package com.ibm.ctg.server;

import com.ibm.ccl.util.Scrambler;
import com.ibm.ctg.client.JSSEUtils;
import com.ibm.ctg.client.SSLContextFactory;
import com.ibm.ctg.client.T;
import com.ibm.ctg.security.SecureString;
import com.ibm.ctg.server.configuration.Product;
import com.ibm.ctg.server.configuration.exceptions.NoCipherSuitesAvailableException;
import com.ibm.ctg.server.isc.Connection;
import com.ibm.ctg.server.isc.SessionManager;
import com.ibm.ctg.server.isc.SslConnection;
import com.ibm.ctg.server.logging.Log;
import com.ibm.ctg.util.OSInfo;
import com.ibm.ctg.util.OSVersion;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import psft.pt8.cache.CacheConstants;

/* JADX WARN: Classes with same name are omitted:
  input_file:install/CICS32kSample.zip:cicseci9101/build/classes/ctgserver.jar:com/ibm/ctg/server/GatewaySSL.class
  input_file:install/CICS32kSample.zip:cicseci9101/connectorModule/ctgserver.jar:com/ibm/ctg/server/GatewaySSL.class
  input_file:install/taderc25.zip:cicseci9101/build/classes/ctgserver.jar:com/ibm/ctg/server/GatewaySSL.class
  input_file:install/taderc25.zip:cicseci9101/connectorModule/ctgserver.jar:com/ibm/ctg/server/GatewaySSL.class
  input_file:install/taderc99.zip:cicseci9101/build/classes/ctgserver.jar:com/ibm/ctg/server/GatewaySSL.class
  input_file:install/taderc99.zip:cicseci9101/connectorModule/ctgserver.jar:com/ibm/ctg/server/GatewaySSL.class
  input_file:install/taderc99command.zip:cicseci9101/build/classes/ctgserver.jar:com/ibm/ctg/server/GatewaySSL.class
 */
/* loaded from: input_file:install/taderc99command.zip:cicseci9101/connectorModule/ctgserver.jar:com/ibm/ctg/server/GatewaySSL.class */
public class GatewaySSL {
    public static final String CLASS_VERSION = "@(#) java/com/ibm/ctg/server/GatewaySSL.java, cd_gw_server, c910-bsf c910-20150128-1005";
    static final String copyright_notice = "Licensed Materials - Property of IBM 5724-I81,5725-B65,5655-Y20 (c) Copyright IBM Corp. 2012, 2014 All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static String keyRing = "";
    private static SecureString keyRingPwMasked;
    private static boolean esmKeyRing;
    private static boolean hwCrypto;
    private static final int ESRCH = 143;
    private static final int EMVSSAFEXTRERR = 163;
    private static final int EMVSEXPIRE = 168;

    /* JADX WARN: Classes with same name are omitted:
      input_file:install/CICS32kSample.zip:cicseci9101/build/classes/ctgserver.jar:com/ibm/ctg/server/GatewaySSL$GatewaySSLException.class
      input_file:install/CICS32kSample.zip:cicseci9101/connectorModule/ctgserver.jar:com/ibm/ctg/server/GatewaySSL$GatewaySSLException.class
      input_file:install/taderc25.zip:cicseci9101/build/classes/ctgserver.jar:com/ibm/ctg/server/GatewaySSL$GatewaySSLException.class
      input_file:install/taderc25.zip:cicseci9101/connectorModule/ctgserver.jar:com/ibm/ctg/server/GatewaySSL$GatewaySSLException.class
      input_file:install/taderc99.zip:cicseci9101/build/classes/ctgserver.jar:com/ibm/ctg/server/GatewaySSL$GatewaySSLException.class
      input_file:install/taderc99.zip:cicseci9101/connectorModule/ctgserver.jar:com/ibm/ctg/server/GatewaySSL$GatewaySSLException.class
      input_file:install/taderc99command.zip:cicseci9101/build/classes/ctgserver.jar:com/ibm/ctg/server/GatewaySSL$GatewaySSLException.class
     */
    /* loaded from: input_file:install/taderc99command.zip:cicseci9101/connectorModule/ctgserver.jar:com/ibm/ctg/server/GatewaySSL$GatewaySSLException.class */
    public static class GatewaySSLException extends Exception {
        private static final long serialVersionUID = 1;

        public GatewaySSLException(String str) {
            super(str);
        }
    }

    private static native String getESMUID(String str, byte[] bArr, int[] iArr);

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void initialize(Product product) {
        setKeyRing(product.getKeyRing());
        setKeyRingPassword(product.getKeyRingPw(), product.getKeyRingPwScrambled());
        setEsmKeyRing(product.getESMKeyRing());
        setHardwareCrypto(product.getHWCrypt());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void validateCipherSuites() throws NoCipherSuitesAvailableException, UnrecoverableKeyException, KeyManagementException, KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        T.in(GatewaySSL.class, "validateCipherSuites");
        String jSSEInfo = JSSEUtils.getJSSEInfo();
        if (jSSEInfo != null) {
            Log.printInfoLn("8405", 0, new Object[]{jSSEInfo});
        }
        try {
            String[] supportedCipherSuites = (esmKeyRing ? SSLContextFactory.getSSLContext(keyRing, hwCrypto) : SSLContextFactory.getSSLContext(keyRing, keyRingPwMasked, hwCrypto)).createSSLEngine().getSupportedCipherSuites();
            Log.printInfoLn("8489", 0, (Object[]) null);
            for (int i = 0; i < supportedCipherSuites.length; i++) {
                Log.printInfoLn(CacheConstants.TAB + supportedCipherSuites[i], i + 1);
            }
            boolean z = false;
            for (Connection connection : SessionManager.getInstance().getConnectionManager().getConnections()) {
                if (connection instanceof SslConnection) {
                    SslConnection sslConnection = (SslConnection) connection;
                    if (sslConnection.getCipherSuites() != null && filterCipherSuites(supportedCipherSuites, sslConnection.getCipherSuites(), null).length == 0) {
                        Log.printErrorLn("8487", 0, new Object[]{sslConnection.getINIFileDefinitionName()});
                        z = true;
                    }
                }
            }
            if (z) {
                throw new NoCipherSuitesAvailableException();
            }
            T.out(GatewaySSL.class, "validateCipherSuites");
        } catch (UnsupportedEncodingException e) {
            T.ex(GatewaySSL.class, e);
            Log.printErrorLn("8491", 0, new Object[]{keyRing, e});
            throw e;
        } catch (IOException e2) {
            T.ex(GatewaySSL.class, e2);
            Log.printErrorLn("8491", 0, new Object[]{keyRing, e2});
            throw e2;
        } catch (IllegalArgumentException e3) {
            T.ex(GatewaySSL.class, e3);
            Log.printErrorLn("8491", 0, new Object[]{keyRing, e3});
            throw e3;
        } catch (KeyManagementException e4) {
            T.ex(GatewaySSL.class, e4);
            Log.printErrorLn("8491", 0, new Object[]{keyRing, e4});
            throw e4;
        } catch (KeyStoreException e5) {
            T.ex(GatewaySSL.class, e5);
            Log.printErrorLn("8491", 0, new Object[]{keyRing, e5});
            throw e5;
        } catch (NoSuchAlgorithmException e6) {
            T.ex(GatewaySSL.class, e6);
            Log.printErrorLn("8491", 0, new Object[]{keyRing, e6});
            throw e6;
        } catch (UnrecoverableKeyException e7) {
            T.ex(GatewaySSL.class, e7);
            Log.printErrorLn("8491", 0, new Object[]{keyRing, e7});
            throw e7;
        } catch (CertificateException e8) {
            T.ex(GatewaySSL.class, e8);
            Log.printErrorLn("8491", 0, new Object[]{keyRing, e8});
            throw e8;
        }
    }

    public static String getKeyRing() {
        return keyRing;
    }

    public static void setKeyRing(String str) {
        keyRing = str;
        T.ln(GatewaySSL.class, "SSL key ring: {0}", str);
    }

    public static SecureString getKeyRingPassword() {
        return keyRingPwMasked;
    }

    public static void setKeyRingPassword(String str, boolean z) {
        if (z) {
            try {
                str = Scrambler.descramble(str);
            } catch (IllegalArgumentException e) {
                T.ex(GatewaySSL.class, e);
                str = "";
            }
        }
        keyRingPwMasked = new SecureString(str);
        T.ln(GatewaySSL.class, "SSL key ring password updated");
    }

    public static boolean useEsmKeyRing() {
        return esmKeyRing;
    }

    public static void setEsmKeyRing(boolean z) {
        if (OSVersion.OPERATING_SYSTEM.equals(OSInfo.ZOS)) {
            esmKeyRing = z;
        }
        T.ln(GatewaySSL.class, "Use ESM key ring: {0}", Boolean.valueOf(esmKeyRing));
    }

    public static boolean useHardwareCrypto() {
        return hwCrypto;
    }

    public static void setHardwareCrypto(boolean z) {
        if (OSVersion.OPERATING_SYSTEM.equals(OSInfo.ZOS)) {
            hwCrypto = z;
        }
        T.ln(GatewaySSL.class, "Use hardware cryptography: {0}", Boolean.valueOf(hwCrypto));
    }

    public static String[] filterCipherSuites(String[] strArr, String[] strArr2, Set<String> set) {
        T.in(GatewaySSL.class, "filterCipherSuites", strArr, strArr2, set);
        HashSet hashSet = new HashSet(Arrays.asList(strArr));
        HashSet hashSet2 = new HashSet(Arrays.asList(strArr2));
        traceCipherSuites("Available", hashSet);
        traceCipherSuites("Configured", hashSet2);
        hashSet.retainAll(hashSet2);
        traceCipherSuites("Actual", hashSet);
        String[] strArr3 = (String[]) hashSet.toArray(new String[0]);
        if (set != null) {
            set.addAll(hashSet2);
            set.removeAll(hashSet);
            traceCipherSuites("Unused", set);
        }
        T.out(GatewaySSL.class, "filterCipherSuites", strArr3);
        return strArr3;
    }

    public static String getEsmUserid(X509Certificate x509Certificate) throws GatewaySSLException {
        T.in(GatewaySSL.class, "getEsmUserid");
        try {
            byte[] encoded = x509Certificate.getEncoded();
            int[] iArr = new int[2];
            T.in(GatewaySSL.class, "native:getESMUID");
            String esmuid = getESMUID(Thread.currentThread().getName(), encoded, iArr);
            T.out(GatewaySSL.class, "native:getESMUID", iArr[0]);
            if (iArr[0] == -1) {
                int i = iArr[1];
                Log.printErrorLn("9923", 0, new Object[]{Integer.valueOf(i)});
                if (i != 143 && i != 168 && i != 163) {
                    throw new GatewaySSLException("Call to getESMUID failed");
                }
                esmuid = null;
            }
            T.out(GatewaySSL.class, "getEsmUserid", esmuid);
            return esmuid;
        } catch (CertificateEncodingException e) {
            T.ex(GatewaySSL.class, e);
            throw new GatewaySSLException(e.toString());
        }
    }

    private static void traceCipherSuites(String str, Set<String> set) {
        T.ln(GatewaySSL.class, "{0} cipher suites:", str);
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            T.ln(GatewaySSL.class, "\t{0}", it.next());
        }
    }
}
