package com.sun.cacao.commandstream.socket;

import com.sun.cacao.agent.JmxAgent;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.SecureRandom;
import java.util.logging.Logger;
import javax.net.ServerSocketFactory;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import javax.security.cert.X509Certificate;

/* loaded from: input_file:120676-02/SUNWcacao/reloc/SUNWcacao/lib/cacao_commandstream.jar:com/sun/cacao/commandstream/socket/TLSSocketHelper.class */
public class TLSSocketHelper implements SocketHelper {
    private static Logger logger = Logger.getLogger("com.sun.cacao.commandstream.socket");
    private ServerSocketFactory serverSocketFactory = null;

    @Override // com.sun.cacao.commandstream.socket.SocketHelper
    public synchronized ServerSocket createServerSocket(String str, int i) throws Exception {
        SSLServerSocket sSLServerSocket;
        if (this.serverSocketFactory == null) {
            KeyManagerFactory keyManagerFactory = JmxAgent.getKeyManagerFactory();
            SSLContext sSLContext = SSLContext.getInstance("TLSv1");
            SecureRandom secureRandom = new SecureRandom();
            secureRandom.nextInt();
            sSLContext.init(keyManagerFactory.getKeyManagers(), JmxAgent.getTrustManagers(), secureRandom);
            this.serverSocketFactory = sSLContext.getServerSocketFactory();
        }
        try {
            sSLServerSocket = (SSLServerSocket) this.serverSocketFactory.createServerSocket();
            sSLServerSocket.setReuseAddress(true);
            SocketUtils.bindServerSocket(sSLServerSocket, str, i);
        } catch (Throwable th) {
            logger.fine("Advanced configuration of server socket not supported by JVM");
            sSLServerSocket = str != null ? (SSLServerSocket) this.serverSocketFactory.createServerSocket(i, 0, InetAddress.getByName(str)) : (SSLServerSocket) this.serverSocketFactory.createServerSocket(i);
        }
        sSLServerSocket.setEnableSessionCreation(true);
        try {
            sSLServerSocket.setWantClientAuth(true);
        } catch (Throwable th2) {
            logger.fine("JSSE implementation does not support wantClientAuth");
        }
        sSLServerSocket.setUseClientMode(false);
        return sSLServerSocket;
    }

    @Override // com.sun.cacao.commandstream.socket.SocketHelper
    public Subject extractSubject(Socket socket) throws Exception {
        SSLSession session;
        Subject subject = new Subject();
        if (socket != null && (socket instanceof SSLSocket) && (session = ((SSLSocket) socket).getSession()) != null) {
            X509Certificate[] x509CertificateArr = null;
            try {
                x509CertificateArr = session.getPeerCertificateChain();
            } catch (SSLPeerUnverifiedException e) {
            }
            if (x509CertificateArr != null && x509CertificateArr[0] != null) {
                subject.getPrincipals().add(new X500Principal(x509CertificateArr[0].getSubjectDN().getName()));
            }
        }
        return subject;
    }
}
