package org.openorb.orb.ssl;

import java.io.IOException;
import java.io.InterruptedIOException;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import org.omg.CORBA.COMM_FAILURE;
import org.omg.CORBA.INITIALIZE;
import org.omg.CORBA.LocalObject;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.IIOP.ListenPoint;
import org.omg.IOP.TaggedComponent;
import org.omg.PortableInterceptor.IORInfo;
import org.omg.PortableInterceptor.IORInterceptor;
import org.omg.PortableInterceptor.ORBInitInfo;
import org.omg.PortableInterceptor.ORBInitInfoPackage.DuplicateName;
import org.openorb.orb.config.ORBLoader;
import org.openorb.orb.iiop.IIOPTransportServerInitializer;
import org.openorb.orb.iiop.TaggedComponentHandlerRegistry;
import org.openorb.orb.net.Transport;
import org.openorb.orb.pi.FeatureInitInfo;
import org.openorb.orb.security.ServerRejectUnsecureInterceptor;
import org.openorb.orb.util.Trace;
import org.openorb.util.ExceptionTool;

/* loaded from: input_file:org/openorb/orb/ssl/SSLTransportServerInitializer.class */
public class SSLTransportServerInitializer extends IIOPTransportServerInitializer {
    private static final int MAX_TIMEOUT = 250;
    private static final int HANDSHAKE_TIMEOUT = 120000;
    private static final int MAX_PORT = 65535;
    private static final int MIN_PORT = 0;
    private static final int DEFAULT_PORT = 0;
    private static final int DEFAULT_BACKLOG = 50;
    private int m_port;
    private int m_handshake_timeout;
    private int m_server_requires;
    private int m_server_supports;
    private String[] m_cipher_suites;
    private ListenPoint[] m_bidir_endpoints;
    private SSLServerSocket m_server_socket;
    private SSLServerSocketFactory m_server_socket_factory;
    private boolean m_iiop_port_disabled = false;
    private boolean m_init_bidir = false;
    private List m_handshake_threads = new LinkedList();

    /* renamed from: org.openorb.orb.ssl.SSLTransportServerInitializer$1, reason: invalid class name */
    /* loaded from: input_file:org/openorb/orb/ssl/SSLTransportServerInitializer$1.class */
    static class AnonymousClass1 {
    }

    /* loaded from: input_file:org/openorb/orb/ssl/SSLTransportServerInitializer$SSLHandshakeThread.class */
    private class SSLHandshakeThread extends Thread {
        private SSLSocket m_socket;
        private SSLAssociation m_association;
        private boolean m_handshakeCompletedSuccessfully = false;
        private final SSLTransportServerInitializer this$0;

        public SSLHandshakeThread(SSLTransportServerInitializer sSLTransportServerInitializer, SSLSocket sSLSocket, SSLAssociation sSLAssociation) {
            this.this$0 = sSLTransportServerInitializer;
            this.m_socket = sSLSocket;
            this.m_association = sSLAssociation;
            this.m_socket.addHandshakeCompletedListener(this.m_association.getHandshakeCompletedListener());
        }

        public SSLSocket getSocket() {
            return this.m_socket;
        }

        public SSLAssociation getAssociation() {
            return this.m_association;
        }

        public boolean hasHandshakeFinishedSucessfully() {
            return this.m_handshakeCompletedSuccessfully;
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            try {
                this.m_socket.startHandshake();
                this.m_handshakeCompletedSuccessfully = true;
            } catch (IOException e) {
                try {
                    this.m_socket.close();
                } catch (IOException e2) {
                    this.this$0.getLogger().error(new StringBuffer().append("IOException closing socket: ").append(e).toString());
                }
                this.m_handshakeCompletedSuccessfully = false;
            }
        }
    }

    /* loaded from: input_file:org/openorb/orb/ssl/SSLTransportServerInitializer$SSLIORInterceptor.class */
    private class SSLIORInterceptor extends LocalObject implements IORInterceptor {
        private TaggedComponent m_ssliop_component;
        private final SSLTransportServerInitializer this$0;

        private SSLIORInterceptor(SSLTransportServerInitializer sSLTransportServerInitializer) {
            this.this$0 = sSLTransportServerInitializer;
        }

        public String name() {
            return "SSLIORInterceptor";
        }

        public void establish_components(IORInfo iORInfo) {
            if (this.m_ssliop_component == null) {
                synchronized (this) {
                    if (this.m_ssliop_component == null) {
                        this.m_ssliop_component = new TaggedComponent(20, new byte[8]);
                        this.m_ssliop_component.component_data[0] = 0;
                        this.m_ssliop_component.component_data[1] = 0;
                        this.m_ssliop_component.component_data[2] = (byte) (this.this$0.m_server_supports >>> 8);
                        this.m_ssliop_component.component_data[3] = (byte) this.this$0.m_server_supports;
                        this.m_ssliop_component.component_data[4] = (byte) (this.this$0.m_server_requires >>> 8);
                        this.m_ssliop_component.component_data[5] = (byte) this.this$0.m_server_requires;
                        this.m_ssliop_component.component_data[6] = (byte) (this.this$0.m_port >>> 8);
                        this.m_ssliop_component.component_data[7] = (byte) this.this$0.m_port;
                    }
                }
            }
            iORInfo.add_ior_component_to_profile(this.m_ssliop_component, 0);
        }

        public void destroy() {
        }

        SSLIORInterceptor(SSLTransportServerInitializer sSLTransportServerInitializer, AnonymousClass1 anonymousClass1) {
            this(sSLTransportServerInitializer);
        }
    }

    public String getName() {
        return "ssl-server-init";
    }

    public void init(ORBInitInfo oRBInitInfo, FeatureInitInfo featureInitInfo) {
        super.init(oRBInitInfo, featureInitInfo);
        ORBLoader loader = featureInitInfo.getLoader();
        this.m_handshake_timeout = loader.getIntProperty("ssliop.server.handshake.timeout", 120000);
        this.m_port = loader.getIntProperty("ssliop.port", 0);
        if (this.m_port > 65535 || this.m_port < 0) {
            throw new INITIALIZE(new StringBuffer().append("Value for server port ").append(this.m_port).append(" is out of range").toString());
        }
        this.m_server_supports = 130;
        this.m_server_requires = 2;
        if (loader.getBooleanProperty("ssliop.server.encrypt.support", true)) {
            this.m_server_supports |= 4;
            if (loader.getBooleanProperty("ssliop.server.encrypt.require", true)) {
                this.m_server_requires |= 4;
            }
        }
        if (loader.getBooleanProperty("ssliop.server.auth.support", true)) {
            this.m_server_supports = this.m_server_supports | 32 | 64;
            if (loader.getBooleanProperty("ssliop.server.auth.require", true)) {
                this.m_server_requires |= 32;
            }
            if (loader.getBooleanProperty("ssliop.server.authClient", false)) {
                this.m_server_requires |= 64;
                this.m_init_bidir = loader.getBooleanProperty("ssliop.server.AllowBiDir", true);
            }
        }
        this.m_iiop_port_disabled = loader.getBooleanProperty("ssliop.iiopport.disable", false);
        if (!this.m_iiop_port_disabled) {
            this.m_server_supports |= 1;
        }
        try {
            oRBInitInfo.add_server_request_interceptor(new ServerRejectUnsecureInterceptor());
            this.m_server_socket_factory = (SSLServerSocketFactory) SSLContextFinder.getDefault(oRBInitInfo, featureInitInfo, getLogger() != null ? getLogger().getChildLogger("ctx") : null).getServerSocketFactory();
            this.m_cipher_suites = SSLCipherSuiteDatabase.getCipherSuites(this.m_server_requires, this.m_server_supports, this.m_server_socket_factory.getSupportedCipherSuites());
            open_port();
            try {
                oRBInitInfo.add_ior_interceptor(new SSLIORInterceptor(this, null));
                TaggedComponentHandlerRegistry.registerHandler(new SSLTaggedComponentHandler());
            } catch (Exception e) {
                throw ExceptionTool.initCause(new RuntimeException("Unable to continue without breaching security!"), e);
            }
        } catch (DuplicateName e2) {
            throw ExceptionTool.initCause(new RuntimeException("Unable to continue without breaching security!"), e2);
        }
    }

    public void open() {
        if (getLogger().isDebugEnabled() && Trace.isMedium()) {
            getLogger().debug("Opening server port");
        }
        if (!this.m_iiop_port_disabled) {
            super.open();
        }
        if (this.m_server_socket != null) {
            return;
        }
        open_port();
    }

    private void open_port() {
        try {
            if (getLogger().isDebugEnabled() && Trace.isHigh()) {
                getLogger().debug(new StringBuffer().append("Opening SSL socket on '").append(getListenHost()).append(":").append(this.m_port).append("'").toString());
            }
            this.m_server_socket = (SSLServerSocket) this.m_server_socket_factory.createServerSocket(this.m_port, 50, getListenHost());
            if ((this.m_server_requires & 64) != 0) {
                this.m_server_socket.setNeedClientAuth(true);
            }
            this.m_server_socket.setEnabledCipherSuites(this.m_cipher_suites);
            if (this.m_port == 0) {
                this.m_port = this.m_server_socket.getLocalPort();
            }
        } catch (IOException e) {
            if (getLogger().isErrorEnabled()) {
                getLogger().error(new StringBuffer().append("Unable to listen on ").append(this.m_port).append(".").toString(), e);
            }
            throw new COMM_FAILURE(new StringBuffer().append("Unable to listen on ").append(this.m_port).append(" (").append(e).append(")").toString());
        } catch (SecurityException e2) {
            if (getLogger().isErrorEnabled()) {
                getLogger().error(new StringBuffer().append("Access denied for ").append(this.m_port).append(".").toString(), e2);
            }
            throw new NO_PERMISSION(new StringBuffer().append("Access denied for ").append(this.m_port).append(" (").append(e2).append(")").toString());
        }
    }

    public ListenPoint[] getBiDirEndpoints() {
        if (this.m_init_bidir) {
            this.m_init_bidir = false;
            ListenPoint[] biDirEndpoints = !this.m_iiop_port_disabled ? super.getBiDirEndpoints() : null;
            if (biDirEndpoints == null || biDirEndpoints.length == 0) {
                this.m_bidir_endpoints = new ListenPoint[1];
            } else {
                this.m_bidir_endpoints = new ListenPoint[biDirEndpoints.length + 1];
                System.arraycopy(biDirEndpoints, 0, this.m_bidir_endpoints, 1, biDirEndpoints.length);
            }
            this.m_bidir_endpoints[0] = new ListenPoint(getPrimaryEndpoint().host, (short) this.m_port);
        }
        return this.m_bidir_endpoints;
    }

    public void close() {
        if (getLogger().isDebugEnabled() && Trace.isMedium()) {
            getLogger().debug("Closing server port");
        }
        if (!this.m_iiop_port_disabled) {
            super.close();
        }
        if (this.m_server_socket == null) {
            return;
        }
        try {
            this.m_server_socket.close();
        } catch (IOException e) {
            getLogger().error(new StringBuffer().append("IOException closing socket: ").append(e).toString());
        }
        this.m_server_socket = null;
    }

    public boolean isOpen() {
        return this.m_server_socket != null;
    }

    public Transport accept(int i) {
        if (i <= 0 || i > 250) {
            i = 250;
        }
        Iterator it = this.m_handshake_threads.iterator();
        while (it.hasNext()) {
            SSLHandshakeThread sSLHandshakeThread = (SSLHandshakeThread) it.next();
            if (!sSLHandshakeThread.isAlive()) {
                it.remove();
                if (!sSLHandshakeThread.hasHandshakeFinishedSucessfully()) {
                    return null;
                }
                SSLTransport sSLTransport = new SSLTransport(sSLHandshakeThread.getSocket(), this.m_port, sSLHandshakeThread.getAssociation());
                sSLTransport.enableLogging(getLogger());
                return sSLTransport;
            }
        }
        try {
            this.m_server_socket.setSoTimeout(i / 2);
            try {
                try {
                    SSLSocket sSLSocket = (SSLSocket) this.m_server_socket.accept();
                    sSLSocket.setSoTimeout(this.m_handshake_timeout);
                    SSLHandshakeThread sSLHandshakeThread2 = new SSLHandshakeThread(this, sSLSocket, new SSLAssociation(this.m_server_requires, true));
                    this.m_handshake_threads.add(sSLHandshakeThread2);
                    sSLHandshakeThread2.start();
                    return null;
                } catch (InterruptedIOException e) {
                    if (this.m_iiop_port_disabled) {
                        return null;
                    }
                    return super.accept(i / 2);
                }
            } catch (SSLException e2) {
                if (getLogger().isErrorEnabled()) {
                    getLogger().error("Unexpected SSLException while accepting connections.", e2);
                }
                throw new COMM_FAILURE(new StringBuffer().append("Unexpected SSLException while accepting connections (").append(e2).append(")").toString());
            } catch (IOException e3) {
                if (getLogger().isErrorEnabled()) {
                    getLogger().error("Unexpected IOException while accepting connections.", e3);
                }
                throw new COMM_FAILURE(new StringBuffer().append("Unexpected IOException while accepting connections (").append(e3).append(")").toString());
            }
        } catch (IOException e4) {
            if (getLogger().isErrorEnabled()) {
                getLogger().error("Unexpected IOException while setting the socket's SO timeout.", e4);
            }
            throw new COMM_FAILURE(new StringBuffer().append("Unexpected IOException while setting the socket's SO timeout (").append(e4).append(")").toString());
        }
    }

    public String toString() {
        return !this.m_iiop_port_disabled ? new StringBuffer().append("(iiop/ssliop) ").append(svrString()).append("/").append(this.m_port).toString() : new StringBuffer().append("(ssliop) ").append(this.m_port).toString();
    }
}
