package com.ibm.cics.core.comm;

import com.ibm.cics.common.util.Debug;
import com.ibm.cics.common.util.StringUtil;
import java.io.EOFException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.eclipse.core.runtime.Platform;
import org.eclipse.core.runtime.preferences.IScopeContext;

/* loaded from: input_file:com/ibm/cics/core/comm/ExplorerSecurityHelper.class */
public class ExplorerSecurityHelper {
    static final String COPYRIGHT = "Licensed Materials - Property of IBM 5655EXP (c) Copyright IBM Corp. 2012, 2015 All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static final Debug debug = new Debug(ExplorerSecurityHelper.class);
    private X509TrustManager defaultTrustManager;
    private X509KeyManager defaultKeyManager;
    private KeyStore ts;
    private KeyStore ks;
    private String name;
    private String host;
    private static IPassphraseManager passphraseManager;

    private ExplorerSecurityHelper(String str, String str2, String str3, String str4, String str5, String str6) throws GeneralSecurityException, IOException {
        debug.enter("ExplorerSecurityHelper");
        if (!Platform.getPreferencesService().getBoolean(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.TRUST_STORE_IGNORE, false, (IScopeContext[]) null)) {
            this.ts = KeyStore.getInstance(str3);
            this.ts.load(new FileInputStream(str), str2.toCharArray());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(this.ts);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if ((trustManager instanceof X509TrustManager) && this.defaultTrustManager == null) {
                    this.defaultTrustManager = (X509TrustManager) trustManager;
                }
            }
            this.ks = KeyStore.getInstance(str6);
            this.ks.load(new FileInputStream(str4), str5.toCharArray());
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(this.ks, str5.toCharArray());
            for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
                if ((keyManager instanceof X509KeyManager) && this.defaultKeyManager == null) {
                    this.defaultKeyManager = (X509KeyManager) keyManager;
                }
            }
        }
        debug.exit("ExplorerTrustManager", this.defaultKeyManager);
    }

    public ExplorerSecurityHelper() throws GeneralSecurityException, IOException {
        this(getCurrentTrustStore(), getCurrentTrustStorePassphrase(), Platform.getPreferencesService().getString(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.TRUST_STORE_DBTYPE, "", (IScopeContext[]) null), getCurrentKeyStore(), getCurrentKeyStorePassphrase(), Platform.getPreferencesService().getString(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.KEY_STORE_DBTYPE, "", (IScopeContext[]) null));
    }

    private ExplorerSecurityHelper(String str, String str2) throws GeneralSecurityException, IOException {
        this(getCurrentTrustStore(), getCurrentTrustStorePassphrase(), Platform.getPreferencesService().getString(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.TRUST_STORE_DBTYPE, "", (IScopeContext[]) null), getCurrentKeyStore(), getCurrentKeyStorePassphrase(), Platform.getPreferencesService().getString(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.KEY_STORE_DBTYPE, "", (IScopeContext[]) null));
        this.host = str2;
        this.name = str;
    }

    public static String validateStoreDetail(String str, String str2, String str3, String str4, String str5, String str6) {
        KeyStore keyStore;
        debug.enter("validateStoreDetail");
        String str7 = "";
        try {
            keyStore = KeyStore.getInstance(str3);
            keyStore.load(new FileInputStream(str), str2.toCharArray());
            TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()).init(keyStore);
        } catch (EOFException e) {
            str7 = e.getMessage();
            if (!StringUtil.hasContent(str7)) {
                str7 = e.toString();
            }
        } catch (FileNotFoundException e2) {
            str7 = e2.getMessage();
            if (str7.length() == 0) {
                str7 = e2.toString();
            }
        } catch (IOException e3) {
            str7 = e3.getMessage();
            if (str7.length() == 0) {
                str7 = e3.toString();
            }
        } catch (GeneralSecurityException e4) {
            str7 = e4.getMessage();
        }
        if (keyStore.size() == 0) {
            throw new IOException("Invalid_store_format_message");
        }
        KeyStore keyStore2 = KeyStore.getInstance(str6);
        keyStore2.load(new FileInputStream(str4), str5.toCharArray());
        KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()).init(keyStore2, str5.toCharArray());
        if (keyStore2.size() == 0) {
            throw new IOException("Invalid_store_format_message");
        }
        debug.exit("validateStoreDetail", str7);
        return str7;
    }

    private static String validateTrustStoreDetail(String str, String str2, String str3) {
        debug.enter("validateTrustStoreDetail");
        String str4 = "";
        try {
            KeyStore keyStore = KeyStore.getInstance(str3);
            keyStore.load(new FileInputStream(str), str2.toCharArray());
            TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()).init(keyStore);
            File file = new File(str);
            if (file.canWrite()) {
                keyStore.store(new FileOutputStream(str), str2.toCharArray());
            } else {
                file.setWritable(true);
                keyStore.store(new FileOutputStream(str), str2.toCharArray());
                file.setWritable(false);
            }
        } catch (FileNotFoundException e) {
            str4 = e.getMessage();
            if (str4.length() == 0) {
                str4 = e.toString();
            }
        } catch (IOException e2) {
            str4 = e2.getMessage();
            if (str4.startsWith("DerInputStream")) {
                str4 = String.valueOf(str4) + "- possible invalid DB type";
            }
        } catch (GeneralSecurityException e3) {
            str4 = e3.getMessage();
        }
        debug.exit("validateTrustStoreDetail", str4);
        return str4;
    }

    public static String validateTrustStoreDetail() {
        return validateTrustStoreDetail(getCurrentTrustStore(), getCurrentTrustStorePassphrase(), Platform.getPreferencesService().getString(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.TRUST_STORE_DBTYPE, "", (IScopeContext[]) null));
    }

    public static String getCurrentTrustStore() {
        return Platform.getPreferencesService().getString(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.TRUST_STORE_PATH, "", (IScopeContext[]) null);
    }

    public static String getCurrentTrustStorePassphrase() {
        debug.enter("getCurrentTrustStorePassphrase");
        if (passphraseManager == null) {
            debug.event("getCurrentTrustStorePassphrase", "manager is null");
            return IPassphraseManager.DEFAULT_PASSWORD;
        }
        debug.exit("getCurrentTrustStorePassphrase");
        return passphraseManager.getTrustStorePassphrase();
    }

    public static String getCurrentKeyStore() {
        return Platform.getPreferencesService().getString(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.KEY_STORE_PATH, "", (IScopeContext[]) null);
    }

    public static String getCurrentKeyStorePassphrase() {
        debug.enter("getCurrentKeyStorePassphrase");
        if (passphraseManager == null) {
            debug.event("getCurrentTrustStorePassphrase", "manager is null");
            return IPassphraseManager.DEFAULT_PASSWORD;
        }
        debug.exit("getCurrentKeyStorePassphrase");
        return passphraseManager.getKeyStorePassphrase();
    }

    public static void setPassphraseManager(IPassphraseManager iPassphraseManager) {
        debug.enter("setPassphraseManager");
        passphraseManager = iPassphraseManager;
        debug.exit("setPassphraseManager");
    }

    private static Object[] getSSLContext(String str, String str2) throws IOException {
        SSLContext sSLContext;
        try {
            Boolean bool = false;
            String string = Platform.getPreferencesService().getString(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.SECURITY_PROTOCOL, "", (IScopeContext[]) null);
            if (StringUtil.hasContent(string)) {
                sSLContext = SSLContext.getInstance(string);
            } else {
                try {
                    sSLContext = SSLContext.getInstance("TLS");
                    bool = true;
                } catch (NoSuchAlgorithmException e) {
                    debug.warning("initialiseContext", e);
                    sSLContext = SSLContext.getInstance("SSL");
                }
            }
            ExplorerSecurityHelper explorerSecurityHelper = new ExplorerSecurityHelper(str, str2);
            sSLContext.init(new KeyManager[]{explorerSecurityHelper.getKeyManager()}, new TrustManager[]{explorerSecurityHelper.getTrustManager()}, new SecureRandom());
            debug.event("getSSLContext", getPrintableEnabledProtocols(sSLContext));
            return new Object[]{sSLContext, bool};
        } catch (KeyManagementException e2) {
            debug.error("initialiseContext", e2);
            throw new IOException(e2.toString());
        } catch (NoSuchAlgorithmException e3) {
            debug.error("initialiseContext", e3);
            throw new IOException(e3.toString());
        } catch (GeneralSecurityException e4) {
            debug.error("initialiseContext", e4);
            throw new IOException(e4.toString());
        }
    }

    public static SSLContext setUpSSlContextAndInitialiseHostnameVerifier(String str, String str2) throws IOException {
        Object[] sSLContext = getSSLContext(str, str2);
        SSLSocketFactory sSLSocketFactory = getSSLSocketFactory((SSLContext) sSLContext[0], ((Boolean) sSLContext[1]).booleanValue());
        debug.enter("setUpSSlContextAndInitialiseHostnameVerifier");
        HttpsURLConnection.setDefaultHostnameVerifier(new ExplorerHostnameVerifier());
        HttpsURLConnection.setDefaultSSLSocketFactory(sSLSocketFactory);
        debug.exit("setUpSSlContextAndInitialiseHostnameVerifier", sSLContext[0]);
        return (SSLContext) sSLContext[0];
    }

    private static SSLSocketFactory getSSLSocketFactory(SSLContext sSLContext, boolean z) {
        return new SSLProtocolEnablerDecorator(sSLContext.getSocketFactory(), z);
    }

    public static SSLSocketFactory getSSLSocketFactory(String str, String str2) throws IOException {
        Object[] sSLContext = getSSLContext(str, str2);
        return getSSLSocketFactory((SSLContext) sSLContext[0], ((Boolean) sSLContext[1]).booleanValue());
    }

    private static String getPrintableEnabledProtocols(SSLContext sSLContext) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("Enabled protocols in SSLEngine (specified \"" + sSLContext.getProtocol() + "\"): [");
        for (String str : sSLContext.createSSLEngine().getEnabledProtocols()) {
            stringBuffer.append(String.valueOf(str) + ", ");
        }
        stringBuffer.append("]");
        return stringBuffer.toString();
    }

    public X509TrustManager getTrustManager() {
        return new X509TrustManager() { // from class: com.ibm.cics.core.comm.ExplorerSecurityHelper.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                ExplorerSecurityHelper.debug.enter("checkClientTrusted", x509CertificateArr, str);
                if (!Platform.getPreferencesService().getBoolean(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.TRUST_STORE_IGNORE, false, (IScopeContext[]) null)) {
                    ExplorerSecurityHelper.this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
                }
                ExplorerSecurityHelper.debug.exit("checkClientTrusted");
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                ExplorerSecurityHelper.debug.enter("checkServerTrusted", x509CertificateArr, str);
                if (!Platform.getPreferencesService().getBoolean(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.TRUST_STORE_IGNORE, false, (IScopeContext[]) null)) {
                    try {
                        ExplorerSecurityHelper.this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
                    } catch (CertificateException e) {
                        if (!Platform.getPreferencesService().getBoolean(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.TRUST_STORE_IGNORE, false, (IScopeContext[]) null)) {
                            throw new SecureCertificateException(e, x509CertificateArr, ExplorerSecurityHelper.this.name, ExplorerSecurityHelper.this.host);
                        }
                    }
                }
                ExplorerSecurityHelper.debug.exit("checkServerTrusted");
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                ExplorerSecurityHelper.debug.enter("getAcceptedIssuers");
                X509Certificate[] x509CertificateArr = new X509Certificate[0];
                if (!Platform.getPreferencesService().getBoolean(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.TRUST_STORE_IGNORE, false, (IScopeContext[]) null)) {
                    x509CertificateArr = ExplorerSecurityHelper.this.defaultTrustManager.getAcceptedIssuers();
                }
                ExplorerSecurityHelper.debug.exit("getAcceptedIssuers", x509CertificateArr);
                return x509CertificateArr;
            }
        };
    }

    private X509ExtendedKeyManager getKeyManager() {
        return new X509ExtendedKeyManager() { // from class: com.ibm.cics.core.comm.ExplorerSecurityHelper.2
            @Override // javax.net.ssl.X509KeyManager
            public String[] getServerAliases(String str, Principal[] principalArr) {
                ExplorerSecurityHelper.debug.enter("getServerAliases", str, principalArr);
                if (Platform.getPreferencesService().getBoolean(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.TRUST_STORE_IGNORE, false, (IScopeContext[]) null)) {
                    String[] strArr = new String[0];
                }
                String[] serverAliases = ExplorerSecurityHelper.this.defaultKeyManager.getServerAliases(str, principalArr);
                ExplorerSecurityHelper.debug.exit("getServerAliases", serverAliases);
                return serverAliases;
            }

            @Override // javax.net.ssl.X509KeyManager
            public PrivateKey getPrivateKey(String str) {
                ExplorerSecurityHelper.debug.enter("getPrivateKey", str);
                Platform.getPreferencesService().getBoolean(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.TRUST_STORE_IGNORE, false, (IScopeContext[]) null);
                PrivateKey privateKey = ExplorerSecurityHelper.this.defaultKeyManager.getPrivateKey(str);
                ExplorerSecurityHelper.debug.exit("getPrivateKey", privateKey);
                return privateKey;
            }

            @Override // javax.net.ssl.X509KeyManager
            public String[] getClientAliases(String str, Principal[] principalArr) {
                ExplorerSecurityHelper.debug.enter("getClientAliases", str, principalArr);
                if (Platform.getPreferencesService().getBoolean(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.TRUST_STORE_IGNORE, false, (IScopeContext[]) null)) {
                    String[] strArr = new String[0];
                }
                String[] clientAliases = ExplorerSecurityHelper.this.defaultKeyManager.getClientAliases(str, principalArr);
                ExplorerSecurityHelper.debug.exit("getClientAliases", clientAliases);
                return clientAliases;
            }

            @Override // javax.net.ssl.X509KeyManager
            public X509Certificate[] getCertificateChain(String str) {
                ExplorerSecurityHelper.debug.enter("getCertificateChain", str);
                Platform.getPreferencesService().getBoolean(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.TRUST_STORE_IGNORE, false, (IScopeContext[]) null);
                X509Certificate[] certificateChain = ExplorerSecurityHelper.this.defaultKeyManager.getCertificateChain(str);
                ExplorerSecurityHelper.debug.exit("getCertificateChain", certificateChain);
                return certificateChain;
            }

            @Override // javax.net.ssl.X509KeyManager
            public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
                ExplorerSecurityHelper.debug.enter("chooseServerAlias", str, principalArr);
                Platform.getPreferencesService().getBoolean(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.TRUST_STORE_IGNORE, false, (IScopeContext[]) null);
                String chooseServerAlias = ExplorerSecurityHelper.this.defaultKeyManager.chooseServerAlias(str, principalArr, socket);
                ExplorerSecurityHelper.debug.exit("chooseServerAlias", chooseServerAlias);
                return chooseServerAlias;
            }

            @Override // javax.net.ssl.X509KeyManager
            public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
                ExplorerSecurityHelper.debug.enter("chooseClientAlias", strArr, principalArr);
                Platform.getPreferencesService().getBoolean(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.TRUST_STORE_IGNORE, false, (IScopeContext[]) null);
                String chooseClientAlias = ExplorerSecurityHelper.this.defaultKeyManager.chooseClientAlias(strArr, principalArr, socket);
                ExplorerSecurityHelper.debug.exit("chooseClientAlias", chooseClientAlias);
                return chooseClientAlias;
            }
        };
    }
}
