package com.ibm.ws.security.orbssl;

import com.ibm.CORBA.ras.ORBRas;
import com.ibm.ras.RASFormatter;
import com.ibm.websphere.orbext.MinorCodes;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.orb.transport.KeyRingFileException;
import com.ibm.ws.orb.transport.ServerConnectionData;
import com.ibm.ws.orb.transport.WSSSLServerSocketFactory;
import com.ibm.ws.ssl.JSSEProvider;
import com.ibm.ws.ssl.JSSEProviderFactory;
import com.ibm.ws.ssl.channel.impl.SSLChannelValidator;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.ServerSocket;
import java.security.AccessController;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.StringTokenizer;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
import javax.security.cert.X509Certificate;
import org.omg.CORBA.COMM_FAILURE;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.INTERNAL;

/* JADX WARN: Classes with same name are omitted:
  input_file:runtime/ibm-jaxrpc-client.jar:com/ibm/ws/security/orbssl/WSSSLServerSocketFactoryImpl.class
 */
/* loaded from: input_file:runtime/wsrrJaxrpc.jar:lib/ibm-jaxrpc-client.jar:com/ibm/ws/security/orbssl/WSSSLServerSocketFactoryImpl.class */
public final class WSSSLServerSocketFactoryImpl implements WSSSLServerSocketFactory {
    private static final String SCCSID = " @(#) 1.22.2.1 ws/code/orbext/src/com/ibm/ws/security/orbssl/WSSSLServerSocketFactoryImpl.java, WAS.orbext, ASV 2/20/04 09:35:20 [2/20/04 16:38:57]";
    private static String[] DEFAULT_ENABLED_CIPHERS = null;
    private static SSLContext sslContext;

    @Override // com.ibm.ws.orb.transport.WSSSLServerSocketFactory
    public synchronized ServerSocket createSSLServerSocket(ServerConnectionData serverConnectionData) {
        SSLServerSocket sSLServerSocket;
        SSLServerConnectionData sSLServerConnectionData = (SSLServerConnectionData) serverConnectionData;
        boolean messageLoggingEnabled = sSLServerConnectionData.getMessageLoggingEnabled();
        if (ORBRas.isTrcLogging) {
            ORBRas.orbTrcLogger.trace(16L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "IIOPSSLConnection.createSSLServerSocket", new StringBuffer().append("\n[\n").append(sSLServerConnectionData.toString()).append("\n]\n").toString());
        }
        try {
            initContext(sSLServerConnectionData, JSSEProviderFactory.getInstance(sSLServerConnectionData.getContextProvider()));
            short targetSupportsQOP = sSLServerConnectionData.getTargetSupportsQOP();
            short targetRequiresQOP = sSLServerConnectionData.getTargetRequiresQOP();
            String contextProvider = sSLServerConnectionData.getContextProvider();
            String[] supportedCipherSuites = sslContext.getSocketFactory().getSupportedCipherSuites();
            String[] strArr = new String[supportedCipherSuites.length];
            if (targetSupportsQOP < 1) {
                if (messageLoggingEnabled) {
                    if (ORBRas.isMsgLogging) {
                        ORBRas.orbMsgLogger.msg(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.createSSLServerSocket"), (String) null, (Object[]) null);
                    }
                } else if (ORBRas.isTrcLogging) {
                    ORBRas.orbTrcLogger.trace(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", "The SSLServerConnectionData object that was passed to createSSLServerSocket returns a value for getTargetSupportsQOP() that is less than 1.");
                }
                throw new INTERNAL("SSLSERVERSOCKET_TARGET_SUPPORTS_LESS_THAN_1", MinorCodes.SSLSERVERSOCKET_TARGET_SUPPORTS_LESS_THAN_1, CompletionStatus.COMPLETED_NO);
            }
            if (targetRequiresQOP < 1) {
                if (messageLoggingEnabled) {
                    if (ORBRas.isMsgLogging) {
                        ORBRas.orbMsgLogger.msg(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.targetRequires"), (String) null, (Object[]) null);
                    }
                } else if (ORBRas.isTrcLogging) {
                    ORBRas.orbTrcLogger.trace(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", "The SSLServerConnectionData object that is passed to createSSLServerSocket returned a value from getTargetRequiresQOP() that is less than 1.");
                }
                throw new INTERNAL("SSLSERVERSOCKET_TARGET_REQUIRES_LESS_THAN_1", MinorCodes.SSLSERVERSOCKET_TARGET_REQUIRES_LESS_THAN_1, CompletionStatus.COMPLETED_NO);
            }
            if (targetSupportsQOP < targetRequiresQOP) {
                if (messageLoggingEnabled) {
                    if (ORBRas.isMsgLogging) {
                        ORBRas.orbMsgLogger.msg(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.targetSupports2"), (String) null, (Object[]) null);
                    }
                } else if (ORBRas.isTrcLogging) {
                    ORBRas.orbTrcLogger.trace(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", "The SSLServerConnectionData object that is passed to createSSLServerSocket contains a TargetSupportsQOP value that is less than its  TargetRequirsQOP value.");
                }
                throw new INTERNAL("SSLSERVERSOCKET_TARGET_LESS_THAN_TARGET_REQUIRES", MinorCodes.SSLSERVERSOCKET_TARGET_LESS_THAN_TARGET_REQUIRES, CompletionStatus.COMPLETED_NO);
            }
            SSLServerSocketFactory serverSocketFactory = sslContext.getServerSocketFactory();
            try {
                if (sSLServerConnectionData.getUseSingleNIC()) {
                    sSLServerSocket = (SSLServerSocket) serverSocketFactory.createServerSocket(sSLServerConnectionData.getServerPort(), sSLServerConnectionData.getServerServerQueueDepth(), InetAddress.getByName(sSLServerConnectionData.getServerHost()));
                    if (ORBRas.isTrcLogging && ORBRas.isTrcLogging) {
                        ORBRas.orbTrcLogger.trace(4112L, this, "createSSLServerSocket()", new StringBuffer().append("Bind Server Socket To A Specific NIC card=").append(sSLServerConnectionData.getUseSingleNIC()).append(", Remote Port=").append(sSLServerConnectionData.getServerPort()).append(", Server Queue Depth=").append(sSLServerConnectionData.getServerServerQueueDepth()).append(", LocalHost=").append(sSLServerConnectionData.getServerHost()).append(", java.net.InetAddress.getByName( LocalHost )=").append(InetAddress.getByName(sSLServerConnectionData.getServerHost())).toString());
                    }
                } else {
                    sSLServerSocket = (SSLServerSocket) serverSocketFactory.createServerSocket(sSLServerConnectionData.getServerPort(), sSLServerConnectionData.getServerServerQueueDepth());
                    if (ORBRas.isTrcLogging && ORBRas.isTrcLogging) {
                        ORBRas.orbTrcLogger.trace(4112L, this, "createSSLServerSocket()", new StringBuffer().append("Bind Server Socket To Multiple NIC cards=").append(!sSLServerConnectionData.getUseSingleNIC()).append(", Remote Port=").append(sSLServerConnectionData.getServerPort()).append(", Server Queue Depth=").append(sSLServerConnectionData.getServerServerQueueDepth()).toString());
                    }
                }
                if (sSLServerConnectionData.getClientAuthenticationFlag()) {
                    sSLServerSocket.setNeedClientAuth(true);
                }
                if (DEFAULT_ENABLED_CIPHERS == null || DEFAULT_ENABLED_CIPHERS[0] == null || DEFAULT_ENABLED_CIPHERS[0] == "") {
                    if ((4 & targetSupportsQOP) == 4) {
                        targetSupportsQOP = 4;
                    } else if ((2 & targetSupportsQOP) == 2) {
                        targetSupportsQOP = 2;
                    }
                    if ((4 & targetRequiresQOP) == 4) {
                        targetRequiresQOP = 4;
                    } else if ((2 & targetRequiresQOP) == 2) {
                        targetRequiresQOP = 2;
                    }
                    String[] strArr2 = new String[supportedCipherSuites.length];
                    if (targetSupportsQOP >= 4 && targetRequiresQOP >= 4) {
                        strArr2 = SSLCiphers.getCipherSuitesJoin(1, 1, false, contextProvider);
                        strArr = SSLCiphers.coalesceCipherSpecs(strArr2, supportedCipherSuites);
                    } else if (targetSupportsQOP >= 4 && targetRequiresQOP == 2) {
                        strArr2 = SSLCiphers.getCipherSuitesJoin(1, 2, false, contextProvider);
                        strArr = SSLCiphers.coalesceCipherSpecs(strArr2, supportedCipherSuites);
                    } else if (targetSupportsQOP >= 4 && targetRequiresQOP != 4 && targetRequiresQOP != 2) {
                        strArr2 = SSLCiphers.getCipherSuitesJoin(1, 3, false, contextProvider);
                        strArr = SSLCiphers.coalesceCipherSpecs(strArr2, supportedCipherSuites);
                    } else if (targetSupportsQOP == 2 && targetRequiresQOP == 2) {
                        strArr2 = SSLCiphers.getCipherSuitesJoin(2, 2, false, contextProvider);
                        strArr = SSLCiphers.coalesceCipherSpecs(strArr2, supportedCipherSuites);
                    } else if (targetSupportsQOP == 2 && targetRequiresQOP != 4 && targetRequiresQOP != 2) {
                        strArr2 = SSLCiphers.getCipherSuitesJoin(2, 3, false, contextProvider);
                        strArr = SSLCiphers.coalesceCipherSpecs(strArr2, supportedCipherSuites);
                    } else if (targetSupportsQOP != 4 && targetSupportsQOP != 2 && targetRequiresQOP != 4 && targetRequiresQOP != 2) {
                        strArr2 = SSLCiphers.getCipherSuitesJoin(3, 3, false, contextProvider);
                        strArr = SSLCiphers.coalesceCipherSpecs(strArr2, supportedCipherSuites);
                    }
                    String str = "";
                    for (String str2 : supportedCipherSuites) {
                        str = new StringBuffer().append(str).append(str2).append(RASFormatter.DEFAULT_SEPARATOR).toString();
                    }
                    String str3 = "";
                    for (String str4 : strArr2) {
                        str3 = new StringBuffer().append(str3).append(str4).append(RASFormatter.DEFAULT_SEPARATOR).toString();
                    }
                    if (ORBRas.isTrcLogging) {
                        ORBRas.orbTrcLogger.trace(16L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImplClient", "IIOPSSLConnectionClient.createSSLSocket", new StringBuffer().append("\n[\nEnabled Ciphers:").append(str).append("\n").append("CiphersSpecified:").append(str3).append("\n]").toString());
                    }
                    if (strArr[0].equals("")) {
                        if (messageLoggingEnabled) {
                            if (ORBRas.isMsgLogging) {
                                ORBRas.orbMsgLogger.msg(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.createSSLServerSocket"), (String) null, new String[]{str, str3});
                            }
                        } else if (ORBRas.isTrcLogging) {
                            ORBRas.orbTrcLogger.trace(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", new StringBuffer().append("\"IIOPSSLConnection.coalesceCipherSpecs(...)\" returns a null. An INTERNAL exception is thrown.\n\t Suites enabled by the SSLServerSocket are ").append(str).append("\n\t Suites required by ConnectionInterceptor are ").append(str3).toString());
                        }
                        throw new INTERNAL(" NO_OVERLAP_OF_ENABLED_AND_DESIRED_CIPHER_SUITES", MinorCodes.NO_OVERLAP_OF_ENABLED_AND_DESIRED_CIPHER_SUITES, CompletionStatus.COMPLETED_NO);
                    }
                    sSLServerSocket.setEnabledCipherSuites(strArr);
                } else {
                    sSLServerSocket.setEnabledCipherSuites(DEFAULT_ENABLED_CIPHERS);
                }
                if (serverConnectionData.getServerPort() == 0) {
                    serverConnectionData.setServerPort(sSLServerSocket.getLocalPort());
                }
                if (ORBRas.isTrcLogging) {
                    ORBRas.orbTrcLogger.trace(16L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", new StringBuffer().append("Setting local port = ").append(serverConnectionData.getServerPort()).toString());
                }
                return sSLServerSocket;
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.createSSLServerSocket", "351", this);
                if (messageLoggingEnabled) {
                    if (ORBRas.isMsgLogging) {
                        ORBRas.orbMsgLogger.msg(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.createSSLServerSocket"), (String) null, e);
                    }
                } else if (ORBRas.isTrcLogging) {
                    ORBRas.orbTrcLogger.exception(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", e);
                }
                throw new INTERNAL(new StringBuffer().append("UNABLE_TO_CREATE_SSL_SERVER_SOCKET Exception=").append(e).toString(), MinorCodes.UNABLE_TO_CREATE_SSL_SERVER_SOCKET, CompletionStatus.COMPLETED_NO);
            }
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.createSSLServerSocket", "562", this);
            new String[1][0] = e2.toString();
            if (messageLoggingEnabled) {
                if (ORBRas.isMsgLogging) {
                    ORBRas.orbMsgLogger.msg(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.createSSLServerSocket"), (String) null, e2);
                }
            } else if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.exception(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", e2);
            }
            throw new INTERNAL(new StringBuffer().append("CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, Exception=").append(e2).toString(), MinorCodes.CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, CompletionStatus.COMPLETED_NO);
        } catch (COMM_FAILURE e3) {
            FFDCFilter.processException((Throwable) e3, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.createSSLServerSocket", "528", (Object) this);
            if (messageLoggingEnabled) {
                if (ORBRas.isMsgLogging) {
                    ORBRas.orbMsgLogger.msg(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.createSSLServerSocket"), (String) null, e3);
                }
            } else if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.exception(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "createSSLServerSocket", e3);
            }
            throw e3;
        }
    }

    private void initContext(SSLServerConnectionData sSLServerConnectionData, JSSEProvider jSSEProvider) {
        KeyStore keyStoreInstance;
        boolean messageLoggingEnabled = sSLServerConnectionData.getMessageLoggingEnabled();
        if (ORBRas.isTrcLogging) {
            ORBRas.orbTrcLogger.trace(16L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "IIOPSSLConnection.initContext", new StringBuffer().append("\n[\n").append(sSLServerConnectionData.toString()).append("\n]\n").toString());
        }
        try {
            KeyStore keyStore = null;
            KeyManagerFactory keyManagerFactory = null;
            TrustManagerFactory trustManagerFactory = null;
            String str = null;
            String keyStoreType = sSLServerConnectionData.getKeyStoreType();
            String keyRingName = sSLServerConnectionData.getKeyRingName();
            String keyRingPassword = sSLServerConnectionData.getKeyRingPassword();
            String hardwareTokenType = sSLServerConnectionData.getHardwareTokenType();
            String hardwareTokenLibraryFile = sSLServerConnectionData.getHardwareTokenLibraryFile();
            String hardwareTokenPassword = sSLServerConnectionData.getHardwareTokenPassword();
            String hardwareTokenSlot = sSLServerConnectionData.getHardwareTokenSlot();
            String serverAlias = sSLServerConnectionData.getServerAlias();
            String clientAlias = sSLServerConnectionData.getClientAlias();
            int i = -1;
            int i2 = -1;
            if (hardwareTokenSlot != null && hardwareTokenSlot.length() != 0) {
                if (serverAlias != null && serverAlias.length() != 0) {
                    i = Integer.valueOf(hardwareTokenSlot).intValue();
                }
                if (clientAlias != null && clientAlias.length() != 0) {
                    i2 = Integer.valueOf(hardwareTokenSlot).intValue();
                }
            }
            if (keyStoreType == null || keyStoreType == "") {
                keyStoreType = "JKS";
            }
            boolean z = true;
            int i3 = 0;
            while (z) {
                try {
                    keyStore = jSSEProvider.getKeyStoreInstance(keyStoreType);
                    keyManagerFactory = jSSEProvider.getKeyManagerFactoryInstance();
                    if (keyRingName != null && keyRingName != "" && keyRingPassword != null && keyRingPassword != "") {
                        try {
                            keyStore.load((InputStream) AccessController.doPrivileged(new PrivilegedExceptionAction(this, keyRingName) { // from class: com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.1
                                private final String val$namekring;
                                private final WSSSLServerSocketFactoryImpl this$0;

                                {
                                    this.this$0 = this;
                                    this.val$namekring = keyRingName;
                                }

                                @Override // java.security.PrivilegedExceptionAction
                                public Object run() throws MalformedURLException, IOException {
                                    return WSSSLClientSocketFactoryImpl.getPKCSkeyStoreList().openKeyStore(this.val$namekring);
                                }
                            }), keyRingPassword == null ? null : keyRingPassword.toCharArray());
                            str = keyRingPassword;
                            keyManagerFactory.init(keyStore, str == null ? null : str.toCharArray());
                            z = false;
                        } catch (PrivilegedActionException e) {
                            FFDCFilter.processException(e, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.initContext", "704", this);
                            throw ((FileNotFoundException) e.getException());
                        }
                    } else {
                        if (hardwareTokenType == null || hardwareTokenLibraryFile == null || hardwareTokenPassword == null || hardwareTokenType.length() == 0 || hardwareTokenLibraryFile.length() == 0 || hardwareTokenPassword.length() == 0) {
                            throw new KeyRingFileException("KeyRingFileException.missingSSLKeyRingData");
                        }
                        WSPKCSInKeyStore insert = WSSSLClientSocketFactoryImpl.getPKCSkeyStoreList().insert(hardwareTokenType, hardwareTokenLibraryFile, hardwareTokenPassword, true, sSLServerConnectionData.getContextProvider());
                        if (insert != null) {
                            keyStore = insert.getKS();
                            keyManagerFactory = insert.getKMF();
                            z = false;
                        }
                    }
                } catch (IOException e2) {
                    if (ORBRas.isTrcLogging) {
                        ORBRas.orbTrcLogger.exception(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", e2);
                    }
                    if (!e2.getMessage().equalsIgnoreCase("Invalid keystore format") && e2.getMessage().indexOf("DerInputStream.getLength()") == -1) {
                        throw e2;
                    }
                    if (ORBRas.isTrcLogging) {
                        ORBRas.orbTrcLogger.trace(16L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", "Bad keystore format, retrying with different format.");
                    }
                    if (ORBRas.isMsgLogging) {
                        ORBRas.orbMsgLogger.msg(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.InvalidKeyStoreType"), (String) null, (Object[]) null);
                    }
                    if (keyStoreType.equalsIgnoreCase("JKS")) {
                        keyStoreType = SSLChannelValidator.KEY_FILE_FORMAT_JCEK;
                    } else if (keyStoreType.equalsIgnoreCase(SSLChannelValidator.KEY_FILE_FORMAT_JCEK)) {
                        keyStoreType = SSLChannelValidator.KEY_FILE_FORMAT_PKCS12;
                    } else if (keyStoreType.equalsIgnoreCase(SSLChannelValidator.KEY_FILE_FORMAT_PKCS12)) {
                        keyStoreType = SSLChannelValidator.KEY_FILE_FORMAT_JCEK;
                    }
                    int i4 = i3;
                    i3++;
                    if (i4 > 1) {
                        throw e2;
                    }
                }
            }
            String trustFileName = sSLServerConnectionData.getTrustFileName();
            String trustFilePassword = sSLServerConnectionData.getTrustFilePassword();
            String trustStoreType = sSLServerConnectionData.getTrustStoreType();
            boolean z2 = true;
            int i5 = 0;
            while (z2) {
                if (trustStoreType == null || trustStoreType == "") {
                    keyStoreInstance = jSSEProvider.getKeyStoreInstance("JKS");
                } else {
                    try {
                        keyStoreInstance = jSSEProvider.getKeyStoreInstance(trustStoreType);
                    } catch (IOException e3) {
                        if (ORBRas.isTrcLogging) {
                            ORBRas.orbTrcLogger.exception(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", e3);
                        }
                        if (!e3.getMessage().equalsIgnoreCase("Invalid keystore format") && e3.getMessage().indexOf("DerInputStream.getLength()") == -1) {
                            throw e3;
                        }
                        if (ORBRas.isTrcLogging) {
                            ORBRas.orbTrcLogger.trace(16L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", "Bad keystore format, retrying with different format.");
                        }
                        if (ORBRas.isMsgLogging) {
                            ORBRas.orbMsgLogger.msg(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.InvalidKeyStoreType"), (String) null, (Object[]) null);
                        }
                        if (trustStoreType.equalsIgnoreCase("JKS")) {
                            trustStoreType = SSLChannelValidator.KEY_FILE_FORMAT_JCEK;
                        } else if (trustStoreType.equalsIgnoreCase(SSLChannelValidator.KEY_FILE_FORMAT_JCEK)) {
                            trustStoreType = SSLChannelValidator.KEY_FILE_FORMAT_PKCS12;
                        } else if (trustStoreType.equalsIgnoreCase(SSLChannelValidator.KEY_FILE_FORMAT_PKCS12)) {
                            trustStoreType = SSLChannelValidator.KEY_FILE_FORMAT_JCEK;
                        }
                        int i6 = i5;
                        i5++;
                        if (i6 > 1) {
                            throw e3;
                        }
                    }
                }
                trustManagerFactory = jSSEProvider.getTrustManagerFactoryInstance();
                if (trustFileName != null && trustFileName != "" && trustFilePassword != null && trustFilePassword != "") {
                    try {
                        keyStoreInstance.load((InputStream) com.ibm.ws.security.util.AccessController.doPrivileged(new PrivilegedExceptionAction(this, trustFileName) { // from class: com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.2
                            private final String val$nametrFile;
                            private final WSSSLServerSocketFactoryImpl this$0;

                            {
                                this.this$0 = this;
                                this.val$nametrFile = trustFileName;
                            }

                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws IOException, MalformedURLException {
                                return WSSSLClientSocketFactoryImpl.getPKCSkeyStoreList().openKeyStore(this.val$nametrFile);
                            }
                        }), trustFilePassword == null ? null : trustFilePassword.toCharArray());
                        if (keyStoreInstance != null) {
                            trustManagerFactory.init(keyStoreInstance);
                        }
                        z2 = false;
                    } catch (PrivilegedActionException e4) {
                        FFDCFilter.processException(e4, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.initContext", "844", this);
                        throw ((FileNotFoundException) e4.getException());
                    }
                } else {
                    if (hardwareTokenType == null || hardwareTokenLibraryFile == null || hardwareTokenPassword == null || hardwareTokenType.length() == 0 || hardwareTokenLibraryFile.length() == 0 || hardwareTokenPassword.length() == 0) {
                        throw new KeyRingFileException("KeyRingFileException.missingSSLKeyRingData");
                    }
                    WSPKCSInKeyStore insert2 = WSSSLClientSocketFactoryImpl.getPKCSkeyStoreList().insert(hardwareTokenType, hardwareTokenLibraryFile, hardwareTokenPassword, false, sSLServerConnectionData.getContextProvider());
                    if (insert2 != null) {
                        insert2.getTS();
                        trustManagerFactory = insert2.getTMF();
                        z2 = false;
                    }
                }
            }
            String protocolName = sSLServerConnectionData.getProtocolName();
            if (protocolName == null || protocolName == "") {
                sslContext = jSSEProvider.getSSLContextInstance("SSL");
            } else {
                sslContext = jSSEProvider.getSSLContextInstance(protocolName);
            }
            WSX509KeyManager wSX509KeyManager = new WSX509KeyManager(keyStore, str == null ? null : str.toCharArray(), keyManagerFactory);
            if (wSX509KeyManager.getX509KeyManager() == null || ((serverAlias == null || serverAlias.equals("")) && (clientAlias == null || clientAlias.equals("")))) {
                sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
            } else {
                if (clientAlias != null && !clientAlias.equals("")) {
                    wSX509KeyManager.setClientAlias(clientAlias, i2);
                }
                if (serverAlias != null && !serverAlias.equals("")) {
                    wSX509KeyManager.setServerAlias(serverAlias, i);
                }
                sslContext.init(new KeyManager[]{wSX509KeyManager}, trustManagerFactory.getTrustManagers(), null);
            }
            String ciphersToBeEnabled = sSLServerConnectionData.getCiphersToBeEnabled();
            if (ciphersToBeEnabled != null && ciphersToBeEnabled != "") {
                int i7 = 0;
                StringTokenizer stringTokenizer = new StringTokenizer(ciphersToBeEnabled, RASFormatter.DEFAULT_SEPARATOR);
                while (stringTokenizer.hasMoreTokens()) {
                    stringTokenizer.nextToken();
                    i7++;
                }
                DEFAULT_ENABLED_CIPHERS = new String[i7];
                int i8 = 0;
                StringTokenizer stringTokenizer2 = new StringTokenizer(ciphersToBeEnabled, RASFormatter.DEFAULT_SEPARATOR);
                while (stringTokenizer2.hasMoreTokens()) {
                    int i9 = i8;
                    i8++;
                    DEFAULT_ENABLED_CIPHERS[i9] = stringTokenizer2.nextToken();
                }
            }
        } catch (COMM_FAILURE e5) {
            FFDCFilter.processException((Throwable) e5, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.initContext", "1210", (Object) this);
            if (messageLoggingEnabled) {
                if (ORBRas.isMsgLogging) {
                    ORBRas.orbMsgLogger.msg(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.initContext"), (String) null, e5);
                }
            } else if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.exception(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", e5);
            }
            throw new INTERNAL(new StringBuffer().append("CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, Exception=").append(e5).toString(), MinorCodes.CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, CompletionStatus.COMPLETED_NO);
        } catch (IOException e6) {
            FFDCFilter.processException(e6, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.initContext", "1174", this);
            if (messageLoggingEnabled) {
                if (ORBRas.isMsgLogging) {
                    ORBRas.orbMsgLogger.msg(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.initContext"), (String) null, e6);
                }
            } else if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.exception(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", e6);
            }
            throw new INTERNAL(new StringBuffer().append("CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, Exception=").append(e6).toString(), MinorCodes.CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, CompletionStatus.COMPLETED_NO);
        } catch (KeyManagementException e7) {
            FFDCFilter.processException(e7, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.initContext", "1139", this);
            if (messageLoggingEnabled) {
                if (ORBRas.isMsgLogging) {
                    ORBRas.orbMsgLogger.msg(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.initContext"), (String) null, e7);
                }
            } else if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.exception(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", e7);
            }
            throw new INTERNAL(new StringBuffer().append("CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, Exception=").append(e7).toString(), MinorCodes.CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, CompletionStatus.COMPLETED_NO);
        } catch (KeyStoreException e8) {
            FFDCFilter.processException(e8, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.initContext", "1000", this);
            if (messageLoggingEnabled) {
                if (ORBRas.isMsgLogging) {
                    ORBRas.orbMsgLogger.msg(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.initContext"), (String) null, e8);
                }
            } else if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.exception(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", e8);
            }
            throw new INTERNAL(new StringBuffer().append("CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, Exception=").append(e8).toString(), MinorCodes.CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, CompletionStatus.COMPLETED_NO);
        } catch (NoSuchAlgorithmException e9) {
            FFDCFilter.processException(e9, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.initContext", "1071", this);
            if (messageLoggingEnabled) {
                if (ORBRas.isMsgLogging) {
                    ORBRas.orbMsgLogger.msg(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.initContext"), (String) null, e9);
                }
            } else if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.exception(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", e9);
            }
            throw new INTERNAL(new StringBuffer().append("CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, Exception=").append(e9).toString(), MinorCodes.CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, CompletionStatus.COMPLETED_NO);
        } catch (UnrecoverableKeyException e10) {
            FFDCFilter.processException(e10, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.initContext", "1104", this);
            if (messageLoggingEnabled) {
                if (ORBRas.isMsgLogging) {
                    ORBRas.orbMsgLogger.msg(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.initContext"), (String) null, e10);
                }
            } else if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.exception(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", e10);
            }
            throw new INTERNAL(new StringBuffer().append("CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, Exception=").append(e10).toString(), MinorCodes.CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, CompletionStatus.COMPLETED_NO);
        } catch (CertificateException e11) {
            FFDCFilter.processException(e11, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.initContext", "1035", this);
            if (messageLoggingEnabled) {
                if (ORBRas.isMsgLogging) {
                    ORBRas.orbMsgLogger.msg(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.initContext"), (String) null, e11);
                }
            } else if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.exception(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", e11);
            }
            throw new INTERNAL(new StringBuffer().append("CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, Exception=").append(e11).toString(), MinorCodes.CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, CompletionStatus.COMPLETED_NO);
        } catch (Exception e12) {
            FFDCFilter.processException(e12, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.initContext", "1246", this);
            if (messageLoggingEnabled) {
                if (ORBRas.isMsgLogging) {
                    ORBRas.orbMsgLogger.msg(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", SocketFactoryMessageUtility.getMessage("IIOPSSLConnection.initContext"), (String) null, e12);
                }
            } else if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.exception(8L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "initContext", e12);
            }
            throw new INTERNAL(new StringBuffer().append("CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, Exception=").append(e12).toString(), MinorCodes.CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, CompletionStatus.COMPLETED_NO);
        }
    }

    @Override // com.ibm.ws.orb.transport.WSSSLServerSocketFactory
    public X509Certificate[] getPeerCertificateChain(SSLSocket sSLSocket) {
        X509Certificate[] x509CertificateArr;
        if (ORBRas.isTrcLogging) {
            ORBRas.orbTrcLogger.trace(16L, this, "getPeerCertificateChain(SSLSocket)", new StringBuffer().append("theSocket=").append(sSLSocket).toString());
        }
        SSLSession session = sSLSocket.getSession();
        if (session == null) {
            if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.trace(16L, "com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl", "IIOPSSLConnection.createSSLServerSocket", "theSocket.getSession returned null");
            }
            throw new INTERNAL("GET_SSL_SESSION_RETURNED_NULL", MinorCodes.GET_SSL_SESSION_RETURNED_NULL, CompletionStatus.COMPLETED_NO);
        }
        try {
            x509CertificateArr = session.getPeerCertificateChain();
        } catch (SSLPeerUnverifiedException e) {
            if (ORBRas.isTrcLogging) {
                ORBRas.orbTrcLogger.trace(16L, this, "getPeerCertificateChain(SSLSocket)", new StringBuffer().append("Caught Exception from getPeerCertificateChain(),  returning a null for peerCertificateChain:  Exception=").append(e).toString());
            }
            x509CertificateArr = null;
        }
        if (ORBRas.isTrcLogging) {
            ORBRas.orbTrcLogger.trace(16L, this, "getPeerCertificateChain(SSLSocket)", new StringBuffer().append("About to return peerCertificateChain=").append(x509CertificateArr).toString());
        }
        return x509CertificateArr;
    }
}
