package progress.message.net.ssl.jsse;

import com.sonicsw.mq.mgmtapi.config.constants.IBrokerConstants;
import com.sonicsw.security.ssl.JSSEConfigManager;
import com.sonicsw.security.ssl.SSLConfig;
import com.sonicsw.security.ssl.SSLUtil;
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.UnknownHostException;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Vector;
import javax.jms.JMSSecurityException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import progress.message.net.ESocketConfigException;
import progress.message.net.ProgressInetAddress;
import progress.message.net.TCPProxy;
import progress.message.net.http.client.tunnel.IHttpProxyConfig;
import progress.message.net.ssl.ISSLControl;
import progress.message.net.ssl.ISSLImpl;
import progress.message.net.ssl.ISSLServerSocket;
import progress.message.net.ssl.ISSLSocket;
import progress.message.security.cert.X509Certificate;
import progress.message.zclient.SessionConfig;

/* loaded from: input_file:progress/message/net/ssl/jsse/jsseSSLImpl.class */
public final class jsseSSLImpl implements ISSLImpl {
    private static boolean DEBUG = false;
    private static boolean DEBUG_CLIENT_CIPHER;
    private static final String TLS_PROTOCOLS_DELIM = ",";
    private static final String TLS_PROTOCOLS_SYSTEM_PROPERTY = "sonicsw.tls.preferred.protocols";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:progress/message/net/ssl/jsse/jsseSSLImpl$jsseSSLSocket.class */
    public class jsseSSLSocket implements ISSLSocket {
        SSLSocket m_impl;
        boolean m_handshakeDone;

        jsseSSLSocket(SSLSocket sSLSocket, boolean z) {
            this.m_impl = null;
            this.m_handshakeDone = false;
            this.m_impl = sSLSocket;
            this.m_handshakeDone = z;
        }

        @Override // progress.message.net.ssl.ISSLSocket
        public void setSoTimeout(int i) throws IOException {
            this.m_impl.setSoTimeout(i);
        }

        @Override // progress.message.net.ssl.ISSLSocket
        public void startHandshake() throws IOException {
            if (jsseSSLImpl.DEBUG) {
                System.out.println(Thread.currentThread() + " starting ssl handshake ...");
            }
            this.m_handshakeDone = true;
            try {
                this.m_impl.startHandshake();
                if (jsseSSLImpl.DEBUG_CLIENT_CIPHER && this.m_impl != null) {
                    System.out.println("Cipher suite: " + this.m_impl.getSession().getCipherSuite());
                }
                if (jsseSSLImpl.DEBUG && this.m_impl != null) {
                    System.out.println("Connection info:");
                    System.out.println("Cipher suite:  " + this.m_impl.getSession().getCipherSuite());
                }
            } catch (IOException e) {
                if (jsseSSLImpl.DEBUG) {
                    e.printStackTrace();
                }
                try {
                    this.m_impl.close();
                } catch (Exception e2) {
                }
                throw e;
            }
        }

        @Override // progress.message.net.ssl.ISSLSocket
        public Socket getImpl() {
            return this.m_impl;
        }

        @Override // progress.message.net.ssl.ISSLSocket
        public X509Certificate getPeerCertificate() {
            X509Certificate[] peerCertificateChain = getPeerCertificateChain();
            if (peerCertificateChain == null || peerCertificateChain.length == 0) {
                return null;
            }
            return peerCertificateChain[0];
        }

        @Override // progress.message.net.ssl.ISSLSocket
        public InetAddress getInetAddress() {
            return this.m_impl.getInetAddress();
        }

        @Override // progress.message.net.ssl.ISSLSocket
        public String getCipherSuite() {
            return this.m_impl.getSession().getCipherSuite();
        }

        @Override // progress.message.net.ssl.ISSLSocket
        public X509Certificate[] getPeerCertificateChain() {
            if (!this.m_handshakeDone) {
                try {
                    startHandshake();
                } catch (SSLHandshakeException e) {
                    if (!jsseSSLImpl.DEBUG) {
                        return null;
                    }
                    e.printStackTrace();
                    return null;
                } catch (SSLPeerUnverifiedException e2) {
                    printClientAuthenticationNotEnabled(e2);
                    return null;
                } catch (IOException e3) {
                    if (!jsseSSLImpl.DEBUG) {
                        return null;
                    }
                    e3.printStackTrace();
                    return null;
                }
            }
            try {
                javax.security.cert.X509Certificate[] peerCertificateChain = this.m_impl.getSession().getPeerCertificateChain();
                if (peerCertificateChain == null || peerCertificateChain.length == 0) {
                    return null;
                }
                X509Certificate[] x509CertificateArr = new X509Certificate[peerCertificateChain.length];
                for (int i = 0; i < peerCertificateChain.length; i++) {
                    x509CertificateArr[i] = new jsseX509Certificate(peerCertificateChain[i]);
                }
                return x509CertificateArr;
            } catch (SSLPeerUnverifiedException e4) {
                printClientAuthenticationNotEnabled(e4);
                return null;
            }
        }

        private void printClientAuthenticationNotEnabled(SSLPeerUnverifiedException sSLPeerUnverifiedException) {
            if (jsseSSLImpl.DEBUG) {
                System.out.println("Caught exception " + sSLPeerUnverifiedException + " - the client authentication may not be enabled!");
            }
        }
    }

    @Override // progress.message.net.ssl.ISSLImpl
    public ISSLControl createSSLClientControl() throws ESocketConfigException {
        return createSSLControl();
    }

    @Override // progress.message.net.ssl.ISSLImpl
    public ISSLControl createSSLServerControl() throws ESocketConfigException {
        return createSSLControl();
    }

    private ISSLControl createSSLControl() throws ESocketConfigException {
        return new jsseSSLControl(DEBUG);
    }

    @Override // progress.message.net.ssl.ISSLImpl
    public ISSLSocket createSSLSocket(String str, int i, ISSLControl iSSLControl, Object obj) throws UnknownHostException, IOException {
        return createSSLSocket(str, i, iSSLControl, null, -1, obj, null);
    }

    @Override // progress.message.net.ssl.ISSLImpl
    public ISSLSocket createSSLSocket(String str, int i, ISSLControl iSSLControl, String str2, int i2, Object obj, IHttpProxyConfig iHttpProxyConfig) throws UnknownHostException, IOException {
        SSLSocket sSLSocket = null;
        try {
            SSLSocketFactory socketFactory = getSSLContext(iSSLControl, obj, false).getSocketFactory();
            sSLSocket = (iHttpProxyConfig == null || iHttpProxyConfig.getHost() == null || iHttpProxyConfig.getHost().trim().length() <= 0 || iHttpProxyConfig.getPort() == -1) ? (str2 == null || i2 == -1) ? (SSLSocket) socketFactory.createSocket(str, i) : (SSLSocket) socketFactory.createSocket(TCPProxy.connectProxy(str, i, str2, i2, null), str, i, true) : (SSLSocket) socketFactory.createSocket(TCPProxy.connectProxy(str, i, str2, i2, iHttpProxyConfig), str, i, true);
            sSLSocket.setEnabledProtocols(getEnabledProtocols(sSLSocket.getSupportedProtocols(), obj));
            if (DEBUG) {
                System.out.println(MessageFormat.format(prAccessor.getString("DBG_ENABLED_PROTOCOLS"), Arrays.toString(sSLSocket.getEnabledProtocols())));
            }
            String[] enabledCipherSuites = getEnabledCipherSuites(((jsseSSLControl) iSSLControl).getEnabledCipherSuites(), sSLSocket.getSupportedCipherSuites(), false);
            sSLSocket.setEnabledCipherSuites(enabledCipherSuites);
            printEnabledChiphers(enabledCipherSuites);
            sSLSocket.startHandshake();
            if (DEBUG_CLIENT_CIPHER && sSLSocket != null) {
                System.out.println("Cipher suite: " + sSLSocket.getSession().getCipherSuite());
            }
            if (DEBUG) {
                System.out.println("Connection info:");
                System.out.println("Cipher suite:  " + sSLSocket.getSession().getCipherSuite());
            }
            return new jsseSSLSocket(sSLSocket, true);
        } catch (IOException e) {
            if (sSLSocket != null) {
                sSLSocket.close();
            }
            throw e;
        } catch (Exception e2) {
            if (sSLSocket != null) {
                sSLSocket.close();
            }
            throw new IOException(e2.getMessage(), e2);
        }
    }

    @Override // progress.message.net.ssl.ISSLImpl
    public ISSLServerSocket createSSLServerSocket(InetAddress inetAddress, int i, int i2, ISSLControl iSSLControl, Object obj) throws IOException {
        return createSSLServerSocket(inetAddress == null ? null : new ProgressInetAddress(inetAddress), i, i2, iSSLControl, obj);
    }

    @Override // progress.message.net.ssl.ISSLImpl
    public ISSLServerSocket createSSLServerSocket(ProgressInetAddress progressInetAddress, int i, int i2, ISSLControl iSSLControl, Object obj) throws IOException {
        try {
            SSLServerSocket sSLServerSocket = (SSLServerSocket) getSSLContext(iSSLControl, obj, true).getServerSocketFactory().createServerSocket(i, i2, progressInetAddress == null ? null : progressInetAddress.getDelegateInetAddress());
            sSLServerSocket.setEnabledProtocols(getEnabledProtocols(sSLServerSocket.getSupportedProtocols(), obj));
            if (DEBUG) {
                System.out.println(MessageFormat.format(prAccessor.getString("DBG_ENABLED_PROTOCOLS"), Arrays.toString(sSLServerSocket.getEnabledProtocols())));
            }
            Boolean booleanProperty = SSLUtil.getBooleanProperty(obj, "SSL_CLIENT_AUTHENTICATION", Boolean.FALSE);
            sSLServerSocket.setNeedClientAuth(booleanProperty.booleanValue());
            if (DEBUG) {
                System.out.println((booleanProperty.booleanValue() ? "Enable" : "Disable") + " client authentication.");
            }
            String[] enabledCipherSuites = getEnabledCipherSuites(((jsseSSLControl) iSSLControl).getEnabledCipherSuites(), sSLServerSocket.getSupportedCipherSuites(), true);
            sSLServerSocket.setEnabledCipherSuites(enabledCipherSuites);
            printEnabledChiphers(enabledCipherSuites);
            return new ISSLServerSocket(sSLServerSocket) { // from class: progress.message.net.ssl.jsse.jsseSSLImpl.1jsseSSLServerSocket
                SSLServerSocket m_impl;

                {
                    this.m_impl = null;
                    this.m_impl = sSLServerSocket;
                }

                @Override // progress.message.net.ssl.ISSLServerSocket
                public ServerSocket getImpl() {
                    return this.m_impl;
                }

                @Override // progress.message.net.ssl.ISSLServerSocket
                public ISSLSocket accept() throws IOException {
                    SSLSocket sSLSocket = null;
                    try {
                        try {
                            sSLSocket = (SSLSocket) this.m_impl.accept();
                            if (0 != 0 && sSLSocket != null) {
                                try {
                                    sSLSocket.close();
                                } catch (Exception e) {
                                }
                            }
                            if (sSLSocket == null) {
                                throw new IOException(". " + prAccessor.getString("ACCEPT_FAIL"));
                            }
                            return new jsseSSLSocket(sSLSocket, false);
                        } catch (IOException e2) {
                            throw new IOException(e2.getMessage() + ". " + prAccessor.getString("ACCEPT_FAIL"), e2);
                        } catch (Exception e3) {
                            e3.printStackTrace();
                            throw new ESocketConfigException(e3.getMessage() + ". " + prAccessor.getString("ACCEPT_FAIL"), e3);
                        }
                    } catch (Throwable th) {
                        if (0 != 0 && sSLSocket != null) {
                            try {
                                sSLSocket.close();
                            } catch (Exception e4) {
                            }
                        }
                        throw th;
                    }
                }

                @Override // progress.message.net.ssl.ISSLServerSocket
                public void setSoTimeout(int i3) throws IOException {
                    this.m_impl.setSoTimeout(i3);
                }
            };
        } catch (IOException e) {
            System.out.println(prAccessor.getString("STR007") + e + e.getMessage());
            throw e;
        }
    }

    private static void printEnabledChiphers(String[] strArr) {
        if (DEBUG) {
            System.out.println(prAccessor.getString("DBG_CIPHERS"));
            for (String str : strArr) {
                System.out.println(str);
            }
        }
    }

    @Override // progress.message.net.ssl.ISSLImpl
    public X509Certificate loadCertificate(File file) {
        return null;
    }

    @Override // progress.message.net.ssl.ISSLImpl
    public X509Certificate loadCertificate(String str) {
        return null;
    }

    @Override // progress.message.net.ssl.ISSLImpl
    public void setDebug(boolean z) {
        DEBUG = z;
        if (DEBUG) {
            DEBUG_CLIENT_CIPHER = true;
        }
    }

    private SSLContext getSSLContext(ISSLControl iSSLControl, Object obj, boolean z) throws IOException {
        try {
            jsseSSLControl jssesslcontrol = (jsseSSLControl) iSSLControl;
            return jssesslcontrol.getSSLContext(new JSSEConfigManager(obj, z, DEBUG, jssesslcontrol));
        } catch (ClassCastException e) {
            IOException iOException = new IOException(e.getMessage());
            System.out.println(prAccessor.getString("STR007") + iOException + iOException.getMessage());
            throw iOException;
        } catch (JMSSecurityException e2) {
            IOException iOException2 = new IOException(e2.getMessage());
            iOException2.fillInStackTrace();
            throw iOException2;
        }
    }

    private static String[] getEnabledCipherSuites(String[] strArr, String[] strArr2, boolean z) throws ESocketConfigException {
        String[] strArr3;
        if (strArr == null || strArr.length == 0) {
            return strArr2;
        }
        Vector vector = new Vector();
        for (int i = 0; i < strArr.length; i++) {
            boolean z2 = false;
            int i2 = 0;
            while (true) {
                if (i2 >= strArr2.length) {
                    break;
                }
                if (strArr[i].equals(strArr2[i2])) {
                    z2 = true;
                    break;
                }
                i2++;
            }
            if (z2) {
                vector.add(strArr[i]);
            } else if (z) {
                SessionConfig.logMessage("Cipher suite " + strArr[i] + " not supported.", SessionConfig.getLevelWarning());
            }
        }
        if (vector.size() == 0) {
            throw new ESocketConfigException("None of configured cipher suite(s) supported.");
        }
        if (vector.size() == strArr.length) {
            strArr3 = strArr;
        } else {
            strArr3 = new String[vector.size()];
            vector.copyInto(strArr3);
        }
        return strArr3;
    }

    private String[] getEnabledProtocols(String[] strArr, Object obj) {
        if (DEBUG) {
            System.out.println(MessageFormat.format(prAccessor.getString("DBG_SUPPORTED_PROTOCOLS"), Arrays.toString(strArr)));
        }
        String[] strArr2 = null;
        String property = System.getProperty(TLS_PROTOCOLS_SYSTEM_PROPERTY);
        String property2 = SSLUtil.getProperty(obj, "SSL_TLS_PREFERRED_PROTOCOLS", null);
        if (property2 != null && !property2.trim().isEmpty()) {
            property = property2;
        }
        if (property != null && !property.trim().isEmpty()) {
            String[] split = property.split(TLS_PROTOCOLS_DELIM);
            for (int i = 0; i < split.length; i++) {
                split[i] = split[i].trim();
            }
            return split;
        }
        boolean booleanValue = SSLUtil.getBooleanProperty(obj, IBrokerConstants.ENABLE_TLSV1_ONLY_ATTR, Boolean.FALSE).booleanValue();
        boolean booleanValue2 = SSLUtil.getBooleanProperty(obj, IBrokerConstants.ENABLE_SSLV3_ONLY_ATTR, Boolean.FALSE).booleanValue();
        HashSet hashSet = new HashSet();
        if (!(booleanValue2 || booleanValue) || (booleanValue2 && booleanValue)) {
            strArr2 = strArr;
        } else if (booleanValue2) {
            for (String str : strArr) {
                if (str.equalsIgnoreCase("SSLv3") || str.equals("SSLv2Hello")) {
                    hashSet.add(str);
                }
            }
            strArr2 = (String[]) hashSet.toArray(new String[0]);
        } else if (booleanValue) {
            for (String str2 : strArr) {
                if (!str2.equals("SSLv3")) {
                    hashSet.add(str2);
                }
            }
            strArr2 = (String[]) hashSet.toArray(new String[0]);
        }
        return strArr2;
    }

    static {
        DEBUG_CLIENT_CIPHER = false;
        Boolean booleanProperty = SSLUtil.getBooleanProperty(null, SSLConfig.SSL_DEBUG_CLIENT_CIPHER, Boolean.FALSE);
        if (booleanProperty == null || !booleanProperty.booleanValue()) {
            return;
        }
        DEBUG_CLIENT_CIPHER = true;
    }
}
