacorb.security.ssl.client.trust_manager", "")).toString(), e);
            }
        }
        if (JSSEUtil.isJDK14() && configuration.getAttribute("jacorb.security.ssl.client.protocols", null) != null) {
            this.enabledProtocols = (String[]) ((org.jacorb.config.Configuration) configuration).getAttributeList("jacorb.security.ssl.client.protocols").toArray();
            if (this.logger.isDebugEnabled()) {
                this.logger.debug(new StringBuffer().append("Setting user specified client enabled protocols : ").append(configuration.getAttribute("jacorb.security.ssl.client.protocols", "")).toString());
            }
        }
        try {
            this.factory = createSocketFactory();
            String attribute = configuration.getAttribute("jacorb.security.ssl.server.cipher_suites", null);
            if (attribute != null) {
                StringTokenizer stringTokenizer = new StringTokenizer(attribute, ",");
                int countTokens = stringTokenizer.countTokens();
                if (countTokens > 0) {
                    this.cipher_suites = new String[countTokens];
                    while (stringTokenizer.hasMoreElements()) {
                        countTokens--;
                        this.cipher_suites[countTokens] = stringTokenizer.nextToken();
                    }
                }
            }
        } catch (Exception e2) {
            this.logger.error("Unable to create SSLSocketFactory!", e2);
            throw new ConfigurationException("Unable to create SSLSocketFactory!", e2);
        }
    }

    @Override // org.jacorb.orb.factory.SocketFactory
    public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
        SSLSocket sSLSocket = (SSLSocket) this.factory.createSocket(str, i);
        initSSLSocket(sSLSocket);
        return sSLSocket;
    }

    @Override // org.jacorb.orb.factory.AbstractSocketFactory
    public Socket doCreateSocket(String str, int i, int i2) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) this.factory.createSocket();
        sSLSocket.connect(new InetSocketAddress(str, i), i2);
        initSSLSocket(sSLSocket);
        return sSLSocket;
    }

    private void initSSLSocket(SSLSocket sSLSocket) {
        if (this.cipher_suites != null) {
            sSLSocket.setEnabledCipherSuites(this.cipher_suites);
        }
        if (this.enabledProtocols != null) {
            JSSEUtil.setEnabledProtocols(sSLSocket, this.enabledProtocols);
        }
        sSLSocket.addHandshakeCompletedListener(new SSLHandshakeListener(this.logger, this.sslListener));
    }

    @Override // org.jacorb.orb.factory.SocketFactory
    public boolean isSSL(Socket socket) {
        return socket instanceof SSLSocket;
    }

    private SocketFactory createSocketFactory() throws IOException, GeneralSecurityException {
        TrustManager[] trustManagerArr;
        JSSEUtil.registerSecurityProvider();
        KeyManagerFactory keyManagerFactory = null;
        KeyStore keyStore = null;
        if (this.trusteesFromKS || (this.clientSupportedOptions & 64) != 0) {
            keyStore = KeyStoreUtil.getKeyStore(this.keystore_location, this.keystore_passphrase.toCharArray());
            if ((this.clientSupportedOptions & 64) != 0) {
                keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                keyManagerFactory.init(keyStore, this.keystore_passphrase.toCharArray());
            }
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
        if (keyStore == null || !this.trusteesFromKS) {
            trustManagerFactory.init((KeyStore) null);
        } else {
            if (this.logger.isInfoEnabled()) {
                this.logger.info(new StringBuffer().append("Loading certs from keystore ").append(keyStore.getType()).toString());
            }
            trustManagerFactory.init(keyStore);
        }
        if (this.trustManager == null) {
            trustManagerArr = trustManagerFactory.getTrustManagers();
        } else {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug(new StringBuffer().append("Setting user specified client TrustManger : ").append(this.trustManager.getClass().getName()).toString());
            }
            trustManagerArr = new TrustManager[]{this.trustManager};
        }
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerFactory == null ? null : keyManagerFactory.getKeyManagers(), trustManagerArr, this.sslRandom.getSecureRandom());
        return sSLContext.getSocketFactory();
    }
}
