package com.sun.enterprise.security.ssl.impl;

import com.sun.enterprise.security.ssl.manager.UnifiedX509KeyManager;
import com.sun.enterprise.security.ssl.manager.UnifiedX509TrustManager;
import com.sun.enterprise.server.pluggable.SecuritySupport;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
import java.util.PropertyPermission;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.glassfish.api.admin.ProcessEnvironment;
import org.glassfish.hk2.api.ServiceLocator;
import org.glassfish.internal.api.Globals;
import org.glassfish.internal.embedded.Server;
import org.glassfish.logging.annotation.LogMessageInfo;
import org.glassfish.logging.annotation.LogMessagesResourceBundle;
import org.glassfish.logging.annotation.LoggerInfo;
import org.jvnet.hk2.annotations.Service;

@Singleton
@Service
/* loaded from: input_file:com/sun/enterprise/security/ssl/impl/SecuritySupportImpl.class */
public class SecuritySupportImpl extends SecuritySupport {
    private static final String DEFAULT_KEYSTORE_PASS = "changeit";
    private static final String DEFAULT_TRUSTSTORE_PASS = "changeit";

    @LogMessageInfo(message = "The SSL certificate has expired: {0}", level = "SEVERE", cause = "Certificate expired.", action = "Check the expiration date of the certicate.")
    private static final String SSL_CERT_EXPIRED = "NCLS-SECURITY-05054";
    private MasterPasswordImpl masterPasswordHelper;
    private final Date initDate;

    @Inject
    private ServiceLocator habitat;

    @Inject
    private ProcessEnvironment penv;

    @LoggerInfo(subsystem = "SECURITY - SSL", description = "Security - SSL", publish = true)
    public static final String SEC_SSL_LOGGER = "jakarta.enterprise.system.security.ssl";

    @LogMessagesResourceBundle
    public static final String SHARED_LOGMESSAGE_RESOURCE = "com.sun.enterprise.security.ssl.LogMessages";
    protected static final Logger _logger = Logger.getLogger(SEC_SSL_LOGGER, SHARED_LOGMESSAGE_RESOURCE);
    private static boolean initialized = false;
    protected static final List<KeyStore> keyStores = new ArrayList();
    protected static final List<KeyStore> trustStores = new ArrayList();
    protected static final List<char[]> keyStorePasswords = new ArrayList();
    protected static final List<String> tokenNames = new ArrayList();
    private static boolean instantiated = false;

    public SecuritySupportImpl() {
        this(true);
    }

    protected SecuritySupportImpl(boolean z) {
        this.masterPasswordHelper = null;
        this.initDate = new Date();
        if (z) {
            initJKS();
        }
    }

    private void initJKS() {
        String property = System.getProperty(SecuritySupport.keyStoreProp);
        String property2 = System.getProperty(SecuritySupport.trustStoreProp);
        char[] cArr = null;
        char[] cArr2 = null;
        if (!isInstantiated()) {
            if (this.habitat == null) {
                this.habitat = Globals.getDefaultHabitat();
            }
            if (this.masterPasswordHelper == null && this.habitat != null) {
                this.masterPasswordHelper = (MasterPasswordImpl) this.habitat.getService(MasterPasswordImpl.class, new Annotation[0]);
            }
            if (this.masterPasswordHelper != null) {
                cArr = this.masterPasswordHelper.getMasterPassword();
                cArr2 = cArr;
            }
        }
        if (this.penv == null && this.habitat != null) {
            this.penv = (ProcessEnvironment) this.habitat.getService(ProcessEnvironment.class, new Annotation[0]);
        }
        if (cArr == null || isACC()) {
            String property3 = System.getProperty(SecuritySupport.KEYSTORE_PASS_PROP, "changeit");
            if (property3 != null) {
                cArr = property3.toCharArray();
            }
            String property4 = System.getProperty(SecuritySupport.TRUSTSTORE_PASS_PROP, "changeit");
            if (property4 != null) {
                cArr2 = property4.toCharArray();
            }
        }
        if (initialized) {
            return;
        }
        loadStores(null, null, property, cArr, System.getProperty(SecuritySupport.KEYSTORE_TYPE_PROP, KeyStore.getDefaultType()), property2, cArr2, System.getProperty(SecuritySupport.TRUSTSTORE_TYPE_PROP, KeyStore.getDefaultType()));
        Arrays.fill(cArr, ' ');
        Arrays.fill(cArr2, ' ');
        initialized = true;
    }

    private boolean isEmbeddedServer() {
        return !Server.getServerNames().isEmpty();
    }

    private static synchronized boolean isInstantiated() {
        if (instantiated) {
            return true;
        }
        instantiated = true;
        return false;
    }

    protected static synchronized void loadStores(String str, Provider provider, String str2, char[] cArr, String str3, String str4, char[] cArr2, String str5) {
        try {
            KeyStore loadKS = loadKS(str3, provider, str2, cArr);
            KeyStore loadKS2 = loadKS(str5, provider, str4, cArr2);
            keyStores.add(loadKS);
            trustStores.add(loadKS2);
            keyStorePasswords.add(Arrays.copyOf(cArr, cArr.length));
            tokenNames.add(str);
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    private static KeyStore loadKS(String str, Provider provider, String str2, char[] cArr) throws Exception {
        KeyStore keyStore = provider != null ? KeyStore.getInstance(str, provider) : KeyStore.getInstance(str);
        FileInputStream fileInputStream = null;
        BufferedInputStream bufferedInputStream = null;
        if (str2 != null) {
            try {
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.log(Level.FINE, "Loading keystoreFile = {0}, keystorePass = {1}", new Object[]{str2, cArr});
                }
                fileInputStream = new FileInputStream(str2);
                bufferedInputStream = new BufferedInputStream(fileInputStream);
            } catch (Throwable th) {
                if (bufferedInputStream != null) {
                    bufferedInputStream.close();
                }
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        }
        keyStore.load(bufferedInputStream, cArr);
        if (bufferedInputStream != null) {
            bufferedInputStream.close();
        }
        if (fileInputStream != null) {
            fileInputStream.close();
        }
        return keyStore;
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public KeyStore[] getKeyStores() {
        return (KeyStore[]) keyStores.toArray(new KeyStore[keyStores.size()]);
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public KeyStore loadNullStore(String str, int i) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(null, keyStorePasswords.get(i));
        return keyStore;
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public KeyManager[] getKeyManagers(String str) throws IOException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        KeyStore[] keyStores2 = getKeyStores();
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < keyStores2.length; i++) {
            checkCertificateDates(keyStores2[i]);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str != null ? str : KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStores2[i], keyStorePasswords.get(i));
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            if (keyManagers != null) {
                arrayList.addAll(Arrays.asList(keyManagers));
            }
        }
        return new KeyManager[]{new UnifiedX509KeyManager((X509KeyManager[]) arrayList.toArray(new X509KeyManager[arrayList.size()]), getTokenNames())};
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public TrustManager[] getTrustManagers(String str) throws IOException, KeyStoreException, NoSuchAlgorithmException {
        KeyStore[] trustStores2 = getTrustStores();
        ArrayList arrayList = new ArrayList();
        for (KeyStore keyStore : trustStores2) {
            checkCertificateDates(keyStore);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str != null ? str : TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers != null) {
                arrayList.addAll(Arrays.asList(trustManagers));
            }
        }
        return new TrustManager[]{arrayList.size() == 1 ? (TrustManager) arrayList.get(0) : new UnifiedX509TrustManager((X509TrustManager[]) arrayList.toArray(new X509TrustManager[arrayList.size()]))};
    }

    private void checkCertificateDates(KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            Certificate certificate = keyStore.getCertificate(aliases.nextElement());
            if ((certificate instanceof X509Certificate) && ((X509Certificate) certificate).getNotAfter().before(this.initDate)) {
                _logger.log(Level.SEVERE, SSL_CERT_EXPIRED, certificate);
            }
        }
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public KeyStore[] getTrustStores() {
        return (KeyStore[]) trustStores.toArray(new KeyStore[trustStores.size()]);
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public boolean verifyMasterPassword(char[] cArr) {
        return Arrays.equals(cArr, keyStorePasswords.get(0));
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public String[] getTokenNames() {
        return (String[]) tokenNames.toArray(new String[tokenNames.size()]);
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public KeyStore getKeyStore(String str) {
        int tokenIndex = getTokenIndex(str);
        if (tokenIndex < 0) {
            return null;
        }
        return keyStores.get(tokenIndex);
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public KeyStore getTrustStore(String str) {
        int tokenIndex = getTokenIndex(str);
        if (tokenIndex < 0) {
            return null;
        }
        return trustStores.get(tokenIndex);
    }

    private int getTokenIndex(String str) {
        int i = -1;
        if (str != null) {
            i = tokenNames.indexOf(str);
            if (i < 0 && _logger.isLoggable(Level.FINEST)) {
                _logger.log(Level.FINEST, "token {0} is not found", str);
            }
        }
        return i;
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public void synchronizeKeyFile(Object obj, String str) throws Exception {
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public void checkPermission(String str) {
        try {
            if (isEmbeddedServer() || this.habitat == null || isACC() || isNotServerORACC()) {
                return;
            }
            AccessController.checkPermission(new RuntimePermission("SSLPassword"));
        } catch (AccessControlException e) {
            String message = e.getMessage();
            PropertyPermission propertyPermission = new PropertyPermission(str, "read");
            if (message != null) {
                message = message.replace(e.getPermission().toString(), propertyPermission.toString());
            }
            throw new AccessControlException(message, propertyPermission);
        }
    }

    public boolean isACC() {
        if (this.penv == null) {
            return false;
        }
        return this.penv.getProcessType().equals(ProcessEnvironment.ProcessType.ACC);
    }

    public boolean isNotServerORACC() {
        return this.penv.getProcessType().equals(ProcessEnvironment.ProcessType.Other);
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public PrivateKey getPrivateKeyForAlias(String str, int i) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        checkPermission(SecuritySupport.KEYSTORE_PASS_PROP);
        Key key = keyStores.get(i).getKey(str, keyStorePasswords.get(i));
        if (key instanceof PrivateKey) {
            return (PrivateKey) key;
        }
        return null;
    }
}
