package com.tivoli.twg.libs;

import com.sun.net.ssl.internal.ssl.Provider;
import com.tivoli.core.ipconfig.IIpConfig;
import com.tivoli.twg.log.TWGOutput;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.Security;
import java.util.Locale;
import java.util.NoSuchElementException;
import java.util.StringTokenizer;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

/* loaded from: input_file:com/tivoli/twg/libs/TWGSSLLink.class */
public class TWGSSLLink extends TWGTCPIPLink {
    protected String[] cipherSuites = null;

    public TWGSSLLink() {
        this.is_inited = false;
    }

    protected TWGSSLLink(SSLSocket sSLSocket) {
        this.is_inited = true;
        this.sock = sSLSocket;
        this.is_server_sock = false;
        try {
            this.inp = this.sock.getInputStream();
            this.outp = this.sock.getOutputStream();
        } catch (IOException e) {
            this.inp = null;
            this.outp = null;
        }
    }

    @Override // com.tivoli.twg.libs.TWGTCPIPLink, com.tivoli.twg.libs.TWGDataLink
    public void TWGInitializeConsoleLink(String str) throws IOException, TWGInitParmException, TWGLinkNotSupportedException {
        this.portnum = 2033;
        if (str != null && str.trim().length() > 0) {
            StringTokenizer stringTokenizer = new StringTokenizer(str);
            try {
                String nextToken = stringTokenizer.nextToken();
                if (!nextToken.equals("*")) {
                    try {
                        this.portnum = Integer.parseInt(nextToken);
                    } catch (NumberFormatException e) {
                        throw new TWGInitParmException(new StringBuffer().append("Bad port number ").append(nextToken).append(" in initialization string - ").append(str).toString());
                    }
                }
                while (stringTokenizer.hasMoreTokens()) {
                    String nextToken2 = stringTokenizer.nextToken();
                    if (nextToken2.equals("-socksv4addr")) {
                        this.socksv4_srvaddr = stringTokenizer.nextToken();
                    } else if (nextToken2.equals("-socksv4port")) {
                        try {
                            this.socksv4_srvport = Integer.parseInt(stringTokenizer.nextToken());
                        } catch (NumberFormatException e2) {
                            throw new TWGInitParmException("Bad SOCKSv4 port number");
                        }
                    } else if (nextToken2.equals("-socksv5addr")) {
                        this.socksv5_srvaddr = stringTokenizer.nextToken();
                    } else if (nextToken2.equals("-socksv5port")) {
                        try {
                            this.socksv5_srvport = Integer.parseInt(stringTokenizer.nextToken());
                        } catch (NumberFormatException e3) {
                            throw new TWGInitParmException("Bad SOCKSv5 port number");
                        }
                    } else if (nextToken2.equals("-socksv5userid")) {
                        this.socksv5_userid = stringTokenizer.nextToken();
                    } else if (nextToken2.equals("-socksv5password")) {
                        this.socksv5_password = stringTokenizer.nextToken();
                    } else if (nextToken2.equals("-interface")) {
                        try {
                            nextToken2 = stringTokenizer.nextToken();
                            this.console_local_addr = InetAddress.getByName(nextToken2);
                        } catch (UnknownHostException e4) {
                            throw new TWGInitParmException(new StringBuffer().append("Bad interface address - ").append(nextToken2).toString());
                        }
                    } else if (nextToken2.equals("-cipherSuites")) {
                        StringTokenizer stringTokenizer2 = new StringTokenizer(stringTokenizer.nextToken(), IIpConfig.VALUE_KEYS_DELIMIT_CHAR);
                        this.cipherSuites = new String[stringTokenizer2.countTokens()];
                        int i = 0;
                        while (stringTokenizer2.hasMoreTokens()) {
                            this.cipherSuites[i] = stringTokenizer2.nextToken();
                            i++;
                        }
                    }
                }
            } catch (NoSuchElementException e5) {
                throw new TWGInitParmException(new StringBuffer().append("Missing parameter value in init string - ").append(str).toString());
            }
        }
        this.is_inited = true;
        this.is_server_sock = false;
    }

    @Override // com.tivoli.twg.libs.TWGTCPIPLink, com.tivoli.twg.libs.TWGDataLink
    public synchronized boolean TWGOpenLink(String str, String str2, String str3) throws UnknownHostException, IOException {
        if (!this.is_inited) {
            throw new IOException("Link not initialized");
        }
        if (this.is_server_sock) {
            throw new IOException("Not console link");
        }
        if (this.sock != null) {
            this.sock.close();
            this.sock = null;
            this.inp = null;
            this.outp = null;
        }
        IOException iOException = null;
        if (this.sock == null && this.socksv5_srvaddr != null) {
            try {
                this.sock = connectUsingSSL(connectUsingSocksV5(str), str);
            } catch (IOException e) {
                if (0 == 0) {
                    iOException = e;
                }
            }
        }
        if (this.sock == null && this.socksv4_srvaddr != null) {
            try {
                this.sock = connectUsingSSL(connectUsingSocksV4(str), str);
            } catch (IOException e2) {
                if (iOException == null) {
                    iOException = e2;
                }
            }
        }
        if (this.sock == null) {
            try {
                this.sock = connectUsingSSL(new Socket(str, this.portnum, this.console_local_addr, 0), str);
            } catch (IOException e3) {
                if (iOException == null) {
                    iOException = e3;
                }
            }
        }
        if (this.sock == null) {
            throw iOException;
        }
        SSLSession session = ((SSLSocket) this.sock).getSession();
        if (session == null) {
            throw iOException;
        }
        TWGOutput.println(new StringBuffer().append("TWGSSLLink.TWGOpenLink: SSL session established; cipher suite = ").append(session.getCipherSuite()).toString());
        this.sock.setTcpNoDelay(true);
        try {
            this.inp = this.sock.getInputStream();
            this.outp = this.sock.getOutputStream();
            return true;
        } catch (IOException e4) {
            this.inp = null;
            this.outp = null;
            return true;
        }
    }

    @Override // com.tivoli.twg.libs.TWGTCPIPLink, com.tivoli.twg.libs.TWGDataLink
    public synchronized boolean TWGOpenLink(String str, long j) throws UnknownHostException, IOException {
        IOException iOException = null;
        if (!this.is_inited) {
            throw new IOException("Link not initialized");
        }
        if (this.is_server_sock) {
            throw new IOException("Not console link");
        }
        if (this.sock != null) {
            this.sock.close();
            this.sock = null;
            this.inp = null;
            this.outp = null;
        }
        if (this.sock == null && this.socksv5_srvaddr != null) {
            try {
                this.sock = connectUsingSSL(connectUsingSocksV5(str), str);
            } catch (IOException e) {
                if (0 == 0) {
                    iOException = e;
                }
            }
        }
        if (this.sock == null && this.socksv4_srvaddr != null) {
            try {
                this.sock = connectUsingSSL(connectUsingSocksV4(str), str);
            } catch (IOException e2) {
                if (iOException == null) {
                    iOException = e2;
                }
            }
        }
        if (this.sock == null) {
            try {
                this.sock = connectUsingSSL(new Socket(str, this.portnum, this.console_local_addr, 0), str);
            } catch (IOException e3) {
                if (iOException == null) {
                    iOException = e3;
                }
            }
        }
        if (this.sock == null) {
            throw iOException;
        }
        SSLSession session = ((SSLSocket) this.sock).getSession();
        if (session == null) {
            throw iOException;
        }
        TWGOutput.println(new StringBuffer().append("TWGSSLLink.TWGOpenLink: SSL session established; cipher suite = ").append(session.getCipherSuite()).toString());
        this.sock.setTcpNoDelay(true);
        try {
            this.inp = this.sock.getInputStream();
            this.outp = this.sock.getOutputStream();
            return true;
        } catch (IOException e4) {
            this.inp = null;
            this.outp = null;
            return true;
        }
    }

    private SSLSocket connectUsingSSL(Socket socket, String str) throws IOException {
        SSLSocketFactory sSLSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
        String[] supportedCipherSuites = sSLSocketFactory.getSupportedCipherSuites();
        TWGOutput.println("TWGSSLLink.connectUsingSSL: Supported cipher suites:");
        for (String str2 : supportedCipherSuites) {
            TWGOutput.println(new StringBuffer().append("  ").append(str2).toString());
        }
        SSLSocket sSLSocket = (SSLSocket) sSLSocketFactory.createSocket(socket, str, this.portnum, true);
        if (this.cipherSuites != null) {
            sSLSocket.setEnabledCipherSuites(this.cipherSuites);
        } else {
            sSLSocket.setEnabledCipherSuites(supportedCipherSuites);
        }
        String[] enabledCipherSuites = sSLSocket.getEnabledCipherSuites();
        TWGOutput.println("TWGSSLLink.connectUsingSSL: Enabled cipher suites:");
        for (String str3 : enabledCipherSuites) {
            TWGOutput.println(new StringBuffer().append("  ").append(str3).toString());
        }
        try {
            sSLSocket.startHandshake();
            return sSLSocket;
        } catch (IOException e) {
            e.printStackTrace();
            try {
                sSLSocket.close();
            } catch (IOException e2) {
            }
            throw e;
        }
    }

    @Override // com.tivoli.twg.libs.TWGTCPIPLink, com.tivoli.twg.libs.TWGDataLink
    public void TWGInitializeServerLink(String str) throws IOException, TWGInitParmException, TWGLinkNotSupportedException {
        this.portnum = 2033;
        this.server_local_addr = null;
        if (str != null && str.trim().length() > 0) {
            StringTokenizer stringTokenizer = new StringTokenizer(str);
            try {
                String nextToken = stringTokenizer.nextToken();
                if (!nextToken.equals("*")) {
                    try {
                        this.portnum = Integer.parseInt(nextToken);
                    } catch (NumberFormatException e) {
                        throw new TWGInitParmException(new StringBuffer().append("Bad port number ").append(nextToken).append(" in initialization string - ").append(str).toString());
                    }
                }
                while (stringTokenizer.hasMoreTokens()) {
                    String nextToken2 = stringTokenizer.nextToken();
                    if (nextToken2.equals("-allowedAddress")) {
                        try {
                            nextToken2 = stringTokenizer.nextToken();
                            if (this.allowed_addr == null) {
                                this.allowed_addr = new Vect();
                            }
                            Long l = new Long(TWGTCPIPLink.getIPFromInetAddress(InetAddress.getByName(nextToken2)));
                            this.allowed_addr.addElement(l);
                            this.allowed_addr.addElement(l);
                        } catch (UnknownHostException e2) {
                            throw new TWGInitParmException(new StringBuffer().append("Bad allowedAddress - ").append(nextToken2).toString());
                        }
                    } else if (nextToken2.equals("-allowedRange")) {
                        try {
                            nextToken2 = stringTokenizer.nextToken();
                            if (this.allowed_addr == null) {
                                this.allowed_addr = new Vect();
                            }
                            this.allowed_addr.addElement(new Long(TWGTCPIPLink.getIPFromInetAddress(InetAddress.getByName(nextToken2))));
                            this.allowed_addr.addElement(new Long(TWGTCPIPLink.getIPFromInetAddress(InetAddress.getByName(stringTokenizer.nextToken()))));
                        } catch (UnknownHostException e3) {
                            throw new TWGInitParmException(new StringBuffer().append("Bad allowedRange - ").append(nextToken2).toString());
                        }
                    } else if (nextToken2.equals("-interface")) {
                        try {
                            nextToken2 = stringTokenizer.nextToken();
                            this.server_local_addr = InetAddress.getByName(nextToken2);
                        } catch (UnknownHostException e4) {
                            throw new TWGInitParmException(new StringBuffer().append("Bad interface address - ").append(nextToken2).toString());
                        }
                    } else if (nextToken2.equals("-cipherSuites")) {
                        StringTokenizer stringTokenizer2 = new StringTokenizer(stringTokenizer.nextToken(), IIpConfig.VALUE_KEYS_DELIMIT_CHAR);
                        this.cipherSuites = new String[stringTokenizer2.countTokens()];
                        int i = 0;
                        while (stringTokenizer2.hasMoreTokens()) {
                            this.cipherSuites[i] = stringTokenizer2.nextToken();
                            i++;
                        }
                    }
                }
            } catch (NoSuchElementException e5) {
                throw new TWGInitParmException(new StringBuffer().append("Missing parameter value in init string - ").append(str).toString());
            }
        }
        if (this.server_sock != null) {
            this.server_sock.close();
            this.server_sock = null;
        }
        SSLServerSocketFactory sSLServerSocketFactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
        String[] supportedCipherSuites = sSLServerSocketFactory.getSupportedCipherSuites();
        TWGOutput.println("TWGSSLLink.TWGInitializeServerLink: Supported cipher suites:");
        for (String str2 : supportedCipherSuites) {
            TWGOutput.println(new StringBuffer().append("  ").append(str2).toString());
        }
        this.server_sock = sSLServerSocketFactory.createServerSocket(this.portnum, 50, this.server_local_addr);
        if (this.cipherSuites != null) {
            ((SSLServerSocket) this.server_sock).setEnabledCipherSuites(this.cipherSuites);
        } else {
            ((SSLServerSocket) this.server_sock).setEnabledCipherSuites(supportedCipherSuites);
        }
        String[] enabledCipherSuites = ((SSLServerSocket) this.server_sock).getEnabledCipherSuites();
        TWGOutput.println("TWGSSLLink.TWGInitializeServerLink: Enabled cipher suites:");
        for (String str3 : enabledCipherSuites) {
            TWGOutput.println(new StringBuffer().append("  ").append(str3).toString());
        }
        this.is_inited = true;
        this.is_server_sock = true;
    }

    @Override // com.tivoli.twg.libs.TWGTCPIPLink, com.tivoli.twg.libs.TWGDataLink
    public TWGDataLink TWGServerListen() throws IOException {
        if (!this.is_inited) {
            throw new IOException("Link not initialized");
        }
        if (!this.is_server_sock) {
            throw new IOException("Not server link");
        }
        SSLServerSocket sSLServerSocket = (SSLServerSocket) this.server_sock;
        if (sSLServerSocket == null) {
            throw new IOException("No server socket");
        }
        SSLSocket sSLSocket = null;
        while (sSLSocket == null) {
            try {
                sSLSocket = (SSLSocket) sSLServerSocket.accept();
                sSLSocket.startHandshake();
                TWGOutput.println(new StringBuffer().append("TWGSSLLink.TWGServerListen: SSL session established; cipher suite = ").append(sSLSocket.getSession().getCipherSuite()).toString());
                if (this.allowed_addr != null) {
                    long iPFromInetAddress = TWGTCPIPLink.getIPFromInetAddress(sSLSocket.getInetAddress());
                    boolean z = false;
                    for (int i = 0; !z && i < this.allowed_addr.size(); i += 2) {
                        Long l = (Long) this.allowed_addr.elementAt(i);
                        Long l2 = (Long) this.allowed_addr.elementAt(i + 1);
                        if (iPFromInetAddress >= l.longValue() && iPFromInetAddress <= l2.longValue()) {
                            z = true;
                        }
                    }
                    if (!z) {
                        sSLSocket.close();
                        sSLSocket = null;
                    }
                }
            } catch (SSLException e) {
                TWGOutput.println("TWGSSLLink.TWGServerListen: SSL failure");
                e.printStackTrace();
                if (sSLSocket != null) {
                    sSLSocket.close();
                }
                sSLSocket = null;
            }
        }
        sSLSocket.setTcpNoDelay(true);
        return new TWGSSLLink(sSLSocket);
    }

    @Override // com.tivoli.twg.libs.TWGTCPIPLink, com.tivoli.twg.libs.TWGDataLink
    public String TWGGetLinkDriverName(Locale locale) {
        return "SSL";
    }

    static {
        AccessController.doPrivileged(new PrivilegedAction() { // from class: com.tivoli.twg.libs.TWGSSLLink.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                Security.addProvider(new Provider());
                return null;
            }
        });
    }
}
