package org.jacorb.security.ssl.iaik;

import iaik.security.ssl.CipherSuite;
import iaik.security.ssl.SSLServerContext;
import iaik.security.ssl.SSLServerSocket;
import iaik.security.ssl.SSLSocket;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.cert.X509Certificate;
import org.jacorb.orb.ORB;
import org.jacorb.security.level2.CurrentImpl;
import org.jacorb.security.level2.KeyAndCert;
import org.jacorb.security.util.CertUtils;
import org.jacorb.util.Debug;
import org.jacorb.util.Environment;
import org.omg.CORBA.ORBPackage.InvalidName;

/* loaded from: input_file:org/jacorb/security/ssl/iaik/SSLServerSocketFactory.class */
public class SSLServerSocketFactory implements org.jacorb.orb.factory.SSLServerSocketFactory {
    private CipherSuite[] cs = SSLSetup.getCipherSuites();
    private SSLServerContext defaultContext = new SSLServerContext();

    private final KeyAndCert[] getSSLCredentials(ORB orb) {
        CurrentImpl currentImpl = null;
        try {
            currentImpl = (CurrentImpl) orb.resolve_initial_references("SecurityCurrent");
        } catch (InvalidName e) {
            Debug.output(1, "Unable to obtain Security Current. Giving up");
            System.exit(-1);
        }
        return currentImpl.getSSLCredentials();
    }

    @Override // org.jacorb.orb.factory.ServerSocketFactory
    public ServerSocket createServerSocket(int i) throws IOException {
        if (this.defaultContext == null) {
            throw new IOException("Cannot support SSL, no default SSL context found!");
        }
        return new SSLServerSocket(i, this.defaultContext);
    }

    @Override // org.jacorb.orb.factory.ServerSocketFactory
    public ServerSocket createServerSocket(int i, int i2) throws IOException {
        if (this.defaultContext == null) {
            throw new IOException("Cannot support SSL, no default SSL context found!");
        }
        return new SSLServerSocket(i, i2, this.defaultContext);
    }

    @Override // org.jacorb.orb.factory.ServerSocketFactory
    public ServerSocket createServerSocket(int i, int i2, InetAddress inetAddress) throws IOException {
        if (this.defaultContext == null) {
            throw new IOException("Cannot support SSL, no default SSL context found!");
        }
        return new SSLServerSocket(i, i2, inetAddress, this.defaultContext);
    }

    public String[] getDefaultCipherSuites() {
        String[] strArr = new String[this.cs.length];
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = this.cs[i].toString();
        }
        return strArr;
    }

    public String[] getSupportedCipherSuites() {
        CipherSuite[] cipherSuiteArr = CipherSuite.getDefault();
        String[] strArr = new String[cipherSuiteArr.length];
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = cipherSuiteArr[i].toString();
        }
        return strArr;
    }

    @Override // org.jacorb.orb.factory.SSLServerSocketFactory
    public boolean isSSL(ServerSocket serverSocket) {
        return serverSocket instanceof SSLServerSocket;
    }

    @Override // org.jacorb.orb.factory.SSLServerSocketFactory
    public void switchToClientMode(Socket socket) {
        if (Environment.isPropertyOn("jacorb.security.change_ssl_roles")) {
            try {
                Debug.output(2, "SSLServerSocket, switching to client mode...");
                ((SSLSocket) socket).setUseClientMode(true);
            } catch (IOException e) {
                Debug.output(268435457, e);
            }
        }
    }

    public SSLServerSocketFactory(ORB orb) {
        if (!Environment.isPropertyOn("jacorb.security.change_ssl_roles")) {
            KeyAndCert[] sSLCredentials = getSSLCredentials(orb);
            for (int i = 0; i < sSLCredentials.length; i++) {
                this.defaultContext.addServerCredentials((X509Certificate[]) sSLCredentials[i].chain, sSLCredentials[i].key);
            }
            if ((Environment.getIntProperty("jacorb.security.ssl.server.required_options", 16) & 64) != 0) {
                this.defaultContext.setRequestClientCertificate(true);
                this.defaultContext.setChainVerifier(new ServerChainVerifier(true));
                String[] propertyValueList = Environment.getPropertyValueList("jacorb.security.trustees");
                if (propertyValueList.length == 0) {
                    Debug.output(1, "WARNING: No trusted certificates specified. This will accept all peer certificate chains!");
                }
                for (String str : propertyValueList) {
                    this.defaultContext.addTrustedCertificate(CertUtils.readCertificate(str));
                }
            }
        } else if ((Environment.getIntProperty("jacorb.security.ssl.server.supported_options", 16) & 32) != 0) {
            KeyAndCert[] sSLCredentials2 = getSSLCredentials(orb);
            for (int i2 = 0; i2 < sSLCredentials2.length; i2++) {
                this.defaultContext.addClientCredentials((X509Certificate[]) sSLCredentials2[i2].chain, sSLCredentials2[i2].key);
            }
            this.defaultContext.getSessionManager().setResumePeriod(0L);
        }
        if (Environment.isPropertyOn("jacorb.security.iaik_debug")) {
            this.defaultContext.setDebugStream(System.out);
        }
    }
}
