package com.ibm.rational.test.lt.recorder.proxy.util;

import com.ibm.rational.test.lt.recorder.proxy.IHttpConstants;
import com.ibm.rational.test.lt.recorder.proxy.RecorderProxyCore;
import com.ibm.rational.test.lt.recorder.proxy.internal.proxy.ssl.IX509CertificateGenerator;
import com.ibm.rational.test.lt.recorder.proxy.internal.proxy.ssl.SSLInformation;
import com.ibm.rational.test.lt.recorder.proxy.internal.proxy.ssl.X509CertificateGenerator;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:recorderHttp-remote.jar:com/ibm/rational/test/lt/recorder/proxy/util/SSLServerCertificatesProvider.class */
public class SSLServerCertificatesProvider implements ISSLServerCertificatesProvider {
    private static final String ipv4RegExpWithMask = "((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]\\d|\\d)\\.){3}(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]\\d|\\d)";
    private SSLInformation sslInformation;
    private boolean generateServerCertificate;
    private Map<String, Pair<KeyStore, String>> sslServerDatas = Collections.synchronizedMap(new HashMap());
    private IX509CertificateGenerator certGenerator = new X509CertificateGenerator();
    private List<ByPassedEntry> dontUseSniEntries = new ArrayList();

    public SSLServerCertificatesProvider(List<String> list, boolean z) throws UnrecoverableKeyException, InvalidKeyException, KeyStoreException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, SignatureException, IOException {
        this.generateServerCertificate = z;
        this.sslInformation = new SSLInformation(list, true);
        loadDontUseSniEntries();
    }

    @Override // com.ibm.rational.test.lt.recorder.proxy.util.ISSLServerCertificatesProvider
    public Pair<KeyStore, String> getCertificate(String str, int i) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SecurityException, SignatureException, KeyStoreException, CertificateException, IOException {
        String certificatePass;
        KeyStore loadCertificate;
        String extractDomainName = extractDomainName(this.sslInformation.getHost(str));
        String str2 = String.valueOf(extractDomainName) + IHttpConstants.COLON + i;
        Pair<KeyStore, String> pair = this.sslServerDatas.get(str2);
        if (pair == null) {
            String certificatePath = this.sslInformation.getCertificatePath(str, i);
            if (certificatePath.equals(RecorderProxyCore.RPT_CERTIFICATE_FILEPATH)) {
                if (this.generateServerCertificate) {
                    Tracer.trace(1, "Creating a certificate for: " + str2);
                    certificatePass = "changeit";
                    loadCertificate = this.certGenerator.createX509Certificate(extractDomainName, certificatePass);
                } else {
                    certificatePass = this.sslInformation.getCertificatePass(str, i);
                    loadCertificate = SSLUtil.loadCertificate(certificatePath, certificatePass.toCharArray());
                }
            } else if (certificatePath.equals(UtilMessages.GENERATED_CERTIFICATE)) {
                Tracer.trace(1, "Creating a certificate for: " + str2);
                certificatePass = "changeit";
                loadCertificate = this.certGenerator.createX509Certificate(extractDomainName, certificatePass);
            } else {
                certificatePass = this.sslInformation.getCertificatePass(str, i);
                loadCertificate = SSLUtil.loadCertificate(certificatePath, certificatePass.toCharArray());
            }
            pair = new Pair<>(loadCertificate, certificatePass);
            this.sslServerDatas.put(str2, pair);
        }
        return pair;
    }

    private static String extractDomainName(String str) {
        String[] split;
        int length;
        if (!str.matches(ipv4RegExpWithMask) && (length = (split = str.split("\\.")).length) >= 3) {
            String str2 = "*.";
            for (int i = 1; i < length - 1; i++) {
                str2 = String.valueOf(str2) + split[i] + ".";
            }
            return String.valueOf(str2) + split[length - 1];
        }
        return str;
    }

    @Override // com.ibm.rational.test.lt.recorder.proxy.util.ISSLServerCertificatesProvider
    public boolean dontUseSni(String str, int i) {
        String host = this.sslInformation.getHost(str);
        Iterator<ByPassedEntry> it = this.dontUseSniEntries.iterator();
        while (it.hasNext()) {
            if (it.next().matches(host, i, true)) {
                return true;
            }
        }
        return false;
    }

    private void loadDontUseSniEntries() {
        String property = System.getProperty("rpt.recording.sslServer.dontUseSniFor");
        if (property == null || property == null) {
            return;
        }
        for (String str : property.split(",")) {
            this.dontUseSniEntries.add(new ByPassedEntry(str.trim()));
        }
    }
}
