package org.warlock.http;

import java.io.FileInputStream;
import java.net.InetAddress;
import java.net.SocketException;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.security.auth.x500.X500Principal;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.hsqldb.server.ServerConstants;
import org.warlock.util.Logger;

/* loaded from: input_file:tkwinstaller/TKW.zip:TKW/TKW.jar:org/warlock/http/SSLSocketListener.class */
public class SSLSocketListener extends Thread implements Listener {
    public static final String DOMUTUALAUTH = "org.warlock.http.servermutualauthentication";
    public static final String MUTUALAUTHFILTER = "org.warlock.http.filterclientsubjectdn";
    private boolean mutualAuthentication;
    private String subjectDNfilter;
    private int ssbacklog;
    private static boolean notUsingSslContext = false;
    public static final String USESSLCONTEXT = "org.warlock.http.usesslcontext";
    public static final String SSLPASS = "org.warlock.http.sslcontextpass";
    public static final String SSLALGORITHM = "org.warlock.http.sslalgorithm";
    private static final int DEFAULTPORT = 443;
    private static final String DEFAULTHOST = "localhost";
    private HttpServer server = null;
    private SSLContext sslContext = null;
    private SSLServerSocket serverSocket = null;
    private int port = 443;
    private String host = DEFAULTHOST;
    private Exception exception = null;
    private boolean keepGoing = true;
    private String localId = this.host + ":" + Integer.toString(this.port);

    public SSLSocketListener() throws Exception {
        this.mutualAuthentication = false;
        this.subjectDNfilter = null;
        String property = System.getProperty("org.warlock.http.servermutualauthentication");
        if (property != null) {
            this.mutualAuthentication = property.trim().toLowerCase().startsWith("y");
        }
        String property2 = System.getProperty("org.warlock.http.filterclientsubjectdn");
        if (property2 != null && property2.trim().length() != 0) {
            this.subjectDNfilter = property2;
        }
        String property3 = System.getProperty("org.warlock.http.serversocketbacklog");
        if (property3 != null && property3.trim().length() != 0) {
            this.ssbacklog = Integer.parseInt(property3);
            if (this.ssbacklog <= 0) {
                throw new Exception("Server Socket backlog is not a positive integer: " + this.ssbacklog);
            }
        }
        initSSLContext();
    }

    private void initSSLContext() throws Exception {
        if (notUsingSslContext || this.sslContext != null) {
            return;
        }
        String property = System.getProperty("org.warlock.http.usesslcontext");
        if (property == null) {
            notUsingSslContext = true;
            return;
        }
        String property2 = System.getProperty("org.warlock.http.sslcontextpass");
        if (property2 == null) {
            property2 = "";
        }
        String property3 = System.getProperty("org.warlock.http.sslalgorithm");
        KeyManagerFactory keyManagerFactory = property3 == null ? KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()) : KeyManagerFactory.getInstance(property3);
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(new FileInputStream(property), property2.toCharArray());
        keyManagerFactory.init(keyStore, property2.toCharArray());
        this.sslContext = SSLContext.getInstance(SSLSocketFactory.TLS);
        this.sslContext.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());
    }

    @Override // org.warlock.http.Listener
    public void setPort(int i) {
        if (i > 0 && i < 65535) {
            this.port = i;
        }
        this.localId = this.host + ":" + Integer.toString(this.port);
    }

    @Override // org.warlock.http.Listener
    public void setHost(String str) {
        if (str != null && str.trim().length() > 0) {
            this.host = str.trim();
        }
        this.localId = this.host + ":" + Integer.toString(this.port);
    }

    @Override // org.warlock.http.Listener
    public void stopListening() {
        this.keepGoing = false;
        try {
            if (this.serverSocket != null) {
                this.serverSocket.close();
            }
        } catch (Exception e) {
            System.err.println("Exception closing listener socket: " + e.toString());
        }
    }

    @Override // org.warlock.http.Listener
    public void startListening(HttpServer httpServer) throws HttpServerException {
        this.server = httpServer;
        start();
    }

    Exception getException() {
        return this.exception;
    }

    @Override // java.lang.Thread, java.lang.Runnable
    public void run() {
        String acceptSubjectDN;
        try {
            SSLServerSocketFactory serverSocketFactory = this.sslContext == null ? (SSLServerSocketFactory) SSLServerSocketFactory.getDefault() : this.sslContext.getServerSocketFactory();
            this.serverSocket = null;
            if (this.host.contentEquals(ServerConstants.SC_DEFAULT_ADDRESS)) {
                this.serverSocket = (SSLServerSocket) serverSocketFactory.createServerSocket(this.port, this.ssbacklog, (InetAddress) null);
            } else {
                this.serverSocket = (SSLServerSocket) serverSocketFactory.createServerSocket(this.port, this.ssbacklog, InetAddress.getByName(this.host));
            }
            if (this.mutualAuthentication) {
                this.serverSocket.setNeedClientAuth(true);
            }
            System.out.println("SSLSocketListener listening on " + this.host + ":" + this.port);
            while (this.keepGoing) {
                SSLSocket sSLSocket = (SSLSocket) this.serverSocket.accept();
                if (sSLSocket.getSession().isValid()) {
                    String str = "Server - Secure Connection Established Mutual Authentication = " + this.serverSocket.getNeedClientAuth();
                    Logger.getInstance().log(str);
                    System.out.println(str);
                    if (this.mutualAuthentication && this.subjectDNfilter != null && (acceptSubjectDN = acceptSubjectDN(sSLSocket)) != null) {
                        sSLSocket.close();
                        System.err.println(acceptSubjectDN);
                        Logger.getInstance().log(acceptSubjectDN);
                    }
                } else {
                    Logger.getInstance().log("Server - Secure Connection Failed");
                    System.out.println("Server - Secure Connection Failed");
                }
                if (this.keepGoing) {
                    new RequestReader(sSLSocket, this.server, this.localId + " from " + sSLSocket.getInetAddress().getHostAddress());
                }
            }
        } catch (SocketException e) {
        } catch (Exception e2) {
            e2.printStackTrace();
            this.exception = e2;
            System.err.println("Exception in SocketListener " + this.host + ":" + this.port + ", listener exitting: " + e2.getMessage());
        }
    }

    private String acceptSubjectDN(SSLSocket sSLSocket) {
        String str = null;
        try {
            String name = ((X500Principal) sSLSocket.getSession().getPeerPrincipal()).getName();
            if (name == null) {
                str = "Null peer subject name";
            } else if (!name.contains(this.subjectDNfilter)) {
                str = "Peer subject DN: " + name + ", expected to contain: " + this.subjectDNfilter;
            }
        } catch (Exception e) {
            str = "Exception checking peer subject DN: " + e.toString();
        }
        return str;
    }
}
