package xsul.xservo_soap_https_puretls;

import COM.claymoresystems.ptls.SSLContext;
import COM.claymoresystems.sslg.SSLPolicyInt;
import java.io.IOException;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.cert.X509Certificate;
import org.xmlpull.v1.builder.XmlInfosetBuilder;
import xsul.MLogger;
import xsul.XmlConstants;
import xsul.http_server.HttpMiniServer;
import xsul.http_server.HttpServerException;
import xsul.http_server.HttpServerRequest;
import xsul.http_server.HttpServerResponse;
import xsul.http_server.ServerSocketFactory;
import xsul.processor.DynamicInfosetProcessorException;
import xsul.puretls_server_socket_factory.PuretlsServerSocketFactory;
import xsul.xservo.XServiceServo;
import xsul.xservo_soap_http.HttpBasedServices;

/* loaded from: input_file:WEB-INF/lib/xsul-2.10.5_b.jar:xsul/xservo_soap_https_puretls/HttpsPuretlsBasedServices.class */
public class HttpsPuretlsBasedServices extends HttpBasedServices implements XServiceServo {
    private static final String ANONYMOUS = "anonymous";
    public static final String SERVICES_ACCEPT_ANONYMOUS_PROPERTY = "services.accept.anonymous";
    private static final MLogger logger = MLogger.getLogger();
    private static final XmlInfosetBuilder builder = XmlConstants.BUILDER;
    private static boolean defaultAcceptAnonymous = false;
    private boolean acceptAnonymous = defaultAcceptAnonymous;

    private static synchronized void initializeAcceptAnon() {
        String str = null;
        try {
            str = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: xsul.xservo_soap_https_puretls.HttpsPuretlsBasedServices.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return System.getProperty(HttpsPuretlsBasedServices.SERVICES_ACCEPT_ANONYMOUS_PROPERTY);
                }
            });
        } catch (AccessControlException e) {
            logger.severe("could not read system property services.accept.anonymous", e);
        }
        if (str == null) {
            logger.config("no services.accept.anonymous property was provided");
            return;
        }
        try {
            defaultAcceptAnonymous = Boolean.valueOf(str).booleanValue();
            logger.config("services.accept.anonymous=" + defaultAcceptAnonymous);
        } catch (Exception e2) {
            logger.severe("user specified -Dservices.accept.anonymous is not valid", e2);
        }
    }

    public HttpsPuretlsBasedServices(int i, String str, String str2, String str3) throws DynamicInfosetProcessorException {
        setServer(new HttpMiniServer(new PuretlsServerSocketFactory(i == -1 ? 443 : i, createContext(str, str2, str3))));
        init();
    }

    public HttpsPuretlsBasedServices(ServerSocketFactory serverSocketFactory) throws DynamicInfosetProcessorException {
        setServer(new HttpMiniServer(serverSocketFactory));
        init();
    }

    public HttpsPuretlsBasedServices(HttpMiniServer httpMiniServer) throws DynamicInfosetProcessorException {
        setServer(httpMiniServer);
        init();
    }

    protected SSLContext createContext(String str, String str2, String str3) {
        return createServiceContext(str, str2, str3);
    }

    public static SSLContext createServiceContext(String str, String str2, String str3) {
        SSLContext sSLContext = new SSLContext();
        try {
            sSLContext.loadRootCertificates(str3);
            if (str != null) {
                try {
                    sSLContext.loadEAYKeyFile(str, str2);
                } catch (IOException e) {
                    throw new DynamicInfosetProcessorException("could load service cert and key from '" + str + "':" + e, e);
                }
            }
            SSLPolicyInt sSLPolicyInt = new SSLPolicyInt();
            sSLPolicyInt.requireClientAuth(true);
            sSLPolicyInt.setAcceptNoClientCert(true);
            sSLContext.setPolicy(sSLPolicyInt);
            return sSLContext;
        } catch (Exception e2) {
            throw new DynamicInfosetProcessorException("could not load trusted certificates from '" + str3 + "': " + e2, e2);
        }
    }

    @Override // xsul.xservo_soap_http.HttpBasedServices
    protected void init() {
        try {
            start();
        } catch (IOException e) {
            throw new DynamicInfosetProcessorException("could not start server", e);
        }
    }

    @Override // xsul.xservo_soap_http.HttpBasedServices
    public void serviceXml(HttpServerRequest httpServerRequest, HttpServerResponse httpServerResponse) throws HttpServerException {
        if (!httpServerRequest.isSecure()) {
            throw new HttpServerException("SSL/TLS is required to access this service.");
        }
        if (!"CLIENT_CERT".equals(httpServerRequest.getAuthType())) {
            throw new HttpServerException("SSL/TLS client authentication is required to access this service.");
        }
        String obj = ((X509Certificate[]) httpServerRequest.getAttribute("javax.servlet.request.X509Certificate"))[0].getSubjectDN().toString();
        if (logger.isFinerEnabled()) {
            logger.finer("SSL/TLS connection client cert dn=" + obj);
        }
        if (obj.indexOf(ANONYMOUS) != -1 && !this.acceptAnonymous) {
            throw new HttpServerException("SSL/TLS client authentication with anonymous in DN is not allowed to access this service.");
        }
        super.serviceXml(httpServerRequest, httpServerResponse);
    }

    public boolean isAcceptAnonymous() {
        return this.acceptAnonymous;
    }

    public void setAcceptAnonymous(boolean z) {
        this.acceptAnonymous = z;
    }

    static {
        initializeAcceptAnon();
    }
}
