package com.ibm.keymanager.transport.ssl;

import com.ibm.keymanager.KMSDebug;
import com.ibm.keymanager.KeyManagerException;
import com.ibm.keymanager.ThreadManager;
import com.ibm.keymanager.audit.Authn_Event;
import com.ibm.keymanager.config.Config;
import com.ibm.keymanager.i18n.ExceptionKeys;
import com.ibm.keymanager.i18n.PropertyResource;
import com.ibm.keymanager.keystore.KeyStoreLoader;
import com.ibm.keymanager.transport.Transport;
import com.ibm.keymanager.transport.TransportListenerSpi;
import com.ibm.keymanager.transport.TransportThread;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.StringTokenizer;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;

/* loaded from: input_file:efixes/PK31999_Aix_ppc32/components/prereq.jdk/update.jar:/java/jre/lib/ext/IBMKeyManagementServer.jar:com/ibm/keymanager/transport/ssl/SSLListener.class */
public class SSLListener extends TransportListenerSpi {
    public static final String ATTR_TIMEOUT = "TransportListener.ssl.timeout";
    public static String ATTR_PROTOCOLS = "TransportListener.ssl.protocols";
    public static String ATTR_CIPHERSUITES = "TransportListener.ssl.ciphersuites";
    public static String ATTR_CLIENTAUTHN = "TransportListener.ssl.clientauthentication";
    public static String ATTR_KEYSTORE_NAME = "TransportListener.ssl.keystore.name";
    public static String ATTR_KEYSTORE_TYPE = "TransportListener.ssl.keystore.type";
    public static String ATTR_KEYSTORE_PASSWORD = "TransportListener.ssl.keystore.password";
    public static String ATTR_TRUSTSTORE_NAME = "TransportListener.ssl.truststore.name";
    public static String ATTR_TRUSTSTORE_TYPE = "TransportListener.ssl.truststore.type";
    public static String ATTR_PORT = "TransportListener.ssl.port";
    public static final int NO_CLIENT_AUTHN = 0;
    public static final int WANT_CLIENT_AUTHN = 1;
    public static final int NEED_CLIENT_AUTHN = 2;
    private int port;
    private ThreadManager threadManager;
    private SSLContext context;
    private Config config;
    private SSLServerSocket ssl_server_sock;
    private int status;
    private PropertyResource pr = PropertyResource.getExceptionInstance();
    private KMSDebug debug = KMSDebug.getInstance();

    @Override // com.ibm.keymanager.transport.TransportListenerSpi
    public void init(Config config) throws KeyManagerException {
        this.config = config;
        KeyStoreLoader keyStoreLoader = KeyStoreLoader.getInstance(config, this.debug);
        String str = (String) initProp(config, ATTR_PROTOCOLS);
        if (str == null) {
            str = "SSL_TLS";
        }
        this.debug.trace(KMSDebug.TRANSPORT, "SSLListener", "init", "Loading key managers");
        KeyManager[] loadKeyManagers = keyStoreLoader.loadKeyManagers(KeyStoreLoader.LISTENER_KEYSTORE, null);
        if (loadKeyManagers != null) {
            this.debug.trace(KMSDebug.TRANSPORT, "SSLListener", "init", "found key managers");
        }
        this.debug.trace(KMSDebug.TRANSPORT, "SSLListener", "init", "Loading trust managers");
        TrustManager[] loadTrustManagers = keyStoreLoader.loadTrustManagers(KeyStoreLoader.LISTENER_KEYSTORE);
        if (loadTrustManagers != null) {
            this.debug.trace(KMSDebug.TRANSPORT, "SSLListener", "init", "found trust managers");
        }
        String str2 = (String) initProp(config, ATTR_PORT);
        if (str2 == null) {
            this.debug.trace(KMSDebug.TRANSPORT, "SSLListener", "init", "port is not specified, or not found, fail over to 443");
            throw new KeyManagerException(this.pr.getString(ExceptionKeys.specssl));
        }
        try {
            this.port = new Integer(str2).intValue();
            try {
                this.context = SSLContext.getInstance(str, "IBMJSSE2");
                this.context.init(loadKeyManagers, loadTrustManagers, null);
                this.debug.exit(KMSDebug.TRANSPORT, "SSLListener", "init");
            } catch (Exception e) {
                this.context = null;
                String localizedMessage = e.getLocalizedMessage();
                if (localizedMessage != null) {
                    throw ((KeyManagerException) new KeyManagerException(localizedMessage).initCause(e));
                }
                throw ((KeyManagerException) new KeyManagerException().initCause(e));
            }
        } catch (NumberFormatException e2) {
            this.debug.trace(KMSDebug.TRANSPORT, "SSLListener", "init", e2);
            String message = e2.getMessage();
            if (message == null) {
                throw new KeyManagerException(this.pr.getString(ExceptionKeys.invalssl));
            }
            throw new KeyManagerException(new StringBuffer().append(this.pr.getString(ExceptionKeys.invalssl)).append(" ").append(message).toString());
        }
    }

    private Object initProp(Config config, String str) throws KeyManagerException {
        Object obj = config.get(str);
        if (obj == null) {
            obj = config.get(str.substring(str.indexOf(".") + 1));
            if (obj == null) {
                this.debug.trace(KMSDebug.TRANSPORT, getClass().getName(), "initProp", new StringBuffer().append(str).append(" value can not be found in config").toString());
            } else {
                this.debug.trace(KMSDebug.TRANSPORT, getClass().getName(), "initProp", new StringBuffer().append(str).append("=").append(obj).toString());
            }
        }
        return obj;
    }

    @Override // com.ibm.keymanager.transport.TransportListenerSpi
    public int getPort() {
        return this.port;
    }

    @Override // com.ibm.keymanager.transport.TransportListenerSpi
    public ThreadManager getThreadManager() {
        return this.threadManager;
    }

    @Override // com.ibm.keymanager.transport.TransportListenerSpi
    public void register(ThreadManager threadManager) {
        this.threadManager = threadManager;
    }

    @Override // com.ibm.keymanager.transport.TransportListenerSpi
    public void run() {
        synchronized (this.threadManager) {
            try {
                this.ssl_server_sock = (SSLServerSocket) this.context.getServerSocketFactory().createServerSocket(this.port);
                configServerSocket(this.ssl_server_sock);
                this.status = 1;
                this.threadManager.notifyAll();
            } catch (Exception e) {
                this.debug.trace(KMSDebug.TRANSPORT, "SSLListener", "run", e);
                shutdown();
                this.threadManager.notifyAll();
                return;
            }
        }
        while (true) {
            try {
                this.debug.trace(KMSDebug.CONSOLE, "SSLListener", "run", new StringBuffer().append("listening on port ").append(this.port).toString());
                SSLTransport sSLTransport = new SSLTransport((SSLSocket) this.ssl_server_sock.accept());
                sSLTransport.init(this.config);
                TransportThread startTransportThread = this.threadManager.startTransportThread();
                startTransportThread.setTransport(Transport.getInstance(sSLTransport));
                startTransportThread.register(this.threadManager);
                startTransportThread.start();
            } catch (Exception e2) {
                this.debug.trace(KMSDebug.TRANSPORT, "SSLListener", "run", e2);
                if (this.status == -1) {
                    this.debug.trace(KMSDebug.TRANSPORT, "SSLListener", "run", "SSL server socket is closed");
                    return;
                } else {
                    shutdown();
                    throw ((RuntimeException) new RuntimeException().initCause(e2));
                }
            }
        }
    }

    private void configServerSocket(SSLServerSocket sSLServerSocket) throws IOException, KeyManagerException {
        Object initProp = initProp(this.config, ATTR_PROTOCOLS);
        sSLServerSocket.setEnabledProtocols(new String[]{initProp != null ? (String) initProp : "SSL_TLS"});
        Object initProp2 = initProp(this.config, ATTR_CIPHERSUITES);
        if (initProp2 != null && !((String) initProp2).equalsIgnoreCase("JSSE_ALL")) {
            StringTokenizer stringTokenizer = new StringTokenizer((String) initProp2, ((String) initProp2).indexOf(";") > 0 ? ";" : ",");
            String[] strArr = new String[stringTokenizer.countTokens()];
            int i = 0;
            while (stringTokenizer.hasMoreTokens()) {
                int i2 = i;
                i++;
                strArr[i2] = stringTokenizer.nextToken();
            }
            sSLServerSocket.setEnabledCipherSuites(strArr);
        }
        Object initProp3 = initProp(this.config, ATTR_CLIENTAUTHN);
        if (initProp3 != null) {
            try {
                switch (new Integer((String) initProp3).intValue()) {
                    case 1:
                        sSLServerSocket.setWantClientAuth(true);
                        break;
                    case 2:
                        sSLServerSocket.setNeedClientAuth(true);
                        break;
                }
            } catch (NumberFormatException e) {
                this.debug.trace(KMSDebug.TRANSPORT, "SSLListener", "configServerSocket", e);
            }
        }
    }

    @Override // com.ibm.keymanager.transport.TransportListenerSpi
    public void shutdown() {
        this.debug.entry(KMSDebug.TRANSPORT, "SSLListener", "shutdown");
        this.status = -1;
        if (this.ssl_server_sock != null) {
            try {
                this.ssl_server_sock.setSoTimeout(1);
                this.ssl_server_sock.close();
            } catch (IOException e) {
                this.debug.trace(KMSDebug.TRANSPORT, "SSLListener", "shutdown", e);
            }
            this.ssl_server_sock = null;
        }
    }

    @Override // com.ibm.keymanager.transport.TransportListenerSpi
    public void setPort(int i) {
        this.port = i;
    }

    @Override // com.ibm.keymanager.transport.TransportListenerSpi
    public void setAttribute(String str, Object obj) {
    }

    @Override // com.ibm.keymanager.transport.TransportListenerSpi
    public List getAttributeNames() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(ATTR_PROTOCOLS);
        arrayList.add(ATTR_CIPHERSUITES);
        arrayList.add(ATTR_CLIENTAUTHN);
        arrayList.add(ATTR_KEYSTORE_NAME);
        arrayList.add(ATTR_KEYSTORE_TYPE);
        arrayList.add(ATTR_KEYSTORE_PASSWORD);
        arrayList.add(ATTR_TRUSTSTORE_NAME);
        arrayList.add(ATTR_TRUSTSTORE_TYPE);
        arrayList.add(ATTR_TIMEOUT);
        return arrayList;
    }

    @Override // com.ibm.keymanager.transport.TransportListenerSpi
    public Object getAttribute(String str) {
        try {
            return this.config.get(str);
        } catch (KeyManagerException e) {
            return null;
        }
    }

    @Override // com.ibm.keymanager.transport.TransportListenerSpi
    public String getType() {
        return Authn_Event.AUTHN_SSL;
    }

    @Override // com.ibm.keymanager.transport.TransportListenerSpi
    public int getStatus() {
        return this.status;
    }
}
