package progress.message.net.ssl.jsafe;

import com.rsa.certj.CertJ;
import com.rsa.certj.DatabaseService;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.pkcs12.PKCS12;
import com.rsa.jsafe.JSAFE_PrivateKey;
import com.rsa.ssl.AlertException;
import com.rsa.ssl.CipherSuite;
import com.rsa.ssl.CipherSuiteLists;
import com.rsa.ssl.SSLException;
import com.rsa.ssl.SSLParams;
import com.rsa.ssl.SSLUtils;
import com.rsa.ssl.external.CertVerifier;
import com.rsa.ssl.external.Truster;
import com.sonicsw.mq.mgmtapi.config.constants.IBrokerConstants;
import com.sonicsw.security.ssl.SSLUtil;
import java.io.ByteArrayOutputStream;
import java.io.EOFException;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.text.MessageFormat;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.StringTokenizer;
import java.util.Vector;
import progress.message.net.ESocketConfigException;
import progress.message.net.ssl.ISSLControl;
import progress.message.zclient.SessionConfig;

/* loaded from: input_file:progress/message/net/ssl/jsafe/jsafeSSLClientControl.class */
public class jsafeSSLClientControl implements ISSLControl {
    protected SSLParams context;
    protected boolean DEBUG = false;
    private static Hashtable cipherSuites = new Hashtable();

    /* loaded from: input_file:progress/message/net/ssl/jsafe/jsafeSSLClientControl$SonicCertVerifier.class */
    class SonicCertVerifier extends CertVerifier {
        SonicCertVerifier() {
        }

        public int verifyCertificate(SSLParams sSLParams, X509Certificate[] x509CertificateArr, CipherSuite cipherSuite) throws AlertException, SSLException {
            X509Certificate[] cACertificates = sSLParams.getCACertificates();
            if (cACertificates == null || cACertificates.length == 0) {
                return 0;
            }
            return super.verifyCertificate(sSLParams, x509CertificateArr, cipherSuite);
        }
    }

    public jsafeSSLClientControl() throws ESocketConfigException {
        this.context = null;
        try {
            if (this.context == null) {
                this.context = new SSLParams();
            }
            this.context.getRandom().autoseed();
        } catch (SSLException e) {
            if (this.DEBUG) {
                e.printStackTrace();
            }
            ESocketConfigException eSocketConfigException = new ESocketConfigException(e.getMessage());
            eSocketConfigException.fillInStackTrace();
            throw eSocketConfigException;
        }
    }

    @Override // progress.message.net.ssl.ISSLControl
    public Object getContext() {
        return this.context;
    }

    @Override // progress.message.net.ssl.ISSLControl
    public boolean configureKeyAndCertificate(String str, String str2, String str3, String str4, String str5) {
        Vector loadCertificateChain;
        PKCS12 pkcs12;
        X509Certificate[] certificates;
        if (this.context == null) {
            return false;
        }
        boolean z = true;
        if (str2.equalsIgnoreCase("PKCS12")) {
            if (str == null || str5 == null) {
                return false;
            }
            try {
                pkcs12 = new PKCS12(new CertJ(), (DatabaseService) null, str5.toCharArray(), str);
                certificates = pkcs12.getCertificates();
            } catch (Exception e) {
                SessionConfig.logMessage(e.getMessage(), e, SessionConfig.getLevelWarning());
                z = false;
            }
            if (certificates == null) {
                return false;
            }
            X509Certificate[] x509CertificateArr = new X509Certificate[certificates.length];
            for (int i = 0; i < certificates.length; i++) {
                x509CertificateArr[i] = certificates[i];
            }
            if (this.DEBUG) {
                System.out.println("Loading certificate chain from PKCS12 :");
                for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
                    System.out.println("certificate[" + i2 + "] = " + x509CertificateArr[i2].getSubjectName().toString());
                }
            }
            JSAFE_PrivateKey[] keys = pkcs12.getKeys();
            if (keys.length != 1) {
                throw new Exception("More than one key exists in the specified PKCS12 object");
            }
            if (keys == null || keys[0] == null) {
                return false;
            }
            this.context.addCertificateChainAndKey(x509CertificateArr, keys[0]);
            return z;
        }
        if (!str2.equalsIgnoreCase("PKCS7")) {
            try {
                this.context.addCertificateChainAndKey(loadCertificateChain(str), SSLUtils.loadKey(str3.trim()), str5.toCharArray());
            } catch (Exception e2) {
                SessionConfig.logMessage(e2.getMessage(), e2, SessionConfig.getLevelWarning());
                z = false;
            }
            return z;
        }
        FileInputStream fileInputStream = null;
        ByteArrayOutputStream byteArrayOutputStream = null;
        if (str == null || str3 == null) {
            return false;
        }
        try {
            if (str5 == null) {
                return false;
            }
            try {
                loadCertificateChain = jsafeX509Certificate.loadCertificateChain(str);
            } catch (Exception e3) {
                SessionConfig.logMessage(e3.getMessage(), e3, SessionConfig.getLevelWarning());
                z = false;
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e4) {
                    }
                }
                if (0 != 0) {
                    byteArrayOutputStream.close();
                }
            }
            if (loadCertificateChain == null || loadCertificateChain.isEmpty()) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e5) {
                    }
                }
                if (0 != 0) {
                    byteArrayOutputStream.close();
                }
                return false;
            }
            X509Certificate[] x509CertificateArr2 = new X509Certificate[loadCertificateChain.size()];
            loadCertificateChain.copyInto(x509CertificateArr2);
            if (this.DEBUG) {
                System.out.println("Loading certificate chain from PKCS7 :");
                for (int i3 = 0; i3 < x509CertificateArr2.length; i3++) {
                    System.out.println("certificate[" + i3 + "] = " + x509CertificateArr2[i3].getSubjectName().toString());
                }
                System.out.println("Loading private key from " + str3 + ", pwd = ********");
            }
            byte[] loadKey = SSLUtils.loadKey(str3.trim());
            if (loadKey == null || loadKey.length == 0) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e6) {
                    }
                }
                if (0 != 0) {
                    byteArrayOutputStream.close();
                }
                return false;
            }
            this.context.addCertificateChainAndKey(x509CertificateArr2, loadKey, str5.toCharArray());
            if (0 != 0) {
                try {
                    fileInputStream.close();
                } catch (IOException e7) {
                }
            }
            if (0 != 0) {
                byteArrayOutputStream.close();
            }
            return z;
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    fileInputStream.close();
                } catch (IOException e8) {
                    throw th;
                }
            }
            if (0 != 0) {
                byteArrayOutputStream.close();
            }
            throw th;
        }
    }

    @Override // progress.message.net.ssl.ISSLControl
    public boolean configureCipherSuites(Vector vector) {
        if (this.context == null) {
            return false;
        }
        try {
            this.context.setCipherSuites(vector == null ? CipherSuiteLists.All_Ciphers() : verifyCiphers(vector));
            if (!this.DEBUG) {
                return true;
            }
            try {
                CipherSuite[] cipherSuites2 = this.context.getCipherSuites();
                System.out.println("Enabling cipher suite(s) :");
                for (CipherSuite cipherSuite : cipherSuites2) {
                    System.out.println(cipherSuite);
                }
                return true;
            } catch (SSLException e) {
                SessionConfig.logMessage(e.getMessage(), e, SessionConfig.getLevelWarning());
                return true;
            }
        } catch (SSLException e2) {
            SessionConfig.logMessage(e2.getMessage(), e2, SessionConfig.getLevelWarning());
            return false;
        }
    }

    @Override // progress.message.net.ssl.ISSLControl
    public boolean configureTrustDecider(String str, String str2) throws ESocketConfigException {
        if (this.context == null) {
            return false;
        }
        if (str == null) {
            SessionConfig.logMessage(prAccessor.getString("STR001"), SessionConfig.getLevelInfo());
            return false;
        }
        if (!str.equals("NONE")) {
            try {
                X509Certificate[] loadCACertificates = loadCACertificates(str);
                if (loadCACertificates == null || loadCACertificates.length == 0) {
                    return false;
                }
                if (this.DEBUG) {
                    System.out.println("total CA certificate count = " + loadCACertificates.length);
                }
                for (X509Certificate x509Certificate : loadCACertificates) {
                    this.context.addCACertificate(x509Certificate);
                }
            } catch (Exception e) {
                SessionConfig.logMessage(e.getMessage(), e, SessionConfig.getLevelWarning());
            }
        }
        if (str2 == null) {
            this.context.setTruster(new SonicCertVerifier());
            return true;
        }
        try {
            Object newInstance = Class.forName(str2).newInstance();
            if (!(newInstance instanceof Truster)) {
                throw new Exception(str2 + " is not an instance of com.rsa.ssl.external.Truster");
            }
            this.context.setTruster((Truster) newInstance);
            return true;
        } catch (Exception e2) {
            SessionConfig.logMessage(MessageFormat.format(prAccessor.getString("STR004"), str2, e2 + e2.getMessage()), e2, SessionConfig.getLevelWarning());
            return false;
        }
    }

    public String toString() {
        if (this.context == null) {
            return null;
        }
        return this.context.toString();
    }

    private static byte[] getUrlData(String str) throws MalformedURLException, IOException {
        InputStream openStream = new URL(str).openStream();
        byte[] bArr = new byte[512];
        int i = 0;
        while (true) {
            int read = openStream.read(bArr, i, bArr.length - i);
            if (read <= 0) {
                break;
            }
            i += read;
            if (bArr.length - i < 1) {
                byte[] bArr2 = new byte[bArr.length * 2];
                System.arraycopy(bArr, 0, bArr2, 0, i);
                bArr = bArr2;
            }
        }
        openStream.close();
        if (i != bArr.length) {
            byte[] bArr3 = new byte[i];
            System.arraycopy(bArr, 0, bArr3, 0, i);
            bArr = bArr3;
        }
        return bArr;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v19, types: [byte[], byte[][], java.lang.Object[]] */
    protected byte[][] loadCertificateChain(String str) throws Exception {
        if (str == null || str.trim().length() == 0) {
            throw new Exception("Certificate chain is not specified");
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        Vector vector = new Vector();
        byte[] bArr = new byte[2048];
        if (this.DEBUG) {
            System.out.println("Loading certificate chain from a list of files/urls :");
        }
        while (stringTokenizer.hasMoreElements()) {
            String trim = stringTokenizer.nextToken().trim();
            if (this.DEBUG) {
                System.out.println("reading certificate[0] from " + trim);
            }
            FileInputStream fileInputStream = new FileInputStream(new File(trim));
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(2048);
            while (true) {
                try {
                    int read = fileInputStream.read(bArr);
                    if (read < 0) {
                        break;
                    }
                    byteArrayOutputStream.write(bArr, 0, read);
                } catch (EOFException e) {
                }
            }
            vector.addElement(byteArrayOutputStream.toByteArray());
            fileInputStream.close();
            byteArrayOutputStream.close();
        }
        if (vector.size() == 0) {
            throw new Exception("Unable to load the cert chain " + str);
        }
        ?? r0 = new byte[vector.size()];
        vector.copyInto(r0);
        return r0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public X509Certificate[] loadCACertificates(String str) {
        if (new File(str).isDirectory()) {
            try {
                if (this.DEBUG) {
                    System.out.println("Loading CA Certificates from directory " + str + " :");
                }
                return SSLUtils.loadCertificateDirectory(str);
            } catch (Exception e) {
                SessionConfig.logMessage(e.getMessage(), e, SessionConfig.getLevelWarning());
                return null;
            }
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        int countTokens = stringTokenizer.countTokens() == 0 ? 1 : stringTokenizer.countTokens();
        int i = 0;
        Vector vector = new Vector();
        for (int i2 = 0; i2 < countTokens; i2++) {
            String nextToken = stringTokenizer.nextToken();
            try {
                vector.addElement(new X509Certificate(getUrlData(nextToken), 0, 0));
                i++;
            } catch (MalformedURLException e2) {
                try {
                    vector.addElement(SSLUtils.loadCertificate(nextToken));
                    i++;
                } catch (SSLException e3) {
                    SessionConfig.logMessage(MessageFormat.format(prAccessor.getString("STR003"), nextToken, e3.getMessage()), SessionConfig.getLevelWarning());
                }
            } catch (Exception e4) {
                SessionConfig.logMessage(MessageFormat.format(prAccessor.getString("STR003"), nextToken, e4 + e4.getMessage()), e4, SessionConfig.getLevelWarning());
            }
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[vector.size()];
        vector.copyInto(x509CertificateArr);
        return x509CertificateArr;
    }

    protected CipherSuite[] verifyCiphers(Vector vector) {
        CipherSuite[] cipherSuiteArr = new CipherSuite[vector.size()];
        Enumeration elements = vector.elements();
        int i = 0;
        while (elements.hasMoreElements()) {
            String str = (String) elements.nextElement();
            CipherSuite cipherSuite = (CipherSuite) cipherSuites.get(str.toUpperCase());
            if (cipherSuite == null) {
                try {
                    cipherSuite = (CipherSuite) Class.forName("com.rsa.ssl.ciphers." + str).newInstance();
                    cipherSuites.put(str.toUpperCase(), cipherSuite);
                } catch (Exception e) {
                    if (this.DEBUG) {
                        System.out.println("Unknown cipher specified: " + str);
                    }
                }
            }
            if (cipherSuite != null) {
                int i2 = i;
                i++;
                cipherSuiteArr[i2] = cipherSuite;
            }
        }
        CipherSuite[] cipherSuiteArr2 = new CipherSuite[i];
        System.arraycopy(cipherSuiteArr, 0, cipherSuiteArr2, 0, i);
        return cipherSuiteArr2;
    }

    @Override // progress.message.net.ssl.ISSLControl
    public void setDebug(boolean z) {
        this.DEBUG = z;
        if (this.DEBUG) {
            this.context.setDebug(1);
            this.context.setDebugOutput(System.out);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setProtocolVersions(Object obj) {
        int[] iArr;
        try {
            SSLParams sSLParams = (SSLParams) getContext();
            boolean booleanValue = Boolean.valueOf(SSLUtil.getProperty(obj, IBrokerConstants.ENABLE_TLSV1_ONLY_ATTR, "false").trim()).booleanValue();
            boolean booleanValue2 = Boolean.valueOf(SSLUtil.getProperty(obj, IBrokerConstants.ENABLE_SSLV3_ONLY_ATTR, "false").trim()).booleanValue();
            if (!booleanValue2 && !booleanValue) {
                iArr = new int[]{768, 769};
            } else if (booleanValue2 && !booleanValue) {
                iArr = new int[]{768};
            } else if (booleanValue2 || !booleanValue) {
                SessionConfig.logMessage("Conflicting values set for ENABLE_SSLV3_ONLY and ENABLE_TLSV1_ONLY properties.  Ignoring both", SessionConfig.getLevelWarning());
                iArr = new int[]{768, 769};
            } else {
                iArr = new int[]{769};
            }
            sSLParams.setVersions(iArr);
        } catch (SSLException e) {
            if (this.DEBUG) {
                e.printStackTrace();
            }
            SessionConfig.logMessage("Unable to set specified protocol versions.  Using default - both SSLV3 and TLSV1 enabled.", SessionConfig.getLevelWarning());
        }
    }
}
