package com.ibm.ctg.server;

import com.ibm.ccl.util.Scrambler;
import com.ibm.ctg.client.GatewayRequest;
import com.ibm.ctg.client.GatewayReturnCodes;
import com.ibm.ctg.client.SafeIP;
import com.ibm.ctg.client.T;
import com.ibm.ctg.security.SystemSSLServerSecurity;
import com.ibm.ctg.server.ProtocolHandler;
import com.ibm.gskssl.SSLCertificate;
import com.ibm.gskssl.SSLServerSocket;
import com.ibm.gskssl.SSLSocket;
import com.ibm.gskssl.SSLWrapper;
import com.ibm.j2ca.peoplesoft.PeopleSoftAdapterConstants;
import java.io.BufferedInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.io.InterruptedIOException;
import java.net.SocketException;
import java.util.StringTokenizer;

/* loaded from: input_file:install/taderc99V60.zip:cicseci5101/connectorModule/ctgserver.jar:com/ibm/ctg/server/GskSslHandler.class */
class GskSslHandler extends ProtocolHandler {
    public static final String CLASS_VERSION = "@(#) java/server/GskSslHandler.java, client_java, c502, c502-20040301a 1.12 03/04/24 18:59:38";
    private static final String COPYRIGHT_NOTICE = "(c) Copyright IBM Corporation 2000, 2002.";
    private ManagedResources mgrResources;
    private SSLServerSocket socListenOn;
    private static ProtocolHandler.ProtocolHandlerParameters parAmsProtocols = null;
    private int iPort;
    private static final String strPort = "port=";
    private String strKeyRingClass;
    private String strKeyRingClassPW;
    private static final String strKeyRing = "keyring=";
    private static final String strKeyRingPW = "keyringpw=";
    private boolean bKeyRingPWScrambled;
    private String strClientAuthenticationValue;
    private static final String strClientAuthentication = "clientauth=";
    private static final String strKeyRingPWScrambled = "keyringpwscrambled=";
    private int iSoTimeout;
    private static final String strSoTimeout = "sotimeout=";
    private int iSoLinger;
    private static final String strSoLinger = "solinger=";
    private long lConnectTimeout;
    private static final String strConnectTimeout = "connecttimeout=";
    private SSLSocket socToClient;
    private DataInputStream disFromClient;
    private String strUs;

    GskSslHandler() {
        this.iPort = 8050;
        this.strKeyRingClass = "key.kdb";
        this.strKeyRingClassPW = "password";
        this.bKeyRingPWScrambled = false;
        this.strClientAuthenticationValue = "false";
        this.iSoTimeout = 0;
        this.iSoLinger = 0;
        this.lConnectTimeout = 0L;
        this.strUs = null;
        T.ln(this, "GskSslHandler CTOR");
    }

    GskSslHandler(SSLSocket sSLSocket) throws IOException {
        super(sSLSocket.getImpl().getInetAddress());
        this.iPort = 8050;
        this.strKeyRingClass = "key.kdb";
        this.strKeyRingClassPW = "password";
        this.bKeyRingPWScrambled = false;
        this.strClientAuthenticationValue = "false";
        this.iSoTimeout = 0;
        this.iSoLinger = 0;
        this.lConnectTimeout = 0L;
        this.strUs = null;
        if (T.bDebug) {
            T.in(this, "GskSslHandler", SafeIP.toString(sSLSocket.getImpl().getInetAddress()));
        }
        this.parAms = parAmsProtocols;
        this.socToClient = sSLSocket;
        int i = 0;
        if (this.parAms.lPingFrequency > 0) {
            i = this.parAms.lPingFrequency < this.parAms.lIdleTimeout ? (int) this.parAms.lPingFrequency : (int) this.parAms.lIdleTimeout;
        } else if (this.parAms.lIdleTimeout > 0) {
            i = (int) this.parAms.lIdleTimeout;
        }
        this.socToClient.setSoTimeout(i);
        T.ln(this, "Set SO_TIMEOUT to {0} ms", new Integer(i));
        if (this.iSoLinger > 0) {
            this.socToClient.setSoLinger(true, this.iSoLinger);
        } else {
            this.socToClient.setSoLinger(false, 0);
        }
        this.disFromClient = new DataInputStream(new BufferedInputStream(this.socToClient.getInputStream()));
        this.strUs = new StringBuffer().append("ssl:@").append(SafeIP.toString(this.socToClient.getImpl().getInetAddress())).toString();
        this.bInstanceOpen = true;
        T.out(this, "GskSslHandler");
    }

    @Override // com.ibm.ctg.server.ProtocolHandler
    public String toString() {
        return this.strUs;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.ibm.ctg.server.ProtocolHandler
    public String initialize(ManagedResources managedResources, String str, String str2) throws Exception {
        StringBuffer stringBuffer = new StringBuffer();
        this.mgrResources = managedResources;
        ProtocolHandler.ProtocolHandlerParameters protocolHandlerParameters = new ProtocolHandler.ProtocolHandlerParameters();
        parAmsProtocols = protocolHandlerParameters;
        this.parAms = protocolHandlerParameters;
        this.parAms.bRequireSecurity = ProtocolHandler.bGlobalRequireSecurity;
        if (str == null) {
            str = "";
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str, ";");
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (nextToken.startsWith(strPort)) {
                try {
                    this.iPort = Integer.parseInt(nextToken.substring(strPort.length()));
                    if (this.iPort < 1) {
                        throw new IllegalArgumentException();
                    }
                    stringBuffer.append(nextToken.toString()).append(";");
                    T.ln(this, "Set ssl: {0} = {1}", nextToken, new Integer(this.iPort));
                } catch (Exception e) {
                    throw new IllegalArgumentException(new StringBuffer().append("port= ").append(nextToken.substring(strPort.length())).toString());
                }
            } else if (nextToken.startsWith(strKeyRing)) {
                this.strKeyRingClass = nextToken.substring(strKeyRing.length());
                stringBuffer.append(nextToken.toString()).append(";");
                T.ln(this, "Set ssl: {0} = {1}", nextToken, this.strKeyRingClass);
            } else if (nextToken.startsWith(strKeyRingPW)) {
                this.strKeyRingClassPW = nextToken.substring(strKeyRingPW.length());
                stringBuffer.append(new String("keyringpw=******;"));
            } else if (nextToken.startsWith(strKeyRingPWScrambled)) {
                String substring = nextToken.substring(strKeyRingPWScrambled.length());
                if (substring.equalsIgnoreCase("true") || substring.equalsIgnoreCase("on") || substring.equalsIgnoreCase("yes")) {
                    this.bKeyRingPWScrambled = true;
                }
            } else if (nextToken.startsWith(strClientAuthentication)) {
                this.strClientAuthenticationValue = nextToken.substring(strClientAuthentication.length());
                stringBuffer.append(nextToken.toString()).append(";");
                T.ln(this, "Set ssl: {0} = {1}", nextToken, this.strClientAuthenticationValue);
            } else if (nextToken.startsWith("idletimeout=")) {
                try {
                    this.parAms.lIdleTimeout = Long.parseLong(nextToken.substring("idletimeout=".length()));
                    if (this.parAms.lIdleTimeout < 0) {
                        throw new IllegalArgumentException();
                    }
                    stringBuffer.append(nextToken.toString()).append(";");
                    T.ln(this, "Set ssl: {0} = {1}", nextToken, new Long(this.parAms.lIdleTimeout));
                } catch (Exception e2) {
                    throw new IllegalArgumentException(new StringBuffer().append("idletimeout=").append(" ").append(nextToken.substring("idletimeout=".length())).toString());
                }
            } else if (nextToken.equals("dropworking")) {
                this.parAms.bDropWorking = true;
                stringBuffer.append(nextToken.toString()).append(";");
                T.ln(this, "Set ssl: dropworking = true");
            } else if (nextToken.equals("requiresecurity")) {
                this.parAms.bRequireSecurity = true;
                stringBuffer.append(nextToken.toString()).append(";");
                T.ln(this, "Set ssl: requiresecurity = true");
            } else if (nextToken.startsWith("pingfrequency=")) {
                try {
                    this.parAms.lPingFrequency = Long.parseLong(nextToken.substring("pingfrequency=".length()));
                    if (this.parAms.lPingFrequency < 0) {
                        throw new IllegalArgumentException();
                    }
                    stringBuffer.append(nextToken.toString()).append(";");
                    T.ln(this, "Set ssl: {0} = {1}", nextToken, new Long(this.parAms.lPingFrequency));
                } catch (Exception e3) {
                    throw new IllegalArgumentException(new StringBuffer().append("pingfrequency=").append(" ").append(nextToken.substring("pingfrequency=".length())).toString());
                }
            } else if (nextToken.startsWith(strConnectTimeout)) {
                try {
                    this.lConnectTimeout = Long.parseLong(nextToken.substring(strConnectTimeout.length()));
                    if (this.lConnectTimeout < 0) {
                        throw new IllegalArgumentException();
                    }
                    stringBuffer.append(nextToken.toString()).append(";");
                    T.ln(this, "Set ssl: {0} = {1}", nextToken, new Long(this.lConnectTimeout));
                } catch (Exception e4) {
                    throw new IllegalArgumentException(new StringBuffer().append("connecttimeout= ").append(nextToken.substring(strConnectTimeout.length())).toString());
                }
            } else if (nextToken.startsWith(strSoTimeout)) {
                try {
                    this.iSoTimeout = Integer.parseInt(nextToken.substring(strSoTimeout.length()));
                    if (this.iSoTimeout < 0) {
                        throw new IllegalArgumentException();
                    }
                    stringBuffer.append(nextToken.toString()).append(";");
                    T.ln(this, "Set ssl {0} = {1}", nextToken, new Integer(this.iSoTimeout));
                } catch (Exception e5) {
                    throw new IllegalArgumentException(new StringBuffer().append("sotimeout= ").append(nextToken.substring(strSoTimeout.length())).toString());
                }
            } else if (nextToken.startsWith(strSoLinger)) {
                try {
                    this.iSoLinger = Integer.parseInt(nextToken.substring(strSoLinger.length()));
                    if (this.iSoLinger < 0) {
                        throw new IllegalArgumentException();
                    }
                    stringBuffer.append(nextToken.toString()).append(";");
                    T.ln(this, "Set ssl: {0} = {1}", nextToken, new Integer(this.iSoLinger));
                } catch (Exception e6) {
                    throw new IllegalArgumentException(new StringBuffer().append("solinger= ").append(nextToken.substring(strSoLinger.length())).toString());
                }
            } else {
                continue;
            }
        }
        if (this.bKeyRingPWScrambled) {
            T.ln(this, "Unscrambling keyring password");
            try {
                this.strKeyRingClassPW = Scrambler.descramble(this.strKeyRingClassPW);
            } catch (IllegalArgumentException e7) {
                T.ln(this, e7.getMessage());
                this.strKeyRingClassPW = "";
            }
        }
        T.in(this, "initialize", managedResources, stringBuffer.toString());
        SSLWrapper sSLWrapper = new SSLWrapper();
        if (this.strClientAuthenticationValue.equalsIgnoreCase("true") || this.strClientAuthenticationValue.equalsIgnoreCase("on") || this.strClientAuthenticationValue.equalsIgnoreCase("yes")) {
            sSLWrapper.setHsType(2);
            T.ln(this, "(System-SSL) ssl: Client Authentication enabled");
        } else {
            sSLWrapper.setHsType(1);
            T.ln(this, "(System-SSL) ssl: Server-only Authentication enabled");
        }
        sSLWrapper.setKeyring(this.strKeyRingClass);
        sSLWrapper.setKeyringPassword(this.strKeyRingClassPW);
        this.socListenOn = new SSLServerSocket(this.iPort, 8192, sSLWrapper);
        this.socListenOn.setSoTimeout(this.iSoTimeout);
        T.out(this, "initialize");
        return "";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.ibm.ctg.server.ProtocolHandler
    public synchronized void closeProtocol() {
        T.in(this, "closeProtocol");
        this.bProtocolOpen = false;
        T.out(this, "closeProtocol");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.ibm.ctg.server.ProtocolHandler
    public synchronized void close(boolean z) throws IOException {
        T.in(this, "close", new Boolean(z));
        if (z) {
            try {
                sendClose();
            } catch (IOException e) {
                T.ex(this, e);
            }
        }
        this.socToClient.close();
        this.socToClient = null;
        this.bInstanceOpen = false;
        T.out(this, "close");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.ibm.ctg.server.ProtocolHandler
    public void sendClose() throws IOException {
        GatewayRequest gatewayRequest = new GatewayRequest();
        gatewayRequest.setFlowType(4);
        gatewayRequest.setRc(GatewayReturnCodes.ERROR_GATEWAY_CLOSED);
        gatewayRequest.setMessageId(-1);
        sendReply(gatewayRequest);
    }

    @Override // com.ibm.ctg.server.ProtocolHandler
    DataInputStream readFromWire(GatewayRequest gatewayRequest) throws IOException {
        T.in(this, "readFromWire", gatewayRequest);
        gatewayRequest.readObject(this.disFromClient);
        T.out(this, "readFromWire", this.disFromClient);
        return this.disFromClient;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.ibm.ctg.server.ProtocolHandler
    public void resetWire(GatewayRequest gatewayRequest) {
        T.in(this, "resetWire");
        int dataWhichFollows = gatewayRequest.getDataWhichFollows();
        T.ln(this, "Bytes to lose = {0}", new Integer(dataWhichFollows));
        try {
            byte[] bArr = new byte[dataWhichFollows];
            int i = 1;
            while (dataWhichFollows > 0 && i > 0) {
                int read = this.disFromClient.read(bArr, 0, dataWhichFollows);
                i = read;
                dataWhichFollows -= read;
            }
        } catch (IOException e) {
            T.ex(this, e);
        }
        T.out(this, "resetWire");
    }

    @Override // com.ibm.ctg.server.ProtocolHandler
    void writeToWire(byte[] bArr, GatewayRequest gatewayRequest) throws IOException {
        T.in(this, "writeToWire", bArr, gatewayRequest);
        if (this.socToClient != null) {
            synchronized (this.socToClient) {
                this.socToClient.getOutputStream().write(bArr);
                this.socToClient.getOutputStream().flush();
                T.ln(this, "Sent {0} bytes to client SSLSocket", new Integer(bArr.length));
            }
        }
        T.out(this, "writeToWire");
    }

    @Override // java.lang.Runnable
    public void run() {
        SSLSocket accept;
        T.in(this, PeopleSoftAdapterConstants.RUN);
        this.bProtocolOpen = true;
        while (true) {
            try {
                try {
                    try {
                        try {
                            try {
                                accept = this.socListenOn.accept();
                            } catch (IOException e) {
                                T.ex(this, e);
                                T.ln(this, "SSL connection error");
                            }
                        } catch (SocketException e2) {
                            T.ex(this, e2);
                            T.ln(this, "SystemSSL listener failed with SocketException. The Protocol handler will be closed.");
                            T.printErrorLn(TraceMessages.getMessage(66, "ssl:", e2));
                        }
                    } catch (Exception e3) {
                        T.ex(this, e3);
                        T.ln(this, "SSL connection refused");
                    }
                } catch (InterruptedIOException e4) {
                    synchronized (this) {
                        if (!this.bProtocolOpen) {
                            T.ln(this, "SO_TIMEOUT popped and handler has been closed");
                            break;
                        }
                    }
                }
                if (this.iSoTimeout == 0 && !this.bProtocolOpen) {
                    T.ln(this, "SO_TIMEOUT is 0 and handler has been closed");
                    break;
                }
                try {
                    GskSslHandler gskSslHandler = new GskSslHandler(accept);
                    ConnectionManager allocateConnectionManager = this.mgrResources.allocateConnectionManager(this.lConnectTimeout);
                    if (allocateConnectionManager == null) {
                        if (T.bTrace) {
                            T.traceln(TraceMessages.getMessage(65, new StringBuffer().append("ssl:@").append(SafeIP.toString(accept.getImpl().getInetAddress())).toString()));
                        }
                        try {
                            accept.close();
                        } catch (IOException e5) {
                            T.ex(this, e5);
                        }
                    } else {
                        T.ln(this, "Accepted connection to {0}", SafeIP.toString(accept.getImpl().getInetAddress()));
                        allocateConnectionManager.kick(gskSslHandler, this.mgrResources);
                    }
                } catch (IOException e6) {
                    T.ex(this, e6);
                    if (T.bTrace) {
                        T.traceln(TraceMessages.getMessage(55, new StringBuffer().append("ssl:@").append(SafeIP.toString(accept.getImpl().getInetAddress())).toString(), e6));
                    }
                    try {
                        accept.close();
                    } catch (Exception e7) {
                        T.ex(this, e7);
                    }
                }
            } catch (Exception e8) {
                T.ex(this, e8);
                T.printErrorLn(TraceMessages.getMessage(66, "ssl:", e8));
            }
        }
        synchronized (this) {
            this.bProtocolOpen = false;
        }
        T.out(this, PeopleSoftAdapterConstants.RUN);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.ibm.ctg.server.ProtocolHandler
    public void afterDecode(GatewayRequest gatewayRequest) throws IOException {
        T.in(this, "afterDecode", gatewayRequest);
        if (this.serSecurity != null) {
            T.ln(this, "Calling this connection's ServerSecurity handler");
            SSLCertificate certificate = this.socToClient.getImpl().getCertificate();
            try {
                if (this.serSecurity instanceof SystemSSLServerSecurity) {
                    T.ln(this, "Using a SystemSSLServerSecurity exit");
                    ((SystemSSLServerSecurity) this.serSecurity).afterDecode(gatewayRequest, certificate);
                } else {
                    this.serSecurity.afterDecode(gatewayRequest);
                }
            } catch (Exception e) {
                T.ex(this, e);
                throw new IOException(e.getMessage());
            }
        }
        T.out(this, "afterDecode");
    }
}
