package com.solacesystems.jcsmp.secure;

import com.solacesystems.common.HostInfo;
import com.solacesystems.jcsmp.InvalidPropertiesException;
import com.solacesystems.jcsmp.JCSMPProperties;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathParameters;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/solacesystems/jcsmp/secure/SecureProperties.class */
public class SecureProperties {
    private static final Log Trace = LogFactory.getLog(SecureProperties.class);
    public static final String[] SupportedProtocols = {"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"};
    public static final String[] SupportedJSSECipherNamesArray = {"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA", "SSL_RSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_RC4_128_MD5", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"};
    public static final String SupportedJSSECipherNamesString = initializeJSSECipherNamesString();
    public static final ArrayList<String> SupportedJSSECipherNamesList = initializeJSSECipherNamesList();
    public static final String[][] SupportedCipherAliases = {new String[]{"ECDHE-RSA-AES256-SHA384", "SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384"}, new String[]{"ECDHE-RSA-AES256-SHA", "SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA"}, new String[]{"AES256-SHA256", "SSL_RSA_WITH_AES_256_CBC_SHA256"}, new String[]{"AES256-SHA", "SSL_RSA_WITH_AES_256_CBC_SHA"}, new String[]{"ECDHE-RSA-DES-CBC3-SHA", "SSL_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"}, new String[]{"DES-CBC3-SHA"}, new String[]{"ECDHE-RSA-AES128-SHA256", "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256"}, new String[]{"ECDHE-RSA-AES128-SHA", "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA"}, new String[]{"AES128-SHA256", "SSL_RSA_WITH_AES_128_CBC_SHA256"}, new String[]{"AES128-SHA", "SSL_RSA_WITH_AES_128_CBC_SHA"}, new String[]{"RC4-SHA"}, new String[]{"RC4-MD5"}, new String[]{"AES128-GCM-SHA256", "SSL_RSA_WITH_AES_128_GCM_SHA256"}, new String[]{"AES256-GCM-SHA384", "SSL_RSA_WITH_AES_256_GCM_SHA384"}, new String[]{"ECDHE-RSA-AES128-GCM-SHA256", "SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}, new String[]{"ECDHE-RSA-AES256-GCM-SHA384", "SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}};
    public static final HashMap<String, String> CipherMap = initializeCipherMap();
    public static final HashMap<String, String[]> CipherAliasesMap = initializeCipherAliasesMap();
    private boolean mNonSecureInHostList;
    private boolean mUsingSecure;
    private String mProtocolsStr;
    private String mCipherSuitesStr;
    private String mCommonNamesStr;
    private String mAuthenticationScheme;
    private String mSslDowngradeProto;
    private String[] mProtocols = null;
    private String mTrustStoreName = null;
    private String mTrustStoreFmt = null;
    private String mTrustStorePwd = null;
    private String[] mCipherSuites = null;
    private ArrayList<String> mCipherSuitesList = null;
    private String[] mCommonNames = null;
    private boolean mValidateCert = false;
    private boolean mValidateCertDate = false;
    private KeyStore mTrustStore = null;
    private TrustManager[] mTrustManagers = null;
    private CertPathParameters mCertPathParameters = null;
    private String mKeyStoreFmt = null;
    private String mKeyStoreNormalizedFmt = null;
    private KeyStore mKeyStore = null;
    private String mKeyStoreName = null;
    private String mKeyStorePwd = null;
    private String mPrivateKeyAlias = null;
    private String mPrivateKeyPwd = null;
    private KeyManager[] mKeyManagers = null;
    private boolean mFoundAtLeastOnePrivateKey = false;

    private static String initializeJSSECipherNamesString() {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < SupportedJSSECipherNamesArray.length; i++) {
            if (i > 0) {
                sb.append(',');
            }
            sb.append(SupportedJSSECipherNamesArray[i]);
        }
        return sb.toString();
    }

    private static ArrayList<String> initializeJSSECipherNamesList() {
        ArrayList<String> arrayList = new ArrayList<>();
        for (int i = 0; i < SupportedJSSECipherNamesArray.length; i++) {
            arrayList.add(SupportedJSSECipherNamesArray[i]);
        }
        return arrayList;
    }

    private static HashMap<String, String> initializeCipherMap() {
        HashMap<String, String> hashMap = new HashMap<>();
        for (int i = 0; i < SupportedJSSECipherNamesArray.length; i++) {
            String str = SupportedJSSECipherNamesArray[i];
            hashMap.put(str, str);
            String[] strArr = SupportedCipherAliases[i];
            if (strArr != null) {
                for (String str2 : strArr) {
                    hashMap.put(str2, str);
                }
            }
        }
        return hashMap;
    }

    private static HashMap<String, String[]> initializeCipherAliasesMap() {
        HashMap<String, String[]> hashMap = new HashMap<>();
        for (int i = 0; i < SupportedJSSECipherNamesArray.length; i++) {
            String str = SupportedJSSECipherNamesArray[i];
            String[] strArr = SupportedCipherAliases[i];
            if (strArr != null) {
                hashMap.put(str, strArr);
            }
        }
        return hashMap;
    }

    public SecureProperties(JCSMPProperties jCSMPProperties) throws InvalidPropertiesException {
        this.mNonSecureInHostList = false;
        this.mUsingSecure = false;
        this.mProtocolsStr = null;
        this.mCipherSuitesStr = null;
        this.mCommonNamesStr = null;
        this.mAuthenticationScheme = null;
        this.mSslDowngradeProto = null;
        String stringProperty = jCSMPProperties.getStringProperty(JCSMPProperties.HOST);
        this.mSslDowngradeProto = jCSMPProperties.getStringProperty(JCSMPProperties.SSL_CONNECTION_DOWNGRADE_TO);
        try {
            for (HostInfo hostInfo : HostInfo.toHostInfoList(stringProperty)) {
                if (hostInfo.isSecure()) {
                    this.mUsingSecure = true;
                }
                if (!hostInfo.isSecure()) {
                    this.mNonSecureInHostList = true;
                }
            }
            this.mAuthenticationScheme = jCSMPProperties.getStringProperty(JCSMPProperties.AUTHENTICATION_SCHEME);
            this.mProtocolsStr = jCSMPProperties.getStringProperty(JCSMPProperties.SSL_PROTOCOL);
            initProtocols(this.mProtocolsStr, jCSMPProperties.getStringProperty(JCSMPProperties.SSL_EXCLUDED_PROTOCOLS));
            initTrustStore(jCSMPProperties.getStringProperty(JCSMPProperties.SSL_TRUST_STORE));
            initTrustStoreFormat(jCSMPProperties.getStringProperty(JCSMPProperties.SSL_TRUST_STORE_FORMAT));
            initTrustStorePassword(jCSMPProperties.getStringProperty(JCSMPProperties.SSL_TRUST_STORE_PASSWORD));
            initKeyStore(jCSMPProperties.getStringProperty(JCSMPProperties.SSL_KEY_STORE));
            initKeyStoreFormat(jCSMPProperties.getStringProperty(JCSMPProperties.SSL_KEY_STORE_FORMAT));
            initKeyStoreNormalizedFormat(jCSMPProperties.getStringProperty(JCSMPProperties.SSL_KEY_STORE_NORMALIZED_FORMAT));
            initKeyStorePassword(jCSMPProperties.getStringProperty(JCSMPProperties.SSL_KEY_STORE_PASSWORD));
            initPrivateKeyAlias(jCSMPProperties.getStringProperty(JCSMPProperties.SSL_PRIVATE_KEY_ALIAS));
            initPrivateKeyPassword(jCSMPProperties.getStringProperty(JCSMPProperties.SSL_PRIVATE_KEY_PASSWORD));
            this.mCipherSuitesStr = jCSMPProperties.getStringProperty(JCSMPProperties.SSL_CIPHER_SUITES);
            initCipherList(this.mCipherSuitesStr);
            this.mCommonNamesStr = jCSMPProperties.getStringProperty(JCSMPProperties.SSL_TRUSTED_COMMON_NAME_LIST);
            initCommonNames(this.mCommonNamesStr);
            initValidateCerts(jCSMPProperties.getBooleanProperty(JCSMPProperties.SSL_VALIDATE_CERTIFICATE));
            initValidateCertsDate(jCSMPProperties.getBooleanProperty(JCSMPProperties.SSL_VALIDATE_CERTIFICATE_DATE));
            if (usingSecure() && this.mValidateCert && (this.mTrustStoreName == null || this.mTrustStoreName.trim().length() == 0)) {
                throw new InvalidPropertiesException("Trust Store must be specified when validating certificates");
            }
            if (nonSecureInHostList() && this.mAuthenticationScheme != null && this.mAuthenticationScheme.equals("AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE")) {
                throw new InvalidPropertiesException("Client Certificate Authenticate is supported only for SSL secured schemes");
            }
            if (this.mAuthenticationScheme.equals("AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE")) {
                if (this.mKeyStoreName == null || this.mKeyStoreName.trim().length() == 0) {
                    throw new InvalidPropertiesException("Key Store must be specified when client certificate authentication scheme is used");
                }
            }
        } catch (Exception e) {
            throw new InvalidPropertiesException(e.getMessage(), e);
        }
    }

    public boolean nonSecureInHostList() {
        return this.mNonSecureInHostList;
    }

    public boolean usingSecure() {
        return this.mUsingSecure;
    }

    public String getSslDowngradeProtocol() {
        return this.mSslDowngradeProto;
    }

    public boolean isSslDowngradeEnabled() {
        return this.mSslDowngradeProto.equals("PLAIN_TEXT");
    }

    public String[] getProtocols() {
        return this.mProtocols;
    }

    public String getTrustStoreName() {
        return this.mTrustStoreName;
    }

    public String getTrustStoreFmt() {
        return this.mTrustStoreFmt;
    }

    public String getTrustStorePwd() {
        return this.mTrustStorePwd;
    }

    public String getKeyStoreFmt() {
        return this.mKeyStoreFmt;
    }

    public String getKeyStoreNormalizedFmt() {
        return this.mKeyStoreNormalizedFmt;
    }

    public KeyStore getKeyStore() {
        return this.mKeyStore;
    }

    public String getKeyStoreName() {
        return this.mKeyStoreName;
    }

    public String getKeyStorePwd() {
        return this.mKeyStorePwd;
    }

    public String getPrivateKeyAlias() {
        return this.mPrivateKeyAlias;
    }

    public String getPrivateKeyPwd() {
        return this.mPrivateKeyPwd;
    }

    public String[] getCipherSuites() {
        return this.mCipherSuites;
    }

    public List<String> getCipherSuitesList() {
        return this.mCipherSuitesList;
    }

    public String[] getCommonNames() {
        return this.mCommonNames;
    }

    public boolean validateCertificate() {
        return this.mValidateCert;
    }

    public boolean validateCertificateDate() {
        return this.mValidateCertDate;
    }

    public KeyStore getTrustStore() {
        return this.mTrustStore;
    }

    public TrustManager[] getTrustManagers() {
        return this.mTrustManagers;
    }

    public KeyManager[] getKeyManagers() {
        return this.mKeyManagers;
    }

    public CertPathParameters getCertPathParameters() {
        return this.mCertPathParameters;
    }

    public void loadTrustStore() throws InvalidPropertiesException {
        if (this.mValidateCert) {
            try {
                this.mTrustStore = createKeyStore(this.mTrustStoreName, this.mTrustStorePwd, this.mTrustStoreFmt, null, null);
            } catch (Exception e) {
                throw new InvalidPropertiesException("Unable to load trust store", e);
            }
        }
        try {
            this.mTrustManagers = createTrustManagers(this.mTrustStore);
        } catch (Exception e2) {
            throw new InvalidPropertiesException("Unable to create trust manager", e2);
        }
    }

    public void loadKeyStore() throws InvalidPropertiesException {
        if (this.mKeyStoreName != null) {
            if (this.mPrivateKeyPwd == null && this.mKeyStorePwd == null) {
                throw new InvalidPropertiesException("At least one of the private key password or key store password properties must be specified.");
            }
            try {
                this.mFoundAtLeastOnePrivateKey = false;
                this.mKeyStore = createKeyStore(this.mKeyStoreName, this.mKeyStorePwd, this.mKeyStoreFmt, this.mPrivateKeyAlias, this.mPrivateKeyPwd);
                checkKeyStore(this.mKeyStore, this.mKeyStorePwd != null ? this.mKeyStorePwd : this.mPrivateKeyPwd);
                try {
                    this.mKeyManagers = createKeyManagers(this.mKeyStore, this.mKeyStorePwd != null ? this.mKeyStorePwd : this.mPrivateKeyPwd);
                } catch (Exception e) {
                    throw new InvalidPropertiesException("Unable to create key manager", e);
                }
            } catch (InvalidPropertiesException e2) {
                throw e2;
            } catch (Exception e3) {
                throw new InvalidPropertiesException("Unable to load key store", e3);
            }
        }
    }

    public void initCertPathParameters() throws InvalidPropertiesException {
        if (this.mValidateCert) {
            try {
                PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(this.mTrustStore, new X509CertSelector());
                pKIXBuilderParameters.setRevocationEnabled(false);
                this.mCertPathParameters = pKIXBuilderParameters;
            } catch (InvalidAlgorithmParameterException e) {
                if (this.mValidateCert) {
                    throw new InvalidPropertiesException("Unable to initialize certificate path parameters from trust store", e);
                }
            } catch (Exception e2) {
                throw new InvalidPropertiesException("Unable to initialize certificate path parameters from trust store", e2);
            }
        }
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        if (usingSecure()) {
            sb.append("secure=true");
            sb.append(",protocols=[");
            sb.append(this.mProtocolsStr);
            sb.append("],trustStore=");
            sb.append(this.mTrustStoreName);
            sb.append(",trustStoreFmt=");
            sb.append(this.mTrustStoreFmt);
            sb.append(",keyStoreName=");
            sb.append(this.mKeyStoreName);
            sb.append(",keyStoreFmt=");
            sb.append(this.mKeyStoreFmt);
            sb.append(",cipherSuite=[");
            sb.append(this.mCipherSuitesStr);
            sb.append("],commonNames=[");
            sb.append(this.mCommonNamesStr);
            sb.append("],validateCertificates=");
            sb.append(this.mValidateCert);
            sb.append(",validateCertificateDates=");
            sb.append(this.mValidateCertDate);
        } else {
            sb.append("secure=false");
        }
        return sb.toString();
    }

    private void initProtocols(String str, String str2) throws InvalidPropertiesException {
        String[] strArr;
        String[] strArr2;
        String[] strArr3 = new String[0];
        if (str == null || str.length() == 0) {
            strArr = SupportedProtocols;
        } else {
            if (str.startsWith(",") || str.endsWith(",")) {
                throw new InvalidPropertiesException(String.format("Unknown or unsupported protocol name \"\" in protocols \"%s\"", str));
            }
            strArr = str.split(",");
            if (strArr.length == 0) {
                throw new InvalidPropertiesException("Unknown or unsupported protocol name \"" + str + "\"");
            }
        }
        if (str2 == null || str2.trim().length() == 0) {
            strArr2 = strArr3;
        } else {
            if (str2.trim().startsWith(",") || str2.trim().endsWith(",")) {
                throw new InvalidPropertiesException(String.format("Unknown or unsupported protocol name \"\" in excluded protocols \"%s\"", str2));
            }
            strArr2 = str2.split(",");
        }
        boolean[] zArr = new boolean[SupportedProtocols.length];
        int i = 0;
        for (int i2 = 0; i2 < SupportedProtocols.length; i2++) {
            zArr[i2] = false;
        }
        for (int i3 = 0; i3 < strArr.length; i3++) {
            String upperCase = strArr[i3].trim().toUpperCase();
            boolean z = false;
            int i4 = 0;
            while (true) {
                if (i4 >= SupportedProtocols.length) {
                    break;
                }
                if (SupportedProtocols[i4].toUpperCase().equals(upperCase)) {
                    if (!zArr[i4]) {
                        zArr[i4] = true;
                        i++;
                    }
                    z = true;
                } else {
                    i4++;
                }
            }
            if (!z) {
                this.mProtocols = null;
                throw new InvalidPropertiesException("Unknown or unsupported protocol name \"" + strArr[i3] + "\"");
            }
        }
        boolean z2 = i == SupportedProtocols.length;
        for (int i5 = 0; i5 < strArr2.length; i5++) {
            String upperCase2 = strArr2[i5].trim().toUpperCase();
            boolean z3 = false;
            int i6 = 0;
            while (true) {
                if (i6 >= SupportedProtocols.length) {
                    break;
                }
                if (SupportedProtocols[i6].toUpperCase().equals(upperCase2)) {
                    if (zArr[i6]) {
                        zArr[i6] = false;
                        i--;
                    }
                    z3 = true;
                } else {
                    i6++;
                }
            }
            if (!z3) {
                this.mProtocols = null;
                throw new InvalidPropertiesException("Unknown or unsupported protocol name \"" + strArr2[i5] + "\"");
            }
            if (!z2) {
                throw new InvalidPropertiesException("Only one of the properties SSL_PROTOCOL and SSL_EXCLUDED_PROTOCOLS can be specified");
            }
        }
        if (i == 0) {
            throw new InvalidPropertiesException("All protocol names excluded");
        }
        int i7 = 0;
        this.mProtocols = new String[i];
        for (int i8 = 0; i8 < SupportedProtocols.length; i8++) {
            if (zArr[i8]) {
                this.mProtocols[i7] = SupportedProtocols[i8];
                i7++;
            }
        }
    }

    private void initTrustStore(String str) {
        this.mTrustStoreName = str;
    }

    private void initTrustStoreFormat(String str) {
        this.mTrustStoreFmt = str;
    }

    private void initTrustStorePassword(String str) {
        this.mTrustStorePwd = str;
    }

    private void initKeyStore(String str) {
        this.mKeyStoreName = str;
    }

    private void initKeyStoreFormat(String str) {
        this.mKeyStoreFmt = str;
    }

    private void initKeyStoreNormalizedFormat(String str) {
        this.mKeyStoreNormalizedFmt = str.trim().length() > 0 ? str.trim() : str;
    }

    private void initKeyStorePassword(String str) {
        this.mKeyStorePwd = str;
    }

    private void initPrivateKeyAlias(String str) {
        this.mPrivateKeyAlias = str;
    }

    private void initPrivateKeyPassword(String str) {
        this.mPrivateKeyPwd = str;
    }

    private void initCipherList(String str) throws InvalidPropertiesException {
        this.mCipherSuitesList = new ArrayList<>();
        if (str == null || str.length() == 0) {
            this.mCipherSuites = SupportedJSSECipherNamesArray;
            this.mCipherSuitesList = SupportedJSSECipherNamesList;
            return;
        }
        if (str.startsWith(",") || str.endsWith(",")) {
            throw new InvalidPropertiesException("Unknown or unsupported cipher name \"\"");
        }
        String[] split = str.split(",");
        if (split.length == 0) {
            throw new InvalidPropertiesException("Unknown or unsupported cipher name \"" + str + "\"");
        }
        this.mCipherSuitesList = new ArrayList<>(split.length);
        HashSet hashSet = new HashSet();
        for (int i = 0; i < split.length; i++) {
            String str2 = CipherMap.get(split[i].trim().toUpperCase());
            if (str2 == null) {
                this.mCipherSuites = null;
                this.mCipherSuitesList = null;
                throw new InvalidPropertiesException("Unknown or unsupported cipher name \"" + split[i] + "\"");
            }
            if (!hashSet.contains(str2)) {
                this.mCipherSuitesList.add(str2);
                hashSet.add(str2);
            }
        }
        this.mCipherSuites = new String[this.mCipherSuitesList.size()];
        this.mCipherSuites = (String[]) this.mCipherSuitesList.toArray(this.mCipherSuites);
    }

    private void initCommonNames(String str) throws InvalidPropertiesException {
        if (str == null || str.length() == 0) {
            this.mCommonNames = null;
            return;
        }
        if (str.startsWith(",") || str.endsWith(",")) {
            throw new InvalidPropertiesException("Empty Common Name provided");
        }
        this.mCommonNames = str.split(",");
        if (this.mCommonNames.length == 0) {
            throw new InvalidPropertiesException("Empty Common Name provided");
        }
        if (this.mCommonNames.length > 16) {
            throw new InvalidPropertiesException("A maximum of 16 common names can be given");
        }
        for (int i = 0; i < this.mCommonNames.length; i++) {
            if (this.mCommonNames[i].length() == 0) {
                throw new InvalidPropertiesException("Empty Common Name provided");
            }
        }
    }

    private void initValidateCerts(Boolean bool) {
        if (bool == null) {
            this.mValidateCert = true;
        }
        this.mValidateCert = bool.booleanValue();
    }

    private void initValidateCertsDate(Boolean bool) {
        if (bool == null) {
            this.mValidateCertDate = true;
        }
        this.mValidateCertDate = bool.booleanValue();
    }

    public boolean isClientCertificateAuthenticationEnabled() {
        return this.mAuthenticationScheme.equals("AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE");
    }

    private KeyManager[] createKeyManagers(KeyStore keyStore, String str) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        if (Trace.isDebugEnabled()) {
            Trace.debug("Initializing key manager");
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, str != null ? str.toCharArray() : null);
        return keyManagerFactory.getKeyManagers();
    }

    private TrustManager[] createTrustManagers(KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        if (Trace.isDebugEnabled()) {
            Trace.debug("Initializing trust manager");
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        for (int i = 0; i < trustManagers.length; i++) {
            if (trustManagers[i] instanceof X509TrustManager) {
                trustManagers[i] = new AuthSSLX509TrustManager((X509TrustManager) trustManagers[i], this);
            }
        }
        return trustManagers;
    }

    void checkKeyStore(KeyStore keyStore, String str) throws InvalidPropertiesException {
        if (str == null) {
            throw new InvalidPropertiesException("At least one of the private key password or key store password properties must be specified.");
        }
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                if (keyStore.getKey(aliases.nextElement(), str.toCharArray()) != null) {
                    return;
                }
            }
        } catch (KeyStoreException e) {
        }
        if (!this.mFoundAtLeastOnePrivateKey) {
            throw new InvalidPropertiesException("The specified keystore contains no private key.");
        }
        throw new InvalidPropertiesException("Unable to load key store", new UnrecoverableKeyException());
    }

    /* JADX WARN: Finally extract failed */
    private KeyStore createKeyStore(String str, String str2, String str3, String str4, String str5) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException, InvalidPropertiesException {
        KeyStore keyStore;
        String trim = str3.trim();
        if (Trace.isDebugEnabled()) {
            Trace.debug("Initializing key store");
        }
        try {
            KeyStore keyStore2 = KeyStore.getInstance(trim);
            if (str == null || str.trim().length() <= 0) {
                keyStore2.load(null, null);
            } else {
                InputStream inputStream = null;
                try {
                    try {
                        inputStream = new URL(str).openStream();
                        keyStore2.load(inputStream, str2 != null ? str2.toCharArray() : null);
                        if (inputStream != null) {
                            inputStream.close();
                        }
                    } catch (MalformedURLException e) {
                        FileInputStream fileInputStream = new FileInputStream(str);
                        keyStore2.load(fileInputStream, str2 != null ? str2.toCharArray() : null);
                        if (fileInputStream != null) {
                            fileInputStream.close();
                        }
                    }
                } catch (Throwable th) {
                    if (inputStream != null) {
                        inputStream.close();
                    }
                    throw th;
                }
            }
            String str6 = str5;
            if (str6 == null) {
                str6 = str2;
            }
            if (Trace.isDebugEnabled()) {
                Enumeration<String> aliases = keyStore2.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    Certificate[] certificateChain = keyStore2.getCertificateChain(nextElement);
                    if (certificateChain != null) {
                        Trace.debug("Certificate chain '" + nextElement + "':");
                        for (int i = 0; i < certificateChain.length; i++) {
                            if (certificateChain[i] instanceof X509Certificate) {
                                X509Certificate x509Certificate = (X509Certificate) certificateChain[i];
                                Trace.debug(" Certificate " + (i + 1) + ":");
                                Trace.debug("  Subject DN: " + x509Certificate.getSubjectDN());
                                Trace.debug("  Signature Algorithm: " + x509Certificate.getSigAlgName());
                                Trace.debug("  Valid from: " + x509Certificate.getNotBefore());
                                Trace.debug("  Valid until: " + x509Certificate.getNotAfter());
                                Trace.debug("  Issuer: " + x509Certificate.getIssuerDN());
                            }
                        }
                    }
                }
            }
            if (this.mKeyStoreNormalizedFmt.equals("")) {
                keyStore = KeyStore.getInstance(trim);
            } else {
                try {
                    keyStore = KeyStore.getInstance(this.mKeyStoreNormalizedFmt);
                    Trace.debug("Using a specified internal normalized store format: " + this.mKeyStoreNormalizedFmt);
                } catch (KeyStoreException e2) {
                    throw new InvalidPropertiesException("Unknown or unsupported Normalized key store format \"" + this.mKeyStoreNormalizedFmt + "\"");
                }
            }
            keyStore.load(null);
            try {
                Enumeration<String> aliases2 = keyStore2.aliases();
                while (aliases2.hasMoreElements()) {
                    String nextElement2 = aliases2.nextElement();
                    if (keyStore2.isCertificateEntry(nextElement2)) {
                        keyStore.setCertificateEntry(nextElement2, keyStore2.getCertificate(nextElement2));
                    }
                }
            } catch (KeyStoreException e3) {
            }
            if (str4 != null) {
                Key key = keyStore2.getKey(str4, str6 != null ? str6.toCharArray() : null);
                if (key == null) {
                    throw new InvalidPropertiesException("No private key is associated to alias '" + str4 + "'");
                }
                Certificate[] certificateChain2 = keyStore2.getCertificateChain(str4);
                if (str2 != null) {
                    keyStore.setKeyEntry(str4, key, str2.toCharArray(), certificateChain2);
                } else {
                    keyStore.setKeyEntry(str4, key, str5.toCharArray(), certificateChain2);
                }
            } else if (str5 != null) {
                Enumeration<String> aliases3 = keyStore2.aliases();
                while (aliases3.hasMoreElements()) {
                    String nextElement3 = aliases3.nextElement();
                    try {
                        Key key2 = keyStore2.getKey(nextElement3, str5.toCharArray());
                        if (key2 != null) {
                            Certificate[] certificateChain3 = keyStore2.getCertificateChain(nextElement3);
                            if (str2 != null) {
                                keyStore.setKeyEntry(nextElement3, key2, str2.toCharArray(), certificateChain3);
                            } else {
                                keyStore.setKeyEntry(nextElement3, key2, str5.toCharArray(), certificateChain3);
                            }
                        }
                    } catch (UnrecoverableKeyException e4) {
                        this.mFoundAtLeastOnePrivateKey = true;
                    }
                }
            } else if (str2 != null) {
                Enumeration<String> aliases4 = keyStore2.aliases();
                while (aliases4.hasMoreElements()) {
                    String nextElement4 = aliases4.nextElement();
                    try {
                        Key key3 = keyStore2.getKey(nextElement4, str2.toCharArray());
                        if (key3 != null) {
                            keyStore.setKeyEntry(nextElement4, key3, str2.toCharArray(), keyStore2.getCertificateChain(nextElement4));
                        }
                    } catch (UnrecoverableKeyException e5) {
                        this.mFoundAtLeastOnePrivateKey = true;
                    }
                }
            }
            return keyStore;
        } catch (KeyStoreException e6) {
            throw new InvalidPropertiesException("Unknown or unsupported key or trust store format \"" + str3 + "\"");
        }
    }
}
