package com.ibm.ws.transport.iiop.security.config.ssl.yoko;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.csiv2.config.CompatibleMechanisms;
import com.ibm.ws.security.csiv2.config.ssl.SSLConfig;
import com.ibm.ws.security.csiv2.config.tss.ServerTransportAddress;
import com.ibm.ws.security.csiv2.util.SecurityServices;
import com.ibm.ws.transport.iiop.security.ClientPolicy;
import com.ibm.ws.transport.iiop.security.config.css.CSSConfig;
import com.ibm.ws.transport.iiop.security.config.css.CSSTransportMechConfig;
import com.ibm.ws.transport.iiop.security.config.tss.OptionsKey;
import com.ibm.ws.transport.iiop.security.config.tss.TSSCompoundSecMechListConfig;
import com.ibm.ws.transport.iiop.security.config.tss.TSSSSLTransportConfig;
import com.ibm.ws.transport.iiop.security.config.tss.TSSTransportMechConfig;
import com.ibm.ws.transport.iiop.yoko.helper.SocketFactoryHelper;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.yoko.orb.OCI.IIOP.Util;
import org.omg.CORBA.Policy;
import org.omg.CORBA.TRANSIENT;
import org.omg.CSIIOP.TransportAddress;
import org.omg.IOP.TaggedComponent;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/transport/iiop/security/config/ssl/yoko/SocketFactory.class */
public class SocketFactory extends SocketFactoryHelper {
    private static final TraceComponent tc = Tr.register(SocketFactory.class);
    private static final String HOST_PROTOCOL = "ssl";
    private final Map<String, SSLSocketFactory> socketFactoryMap;
    private final Map<String, SSLServerSocketFactory> serverSocketFactoryMap;
    private final SSLConfig sslConfig;
    private final List<SocketInfo> socketInfos;
    static final long serialVersionUID = 8273269350621981732L;

    /* JADX INFO: Access modifiers changed from: private */
    @InjectedFFDC
    @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
    /* loaded from: input_file:com/ibm/ws/transport/iiop/security/config/ssl/yoko/SocketFactory$SocketInfo.class */
    public static final class SocketInfo {
        final InetAddress addr;
        final int port;
        final OptionsKey key;
        final String sslConfigName;
        static final long serialVersionUID = 940386407186482989L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(SocketInfo.class);

        public SocketInfo(InetAddress inetAddress, int i, OptionsKey optionsKey, String str) {
            this.addr = inetAddress;
            this.port = i;
            this.key = optionsKey;
            this.sslConfigName = str;
        }
    }

    public SocketFactory() {
        super(tc);
        this.socketFactoryMap = new HashMap(1);
        this.serverSocketFactoryMap = new HashMap(1);
        this.socketInfos = new ArrayList();
        this.sslConfig = SecurityServices.getSSLConfig();
    }

    public Socket createSocket(String str, int i) throws IOException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "SocketFactory attempting to create socket for host: " + str + " port: " + i, new Object[0]);
        }
        if (!Util.isEncodedHost(str, HOST_PROTOCOL)) {
            return createPlainSocket(str, i);
        }
        return createSSLSocket(Util.decodeHost(str), (char) i, Util.decodeHostInfo(str));
    }

    private static CSSConfig getCssConfig(Policy[] policyArr) {
        CSSConfig cSSConfig = null;
        int length = policyArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            Policy policy = policyArr[i];
            if (policy instanceof ClientPolicy) {
                cSSConfig = ((ClientPolicy) policy).getConfig();
                break;
            }
            i++;
        }
        return cSSConfig;
    }

    private List<CompatibleMechanisms> getCompatibleMechanisms(CSSConfig cSSConfig, TaggedComponent taggedComponent) {
        try {
            TSSCompoundSecMechListConfig decodeIOR = TSSCompoundSecMechListConfig.decodeIOR(this.codec, taggedComponent);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "looking at tss: " + decodeIOR, new Object[0]);
            }
            return cSSConfig.findCompatibleList(decodeIOR);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.transport.iiop.security.config.ssl.yoko.SocketFactory", "148", this, new Object[]{cSSConfig, taggedComponent});
            throw new TRANSIENT("Could not decode IOR TSSCompoundSecMechListConfig").initCause(e);
        }
    }

    @FFDCIgnore({IOException.class})
    public Socket createSelfConnection(InetAddress inetAddress, int i) throws IOException {
        try {
            SocketInfo socketInfo = null;
            for (SocketInfo socketInfo2 : this.socketInfos) {
                if (socketInfo2.port == i && socketInfo2.addr.equals(inetAddress)) {
                    socketInfo = socketInfo2;
                }
            }
            if (socketInfo == null) {
                throw new IOException("No inbound socket matching address " + inetAddress + " and port " + i);
            }
            if ((1 & socketInfo.key.requires) != 1) {
                return createSSLSocket(inetAddress.getHostName(), i, socketInfo.sslConfigName);
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                Tr.debug(tc, "Created plain endpoint to " + inetAddress.getHostName() + ":" + i, new Object[0]);
            }
            return new Socket(inetAddress, i);
        } catch (IOException e) {
            Tr.error(tc, "Exception creating a client socket to " + inetAddress.getHostName() + ":" + i, new Object[]{e});
            throw e;
        }
    }

    public ServerSocket createServerSocket(int i, int i2, String[] strArr) throws IOException {
        return createServerSocket(i, i2, null, strArr);
    }

    public ServerSocket createServerSocket(int i, int i2, InetAddress inetAddress, String[] strArr) throws IOException {
        ServerSocket serverSocket;
        String str = null;
        boolean z = true;
        int i3 = 0;
        while (i3 < strArr.length - 1) {
            try {
                String str2 = strArr[i3];
                if ("--sslConfigName".equals(str2)) {
                    i3++;
                    str = strArr[i3];
                }
                if ("--soReuseAddr".equals(str2)) {
                    i3++;
                    z = Boolean.parseBoolean(strArr[i3]);
                }
                i3++;
            } catch (SSLException e) {
                FFDCFilter.processException(e, "com.ibm.ws.transport.iiop.security.config.ssl.yoko.SocketFactory", "281", this, new Object[]{Integer.valueOf(i), Integer.valueOf(i2), inetAddress, strArr});
                throw new IOException("Could not retrieve association options from ssl configuration", e);
            }
        }
        OptionsKey associationOptions = this.sslConfig.getAssociationOptions(str);
        if ((1 & associationOptions.requires) == 1) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                Tr.debug(tc, "Created plain server socket for port " + i, new Object[0]);
            }
            serverSocket = new ServerSocket();
        } else {
            SSLServerSocketFactory serverSocketFactory = getServerSocketFactory(str);
            SSLServerSocket sSLServerSocket = (SSLServerSocket) serverSocketFactory.createServerSocket();
            configureServerSocket(sSLServerSocket, serverSocketFactory, str, associationOptions);
            serverSocket = sSLServerSocket;
        }
        IOException iOException = null;
        for (int i4 = 0; i4 < 3; i4++) {
            iOException = openSocket(i, i2, inetAddress, serverSocket, z);
            if (iOException == null) {
                break;
            }
            try {
                if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                    Tr.debug(tc, "bind error, retry binding... count : " + i4, new Object[0]);
                }
                Thread.sleep(500L);
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.transport.iiop.security.config.ssl.yoko.SocketFactory", "266", this, new Object[]{Integer.valueOf(i), Integer.valueOf(i2), inetAddress, strArr});
                Tr.debug(tc, "An exception is caught while retrying binding. the error message is  " + e2.getMessage(), new Object[0]);
            }
        }
        if (iOException == null) {
            this.socketInfos.add(new SocketInfo(inetAddress, serverSocket.getLocalPort(), associationOptions, str));
            return serverSocket;
        }
        Tr.error(tc, "SOCKET_BIND_ERROR", new Object[]{inetAddress.getHostName(), Integer.valueOf(i), iOException.getLocalizedMessage()});
        throw iOException;
    }

    private SSLSocketFactory getSocketFactory(String str) throws IOException {
        SSLSocketFactory sSLSocketFactory = this.socketFactoryMap.get(str);
        if (sSLSocketFactory == null) {
            if (str == null) {
                sSLSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
            } else {
                try {
                    sSLSocketFactory = this.sslConfig.createSSLFactory(str);
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.transport.iiop.security.config.ssl.yoko.SocketFactory", "304", this, new Object[]{str});
                    Tr.error(tc, "Unable to create client SSL socket factory", new Object[]{e});
                    throw ((IOException) new IOException("Unable to create client SSL socket factory: " + e.getMessage()).initCause(e));
                }
            }
            this.socketFactoryMap.put(str, sSLSocketFactory);
        }
        return sSLSocketFactory;
    }

    private SSLServerSocketFactory getServerSocketFactory(String str) throws IOException {
        SSLServerSocketFactory sSLServerSocketFactory = this.serverSocketFactoryMap.get(str);
        if (sSLServerSocketFactory == null) {
            if (str == null) {
                sSLServerSocketFactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
            } else {
                try {
                    sSLServerSocketFactory = this.sslConfig.createSSLServerFactory(str);
                    this.serverSocketFactoryMap.put(str, sSLServerSocketFactory);
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.transport.iiop.security.config.ssl.yoko.SocketFactory", "331", this, new Object[]{str});
                    Tr.error(tc, "Unable to create server SSL socket factory", new Object[]{e});
                    throw ((IOException) new IOException("Unable to create server SSL socket factory: " + e.getMessage()).initCause(e));
                }
            }
            getSocketFactory(str);
        }
        return sSLServerSocketFactory;
    }

    private void configureServerSocket(SSLServerSocket sSLServerSocket, SSLServerSocketFactory sSLServerSocketFactory, String str, OptionsKey optionsKey) throws IOException {
        try {
            String[] cipherSuites = this.sslConfig.getCipherSuites(str, sSLServerSocketFactory.getSupportedCipherSuites());
            sSLServerSocket.setEnabledCipherSuites(cipherSuites);
            boolean z = (optionsKey.requires & 64) == 64;
            boolean z2 = (optionsKey.supports & 64) == 64;
            if (z) {
                sSLServerSocket.setNeedClientAuth(true);
            } else if (z2) {
                sSLServerSocket.setWantClientAuth(true);
            } else {
                sSLServerSocket.setNeedClientAuth(false);
            }
            sSLServerSocket.setSoTimeout(60000);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                Tr.debug(tc, "Created SSL server socket on port " + sSLServerSocket.getLocalPort(), new Object[0]);
                Tr.debug(tc, "    client authentication " + (z2 ? "SUPPORTED" : "UNSUPPORTED"), new Object[0]);
                Tr.debug(tc, "    client authentication " + (z ? "REQUIRED" : "OPTIONAL"), new Object[0]);
                Tr.debug(tc, "    cipher suites:", new Object[0]);
                for (String str2 : cipherSuites) {
                    Tr.debug(tc, "    " + str2, new Object[0]);
                }
            }
        } catch (SSLException e) {
            FFDCFilter.processException(e, "com.ibm.ws.transport.iiop.security.config.ssl.yoko.SocketFactory", "389", this, new Object[]{sSLServerSocket, sSLServerSocketFactory, str, optionsKey});
            throw new IOException("Could not configure server socket", e);
        }
    }

    private Socket createSSLSocket(String str, int i, final String str2) throws IOException {
        final SSLSocketFactory socketFactory = getSocketFactory(str2);
        SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(str, i);
        sSLSocket.setSoTimeout(60000);
        try {
            String[] strArr = (String[]) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.transport.iiop.security.config.ssl.yoko.SocketFactory.1
                static final long serialVersionUID = -5476315663388575171L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    return SocketFactory.this.sslConfig.getCipherSuites(str2, socketFactory.getSupportedCipherSuites());
                }
            });
            sSLSocket.setEnabledCipherSuites(strArr);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                Tr.debug(tc, "Created SSL socket to " + str + ":" + i, new Object[0]);
                Tr.debug(tc, "    cipher suites:", new Object[0]);
                for (String str3 : strArr) {
                    Tr.debug(tc, "    " + str3, new Object[0]);
                }
                sSLSocket.addHandshakeCompletedListener(new HandshakeCompletedListener() { // from class: com.ibm.ws.transport.iiop.security.config.ssl.yoko.SocketFactory.2
                    static final long serialVersionUID = -4063672712206206899L;
                    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass2.class);

                    @Override // javax.net.ssl.HandshakeCompletedListener
                    public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
                        Certificate[] localCertificates = handshakeCompletedEvent.getLocalCertificates();
                        if (localCertificates == null) {
                            Tr.debug(SocketFactory.tc, "handshake returned no local certs", new Object[0]);
                            return;
                        }
                        Tr.debug(SocketFactory.tc, "handshake returned local certs count: " + localCertificates.length, new Object[0]);
                        for (Certificate certificate : localCertificates) {
                            Tr.debug(SocketFactory.tc, "cert: " + certificate.toString(), new Object[0]);
                        }
                    }
                });
            }
            return sSLSocket;
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.ws.transport.iiop.security.config.ssl.yoko.SocketFactory", "422", this, new Object[]{str, Integer.valueOf(i), str2});
            throw new IOException("Could not configure client socket", e.getCause());
        }
    }

    public int[] tags() {
        return new int[]{33};
    }

    private static TransportAddress createPlainTransportAddress(String str, short s) {
        return new TransportAddress(str, s);
    }

    private static TransportAddress createSslTransportAddress(String str, short s, String str2) {
        return new TransportAddress(Util.encodeHost(str, HOST_PROTOCOL, str2), s);
    }

    public TransportAddress[] getEndpoints(TaggedComponent taggedComponent, Policy[] policyArr) {
        CSSConfig cssConfig = getCssConfig(policyArr);
        ArrayList arrayList = new ArrayList();
        for (CompatibleMechanisms compatibleMechanisms : getCompatibleMechanisms(cssConfig, taggedComponent)) {
            Map<ServerTransportAddress, CSSTransportMechConfig> transportMechMap = compatibleMechanisms.getCSSCompoundSecMechConfig().getTransportMechMap();
            TSSTransportMechConfig transport_mech = compatibleMechanisms.getTSSCompoundSecMechConfig().getTransport_mech();
            if (transport_mech instanceof TSSSSLTransportConfig) {
                TSSSSLTransportConfig tSSSSLTransportConfig = (TSSSSLTransportConfig) transport_mech;
                boolean z = (1 & tSSSSLTransportConfig.getRequires()) == 0;
                if (transportMechMap.isEmpty()) {
                    String sslConfigName = compatibleMechanisms.getCSSCompoundSecMechConfig().getTransport_mech().getSslConfigName();
                    for (TransportAddress transportAddress : tSSSSLTransportConfig.getTransportAddresses()) {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "IOR to target " + transportAddress.host_name + ":" + ((int) ((char) transportAddress.port)) + " using client sslConfig " + sslConfigName, new Object[0]);
                        }
                        arrayList.add(z ? createSslTransportAddress(transportAddress.host_name, transportAddress.port, sslConfigName) : createPlainTransportAddress(transportAddress.host_name, transportAddress.port));
                    }
                } else {
                    for (Map.Entry<ServerTransportAddress, CSSTransportMechConfig> entry : transportMechMap.entrySet()) {
                        ServerTransportAddress key = entry.getKey();
                        String sslConfigName2 = entry.getValue().getSslConfigName();
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "IOR to target " + key.getHost() + ":" + ((int) ((char) key.getPort())) + " using client sslConfig " + sslConfigName2, new Object[0]);
                        }
                        arrayList.add(z ? createSslTransportAddress(key.getHost(), key.getPort(), sslConfigName2) : createPlainTransportAddress(key.getHost(), key.getPort()));
                    }
                }
            }
        }
        return (TransportAddress[]) arrayList.toArray(new TransportAddress[arrayList.size()]);
    }
}
