package com.sun.enterprise.security.ssl;

import com.sun.enterprise.server.pluggable.SecuritySupport;
import com.sun.logging.LogDomains;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.jvnet.hk2.annotations.Inject;
import org.jvnet.hk2.annotations.Scoped;
import org.jvnet.hk2.annotations.Service;
import org.jvnet.hk2.component.Habitat;
import org.jvnet.hk2.component.PostConstruct;
import org.jvnet.hk2.component.Singleton;

@Service
@Scoped(Singleton.class)
/* loaded from: input_file:com/sun/enterprise/security/ssl/SSLUtils.class */
public final class SSLUtils implements PostConstruct {
    private static final String DEFAULT_KEYSTORE_PASS = "changeit";
    private static final String DEFAULT_TRUSTSTORE_PASS = "changeit";
    private static final String KEYSTORE_PASS_PROP = "javax.net.ssl.keyStorePassword";
    private static final String TRUSTSTORE_PASS_PROP = "javax.net.ssl.trustStorePassword";
    private static final String DEFAULT_OUTBOUND_KEY_ALIAS = "s1as";
    public static final String HTTPS_OUTBOUND_KEY_ALIAS = "com.sun.enterprise.security.httpsOutboundKeyAlias";

    @Inject
    SecuritySupport secSupp;

    @Inject
    Habitat habitat;
    private boolean hasKey = false;
    private KeyManager keyManager = null;
    private TrustManager trustManager = null;
    private KeyStore mergedTrustStore = null;
    private Date initDate;
    private static final Logger _logger = LogDomains.getLogger(SSLUtils.class, "javax.enterprise.system.core.security");
    private static AppClientSSL appclientSsl = null;

    public void postConstruct() {
        try {
            this.initDate = new Date();
            KeyStore[] keyStores = getKeyStores();
            initKeyManagers(keyStores, this.secSupp.getKeyStorePasswords());
            initTrustManagers(getTrustStores());
            if (keyStores != null) {
                for (KeyStore keyStore : keyStores) {
                    Enumeration<String> aliases = keyStore.aliases();
                    while (true) {
                        if (aliases.hasMoreElements()) {
                            if (keyStore.isKeyEntry(aliases.nextElement())) {
                                this.hasKey = true;
                                break;
                            }
                        } else {
                            break;
                        }
                    }
                    if (this.hasKey) {
                        break;
                    }
                }
            }
            this.mergedTrustStore = mergingTrustStores(this.secSupp.getTrustStores());
            try {
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                String property = System.getProperty(HTTPS_OUTBOUND_KEY_ALIAS, DEFAULT_OUTBOUND_KEY_ALIAS);
                KeyManager[] keyManagers = getKeyManagers();
                if (property != null && property.length() > 0 && keyManagers != null) {
                    for (int i = 0; i < keyManagers.length; i++) {
                        keyManagers[i] = new J2EEKeyManager(this.habitat, (X509KeyManager) keyManagers[i], property);
                    }
                }
                sSLContext.init(keyManagers, getTrustManagers(), null);
                HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
            } catch (Exception e) {
                throw new Error(e);
            }
        } catch (Exception e2) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "SSLUtils static init fails.", (Throwable) e2);
            }
            throw new IllegalStateException(e2);
        }
    }

    public KeyStore[] getKeyStores() throws Exception {
        return this.secSupp.getKeyStores();
    }

    public KeyStore getKeyStore() throws Exception {
        return getKeyStores()[0];
    }

    public KeyStore[] getTrustStores() throws Exception {
        return this.secSupp.getTrustStores();
    }

    public KeyStore getTrustStore() throws Exception {
        return getTrustStores()[0];
    }

    public KeyStore getMergedTrustStore() {
        return this.mergedTrustStore;
    }

    public KeyManager[] getKeyManagers() throws Exception {
        return new KeyManager[]{this.keyManager};
    }

    public TrustManager[] getTrustManagers() throws Exception {
        return new TrustManager[]{this.trustManager};
    }

    public void setAppclientSsl(AppClientSSL appClientSSL) {
        appclientSsl = appClientSSL;
    }

    public AppClientSSL getAppclientSsl() {
        return appclientSsl;
    }

    public static String getKeyStorePass() {
        return System.getProperty(KEYSTORE_PASS_PROP, "changeit");
    }

    public static String getTrustStorePass() {
        return System.getProperty(TRUSTSTORE_PASS_PROP, "changeit");
    }

    public boolean isKeyAvailable() {
        return this.hasKey;
    }

    public boolean isTokenKeyAlias(String str) throws Exception {
        boolean z = false;
        if (str != null) {
            int indexOf = str.indexOf(58);
            KeyStore[] keyStores = getKeyStores();
            int i = -1;
            String str2 = null;
            if (indexOf != -1) {
                String[] tokenNames = this.secSupp.getTokenNames();
                String substring = str.substring(0, indexOf);
                str2 = str.substring(indexOf + 1);
                for (int i2 = 0; i2 < tokenNames.length; i2++) {
                    if (substring.equals(tokenNames[i2])) {
                        i = i2;
                    }
                }
            }
            if (i != -1) {
                z = keyStores[i].isKeyEntry(str2);
            } else {
                int length = keyStores.length;
                int i3 = 0;
                while (true) {
                    if (i3 >= length) {
                        break;
                    }
                    if (keyStores[i3].isKeyEntry(str)) {
                        z = true;
                        break;
                    }
                    i3++;
                }
            }
        }
        return z;
    }

    public KeyStore.PrivateKeyEntry getPrivateKeyEntryFromTokenAlias(String str) throws Exception {
        KeyStore.PrivateKeyEntry privateKeyEntry = null;
        if (str != null) {
            int indexOf = str.indexOf(58);
            KeyStore[] keyStores = getKeyStores();
            int i = -1;
            String str2 = str;
            if (indexOf != -1) {
                String[] tokenNames = this.secSupp.getTokenNames();
                String substring = str.substring(0, indexOf);
                str2 = str.substring(indexOf + 1);
                for (int i2 = 0; i2 < tokenNames.length; i2++) {
                    if (substring.equals(tokenNames[i2])) {
                        i = i2;
                    }
                }
            }
            String[] keyStorePasswords = this.secSupp.getKeyStorePasswords();
            if (i == -1 || keyStorePasswords.length < i) {
                int i3 = 0;
                while (true) {
                    if (i3 >= keyStores.length) {
                        break;
                    }
                    Key key = keyStores[i3].getKey(str2, keyStorePasswords[i3].toCharArray());
                    if (key != null && (key instanceof PrivateKey)) {
                        privateKeyEntry = new KeyStore.PrivateKeyEntry((PrivateKey) key, keyStores[i3].getCertificateChain(str2));
                        break;
                    }
                    i3++;
                }
            } else {
                Key key2 = keyStores[i].getKey(str2, keyStorePasswords[i].toCharArray());
                if (key2 instanceof PrivateKey) {
                    privateKeyEntry = new KeyStore.PrivateKeyEntry((PrivateKey) key2, keyStores[i].getCertificateChain(str2));
                }
            }
        }
        return privateKeyEntry;
    }

    public SecuritySupport getSecuritySupport() {
        return this.secSupp;
    }

    public String[] getSupportedCipherSuites() {
        return HttpsURLConnection.getDefaultSSLSocketFactory().getSupportedCipherSuites();
    }

    private void initKeyManagers(KeyStore[] keyStoreArr, String[] strArr) throws Exception {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < keyStoreArr.length; i++) {
            checkCertificateDates(keyStoreArr[i]);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStoreArr[i], strArr[i].toCharArray());
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            if (keyManagers != null) {
                arrayList.addAll(Arrays.asList(keyManagers));
            }
        }
        this.keyManager = new UnifiedX509KeyManager((X509KeyManager[]) arrayList.toArray(new X509KeyManager[arrayList.size()]), this.secSupp.getTokenNames());
    }

    private void initTrustManagers(KeyStore[] keyStoreArr) throws Exception {
        ArrayList arrayList = new ArrayList();
        for (KeyStore keyStore : keyStoreArr) {
            checkCertificateDates(keyStore);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers != null) {
                arrayList.addAll(Arrays.asList(trustManagers));
            }
        }
        if (arrayList.size() == 1) {
            this.trustManager = (TrustManager) arrayList.get(0);
        } else {
            this.trustManager = new UnifiedX509TrustManager((X509TrustManager[]) arrayList.toArray(new X509TrustManager[arrayList.size()]));
        }
    }

    private KeyStore mergingTrustStores(KeyStore[] keyStoreArr) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore;
        try {
            keyStore = KeyStore.getInstance("CaseExactJKS");
        } catch (KeyStoreException e) {
            keyStore = KeyStore.getInstance("JKS");
        }
        String[] keyStorePasswords = this.secSupp.getKeyStorePasswords();
        keyStore.load(null, keyStorePasswords[keyStorePasswords.length - 1].toCharArray());
        String[] tokenNames = this.secSupp.getTokenNames();
        int i = 0;
        while (i < keyStoreArr.length) {
            Enumeration<String> aliases = keyStoreArr[i].aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate certificate = keyStoreArr[i].getCertificate(nextElement);
                String str = i < tokenNames.length - 1 ? tokenNames[i] + ":" + nextElement : nextElement;
                String str2 = str;
                boolean z = false;
                int i2 = 1;
                while (true) {
                    Certificate certificate2 = keyStore.getCertificate(str2);
                    if (certificate2 == null) {
                        break;
                    }
                    if (certificate2.equals(certificate)) {
                        z = true;
                        break;
                    }
                    int i3 = i2;
                    i2++;
                    str2 = str + "__" + i3;
                }
                if (!z) {
                    keyStore.setCertificateEntry(str2, certificate);
                }
            }
            i++;
        }
        return keyStore;
    }

    private void checkCertificateDates(KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            Certificate certificate = keyStore.getCertificate(aliases.nextElement());
            if ((certificate instanceof X509Certificate) && ((X509Certificate) certificate).getNotAfter().before(this.initDate)) {
                _logger.log(Level.SEVERE, "java_security.expired_certificate", certificate);
            }
        }
    }
}
