package sunlabs.brazil.ssl;

import iaik.asn1.structures.Name;
import iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo;
import iaik.security.rsa.RSAPrivateKey;
import iaik.security.ssl.SSLCertificate;
import iaik.security.ssl.SSLServerContext;
import iaik.security.ssl.SSLServerSocket;
import iaik.security.ssl.ServerTrustDecider;
import iaik.utils.KeyAndCertificate;
import iaik.x509.X509Certificate;
import java.io.DataInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.Principal;
import java.security.Provider;
import java.security.Security;
import java.util.Hashtable;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.crypto.spec.DHParameterSpec;
import javax.xml.XMLConstants;
import org.apache.bsf.util.cf.CodeFormatter;
import sunlabs.brazil.server.Handler;
import sunlabs.brazil.server.Request;
import sunlabs.brazil.server.Server;
import sunlabs.brazil.util.Base64;

/* loaded from: input_file:xalan-j_2_7_3/lib/brazil-2.1.jar:sunlabs/brazil/ssl/SslHandler.class */
public class SslHandler implements Handler, ServerTrustDecider {
    boolean certRequired;
    String session;

    public boolean isTrustedPeer(SSLCertificate sSLCertificate) {
        System.out.println(new StringBuffer().append("Accepting client certificate: ").append(sSLCertificate).toString());
        return true;
    }

    @Override // sunlabs.brazil.server.Handler
    public boolean init(Server server, String str) {
        System.out.println(new StringBuffer().append("Listen is: ").append(server.listen).toString());
        int localPort = server.listen.getLocalPort();
        String property = server.props.getProperty(new StringBuffer().append(str).append("certDir").toString());
        if (property == null) {
            System.out.println("No certDir specified");
            return false;
        }
        server.props.getProperty(new StringBuffer().append(str).append("session").toString(), "cert.id");
        this.certRequired = server.props.getProperty(new StringBuffer().append(str).append("certRequired").toString()) != null;
        try {
            Provider provider = (Provider) Class.forName("iaik.security.provider.IAIK").newInstance();
            System.out.println(new StringBuffer().append("add Provider ").append(provider.getInfo()).append("...").toString());
            Security.addProvider(provider);
            SSLServerContext sSLServerContext = new SSLServerContext();
            sSLServerContext.setDHParameter(new DHParameterSpec(new BigInteger("da583c16d9852289d0e4af756f4cca92dd4be533b804fb0fed94ef9c8a4403ed574650d36999db29d776276ba2d3d412e218f4dd1e084cf6d8003e7c4774e833", 16), BigInteger.valueOf(2L)));
            String password = getPassword("Certificate password");
            try {
                KeyAndCertificate keyAndCertificate = new KeyAndCertificate(new StringBuffer().append(property).append("/serverRSA1024.pem").toString());
                EncryptedPrivateKeyInfo privateKey = keyAndCertificate.getPrivateKey();
                privateKey.decrypt(password);
                sSLServerContext.setRSACertificate(keyAndCertificate.getCertificateChain(), privateKey.getPrivateKeyInfo());
            } catch (Exception e) {
                System.out.println("Unable to set RSA server certificate.");
                System.out.println(new StringBuffer().append("RSA cipher-suites can not be used. ").append(e).toString());
            }
            try {
                KeyAndCertificate keyAndCertificate2 = new KeyAndCertificate(new StringBuffer().append(property).append("/serverDSA1024.pem").toString());
                EncryptedPrivateKeyInfo privateKey2 = keyAndCertificate2.getPrivateKey();
                privateKey2.decrypt(password);
                sSLServerContext.setDSACertificate(keyAndCertificate2.getCertificateChain(), privateKey2.getPrivateKeyInfo());
            } catch (Exception e2) {
                System.out.println("Unable to set DSA server certificate.");
                System.out.println(new StringBuffer().append("DSA cipher-suites can not be used. ").append(e2).toString());
            }
            try {
                KeyAndCertificate keyAndCertificate3 = new KeyAndCertificate(new StringBuffer().append(property).append("/serverDH1024.pem").toString());
                EncryptedPrivateKeyInfo privateKey3 = keyAndCertificate3.getPrivateKey();
                privateKey3.decrypt(password);
                sSLServerContext.setDHCertificate(keyAndCertificate3.getCertificateChain(), privateKey3.getPrivateKeyInfo());
            } catch (Exception e3) {
                System.out.println("Unable to set Diffie-Hellman server certificate.");
                System.out.println(new StringBuffer().append("Diffie-Hellman cipher-suites can not be used. ").append(e3).toString());
            }
            try {
                RSAPrivateKey rSAPrivateKey = new RSAPrivateKey(new FileInputStream(new StringBuffer().append(property).append("/tempRSAPrivateKey.der").toString()));
                sSLServerContext.setRSATempKeyPair(new KeyPair(rSAPrivateKey.getPublicKey(), rSAPrivateKey));
            } catch (Exception e4) {
                System.out.println("Unable to set 512 bit temporary RSA key pair.");
                System.out.println("RSA exportable cipher-suites can not be used.");
            }
            sSLServerContext.updateCipherSuites();
            Vector vector = new Vector();
            sSLServerContext.setTrustDecider(this);
            if (this.certRequired) {
                Name[] nameArr = new Name[vector.size()];
                vector.copyInto(nameArr);
                sSLServerContext.setRequireClientCertificate(new byte[]{1, 2}, nameArr);
            } else {
                sSLServerContext.setRequireClientCertificate((byte[]) null, (Principal[]) null);
            }
            System.out.println(sSLServerContext);
            SSLServerSocket sSLServerSocket = null;
            try {
                server.listen.close();
                sSLServerSocket = new SSLServerSocket(localPort, sSLServerContext);
            } catch (IOException e5) {
                System.out.println(new StringBuffer().append("Fatal Error creating new server socket  ").append(e5).toString());
                System.exit(1);
            }
            server.listen = sSLServerSocket;
            server.protocol = "https";
            System.out.println("Installing ssl server");
            return true;
        } catch (ClassNotFoundException e6) {
            System.out.println("Provider IAIK not found. Add iaik_jce.jar or iaik_jce_full.jar to your classpath.");
            System.out.println("If you are going to use a different provider please take a look at Readme.html!");
            return false;
        } catch (Exception e7) {
            return false;
        }
    }

    @Override // sunlabs.brazil.server.Handler
    public boolean respond(Request request) throws IOException {
        X509Certificate[] peerCertificateChain = request.getSocket().getPeerCertificateChain();
        if (peerCertificateChain == null) {
            return false;
        }
        int i = 0;
        while (i < peerCertificateChain.length) {
            String principal = peerCertificateChain[i].getIssuerDN().toString();
            String principal2 = peerCertificateChain[i].getSubjectDN().toString();
            String stringBuffer = i == 0 ? XMLConstants.DEFAULT_NS_PREFIX : new StringBuffer().append(i).append(".").toString();
            burst(request.props, new StringBuffer().append("issuer.").append(stringBuffer).toString(), principal);
            burst(request.props, new StringBuffer().append("owner.").append(stringBuffer).toString(), principal2);
            request.props.put(new StringBuffer().append("certid.").append(stringBuffer).toString(), peerCertificateChain[i].getSerialNumber().toString());
            try {
                request.props.put(new StringBuffer().append("fingerprint").append(i == 0 ? XMLConstants.DEFAULT_NS_PREFIX : new StringBuffer().append(".").append(i).toString()).toString(), Base64.encode(peerCertificateChain[i].getFingerprint()));
            } catch (Exception e) {
            }
            i++;
        }
        return false;
    }

    private void burst(Hashtable hashtable, String str, String str2) {
        StringTokenizer stringTokenizer = new StringTokenizer(str2, CodeFormatter.DEFAULT_S_DELIM);
        while (stringTokenizer.hasMoreTokens()) {
            String trim = stringTokenizer.nextToken().trim();
            int indexOf = trim.indexOf("=");
            hashtable.put(new StringBuffer().append(str).append(trim.substring(0, indexOf)).toString(), trim.substring(indexOf + 1));
        }
    }

    static String getPassword(String str) {
        System.out.print(new StringBuffer().append(str).append("\u0007\nEnter password: ").toString());
        String str2 = XMLConstants.DEFAULT_NS_PREFIX;
        try {
            str2 = new DataInputStream(System.in).readLine();
        } catch (IOException e) {
        }
        System.out.println("\u001b[A\r                                        ");
        return str2;
    }
}
