package org.wso2.carbon.identity.application.authentication.endpoint.util;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Map;
import java.util.Properties;
import java.util.StringTokenizer;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.securevault.SecretResolver;
import org.wso2.securevault.SecretResolverFactory;
import org.wso2.securevault.commons.MiscellaneousUtil;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.application.authentication.endpoint.util-5.15.42.jar:org/wso2/carbon/identity/application/authentication/endpoint/util/MutualSSLManager.class */
public class MutualSSLManager {
    private static final String PROTECTED_TOKENS = "protectedTokens";
    private static final String DEFAULT_CALLBACK_HANDLER = "org.wso2.carbon.securevault.DefaultSecretCallbackHandler";
    private static final String SECRET_PROVIDER = "secretProvider";
    private static Properties prop;
    private static final String keyStoreType = "JKS";
    private static final String trustStoreType = "JKS";
    private static final String keyManagerType = "SunX509";
    private static final String trustManagerType = "SunX509";
    private static final String protocol = "TLSv1.2";
    private static KeyStore keyStore;
    private static KeyStore trustStore;
    private static char[] keyStorePassword;
    private static SSLSocketFactory sslSocketFactory;
    private static final Log log = LogFactory.getLog(MutualSSLManager.class);
    private static String carbonLogin = "";
    private static String usernameHeaderName = "";

    private MutualSSLManager() {
    }

    /* JADX WARN: Removed duplicated region for block: B:25:0x0136 A[Catch: IOException | AuthenticationException -> 0x01bf, TryCatch #8 {IOException | AuthenticationException -> 0x01bf, blocks: (B:2:0x0000, B:4:0x0020, B:6:0x0035, B:8:0x0047, B:10:0x0050, B:18:0x005e, B:16:0x0070, B:21:0x0067, B:23:0x012b, B:25:0x0136, B:27:0x0171, B:28:0x0179, B:30:0x0184, B:31:0x018c, B:33:0x0197, B:34:0x019f, B:40:0x007e, B:49:0x0089, B:47:0x009b, B:52:0x0092, B:54:0x00a1, B:56:0x00a5, B:60:0x00b6, B:67:0x00e7, B:65:0x00f9, B:70:0x00f0, B:72:0x00ca, B:74:0x00d5, B:77:0x0107, B:86:0x0112, B:84:0x0124, B:89:0x011b, B:91:0x012a), top: B:1:0x0000, inners: #0, #2, #3, #4, #6, #7 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static synchronized void init() {
        /*
            Method dump skipped, instructions count: 460
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.wso2.carbon.identity.application.authentication.endpoint.util.MutualSSLManager.init():void");
    }

    private static boolean isMutualSSLManagerEnabled(String str) {
        boolean z = true;
        if (StringUtils.isNotEmpty(str)) {
            z = Boolean.parseBoolean(str);
        }
        return z;
    }

    private static String buildFilePath(String str) throws IOException {
        if (StringUtils.isNotEmpty(str) && str.startsWith(".")) {
            str = new File(new File(".").getAbsolutePath()).getCanonicalPath() + File.separator + str;
        }
        if (log.isDebugEnabled()) {
            log.debug("File path for KeyStore/TrustStore : " + str);
        }
        return str;
    }

    protected static String getPropertyValue(String str) {
        return (!Constants.SERVICES_URL.equals(str) || prop.containsKey(Constants.SERVICES_URL)) ? prop.getProperty(str) : IdentityUtil.getServerURL(IdentityUtil.getServicePath(), true, true);
    }

    private static void resolveSecrets(Properties properties) {
        if (StringUtils.isBlank((String) properties.get(SECRET_PROVIDER))) {
            properties.put(SECRET_PROVIDER, DEFAULT_CALLBACK_HANDLER);
        }
        SecretResolver create = SecretResolverFactory.create(properties);
        if (create != null && create.isInitialized()) {
            for (Map.Entry entry : properties.entrySet()) {
                String obj = entry.getKey().toString();
                String obj2 = entry.getValue().toString();
                if (obj2 != null) {
                    obj2 = MiscellaneousUtil.resolve(obj2, create);
                }
                properties.put(obj, obj2);
            }
        }
        if (!isSecuredPropertyAvailable(properties)) {
            if (log.isDebugEnabled()) {
                log.debug("Secure vault encryption ignored since no protected tokens available");
                return;
            }
            return;
        }
        SecretResolver create2 = SecretResolverFactory.create(properties, "");
        StringTokenizer stringTokenizer = new StringTokenizer((String) properties.get(PROTECTED_TOKENS), ",");
        while (stringTokenizer.hasMoreElements()) {
            String trim = stringTokenizer.nextElement().toString().trim();
            if (create2.isTokenProtected(trim)) {
                if (log.isDebugEnabled()) {
                    log.debug("Resolving and replacing secret for " + trim);
                }
                properties.put(trim, create2.resolve(trim));
            } else if (log.isDebugEnabled()) {
                log.debug("No encryption done for value with key :" + trim);
            }
        }
    }

    private static boolean isSecuredPropertyAvailable(Properties properties) {
        Enumeration<?> propertyNames = properties.propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str = (String) propertyNames.nextElement();
            if (PROTECTED_TOKENS.equals(str) && StringUtils.isNotBlank(properties.getProperty(str))) {
                return true;
            }
        }
        return false;
    }

    public static void loadKeyStore(String str, String str2) throws AuthenticationException {
        try {
            keyStorePassword = str2.toCharArray();
            keyStore = KeyStore.getInstance("JKS");
            FileInputStream fileInputStream = new FileInputStream(str);
            Throwable th = null;
            try {
                try {
                    keyStore.load(fileInputStream, keyStorePassword);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new AuthenticationException("Error while trying to load Key Store.", e);
        }
    }

    public static void loadTrustStore(String str, String str2) throws AuthenticationException {
        try {
            trustStore = KeyStore.getInstance("JKS");
            FileInputStream fileInputStream = new FileInputStream(str);
            Throwable th = null;
            try {
                try {
                    trustStore.load(fileInputStream, str2.toCharArray());
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new AuthenticationException("Error while trying to load Trust Store.", e);
        }
    }

    public static void initMutualSSLConnection(boolean z) throws AuthenticationException {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
            keyManagerFactory.init(keyStore, keyStorePassword);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
            trustManagerFactory.init(trustStore);
            SSLContext sSLContext = SSLContext.getInstance(protocol);
            if (z) {
                sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
                sslSocketFactory = sSLContext.getSocketFactory();
                if (log.isDebugEnabled()) {
                    log.debug("Mutual SSL Client initialized with Hostname Verification enabled");
                }
            } else {
                HostnameVerifier hostnameVerifier = new HostnameVerifier() { // from class: org.wso2.carbon.identity.application.authentication.endpoint.util.MutualSSLManager.1
                    @Override // javax.net.ssl.HostnameVerifier
                    public boolean verify(String str, SSLSession sSLSession) {
                        return true;
                    }
                };
                sSLContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{new X509TrustManager() { // from class: org.wso2.carbon.identity.application.authentication.endpoint.util.MutualSSLManager.2
                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return new X509Certificate[0];
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                    }
                }}, new SecureRandom());
                if (log.isDebugEnabled()) {
                    log.debug("SSL Context is initialized with trust manager for excluding certificate validation");
                }
                SSLContext.setDefault(sSLContext);
                sslSocketFactory = sSLContext.getSocketFactory();
                HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
                if (log.isDebugEnabled()) {
                    log.debug("Mutual SSL Client initialized with Hostname Verification disabled");
                }
            }
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new AuthenticationException("Error while trying to load Trust Store.", e);
        }
    }

    public static SSLSocketFactory getSslSocketFactory() {
        return sslSocketFactory;
    }

    public static String getCarbonLogin() {
        return carbonLogin;
    }

    public static String getUsernameHeaderName() {
        return usernameHeaderName;
    }
}
