package org.apache.tomcat.net;

import com.sun.net.ssl.KeyManagerFactory;
import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManager;
import com.sun.net.ssl.TrustManagerFactory;
import com.sun.net.ssl.internal.ssl.Provider;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Security;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import org.apache.tomcat.core.Request;
import sun.security.provider.Sun;

/* loaded from: input_file:anyjdeploy.zip:lib/tomcat/lib/webserver.jar:org/apache/tomcat/net/SSLSocketFactory.class */
public class SSLSocketFactory extends ServerSocketFactory {
    private boolean clientAuth = false;
    private SSLServerSocketFactory sslProxy = null;
    static String defaultKeystoreFile = new StringBuffer(String.valueOf(System.getProperty("user.home"))).append(File.separator).append(".keystore").toString();
    static String defaultKeyPass = "changeit";

    @Override // org.apache.tomcat.net.ServerSocketFactory
    public ServerSocket createSocket(int i) throws IOException {
        if (this.sslProxy == null) {
            initProxy();
        }
        ServerSocket createServerSocket = this.sslProxy.createServerSocket(i);
        initServerSocket(createServerSocket);
        return createServerSocket;
    }

    @Override // org.apache.tomcat.net.ServerSocketFactory
    public ServerSocket createSocket(int i, int i2) throws IOException {
        if (this.sslProxy == null) {
            initProxy();
        }
        ServerSocket createServerSocket = this.sslProxy.createServerSocket(i, i2);
        initServerSocket(createServerSocket);
        return createServerSocket;
    }

    @Override // org.apache.tomcat.net.ServerSocketFactory
    public ServerSocket createSocket(int i, int i2, InetAddress inetAddress) throws IOException {
        if (this.sslProxy == null) {
            initProxy();
        }
        ServerSocket createServerSocket = this.sslProxy.createServerSocket(i, i2, inetAddress);
        initServerSocket(createServerSocket);
        return createServerSocket;
    }

    private KeyStore initKeyStore(String str, String str2) throws IOException {
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(str), str2.toCharArray());
            return keyStore;
        } catch (FileNotFoundException e) {
            throw e;
        } catch (IOException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new IOException(new StringBuffer("Exception trying to load keystore ").append(str).append(": ").append(e3.getMessage()).toString());
        }
    }

    private void initProxy() throws IOException {
        try {
            this.clientAuth = "true".equals(this.attributes.get("clientAuth"));
            Security.addProvider(new Sun());
            Security.addProvider(new Provider());
            String str = (String) this.attributes.get("keystore");
            if (str == null) {
                str = defaultKeystoreFile;
            }
            String str2 = (String) this.attributes.get("keypass");
            if (str2 == null) {
                str2 = defaultKeyPass;
            }
            KeyStore initKeyStore = initKeyStore(str, str2);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
            keyManagerFactory.init(initKeyStore, str2.toCharArray());
            TrustManager[] trustManagerArr = null;
            if (this.clientAuth) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
                trustManagerFactory.init(initKeyStore);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            }
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerArr, (SecureRandom) null);
            this.sslProxy = sSLContext.getServerSocketFactory();
        } catch (Exception e) {
            if (!(e instanceof IOException)) {
                throw new IOException(e.getMessage());
            }
            throw ((IOException) e);
        }
    }

    private void initServerSocket(ServerSocket serverSocket) {
        SSLServerSocket sSLServerSocket = (SSLServerSocket) serverSocket;
        sSLServerSocket.setEnabledCipherSuites(sSLServerSocket.getSupportedCipherSuites());
        sSLServerSocket.setNeedClientAuth(this.clientAuth);
    }

    @Override // org.apache.tomcat.net.ServerSocketFactory
    public void preProcessRequest(Socket socket, Request request2) {
        try {
            Object[] peerCertificateChain = ((SSLSocket) socket).getSession().getPeerCertificateChain();
            if (peerCertificateChain != null && peerCertificateChain.length > 0) {
                request2.setAttribute("tomcat.request.X509CertificateChain", peerCertificateChain);
                request2.setAttribute("javax.servlet.request.X509Certificate", peerCertificateChain[0]);
            }
        } catch (Exception unused) {
        }
        request2.setScheme("https");
    }
}
