package com.ibm.cics.core.comm;

import com.ibm.cics.common.util.Debug;
import com.ibm.cics.common.util.StringUtil;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import org.eclipse.core.runtime.Platform;
import org.eclipse.core.runtime.preferences.IScopeContext;

/* loaded from: input_file:com/ibm/cics/core/comm/ExplorerSecurityHelper.class */
public class ExplorerSecurityHelper {
    static final String COPYRIGHT = "Licensed Materials - Property of IBM 5655EXP (c) Copyright IBM Corp. 2012, 2015 All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static IPassphraseManager passphraseManager;
    private static final Debug debug = new Debug(ExplorerSecurityHelper.class);
    private static KeystorePreferencesAdapter preferenceSource = new KeystorePreferencesAdapter();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/ibm/cics/core/comm/ExplorerSecurityHelper$IgnoreTrustManager.class */
    public static class IgnoreTrustManager extends X509ExtendedTrustManager {
        IgnoreTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        }
    }

    /* loaded from: input_file:com/ibm/cics/core/comm/ExplorerSecurityHelper$KeystorePreferencesAdapter.class */
    public static class KeystorePreferencesAdapter {
        public String getTrustStoreType() {
            return Platform.getPreferencesService().getString(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.TRUST_STORE_DBTYPE, "", (IScopeContext[]) null);
        }

        public String getTrustStorePath() {
            return Platform.getPreferencesService().getString(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.TRUST_STORE_PATH, "", (IScopeContext[]) null);
        }

        public String getKeyStoreType() {
            return Platform.getPreferencesService().getString(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.KEY_STORE_DBTYPE, "", (IScopeContext[]) null);
        }

        public String getKeyStorePath() {
            return Platform.getPreferencesService().getString(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.KEY_STORE_PATH, "", (IScopeContext[]) null);
        }

        public String getSecurityProtocol() {
            return Platform.getPreferencesService().getString(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.SECURITY_PROTOCOL, "", (IScopeContext[]) null);
        }

        public boolean isIgnoreTrustStore() {
            return Platform.getPreferencesService().getBoolean(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.TRUST_STORE_IGNORE, false, (IScopeContext[]) null);
        }

        public boolean isUsePkcs11() {
            return Platform.getPreferencesService().getBoolean(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.USE_PKCS11_DRIVER, false, (IScopeContext[]) null);
        }

        public String getPkcs11DriverPath() {
            return Platform.getPreferencesService().getString(Activator.getDefault().getBundle().getSymbolicName(), ISecurityPreferencesConstants.SMARTCARD_DRIVER_PATH, "", (IScopeContext[]) null);
        }
    }

    @Deprecated
    public ExplorerSecurityHelper() {
    }

    static void setKeyStorePreferenceSource(KeystorePreferencesAdapter keystorePreferencesAdapter) {
        preferenceSource = keystorePreferencesAdapter;
    }

    public static ExplorerTrustStore getTrustStore() throws GeneralSecurityException, IOException {
        return new ExplorerTrustStore(getFileBasedKeyStore(true));
    }

    public static ExplorerKeyStore getKeyStore(String str) throws GeneralSecurityException, IOException {
        KeyStore fileBasedKeyStore;
        Map<String, Provider> windowsSmartCardProvider;
        String str2 = null;
        if (str.equals(CertificateDetails.SOURCE_SMARTCARD)) {
            String str3 = null;
            if (preferenceSource.isUsePkcs11()) {
                windowsSmartCardProvider = ExplorerKeyStoreManager.getPkcs11Provider(preferenceSource.getPkcs11DriverPath());
                str3 = getSmartcardPin();
            } else {
                windowsSmartCardProvider = ExplorerKeyStoreManager.getWindowsSmartCardProvider();
            }
            fileBasedKeyStore = ExplorerKeyStoreManager.getSmartcardKeyStore(windowsSmartCardProvider, str3);
        } else {
            fileBasedKeyStore = getFileBasedKeyStore(false);
            str2 = getCurrentKeyStorePassphrase();
        }
        return new ExplorerKeyStore(str, fileBasedKeyStore, str2);
    }

    private static KeyStore getFileBasedKeyStore(boolean z) throws GeneralSecurityException, IOException {
        String currentTrustStore = z ? getCurrentTrustStore() : getCurrentKeyStore();
        String currentTrustStorePassphrase = z ? getCurrentTrustStorePassphrase() : getCurrentKeyStorePassphrase();
        KeyStore keyStore = KeyStore.getInstance(z ? preferenceSource.getTrustStoreType() : preferenceSource.getKeyStoreType());
        keyStore.load(new FileInputStream(currentTrustStore), currentTrustStorePassphrase.toCharArray());
        return keyStore;
    }

    public static String validateStoreDetail(String str, String str2, String str3, String str4, String str5, String str6) {
        return ExplorerKeyStoreManager.validateKeyAndTrustStore(str, str2, str3, str4, str5, str6);
    }

    public static String validateTrustStoreDetail() {
        return ExplorerKeyStoreManager.validateCanWriteTrustStore(preferenceSource.getTrustStoreType(), getCurrentTrustStore(), getCurrentTrustStorePassphrase());
    }

    public static String getCurrentTrustStore() {
        return preferenceSource.getTrustStorePath();
    }

    public static String getCurrentTrustStorePassphrase() {
        debug.enter("getCurrentTrustStorePassphrase");
        if (passphraseManager == null) {
            debug.event("getCurrentTrustStorePassphrase", "manager is null");
            return IPassphraseManager.DEFAULT_PASSWORD;
        }
        debug.exit("getCurrentTrustStorePassphrase");
        return passphraseManager.getTrustStorePassphrase();
    }

    public static String getCurrentKeyStore() {
        return preferenceSource.getKeyStorePath();
    }

    public static String getCurrentKeyStorePassphrase() {
        debug.enter("getCurrentKeyStorePassphrase");
        if (passphraseManager == null) {
            debug.event("getCurrentTrustStorePassphrase", "manager is null");
            return IPassphraseManager.DEFAULT_PASSWORD;
        }
        debug.exit("getCurrentKeyStorePassphrase");
        return passphraseManager.getKeyStorePassphrase();
    }

    public static void setPassphraseManager(IPassphraseManager iPassphraseManager) {
        debug.enter("setPassphraseManager");
        passphraseManager = iPassphraseManager;
        debug.exit("setPassphraseManager");
    }

    public static Object[] getSSLContext(String str, String str2) throws IOException {
        return getSSLContext(str, str2, null);
    }

    static Object[] getKeyAndTrustManagers(String str, String str2, CertificateDetails certificateDetails) throws IOException, GeneralSecurityException {
        Object[] objArr = new Object[2];
        objArr[0] = certificateDetails != null ? getKeyStore(certificateDetails.getSource()).getKeyManagerForCertificate(certificateDetails) : null;
        objArr[1] = preferenceSource.isIgnoreTrustStore() ? new IgnoreTrustManager() : ExplorerKeyStoreManager.getTrustManager(str, str2, getTrustStore());
        debug.event("getKeyAndTrustManagers", new Object[]{str, str2, certificateDetails, objArr[0], objArr[1]});
        return objArr;
    }

    public static Object[] getSSLContext(String str, String str2, CertificateDetails certificateDetails) throws IOException {
        SSLContext sSLContext;
        try {
            Boolean bool = false;
            String securityProtocol = preferenceSource.getSecurityProtocol();
            if (StringUtil.hasContent(securityProtocol)) {
                sSLContext = SSLContext.getInstance(securityProtocol);
            } else {
                try {
                    sSLContext = SSLContext.getInstance("TLSv1.2");
                    debug.event("getSSLContext", "TLSv1.2");
                    bool = true;
                } catch (NoSuchAlgorithmException e) {
                    debug.warning("getSSLContext", e);
                    try {
                        sSLContext = SSLContext.getInstance("TLS");
                        debug.event("getSSLContext", "TLS");
                        bool = true;
                    } catch (NoSuchAlgorithmException e2) {
                        debug.warning("getSSLContext", e2);
                        sSLContext = SSLContext.getInstance("SSL");
                        debug.event("getSSLContext", "SSL");
                    }
                }
            }
            Object[] keyAndTrustManagers = getKeyAndTrustManagers(str, str2, certificateDetails);
            sSLContext.init(new KeyManager[]{(KeyManager) keyAndTrustManagers[0]}, new TrustManager[]{(TrustManager) keyAndTrustManagers[1]}, new SecureRandom());
            debug.event("getSSLContext", getPrintableEnabledProtocols(sSLContext));
            return new Object[]{sSLContext, bool};
        } catch (KeyManagementException e3) {
            throw new IOException(createExceptionMessage(e3));
        } catch (NoSuchAlgorithmException e4) {
            throw new IOException(createExceptionMessage(e4));
        } catch (GeneralSecurityException e5) {
            throw new IOException(createExceptionMessage(e5));
        }
    }

    private static String createExceptionMessage(Exception exc) {
        return exc.getCause() != null ? String.valueOf(exc.toString()) + " (" + exc.getCause().getMessage() + ")" : exc.toString();
    }

    @Deprecated
    public X509TrustManager getTrustManager() {
        try {
            return preferenceSource.isIgnoreTrustStore() ? new IgnoreTrustManager() : ExplorerKeyStoreManager.getTrustManager(null, null, getTrustStore());
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    @Deprecated
    public static SSLContext setUpSSlContextAndInitialiseHostnameVerifier(String str, String str2) throws IOException {
        Object[] sSLContext = getSSLContext(str, str2);
        SSLSocketFactory sSLSocketFactory = getSSLSocketFactory((SSLContext) sSLContext[0], ((Boolean) sSLContext[1]).booleanValue());
        debug.enter("setUpSSlContextAndInitialiseHostnameVerifier");
        HttpsURLConnection.setDefaultHostnameVerifier(new ExplorerHostnameVerifier());
        HttpsURLConnection.setDefaultSSLSocketFactory(sSLSocketFactory);
        debug.exit("setUpSSlContextAndInitialiseHostnameVerifier", sSLContext[0]);
        return (SSLContext) sSLContext[0];
    }

    private static SSLSocketFactory getSSLSocketFactory(SSLContext sSLContext, boolean z) {
        return new SSLProtocolEnablerDecorator(sSLContext.getSocketFactory(), z);
    }

    public static SSLSocketFactory getSSLSocketFactory(String str, String str2, CertificateDetails certificateDetails) throws IOException {
        Object[] sSLContext = getSSLContext(str, str2, certificateDetails);
        return getSSLSocketFactory((SSLContext) sSLContext[0], ((Boolean) sSLContext[1]).booleanValue());
    }

    public static SSLSocketFactory getSSLSocketFactory(String str, String str2) throws IOException {
        Object[] sSLContext = getSSLContext(str, str2);
        return getSSLSocketFactory((SSLContext) sSLContext[0], ((Boolean) sSLContext[1]).booleanValue());
    }

    private static String getPrintableEnabledProtocols(SSLContext sSLContext) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("Enabled protocols in SSLEngine (specified \"" + sSLContext.getProtocol() + "\"): [");
        for (String str : sSLContext.createSSLEngine().getEnabledProtocols()) {
            stringBuffer.append(String.valueOf(str) + ", ");
        }
        stringBuffer.append("]");
        return stringBuffer.toString();
    }

    public static String getSmartcardPin() {
        return passphraseManager.getSmartcardPIN();
    }

    public static void setSmartcardPin(String str) {
        passphraseManager.setSmartcardPin(str);
    }
}
