package com.ibm.ctg.client;

import com.ibm.ctg.security.SecureString;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.HashMap;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:install/CICS32kSample.zip:cicseci9101/build/classes/ctgclient.jar:com/ibm/ctg/client/SSLContextFactory.class
  input_file:install/CICS32kSample.zip:cicseci9101/connectorModule/ctgclient.jar:com/ibm/ctg/client/SSLContextFactory.class
  input_file:install/taderc25.zip:cicseci9101/build/classes/ctgclient.jar:com/ibm/ctg/client/SSLContextFactory.class
  input_file:install/taderc25.zip:cicseci9101/connectorModule/ctgclient.jar:com/ibm/ctg/client/SSLContextFactory.class
  input_file:install/taderc99.zip:cicseci9101/build/classes/ctgclient.jar:com/ibm/ctg/client/SSLContextFactory.class
  input_file:install/taderc99.zip:cicseci9101/connectorModule/ctgclient.jar:com/ibm/ctg/client/SSLContextFactory.class
  input_file:install/taderc99command.zip:cicseci9101/build/classes/ctgclient.jar:com/ibm/ctg/client/SSLContextFactory.class
 */
/* loaded from: input_file:install/taderc99command.zip:cicseci9101/connectorModule/ctgclient.jar:com/ibm/ctg/client/SSLContextFactory.class */
public class SSLContextFactory {
    public static final String CLASS_VERSION = "@(#) java/com/ibm/ctg/client/SSLContextFactory.java, cd_gw_protocolhandlers, c910-bsf c910-20150128-1005";
    static final String copyright_notice = "Licensed Materials - Property of IBM 5724-I81,5725-B65,5655-Y20 (c) Copyright IBM Corp. 2004, 2014 All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static final String KEYSTORE_JKS = "JKS";
    private static final String KEYSTORE_HWJKS = "JCECCAKS";
    private static final String KEYSTORE_RACF = "JCERACFKS";
    private static final String KEYSTORE_HWRACF = "JCECCARACFKS";
    private static String PROTOCOL_SSL = "TLS";
    private static final char[] RACF_PWD = "CTGKEYS".toCharArray();
    private static final HashMap<String, KeyManagerFactory> keyMgrFactories = new HashMap<>();
    private static final HashMap<String, TrustManagerFactory> trustMgrFactories = new HashMap<>();

    private SSLContextFactory() {
    }

    public static void setProtocol(String str) {
        PROTOCOL_SSL = str;
    }

    public static SSLContext getSSLContext(String str, SecureString secureString) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
        T.in(SSLContextFactory.class, "getSSLContext", str, "PASSWORD");
        SSLContext sSLContext = getSSLContext(str, secureString, false);
        T.out(SSLContextFactory.class, "getSSLContext");
        return sSLContext;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v19, types: [java.io.InputStream] */
    public static SSLContext getSSLContext(String str, SecureString secureString, boolean z) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
        FileInputStream fileInputStream;
        T.in(SSLContextFactory.class, "getSSLContext", str, "PASSWORD", Boolean.valueOf(z));
        try {
            fileInputStream = new URL(str).openStream();
        } catch (MalformedURLException e) {
            fileInputStream = new FileInputStream(str);
        }
        char[] cArr = null;
        if (secureString != null && secureString.length() > 0) {
            cArr = secureString.getString().toCharArray();
        }
        SSLContext makeSSLContext = makeSSLContext(str, fileInputStream, cArr, z ? KEYSTORE_HWJKS : "JKS");
        T.out(SSLContextFactory.class, "getSSLContext");
        return makeSSLContext;
    }

    public static SSLContext getSSLContext(String str) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException, UnsupportedOperationException {
        T.in(SSLContextFactory.class, "getSSLContext", str);
        SSLContext sSLContext = getSSLContext(str, false);
        T.out(SSLContextFactory.class, "getSSLContext");
        return sSLContext;
    }

    public static SSLContext getSSLContext(String str, boolean z) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException, UnsupportedOperationException {
        InputStream makeInputStream;
        String str2;
        T.in(SSLContextFactory.class, "getSSLContext", str, Boolean.valueOf(z));
        if (z) {
            makeInputStream = makeInputStream("com.ibm.crypto.hdwrCCA.provider.RACFInputStream", str);
            str2 = KEYSTORE_HWRACF;
        } else {
            makeInputStream = makeInputStream("com.ibm.crypto.provider.RACFInputStream", str);
            str2 = "JCERACFKS";
        }
        SSLContext makeSSLContext = makeSSLContext(str, makeInputStream, RACF_PWD, str2);
        T.out(SSLContextFactory.class, "getSSLContext");
        return makeSSLContext;
    }

    private static SSLContext makeSSLContext(String str, InputStream inputStream, char[] cArr, String str2) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
        T.in(SSLContextFactory.class, "makeSSLContext", str, inputStream, str2);
        KeyManagerFactory keyManagerFactory = keyMgrFactories.get(str);
        TrustManagerFactory trustManagerFactory = trustMgrFactories.get(str);
        if (keyManagerFactory == null || trustManagerFactory == null) {
            T.ln(SSLContextFactory.class, "No cached factory objects for key ring");
            String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
            T.ln(SSLContextFactory.class, "JSSE KeyManagerAlgorithm is {0}", defaultAlgorithm);
            KeyStore keyStore = KeyStore.getInstance(str2);
            keyManagerFactory = KeyManagerFactory.getInstance(defaultAlgorithm);
            trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm);
            keyStore.load(inputStream, cArr);
            keyManagerFactory.init(keyStore, cArr);
            trustManagerFactory.init(keyStore);
            T.ln(SSLContextFactory.class, "Caching factory objects: {0}/{1}", keyManagerFactory, trustManagerFactory);
            keyMgrFactories.put(str, keyManagerFactory);
            trustMgrFactories.put(str, trustManagerFactory);
        } else {
            T.ln(SSLContextFactory.class, "Using cached factory objects: {0}/{1}", keyManagerFactory, trustManagerFactory);
        }
        SSLContext sSLContext = SSLContext.getInstance(PROTOCOL_SSL);
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
        T.out(SSLContextFactory.class, "makeSSLContext", sSLContext);
        return sSLContext;
    }

    private static InputStream makeInputStream(String str, String str2) throws UnsupportedOperationException, IOException {
        T.in(SSLContextFactory.class, "makeInputStream", str, str2);
        try {
            InputStream inputStream = (InputStream) Class.forName(str).getConstructor(String.class, String.class, char[].class).newInstance(System.getProperty("user.name"), str2, RACF_PWD);
            T.out(SSLContextFactory.class, "makeInputStream");
            return inputStream;
        } catch (ClassNotFoundException e) {
            T.ln(SSLContextFactory.class, "Could not load the RACFInputStream class");
            T.ex(SSLContextFactory.class, e);
            throw new UnsupportedOperationException();
        } catch (IllegalAccessException e2) {
            T.ln(SSLContextFactory.class, "RACFInputStream constructor is inaccessible");
            T.ex(SSLContextFactory.class, e2);
            throw new UnsupportedOperationException();
        } catch (IllegalArgumentException e3) {
            T.ln(SSLContextFactory.class, "Illegal arguments passed to stream constructor");
            T.ex(SSLContextFactory.class, e3);
            throw new UnsupportedOperationException();
        } catch (InstantiationException e4) {
            T.ln(SSLContextFactory.class, "RACFInputStream is abstract and cannot be instantiated");
            T.ex(SSLContextFactory.class, e4);
            throw new UnsupportedOperationException();
        } catch (NoSuchMethodException e5) {
            T.ln(SSLContextFactory.class, "Attempted to load a method that didn't exist");
            T.ex(SSLContextFactory.class, e5);
            throw new UnsupportedOperationException();
        } catch (SecurityException e6) {
            T.ln(SSLContextFactory.class, "SecurityException caught while trying to get Constructor");
            T.ex(SSLContextFactory.class, e6);
            throw new UnsupportedOperationException();
        } catch (InvocationTargetException e7) {
            T.ln(SSLContextFactory.class, "InvocationTargetException thrown in RACFInputStream constructor");
            T.ex(SSLContextFactory.class, e7);
            IOException iOException = new IOException(e7.getTargetException().getMessage());
            iOException.initCause(e7.getTargetException());
            throw iOException;
        }
    }

    static {
        try {
            if ("strict".equals(System.getProperty("com.ibm.jsse2.sp800-131", "off"))) {
                T.ln(SSLContextFactory.class, "SP800-131 strict enabled,  setting protocol to TLSv1.2");
                setProtocol("TLSv1.2");
            } else {
                setProtocol("TLS");
            }
        } catch (SecurityException e) {
            T.ln(SSLContextFactory.class, "Unable to access com.ibm.jsse2.sp800-131 system property, setting protocol to TLS: {0}", e.getMessage());
            setProtocol("TLS");
        }
    }
}
