package com.xdja.pki.gmssl.tomcat.plugin;

import com.xdja.pki.gmssl.GMSSLContext;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
import java.security.KeyStore;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.SSLUtil;
import org.apache.tomcat.util.net.ServerSocketFactory;
import org.apache.tomcat.util.res.StringManager;

/* loaded from: input_file:com/xdja/pki/gmssl/tomcat/plugin/XDJAJSSESocketFactory.class */
public class XDJAJSSESocketFactory implements ServerSocketFactory, SSLUtil {
    private static final String defaultProtocol = "TLS";
    private static final String defaultKeystoreType = "JKS";
    private static final int defaultSessionCacheSize = 0;
    private static final int defaultSessionTimeout = 86400;
    private static final String ALLOW_ALL_SUPPORTED_CIPHERS = "ALL";
    public static final String DEFAULT_KEY_PASS = "changeit";
    private AbstractEndpoint<?> endpoint;
    protected SSLServerSocketFactory sslProxy = null;
    protected boolean allowUnsafeLegacyRenegotiation = false;
    protected boolean requireClientAuth = false;
    protected boolean wantClientAuth = false;
    private static final Log log = LogFactory.getLog(XDJAJSSESocketFactory.class);
    private static final StringManager sm = StringManager.getManager("org.apache.tomcat.util.net.jsse.res");
    private static final String defaultKeystoreFile = System.getProperty("user.home") + "/.keystore";

    public XDJAJSSESocketFactory(AbstractEndpoint<?> abstractEndpoint) {
        this.endpoint = abstractEndpoint;
    }

    public ServerSocket createSocket(int i) throws IOException {
        init();
        ServerSocket createServerSocket = this.sslProxy.createServerSocket(i);
        initServerSocket(createServerSocket);
        return createServerSocket;
    }

    public ServerSocket createSocket(int i, int i2) throws IOException {
        init();
        ServerSocket createServerSocket = this.sslProxy.createServerSocket(i, i2);
        initServerSocket(createServerSocket);
        return createServerSocket;
    }

    public ServerSocket createSocket(int i, int i2, InetAddress inetAddress) throws IOException {
        init();
        ServerSocket createServerSocket = this.sslProxy.createServerSocket(i, i2, inetAddress);
        initServerSocket(createServerSocket);
        return createServerSocket;
    }

    public Socket acceptSocket(ServerSocket serverSocket) throws IOException {
        try {
            return (SSLSocket) serverSocket.accept();
        } catch (SSLException e) {
            throw new SocketException("SSL handshake error" + e.toString());
        }
    }

    public void handshake(Socket socket) throws IOException {
        if (((SSLSocket) socket).getSession().getCipherSuite().equals("SSL_NULL_WITH_NULL_NULL")) {
            throw new IOException("SSL handshake failed. Ciper suite in SSL Session is SSL_NULL_WITH_NULL_NULL");
        }
    }

    public String[] getEnableableCiphers(SSLContext sSLContext) {
        return sSLContext.getSupportedSSLParameters().getCipherSuites();
    }

    protected String getKeystorePassword() {
        String keystorePass = this.endpoint.getKeystorePass();
        if (keystorePass == null) {
            keystorePass = this.endpoint.getKeyPass();
        }
        if (keystorePass == null) {
            keystorePass = DEFAULT_KEY_PASS;
        }
        return keystorePass;
    }

    protected KeyStore getKeystore(String str, String str2, String str3) throws IOException {
        String keystoreFile = this.endpoint.getKeystoreFile();
        if (keystoreFile == null) {
            keystoreFile = defaultKeystoreFile;
        }
        return GMSSLContext.getKeystore(keystoreFile, str, str2, str3);
    }

    protected KeyStore getTrustStore() throws IOException {
        String truststoreFile = this.endpoint.getTruststoreFile();
        if (truststoreFile == null) {
            truststoreFile = System.getProperty("javax.net.ssl.trustStore");
        }
        String truststorePass = this.endpoint.getTruststorePass();
        if (truststorePass == null) {
            truststorePass = System.getProperty("javax.net.ssl.trustStorePassword");
        }
        String truststoreType = this.endpoint.getTruststoreType();
        if (truststoreType == null) {
            truststoreType = System.getProperty("javax.net.ssl.trustStoreType");
        }
        String truststoreProvider = this.endpoint.getTruststoreProvider();
        if (truststoreProvider == null) {
            truststoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider");
        }
        return GMSSLContext.getTrustStore(truststoreFile, truststoreType, truststoreProvider, truststorePass);
    }

    void init() throws IOException {
        try {
            String clientAuth = this.endpoint.getClientAuth();
            if ("true".equalsIgnoreCase(clientAuth) || "yes".equalsIgnoreCase(clientAuth)) {
                this.requireClientAuth = true;
            } else if ("want".equalsIgnoreCase(clientAuth)) {
                this.wantClientAuth = true;
            }
            SSLContext createSSLContext = createSSLContext();
            createSSLContext.init(getKeyManagers(), getTrustManagers(), null);
            SSLSessionContext serverSessionContext = createSSLContext.getServerSessionContext();
            if (serverSessionContext != null) {
                configureSessionContext(serverSessionContext);
            }
            this.sslProxy = createSSLContext.getServerSocketFactory();
            this.allowUnsafeLegacyRenegotiation = "true".equals(this.endpoint.getAllowUnsafeLegacyRenegotiation());
        } catch (Exception e) {
            if (!(e instanceof IOException)) {
                throw new IOException(e.getMessage(), e);
            }
            throw ((IOException) e);
        }
    }

    public SSLContext createSSLContext() throws Exception {
        String sslProtocol = this.endpoint.getSslProtocol();
        if (sslProtocol == null) {
            sslProtocol = defaultProtocol;
        }
        return SSLContext.getInstance(sslProtocol, "XDJAJSSE");
    }

    public KeyManager[] getKeyManagers() throws Exception {
        String keystorePassword = getKeystorePassword();
        KeyStore keystore = getKeystore(this.endpoint.getKeystoreType(), this.endpoint.getKeystoreProvider(), keystorePassword);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("PKIX", "XDJAJSSE");
        keyManagerFactory.init(keystore, keystorePassword.toCharArray());
        return keyManagerFactory.getKeyManagers();
    }

    public TrustManager[] getTrustManagers() throws Exception {
        KeyStore trustStore = getTrustStore();
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX", "XDJAJSSE");
        trustManagerFactory.init(trustStore);
        return trustManagerFactory.getTrustManagers();
    }

    public void configureSessionContext(SSLSessionContext sSLSessionContext) {
        int parseInt = this.endpoint.getSessionCacheSize() != null ? Integer.parseInt(this.endpoint.getSessionCacheSize()) : defaultSessionCacheSize;
        int parseInt2 = this.endpoint.getSessionTimeout() != null ? Integer.parseInt(this.endpoint.getSessionTimeout()) : defaultSessionTimeout;
        sSLSessionContext.setSessionCacheSize(parseInt);
        sSLSessionContext.setSessionTimeout(parseInt2);
    }

    public String[] getEnableableProtocols(SSLContext sSLContext) {
        return new String[]{"GMSSLv1.1"};
    }

    protected void configureClientAuth(SSLServerSocket sSLServerSocket) {
        if (this.wantClientAuth) {
            sSLServerSocket.setWantClientAuth(this.wantClientAuth);
        } else {
            sSLServerSocket.setNeedClientAuth(this.requireClientAuth);
        }
    }

    private void initServerSocket(ServerSocket serverSocket) {
        configureClientAuth((SSLServerSocket) serverSocket);
    }
}
