package com.ibm.ctg.client;

import java.io.FileInputStream;
import java.io.IOException;
import java.net.ServerSocket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.HashSet;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
import javax.security.cert.CertificateExpiredException;
import javax.security.cert.CertificateNotYetValidException;
import javax.security.cert.X509Certificate;

/* loaded from: input_file:install/taderc99V60.zip:cicseci5101/connectorModule/ctgclient.jar:com/ibm/ctg/client/JSSEServerSocket.class */
public class JSSEServerSocket implements iSSLServerSocket {
    public static final String CLASS_VERSION = "@(#) java/client/JSSEServerSocket.java, client_java, c502, c502-20040302 1.15 04/03/02 16:00:30";
    private static final String COPYRIGHT_NOTICE = "(c) Copyright IBM Corporation 2002, 2004.";
    private static final String KEYSTORE_JKS = "JKS";
    private static final String PROTOCOL_SSL = "SSL";
    private SSLServerSocketFactory aServerSocketFactory;
    private SSLServerSocket internalSSLServerSocket;
    private SSLContext aContext;

    public JSSEServerSocket(int i, int i2, String str, String str2, String[] strArr) throws IOException {
        T.in(this, "JSSEServerSocket", new Integer(i), new Integer(i2), str, "** Password **");
        try {
            getKeyStore(str, str2);
            this.aServerSocketFactory = this.aContext.getServerSocketFactory();
            this.internalSSLServerSocket = (SSLServerSocket) this.aServerSocketFactory.createServerSocket(i, i2);
            if (strArr != null) {
                HashSet hashSet = new HashSet(Arrays.asList(this.internalSSLServerSocket.getSupportedCipherSuites()));
                HashSet hashSet2 = new HashSet(Arrays.asList(strArr));
                hashSet2.retainAll(hashSet);
                this.internalSSLServerSocket.setEnabledCipherSuites((String[]) hashSet2.toArray(new String[0]));
            }
            T.out(this, "JSSEServerSocket");
        } catch (KeyManagementException e) {
            T.ex(this, e);
            throw new IOException(e.getMessage());
        } catch (KeyStoreException e2) {
            T.ex(this, e2);
            throw new IOException(e2.getMessage());
        } catch (NoSuchAlgorithmException e3) {
            T.ex(this, e3);
            throw new IOException(e3.getMessage());
        } catch (UnrecoverableKeyException e4) {
            T.ex(this, e4);
            throw new IOException(e4.getMessage());
        } catch (CertificateException e5) {
            T.ex(this, e5);
            throw new IOException(e5.getMessage());
        }
    }

    @Override // com.ibm.ctg.client.iSSLServerSocket
    public iSSLSocket accept() throws IOException {
        SSLSocket sSLSocket = (SSLSocket) this.internalSSLServerSocket.accept();
        if (sSLSocket == null) {
            T.ln(this, "Unexpected null socket after JSSE Server Socket accept().");
            throw new IOException("null JSSE Socket returned from accept().");
        }
        SSLSession session = sSLSocket.getSession();
        String safeIP = SafeIP.toString(sSLSocket);
        if (session == null) {
            T.traceln(new StringBuffer().append("Client ").append(safeIP).append("failed to connect, possible handshake failure").toString());
            sSLSocket.close();
            throw new IOException(new StringBuffer().append("Client ").append(safeIP).append("failed to connect, possible handshake failure").toString());
        }
        if (getNeedClientAuth()) {
            try {
                X509Certificate[] peerCertificateChain = session.getPeerCertificateChain();
                if (peerCertificateChain != null) {
                    for (X509Certificate x509Certificate : peerCertificateChain) {
                        x509Certificate.checkValidity();
                    }
                }
            } catch (SSLPeerUnverifiedException e) {
                T.ln(this, "Client Certificate chain is not valid.");
                T.ex(this, e);
                sSLSocket.close();
                throw new SSLPeerUnverifiedException("Client certificate chain is not valid");
            } catch (CertificateExpiredException e2) {
                T.ln(this, "Client Certificate chain has expired.");
                T.ex(this, e2);
                sSLSocket.close();
                throw new SSLPeerUnverifiedException("Client certificate chain has expired");
            } catch (CertificateNotYetValidException e3) {
                T.ln(this, "Client Certificate chain is not yet valid.");
                T.ex(this, e3);
                sSLSocket.close();
                throw new SSLPeerUnverifiedException("Client certificate chain is not yet valid");
            }
        }
        T.traceln(new StringBuffer().append("Client ").append(safeIP).append("connected using cipher suite ").append(session.getCipherSuite()).toString());
        return new JSSESocket(sSLSocket);
    }

    private void getKeyStore(String str, String str2) throws IOException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException, CertificateException {
        T.in(this, "getKeyStore", str, " ** Password **");
        String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
        T.ln(this, new StringBuffer().append("JSSE KeyManagerFactory Algorithm used is ").append(defaultAlgorithm).toString());
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(new FileInputStream(str), str2.toCharArray());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(defaultAlgorithm);
        keyManagerFactory.init(keyStore, str2.toCharArray());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm);
        trustManagerFactory.init(keyStore);
        this.aContext = SSLContext.getInstance(PROTOCOL_SSL);
        this.aContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
        T.out(this, "getKeyStore");
    }

    @Override // com.ibm.ctg.client.iSSLServerSocket
    public ServerSocket getServerSocket() {
        return this.internalSSLServerSocket;
    }

    @Override // com.ibm.ctg.client.iSSLServerSocket
    public void setNeedClientAuth(boolean z) {
        this.internalSSLServerSocket.setNeedClientAuth(z);
    }

    @Override // com.ibm.ctg.client.iSSLServerSocket
    public boolean getNeedClientAuth() {
        return this.internalSSLServerSocket.getNeedClientAuth();
    }

    @Override // com.ibm.ctg.client.iSSLServerSocket
    public String[] getEnabledCipherSuites() {
        return this.internalSSLServerSocket.getEnabledCipherSuites();
    }

    @Override // com.ibm.ctg.client.iSSLServerSocket
    public String toString() {
        return this.internalSSLServerSocket != null ? this.internalSSLServerSocket.toString() : "";
    }

    @Override // com.ibm.ctg.client.iSSLServerSocket
    public void close() throws IOException {
        T.in(this, "close");
        this.internalSSLServerSocket.close();
        T.out(this, "close");
    }
}
