package org.apache.avalon.cornerstone.blocks.sockets;

import com.sun.net.ssl.KeyManagerFactory;
import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManagerFactory;
import com.sun.net.ssl.internal.ssl.Provider;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Security;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import org.apache.avalon.cornerstone.services.sockets.ServerSocketFactory;
import org.apache.avalon.framework.activity.Initializable;
import org.apache.avalon.framework.component.Component;
import org.apache.avalon.framework.configuration.Configurable;
import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.ConfigurationException;
import org.apache.avalon.framework.context.Context;
import org.apache.avalon.framework.context.Contextualizable;
import org.apache.avalon.framework.logger.AbstractLogEnabled;
import org.apache.avalon.phoenix.BlockContext;
import sun.security.provider.Sun;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/cornerstone-jp2.1.3.jar:org/apache/avalon/cornerstone/blocks/sockets/TLSServerSocketFactory.class
 */
/* loaded from: input_file:apps/james.sar:SAR-INF/lib/cornerstone.jar:org/apache/avalon/cornerstone/blocks/sockets/TLSServerSocketFactory.class */
public class TLSServerSocketFactory extends AbstractLogEnabled implements ServerSocketFactory, Component, Contextualizable, Configurable, Initializable {
    protected SSLServerSocketFactory m_factory;
    protected File m_baseDirectory;
    protected String m_keyStoreFile;
    protected String m_keyStorePassword;
    protected String m_keyStoreType;
    protected String m_keyStoreProtocol;
    protected String m_keyStoreAlgorithm;
    protected boolean m_keyStoreAuthenticateClients;

    @Override // org.apache.avalon.framework.context.Contextualizable
    public void contextualize(Context context) {
        this.m_baseDirectory = ((BlockContext) context).getBaseDirectory();
    }

    @Override // org.apache.avalon.framework.configuration.Configurable
    public void configure(Configuration configuration) throws ConfigurationException {
        Configuration child = configuration.getChild("keystore");
        this.m_keyStoreFile = child.getChild("file").getValue("conf/keystore");
        this.m_keyStorePassword = child.getChild("password").getValue();
        this.m_keyStoreType = child.getChild("type").getValue("JKS");
        this.m_keyStoreProtocol = child.getChild("protocol").getValue("TLS");
        this.m_keyStoreAlgorithm = child.getChild("algorithm").getValue("SunX509");
        this.m_keyStoreAuthenticateClients = child.getChild("authenticate-client").getValueAsBoolean(false);
    }

    @Override // org.apache.avalon.framework.activity.Initializable
    public void initialize() throws Exception {
        initSSLFactory(initKeyStore());
    }

    protected KeyStore initKeyStore() throws Exception {
        try {
            KeyStore keyStore = KeyStore.getInstance(this.m_keyStoreType);
            File file = new File(this.m_baseDirectory, this.m_keyStoreFile);
            keyStore.load(new FileInputStream(file), this.m_keyStorePassword.toCharArray());
            getLogger().info(new StringBuffer().append("Keystore loaded from: ").append(file).toString());
            return keyStore;
        } catch (Exception e) {
            getLogger().error(new StringBuffer().append("Exception loading keystore from: ").append(this.m_keyStoreFile).toString(), e);
            throw e;
        }
    }

    protected void initSSLFactory(KeyStore keyStore) throws Exception {
        Security.addProvider(new Sun());
        Security.addProvider(new Provider());
        SSLContext sSLContext = SSLContext.getInstance(this.m_keyStoreProtocol);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.m_keyStoreAlgorithm);
        keyManagerFactory.init(keyStore, this.m_keyStorePassword.toCharArray());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this.m_keyStoreAlgorithm);
        trustManagerFactory.init(keyStore);
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
        this.m_factory = sSLContext.getServerSocketFactory();
    }

    @Override // org.apache.avalon.cornerstone.services.sockets.ServerSocketFactory
    public ServerSocket createServerSocket(int i) throws IOException {
        ServerSocket createServerSocket = this.m_factory.createServerSocket(i);
        initServerSocket(createServerSocket);
        return createServerSocket;
    }

    @Override // org.apache.avalon.cornerstone.services.sockets.ServerSocketFactory
    public ServerSocket createServerSocket(int i, int i2) throws IOException {
        ServerSocket createServerSocket = this.m_factory.createServerSocket(i, i2);
        initServerSocket(createServerSocket);
        return createServerSocket;
    }

    @Override // org.apache.avalon.cornerstone.services.sockets.ServerSocketFactory
    public ServerSocket createServerSocket(int i, int i2, InetAddress inetAddress) throws IOException {
        ServerSocket createServerSocket = this.m_factory.createServerSocket(i, i2, inetAddress);
        initServerSocket(createServerSocket);
        return createServerSocket;
    }

    protected void initServerSocket(ServerSocket serverSocket) {
        SSLServerSocket sSLServerSocket = (SSLServerSocket) serverSocket;
        sSLServerSocket.setEnabledCipherSuites(sSLServerSocket.getSupportedCipherSuites());
        sSLServerSocket.setNeedClientAuth(this.m_keyStoreAuthenticateClients);
    }
}
