package org.w3c.jigsaw.http.socket;

import iaik.asn1.structures.Name;
import iaik.jigsaw.https.JigsawServerTrustDecider;
import iaik.jigsaw.https.SSLPropertySet;
import iaik.jigsaw.https.httpsd;
import iaik.pkcs.pkcs8.PrivateKeyInfo;
import iaik.security.rsa.RSAPrivateKey;
import iaik.security.ssl.CipherSuite;
import iaik.security.ssl.SSLServerContext;
import iaik.security.ssl.SSLServerSocket;
import iaik.utils.KeyAndCertificate;
import iaik.x509.X509Certificate;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.math.BigInteger;
import java.net.ServerSocket;
import java.security.AlgorithmParameterGenerator;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.util.Vector;
import javax.crypto.spec.DHGenParameterSpec;
import javax.crypto.spec.DHParameterSpec;
import org.w3c.jigsaw.http.httpd;

/* loaded from: input_file:org/w3c/jigsaw/http/socket/SSLSocketClientFactory.class */
public class SSLSocketClientFactory extends SocketClientFactory {
    protected SSLServerContext ssl_context;
    protected JigsawServerTrustDecider trust_decider;
    protected httpsd ssl_server;
    private boolean client_authentication = false;
    private boolean require_certificate = false;
    private boolean require_trusted_root = false;
    private String trusted_signers_file_name;
    public static final String CLIENT_AUTHENTICATION_P = "iaik.jigsaw.ssl.client.authentication";
    public static final String CLIENT_REQUIRE_CERTIFICATE_P = "iaik.jigsaw.ssl.client.requireCertificate";
    public static final String CLIENT_REQUIRE_TRUSTED_ROOT_P = "iaik.jigsaw.ssl.client.requireTrustedRoot";
    public static final String TRUSTET_SIGNERS_P = "iaik.jigsaw.ssl.trustedSigners";
    public static final String RSA_KEY_AND_CERTIFICATE_P = "iaik.jigsaw.ssl.rsa.keyAndCertificate";
    public static final String DSA_KEY_AND_CERTIFICATE_P = "iaik.jigsaw.ssl.dsa.keyAndCertificate";
    public static final String DH_KEY_AND_CERTIFICATE_P = "iaik.jigsaw.ssl.dh.keyAndCertificate";
    public static final String TEMP_RSA_KEY_P = "iaik.jigsaw.ssl.tempRSAKey";
    public static final String DH_PARAMETERS_P = "iaik.jigsaw.ssl.dhPararmeters";
    public static final Object[][] CIPHER_SUITES = {new Object[]{"cipher.suite.ssl.rsa.with.idea.cbc.sha", CipherSuite.SSL_RSA_WITH_IDEA_CBC_SHA}, new Object[]{"cipher.suite.ssl.rsa.with.3des.ede.cbc.sha", CipherSuite.SSL_RSA_WITH_3DES_EDE_CBC_SHA}, new Object[]{"cipher.suite.ssl.dh.dss.with.3des.ede.cbc.sha", CipherSuite.SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA}, new Object[]{"cipher.suite.ssl.dh.rsa.with.3des.ede.cbc.sha", CipherSuite.SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA}, new Object[]{"cipher.suite.ssl.dhe.dss.with.3des.ede.cbc.sha", CipherSuite.SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA}, new Object[]{"cipher.suite.ssl.dhe.rsa.with.3des.ede.cbc.sha", CipherSuite.SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA}, new Object[]{"cipher.suite.ssl.rsa.with.rc4.md5", CipherSuite.SSL_RSA_WITH_RC4_MD5}, new Object[]{"cipher.suite.ssl.rsa.with.rc4.sha", CipherSuite.SSL_RSA_WITH_RC4_SHA}, new Object[]{"cipher.suite.ssl.rsa.with.des.cbc.sha", CipherSuite.SSL_RSA_WITH_DES_CBC_SHA}, new Object[]{"cipher.suite.ssl.dh.dss.with.des.cbc.sha", CipherSuite.SSL_DH_DSS_WITH_DES_CBC_SHA}, new Object[]{"cipher.suite.ssl.dh.rsa.with.des.cbc.sha", CipherSuite.SSL_DH_RSA_WITH_DES_CBC_SHA}, new Object[]{"cipher.suite.ssl.dhe.dss.with.des.cbc.sha", CipherSuite.SSL_DHE_DSS_WITH_DES_CBC_SHA}, new Object[]{"cipher.suite.ssl.dhe.rsa.with.des.cbc.sha", CipherSuite.SSL_DHE_RSA_WITH_DES_CBC_SHA}, new Object[]{"cipher.suite.ssl.rsa.export.with.rc4.40.md5", CipherSuite.SSL_RSA_EXPORT_WITH_RC4_40_MD5}, new Object[]{"cipher.suite.ssl.rsa.export.with.rc2.cbc.40.md5", CipherSuite.SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5}, new Object[]{"cipher.suite.ssl.rsa.export.with.des40.cbc.sha", CipherSuite.SSL_RSA_EXPORT_WITH_DES40_CBC_SHA}, new Object[]{"cipher.suite.ssl.dh.dss.export.with.des40.cbc.sha", CipherSuite.SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA}, new Object[]{"cipher.suite.ssl.dh.rsa.export.with.des40.cbc.sha", CipherSuite.SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA}, new Object[]{"cipher.suite.ssl.dhe.dss.export.with.des40.cbc.sha", CipherSuite.SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA}, new Object[]{"cipher.suite.ssl.dhe.rsa.export.with.des40.cbc.sha", CipherSuite.SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA}, new Object[]{"cipher.suite.ssl.dh.anon.with.rc4.md5", CipherSuite.SSL_DH_anon_WITH_RC4_MD5}, new Object[]{"cipher.suite.ssl.dh.anon.with.des.cbc.sha", CipherSuite.SSL_DH_anon_WITH_DES_CBC_SHA}, new Object[]{"cipher.suite.ssl.dh.anon.with.3des.ede.cbc.sha", CipherSuite.SSL_DH_anon_WITH_3DES_EDE_CBC_SHA}, new Object[]{"cipher.suite.ssl.dh.anon.export.with.rc4.40.md5", CipherSuite.SSL_DH_anon_EXPORT_WITH_RC4_40_MD5}, new Object[]{"cipher.suite.ssl.dh.anon.export.with.des40.cbc.sha", CipherSuite.SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA}, new Object[]{"cipher.suite.ssl.rsa.with.null.md5", CipherSuite.SSL_RSA_WITH_NULL_MD5}, new Object[]{"cipher.suite.ssl.rsa.with.null.sha", CipherSuite.SSL_RSA_WITH_NULL_SHA}};

    protected String getFileName(String str) throws FileNotFoundException {
        File file = new File(str);
        if (!file.exists()) {
            file = new File(this.ssl_server.getRootDirectory(), str);
        }
        if (file.exists()) {
            return file.getAbsolutePath();
        }
        throw new FileNotFoundException(str);
    }

    public boolean propertyChanged(String str) {
        DHParameterSpec dHParameterSpec;
        try {
            if (str.equals(CLIENT_AUTHENTICATION_P)) {
                this.client_authentication = ((SocketClientFactory) this).props.getBoolean(str, false);
                updateClientAuthentication();
                return true;
            }
            if (str.equals(CLIENT_REQUIRE_CERTIFICATE_P)) {
                this.require_certificate = ((SocketClientFactory) this).props.getBoolean(str, false);
                this.trust_decider.setRequireCertificate(this.require_certificate);
                return true;
            }
            if (str.equals(CLIENT_REQUIRE_TRUSTED_ROOT_P)) {
                this.require_trusted_root = ((SocketClientFactory) this).props.getBoolean(str, false);
                this.trust_decider.setRequireTrustedRoot(this.require_trusted_root);
                return true;
            }
            if (str.equals(TRUSTET_SIGNERS_P)) {
                this.trusted_signers_file_name = ((SocketClientFactory) this).props.getString(str, this.trusted_signers_file_name);
                updateClientAuthentication();
                return true;
            }
            if (str.endsWith("keyAndCertificate")) {
                String string = ((SocketClientFactory) this).props.getString(str, "certs/serverRSA.der");
                KeyAndCertificate keyAndCertificate = new KeyAndCertificate(getFileName(string));
                RSAPrivateKey rSAPrivateKey = (PrivateKeyInfo) keyAndCertificate.getPrivateKey();
                if (str.equals(RSA_KEY_AND_CERTIFICATE_P)) {
                    this.ssl_context.setRSACertificate(keyAndCertificate.getCertificateChain(), rSAPrivateKey);
                    this.ssl_server.errlog(new StringBuffer("RSA certificate set to: ").append(string).toString());
                    System.out.println(new StringBuffer("RSA certificate set to: ").append(string).toString());
                    return true;
                }
                if (str.equals(DSA_KEY_AND_CERTIFICATE_P)) {
                    this.ssl_context.setDSACertificate(keyAndCertificate.getCertificateChain(), rSAPrivateKey);
                    this.ssl_server.errlog(new StringBuffer("DSA certificate set to: ").append(string).toString());
                    System.out.println(new StringBuffer("DSA certificate set to: ").append(string).toString());
                    return true;
                }
                if (!str.equals(DH_KEY_AND_CERTIFICATE_P)) {
                    return true;
                }
                this.ssl_context.setDHCertificate(keyAndCertificate.getCertificateChain(), rSAPrivateKey);
                this.ssl_server.errlog(new StringBuffer("DH certificate set to: ").append(string).toString());
                System.out.println(new StringBuffer("DH certificate set to: ").append(string).toString());
                return true;
            }
            if (str.equals(TEMP_RSA_KEY_P)) {
                String string2 = ((SocketClientFactory) this).props.getString(str, "");
                if (!string2.equalsIgnoreCase("generate")) {
                    RSAPrivateKey rSAPrivateKey2 = new RSAPrivateKey(new FileInputStream(string2));
                    this.ssl_context.setRSATempKeyPair(new KeyPair(rSAPrivateKey2.getPublicKey(), rSAPrivateKey2));
                    return true;
                }
                System.out.println("generating new temporary RSA key...");
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
                keyPairGenerator.initialize(512);
                this.ssl_context.setRSATempKeyPair(keyPairGenerator.generateKeyPair());
                return true;
            }
            if (!str.equals(DH_PARAMETERS_P)) {
                if (!str.startsWith("cipher.suite.ssl")) {
                    return super.propertyChanged(str);
                }
                setupCipherSuites();
                return true;
            }
            if (((SocketClientFactory) this).props.getString(str, "").equalsIgnoreCase("generate")) {
                System.out.println("generating new DH parameters...");
                DHGenParameterSpec dHGenParameterSpec = new DHGenParameterSpec(512, 504);
                AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance("DH");
                algorithmParameterGenerator.init(dHGenParameterSpec);
                dHParameterSpec = (DHParameterSpec) algorithmParameterGenerator.generateParameters().getParameterSpec(new DHParameterSpec(null, null).getClass());
            } else {
                dHParameterSpec = new DHParameterSpec(new BigInteger("da583c16d9852289d0e4af756f4cca92dd4be533b804fb0fed94ef9c8a4403ed574650d36999db29d776276ba2d3d412e218f4dd1e084cf6d8003e7c4774e833", 16), BigInteger.valueOf(2L));
            }
            this.ssl_context.setDHParameter(dHParameterSpec);
            return true;
        } catch (Exception e) {
            this.ssl_server.errlog(new StringBuffer("error changing property: ").append(str).append(" because of: ").append(e.toString()).toString());
            System.out.println(new StringBuffer("error changing property: ").append(str).append(" because of: ").append(e.toString()).toString());
            return false;
        }
    }

    protected void initializeProperties() {
        if (this.ssl_server.sslEnabled()) {
            System.out.println("creating new default SSLContext...");
            this.ssl_context = new SSLServerContext();
            this.trust_decider = new JigsawServerTrustDecider();
            this.ssl_context.setTrustDecider(this.trust_decider);
            if (((SocketClientFactory) this).props.getString(CLIENT_AUTHENTICATION_P, (String) null) != null) {
                propertyChanged(CLIENT_AUTHENTICATION_P);
            }
            if (((SocketClientFactory) this).props.getString(CLIENT_REQUIRE_CERTIFICATE_P, (String) null) != null) {
                propertyChanged(CLIENT_REQUIRE_CERTIFICATE_P);
            }
            if (((SocketClientFactory) this).props.getString(CLIENT_REQUIRE_TRUSTED_ROOT_P, (String) null) != null) {
                propertyChanged(CLIENT_REQUIRE_TRUSTED_ROOT_P);
            }
            if (((SocketClientFactory) this).props.getString(TRUSTET_SIGNERS_P, (String) null) != null) {
                propertyChanged(TRUSTET_SIGNERS_P);
            }
            if (((SocketClientFactory) this).props.getString(RSA_KEY_AND_CERTIFICATE_P, (String) null) != null) {
                propertyChanged(RSA_KEY_AND_CERTIFICATE_P);
            }
            if (((SocketClientFactory) this).props.getString(DSA_KEY_AND_CERTIFICATE_P, (String) null) != null) {
                propertyChanged(DSA_KEY_AND_CERTIFICATE_P);
            }
            if (((SocketClientFactory) this).props.getString(DH_KEY_AND_CERTIFICATE_P, (String) null) != null) {
                propertyChanged(DH_KEY_AND_CERTIFICATE_P);
            }
            if (((SocketClientFactory) this).props.getString(TEMP_RSA_KEY_P, (String) null) != null) {
                propertyChanged(TEMP_RSA_KEY_P);
            }
            if (((SocketClientFactory) this).props.getString(DH_PARAMETERS_P, (String) null) != null) {
                propertyChanged(DH_PARAMETERS_P);
            }
            setupCipherSuites();
        }
    }

    protected void setupCipherSuites() {
        Vector vector = new Vector();
        System.out.println("enable folowing cipher suites: ");
        for (int i = 0; i < CIPHER_SUITES.length; i++) {
            if (((SocketClientFactory) this).props.getBoolean((String) CIPHER_SUITES[i][0], false)) {
                vector.addElement(CIPHER_SUITES[i][1]);
                System.out.println(((CipherSuite) CIPHER_SUITES[i][1]).getName());
            }
        }
        CipherSuite[] cipherSuiteArr = new CipherSuite[vector.size()];
        vector.copyInto(cipherSuiteArr);
        this.ssl_context.setEnabledCipherSuites(cipherSuiteArr);
    }

    protected void updateClientAuthentication() {
        if (!this.client_authentication) {
            this.ssl_context.setRequireClientCertificate((byte[]) null, (Principal[]) null);
            return;
        }
        if (this.trusted_signers_file_name == null) {
            return;
        }
        try {
            Vector vector = new Vector();
            Vector vector2 = new Vector();
            FileInputStream fileInputStream = new FileInputStream(this.trusted_signers_file_name);
            while (fileInputStream.available() > 10) {
                X509Certificate x509Certificate = new X509Certificate(fileInputStream);
                vector2.addElement(x509Certificate);
                vector.addElement(x509Certificate.getSubjectDN());
            }
            java.security.cert.X509Certificate[] x509CertificateArr = new X509Certificate[vector2.size()];
            vector2.copyInto(x509CertificateArr);
            this.trust_decider.setTrustedSigners(x509CertificateArr);
            Name[] nameArr = new Name[vector.size()];
            vector.copyInto(nameArr);
            this.ssl_context.setRequireClientCertificate(new byte[]{1, 2, 5, 6}, nameArr);
            System.out.println(new StringBuffer("Trusted signers set to: ").append(this.trusted_signers_file_name).toString());
        } catch (FileNotFoundException unused) {
            this.ssl_server.errlog(new StringBuffer("Trusted signers file ").append(this.trusted_signers_file_name).append(" not found!").toString());
            System.out.println(new StringBuffer("Trusted signers file ").append(this.trusted_signers_file_name).append(" not found!").toString());
        } catch (IOException e) {
            this.ssl_server.errlog(new StringBuffer("I/O error while reading file: ").append(this.trusted_signers_file_name).append(" [").append(e.toString()).append("]").toString());
            System.out.println(new StringBuffer("I/O error while reading file: ").append(this.trusted_signers_file_name).append(" [").append(e.toString()).append("]").toString());
        } catch (CertificateException e2) {
            this.ssl_server.errlog(new StringBuffer("Unable to parse certificate from file: ").append(this.trusted_signers_file_name).append(" [").append(e2.toString()).append("]").toString());
            System.out.println(new StringBuffer("Unable to parse certificate from file: ").append(this.trusted_signers_file_name).append(" [").append(e2.toString()).append("]").toString());
        }
    }

    protected synchronized SocketClientState addClient(boolean z) {
        ((SocketClientFactory) this).csList = new SocketClientState(((SocketClientFactory) this).csList);
        SocketClientState socketClientState = ((SocketClientFactory) this).csList;
        socketClientState.client = new SSLSocketClient(((SocketClientFactory) this).server, this, socketClientState);
        ((SocketClientFactory) this).clientCount++;
        ((SocketClientFactory) this).clientEstim++;
        if (z) {
            socketClientState.status = 2;
            ((SocketClientFactory) this).freeList.toHead(socketClientState);
            ((SocketClientFactory) this).freeCount++;
        }
        return socketClientState;
    }

    public ServerSocket createServerSocket() throws IOException {
        return this.ssl_server.sslEnabled() ? new SSLServerSocket(((SocketClientFactory) this).server.getPort(), 128, this.ssl_context) : super.createServerSocket();
    }

    public void initialize(httpd httpdVar) {
        super.initialize(httpdVar);
        this.ssl_server = (httpsd) httpdVar;
        initializeProperties();
        if (this.ssl_server.sslEnabled()) {
            this.ssl_server.registerPropertySet(new SSLPropertySet("SSLprops", this.ssl_server));
        }
    }
}
