package org.glassfish.admin.mbeanserver.ssl;

import com.sun.enterprise.admin.servermgmt.KeystoreManager;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPathParameters;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.faces.validator.BeanValidator;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:org/glassfish/admin/mbeanserver/ssl/SSLClientConfigurator.class */
public class SSLClientConfigurator {
    private SSLParams sslParams;
    private static SSLClientConfigurator sslCC;
    private SSLContext sslContext;
    private SSLSocketFactory sslSocketFactory;
    private Logger _logger = Logger.getLogger(SSLClientConfigurator.class.getName());
    private String[] enabledProtocols;
    private String[] enabledCipherSuites;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/glassfish/admin/mbeanserver/ssl/SSLClientConfigurator$CipherInfo.class */
    public static final class CipherInfo {
        private static final short SSL2 = 1;
        private static final short SSL3 = 2;
        private static final short TLS = 4;
        private static final String[][] OLD_CIPHER_MAPPING = {new String[]{"rsa_null_md5", "SSL_RSA_WITH_NULL_MD5"}, new String[]{"rsa_null_sha", "SSL_RSA_WITH_NULL_SHA"}, new String[]{"rsa_rc4_40_md5", "SSL_RSA_EXPORT_WITH_RC4_40_MD5"}, new String[]{"rsa_rc4_128_md5", "SSL_RSA_WITH_RC4_128_MD5"}, new String[]{"rsa_rc4_128_sha", "SSL_RSA_WITH_RC4_128_SHA"}, new String[]{"rsa_3des_sha", "SSL_RSA_WITH_3DES_EDE_CBC_SHA"}, new String[]{"fips_des_sha", "SSL_RSA_WITH_DES_CBC_SHA"}, new String[]{"rsa_des_sha", "SSL_RSA_WITH_DES_CBC_SHA"}, new String[]{"SSL_RSA_WITH_NULL_MD5", "SSL_RSA_WITH_NULL_MD5"}, new String[]{"SSL_RSA_WITH_NULL_SHA", "SSL_RSA_WITH_NULL_SHA"}};
        private static final Map<String, CipherInfo> ciphers = new HashMap();
        private final String configName;
        private final String cipherName;
        private final short protocolVersion;

        private CipherInfo(String str, String str2, short s) {
            this.configName = str;
            this.cipherName = str2;
            this.protocolVersion = s;
        }

        public static void updateCiphers(SSLContext sSLContext) {
            for (String str : sSLContext.getServerSocketFactory().getDefaultCipherSuites()) {
                ciphers.put(str, new CipherInfo(str, str, (short) 6));
            }
        }

        public static CipherInfo getCipherInfo(String str) {
            return ciphers.get(str);
        }

        public String getCipherName() {
            return this.cipherName;
        }

        public boolean isSSL2() {
            return (this.protocolVersion & 1) == 1;
        }

        public boolean isSSL3() {
            return (this.protocolVersion & 2) == 2;
        }

        public boolean isTLS() {
            return (this.protocolVersion & 4) == 4;
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.String[], java.lang.String[][]] */
        static {
            int length = OLD_CIPHER_MAPPING.length;
            for (int i = 0; i < length; i++) {
                String str = OLD_CIPHER_MAPPING[i][0];
                ciphers.put(str, new CipherInfo(str, OLD_CIPHER_MAPPING[i][1], (short) 6));
            }
        }
    }

    private SSLClientConfigurator() {
    }

    public static SSLClientConfigurator getInstance() {
        if (sslCC != null) {
            return sslCC;
        }
        sslCC = new SSLClientConfigurator();
        return sslCC;
    }

    public void setSSLParams(SSLParams sSLParams) {
        this.sslParams = sSLParams;
    }

    public SSLContext configure(SSLParams sSLParams) {
        this.sslParams = sSLParams;
        try {
            this.sslContext = SSLContext.getInstance(sSLParams.getProtocol());
        } catch (NoSuchAlgorithmException e) {
            this._logger.log(Level.SEVERE, (String) null, (Throwable) e);
        }
        configureCiphersAndProtocols();
        String trustAlgorithm = sSLParams.getTrustAlgorithm();
        if (trustAlgorithm == null) {
            trustAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        }
        String keyAlgorithm = sSLParams.getKeyAlgorithm();
        if (keyAlgorithm == null) {
            keyAlgorithm = "SunX509";
        }
        String certNickname = sSLParams.getCertNickname();
        if (certNickname == null) {
            certNickname = KeystoreManager.CERTIFICATE_ALIAS;
        }
        try {
            this.sslContext.init(getKeyManagers(keyAlgorithm, certNickname), getTrustManagers(trustAlgorithm), new SecureRandom());
        } catch (Exception e2) {
            this._logger.log(Level.SEVERE, (String) null, (Throwable) e2);
        }
        return this.sslContext;
    }

    public String[] getEnabledProtocols() {
        if (this.enabledProtocols == null) {
            configureCiphersAndProtocols();
        }
        return this.enabledProtocols;
    }

    public String getEnabledProtocolsAsString() {
        if (getEnabledProtocols() == null || getEnabledProtocols().length <= 0) {
            return null;
        }
        return toCommaSeparatedString(getEnabledProtocols());
    }

    public String[] getEnabledCipherSuites() {
        if (this.enabledCipherSuites == null) {
            configureCiphersAndProtocols();
        }
        return this.enabledCipherSuites;
    }

    public String getEnabledCipherSuitesAsString() {
        if (getEnabledCipherSuites() == null || getEnabledCipherSuites().length <= 0) {
            return null;
        }
        return toCommaSeparatedString(getEnabledCipherSuites());
    }

    protected KeyManager[] getKeyManagers(String str, String str2) throws Exception {
        if (System.getProperty("javax.net.ssl.keyStore") == null) {
            this._logger.log(Level.WARNING, " No keystores defined");
            return null;
        }
        this._logger.log(Level.FINE, "Algorithm ::" + str);
        this._logger.log(Level.FINE, "Key Alias ::" + str2);
        this._logger.log(Level.FINE, "KeyStore Type ::" + this.sslParams.getKeyStoreType());
        String keyStorePassword = this.sslParams.getKeyStorePassword();
        KeyStore store = getStore(this.sslParams.getKeyStoreType(), this.sslParams.getKeyStore().getPath(), keyStorePassword);
        if (str2 != null && !store.isKeyEntry(str2)) {
            this._logger.log(Level.WARNING, "No Key store found for " + str2);
            return null;
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
        keyManagerFactory.init(store, keyStorePassword.toCharArray());
        return keyManagerFactory.getKeyManagers();
    }

    protected TrustManager[] getTrustManagers(String str) throws Exception {
        String crlFile = this.sslParams.getCrlFile();
        TrustManager[] trustManagerArr = null;
        this._logger.log(Level.FINE, "in getTrustManagers  TrustManager type = " + this.sslParams.getTrustStoreType() + " path = " + this.sslParams.getTrustStore().getPath() + " password = " + this.sslParams.getTrustStorePassword().toString());
        KeyStore store = getStore(this.sslParams.getTrustStoreType(), this.sslParams.getTrustStore().getPath(), this.sslParams.getTrustStorePassword().toString());
        if (store != null) {
            if (crlFile == null) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
                trustManagerFactory.init(store);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } else {
                TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(str);
                trustManagerFactory2.init(new CertPathTrustManagerParameters(getParameters(str, crlFile, store)));
                trustManagerArr = trustManagerFactory2.getTrustManagers();
            }
        }
        return trustManagerArr;
    }

    protected CertPathParameters getParameters(String str, String str2, KeyStore keyStore) throws Exception {
        if (!"PKIX".equalsIgnoreCase(str)) {
            throw new CRLException("CRLs not supported for type: " + str);
        }
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(getCRLs(str2))));
        pKIXBuilderParameters.setRevocationEnabled(true);
        String trustMaxCertLength = this.sslParams.getTrustMaxCertLength();
        if (trustMaxCertLength != null) {
            try {
                pKIXBuilderParameters.setMaxPathLength(Integer.parseInt(trustMaxCertLength));
            } catch (Exception e) {
                this._logger.warning("Bad maxCertLength: " + trustMaxCertLength);
            }
        }
        return pKIXBuilderParameters;
    }

    protected Collection<? extends CRL> getCRLs(String str) throws IOException, CRLException, CertificateException {
        File file = new File(str);
        if (!file.isAbsolute()) {
            file = new File(System.getProperty("catalina.base"), str);
        }
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    fileInputStream = new FileInputStream(file);
                    Collection<? extends CRL> generateCRLs = certificateFactory.generateCRLs(fileInputStream);
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (Exception e) {
                        }
                    }
                    return generateCRLs;
                } catch (IOException e2) {
                    throw e2;
                }
            } catch (CRLException e3) {
                throw e3;
            } catch (CertificateException e4) {
                throw e4;
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (Exception e5) {
                }
            }
            throw th;
        }
    }

    private KeyStore getStore(String str, String str2, String str3) throws IOException {
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    try {
                        KeyStore keyStore = KeyStore.getInstance(str);
                        if (!"PKCS11".equalsIgnoreCase(str) && !"".equalsIgnoreCase(str2)) {
                            File file = new File(str2);
                            if (!file.isAbsolute()) {
                                file = new File(System.getProperty("catalina.base"), str2);
                            }
                            fileInputStream = new FileInputStream(file);
                        }
                        keyStore.load(fileInputStream, str3.toCharArray());
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e) {
                            }
                        }
                        return keyStore;
                    } catch (Throwable th) {
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e2) {
                            }
                        }
                        throw th;
                    }
                } catch (FileNotFoundException e3) {
                    this._logger.log(Level.SEVERE, "jsse.keystore_load_failed for:type = " + str + "path = " + str2 + e3.getMessage(), (Throwable) e3);
                    throw e3;
                }
            } catch (Exception e4) {
                this._logger.log(Level.SEVERE, "jsse.keystore_load_failed for:type = " + str + "path = " + str2 + e4.getMessage(), (Throwable) e4);
                throw new IOException(e4.getMessage());
            }
        } catch (IOException e5) {
            this._logger.log(Level.SEVERE, "jsse.keystore_load_failed for:type = " + str + "path = " + str2 + e5.getMessage(), (Throwable) e5);
            throw e5;
        }
    }

    private void configureCiphersAndProtocols() {
        LinkedList linkedList = new LinkedList();
        System.out.println("SSLParams =" + this.sslParams);
        if (this.sslParams.getSsl2Enabled().booleanValue()) {
            linkedList.add("SSLv2");
        }
        if (this.sslParams.getSsl3Enabled().booleanValue()) {
            linkedList.add("SSLv3");
        }
        if (this.sslParams.getTlsEnabled().booleanValue()) {
            linkedList.add("TLSv1");
        }
        if (this.sslParams.getSsl3Enabled().booleanValue() || this.sslParams.getTlsEnabled().booleanValue()) {
            linkedList.add("SSLv2Hello");
        }
        if (linkedList.isEmpty()) {
            this._logger.log(Level.WARNING, "All SSL protocol variants disabled for network-listener {0}, using SSL implementation specific defaults");
        } else {
            String[] strArr = new String[linkedList.size()];
            linkedList.toArray(strArr);
            this.enabledProtocols = strArr;
        }
        linkedList.clear();
        String ssl3TlsCiphers = this.sslParams.getSsl3TlsCiphers();
        if (ssl3TlsCiphers != null && ssl3TlsCiphers.length() > 0) {
            for (String str : ssl3TlsCiphers.split(BeanValidator.VALIDATION_GROUPS_DELIMITER)) {
                linkedList.add(str.trim());
            }
        }
        String ssl2Ciphers = this.sslParams.getSsl2Ciphers();
        if (ssl2Ciphers != null && ssl2Ciphers.length() > 0) {
            for (String str2 : ssl2Ciphers.split(BeanValidator.VALIDATION_GROUPS_DELIMITER)) {
                linkedList.add(str2.trim());
            }
        }
        String[] jSSECiphers = getJSSECiphers(linkedList);
        if (jSSECiphers == null || jSSECiphers.length == 0) {
            this._logger.log(Level.WARNING, "All SSL cipher suites disabled for network-listener(s) {0}.  Using SSL implementation specific defaults");
        } else {
            this.enabledCipherSuites = jSSECiphers;
        }
    }

    private String[] getJSSECiphers(List<String> list) {
        HashSet hashSet = null;
        for (String str : list) {
            if (str.length() > 0 && str.charAt(0) != '-') {
                if (str.charAt(0) == '+') {
                    str = str.substring(1);
                }
                String jSSECipher = getJSSECipher(str);
                if (jSSECipher == null) {
                    this._logger.log(Level.WARNING, "Unknown cipher error");
                } else {
                    if (hashSet == null) {
                        hashSet = new HashSet(list.size());
                    }
                    hashSet.add(jSSECipher);
                }
            }
        }
        if (hashSet == null) {
            return null;
        }
        return (String[]) hashSet.toArray(new String[hashSet.size()]);
    }

    private static String getJSSECipher(String str) {
        CipherInfo cipherInfo = CipherInfo.getCipherInfo(str);
        if (cipherInfo != null) {
            return cipherInfo.getCipherName();
        }
        return null;
    }

    private String toCommaSeparatedString(String[] strArr) {
        StringBuffer stringBuffer = new StringBuffer(strArr[0]);
        for (int i = 1; i < strArr.length; i++) {
            stringBuffer.append(BeanValidator.VALIDATION_GROUPS_DELIMITER);
            stringBuffer.append(strArr[i]);
        }
        return stringBuffer.toString();
    }
}
