package com.sun.enterprise.security;

import com.sun.appserv.management.client.AppserverConnectionSource;
import com.sun.enterprise.config.clientbeans.Ssl;
import com.sun.enterprise.security.ssl.J2EEKeyManager;
import com.sun.enterprise.security.ssl.UnifiedX509KeyManager;
import com.sun.enterprise.security.ssl.UnifiedX509TrustManager;
import com.sun.enterprise.server.pluggable.SecuritySupport;
import com.sun.logging.LogDomains;
import com.sun.web.security.SSLSocketFactory;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/sun/enterprise/security/SSLUtils.class */
public final class SSLUtils {
    private static final String DEFAULT_KEYSTORE_PASS = "changeit";
    private static final String DEFAULT_TRUSTSTORE_PASS = "changeit";
    private static final String KEYSTORE_PASS_PROP = "javax.net.ssl.keyStorePassword";
    private static final String TRUSTSTORE_PASS_PROP = "javax.net.ssl.trustStorePassword";
    private static final String HTTPS_OUTBOUND_KEY_ALIAS = "com.sun.enterprise.security.httpsOutboundKeyAlias";
    private static Logger _logger;
    private static SecuritySupport secSupp;
    private static boolean hasKey;
    private static KeyManager keyManager = null;
    private static TrustManager trustManager = null;
    private static KeyStore mergedTrustStore;
    private static final Date initDate;
    private static boolean initialized;
    private static Ssl appclientSsl;

    public static synchronized void initStoresAtStartup() throws Exception {
        if (initialized) {
            return;
        }
        SSLSocketFactory.setManagers(getKeyManagers(), getTrustManagers());
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        String property = System.getProperty(HTTPS_OUTBOUND_KEY_ALIAS);
        KeyManager[] keyManagers = getKeyManagers();
        if (property != null && property.length() > 0 && keyManagers != null) {
            for (int i = 0; i < keyManagers.length; i++) {
                keyManagers[i] = new J2EEKeyManager((X509KeyManager) keyManagers[i], property);
            }
        }
        sSLContext.init(keyManagers, getTrustManagers(), null);
        HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        initialized = true;
    }

    public static KeyStore[] getKeyStores() throws Exception {
        return secSupp.getKeyStores();
    }

    public static KeyStore getKeyStore() throws Exception {
        return getKeyStores()[0];
    }

    public static KeyStore[] getTrustStores() throws Exception {
        return secSupp.getTrustStores();
    }

    public static KeyStore getTrustStore() throws Exception {
        return getTrustStores()[0];
    }

    public static KeyStore getMergedTrustStore() {
        return mergedTrustStore;
    }

    public static KeyManager[] getKeyManagers() throws Exception {
        return new KeyManager[]{keyManager};
    }

    public static TrustManager[] getTrustManagers() throws Exception {
        return new TrustManager[]{trustManager};
    }

    public static void setAppclientSsl(Ssl ssl) {
        appclientSsl = ssl;
    }

    public static Ssl getAppclientSsl() {
        return appclientSsl;
    }

    public static String getKeyStorePass() {
        return System.getProperty("javax.net.ssl.keyStorePassword", AppserverConnectionSource.DEFAULT_TRUST_STORE_PASSWORD);
    }

    public static String getTrustStorePass() {
        return System.getProperty("javax.net.ssl.trustStorePassword", AppserverConnectionSource.DEFAULT_TRUST_STORE_PASSWORD);
    }

    public static boolean isKeyAvailable() {
        return hasKey;
    }

    public static boolean isTokenKeyAlias(String str) throws Exception {
        boolean z = false;
        if (str != null) {
            int indexOf = str.indexOf(58);
            KeyStore[] keyStores = getKeyStores();
            int i = -1;
            String str2 = null;
            if (indexOf != -1) {
                String[] tokenNames = secSupp.getTokenNames();
                String substring = str.substring(0, indexOf);
                str2 = str.substring(indexOf + 1);
                for (int i2 = 0; i2 < tokenNames.length; i2++) {
                    if (substring.equals(tokenNames[i2])) {
                        i = i2;
                    }
                }
            }
            if (i != -1) {
                z = keyStores[i].isKeyEntry(str2);
            } else {
                int i3 = 0;
                while (true) {
                    if (i3 >= keyStores.length) {
                        break;
                    }
                    if (keyStores[i3].isKeyEntry(str)) {
                        z = true;
                        break;
                    }
                    i3++;
                }
            }
        }
        return z;
    }

    public static KeyStore.PrivateKeyEntry getPrivateKeyEntryFromTokenAlias(String str) throws Exception {
        KeyStore.PrivateKeyEntry privateKeyEntry = null;
        if (str != null) {
            int indexOf = str.indexOf(58);
            KeyStore[] keyStores = getKeyStores();
            int i = -1;
            String str2 = str;
            if (indexOf != -1) {
                String[] tokenNames = secSupp.getTokenNames();
                String substring = str.substring(0, indexOf);
                str2 = str.substring(indexOf + 1);
                for (int i2 = 0; i2 < tokenNames.length; i2++) {
                    if (substring.equals(tokenNames[i2])) {
                        i = i2;
                    }
                }
            }
            String[] keyStorePasswords = secSupp.getKeyStorePasswords();
            if (i == -1 || keyStorePasswords.length < i) {
                int i3 = 0;
                while (true) {
                    if (i3 >= keyStores.length) {
                        break;
                    }
                    Key key = keyStores[i3].getKey(str2, keyStorePasswords[i3].toCharArray());
                    if (key != null && (key instanceof PrivateKey)) {
                        privateKeyEntry = new KeyStore.PrivateKeyEntry((PrivateKey) key, keyStores[i3].getCertificateChain(str2));
                        break;
                    }
                    i3++;
                }
            } else {
                Key key2 = keyStores[i].getKey(str2, keyStorePasswords[i].toCharArray());
                if (key2 instanceof PrivateKey) {
                    privateKeyEntry = new KeyStore.PrivateKeyEntry((PrivateKey) key2, keyStores[i].getCertificateChain(str2));
                }
            }
        }
        return privateKeyEntry;
    }

    private static void initKeyManagers(KeyStore[] keyStoreArr, String[] strArr) throws Exception {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < keyStoreArr.length; i++) {
            checkCertificateDates(keyStoreArr[i]);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStoreArr[i], strArr[i].toCharArray());
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            if (keyManagers != null) {
                for (KeyManager keyManager2 : keyManagers) {
                    arrayList.add(keyManager2);
                }
            }
        }
        keyManager = new UnifiedX509KeyManager((X509KeyManager[]) arrayList.toArray(new X509KeyManager[arrayList.size()]), secSupp.getTokenNames());
    }

    private static void initTrustManagers(KeyStore[] keyStoreArr) throws Exception {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < keyStoreArr.length; i++) {
            checkCertificateDates(keyStoreArr[i]);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStoreArr[i]);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers != null) {
                for (TrustManager trustManager2 : trustManagers) {
                    arrayList.add(trustManager2);
                }
            }
        }
        if (arrayList.size() == 1) {
            trustManager = (TrustManager) arrayList.get(0);
        } else {
            trustManager = new UnifiedX509TrustManager((X509TrustManager[]) arrayList.toArray(new X509TrustManager[arrayList.size()]));
        }
    }

    private static KeyStore mergingTrustStores(KeyStore[] keyStoreArr) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore;
        try {
            keyStore = KeyStore.getInstance("CaseExactJKS");
        } catch (KeyStoreException e) {
            keyStore = KeyStore.getInstance("JKS");
        }
        String[] keyStorePasswords = secSupp.getKeyStorePasswords();
        keyStore.load(null, keyStorePasswords[keyStorePasswords.length - 1].toCharArray());
        String[] tokenNames = secSupp.getTokenNames();
        int i = 0;
        while (i < keyStoreArr.length) {
            Enumeration<String> aliases = keyStoreArr[i].aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate certificate = keyStoreArr[i].getCertificate(nextElement);
                String str = i < tokenNames.length - 1 ? tokenNames[i] + ":" + nextElement : nextElement;
                String str2 = str;
                boolean z = false;
                int i2 = 1;
                while (true) {
                    Certificate certificate2 = keyStore.getCertificate(str2);
                    if (certificate2 == null) {
                        break;
                    }
                    if (certificate2.equals(certificate)) {
                        z = true;
                        break;
                    }
                    int i3 = i2;
                    i2++;
                    str2 = str + "__" + i3;
                }
                if (!z) {
                    keyStore.setCertificateEntry(str2, certificate);
                }
            }
            i++;
        }
        return keyStore;
    }

    private static void checkCertificateDates(KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            Certificate certificate = keyStore.getCertificate(aliases.nextElement());
            if ((certificate instanceof X509Certificate) && ((X509Certificate) certificate).getNotAfter().before(initDate)) {
                _logger.log(Level.SEVERE, "java_security.expired_certificate", certificate);
            }
        }
    }

    static {
        _logger = null;
        secSupp = null;
        hasKey = false;
        mergedTrustStore = null;
        _logger = LogDomains.getLogger(LogDomains.SECURITY_LOGGER);
        secSupp = SecurityUtil.getSecuritySupport();
        try {
            initDate = new Date();
            KeyStore[] keyStores = getKeyStores();
            initKeyManagers(keyStores, secSupp.getKeyStorePasswords());
            initTrustManagers(getTrustStores());
            if (keyStores != null && keyStores.length > 0) {
                for (int i = 0; i < keyStores.length; i++) {
                    Enumeration<String> aliases = keyStores[i].aliases();
                    while (true) {
                        if (!aliases.hasMoreElements()) {
                            break;
                        }
                        if (keyStores[i].isKeyEntry(aliases.nextElement())) {
                            hasKey = true;
                            break;
                        }
                    }
                    if (hasKey) {
                        break;
                    }
                }
            }
            mergedTrustStore = mergingTrustStores(secSupp.getTrustStores());
            initialized = false;
            appclientSsl = null;
        } catch (Exception e) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "SSLUtils static init fails.", (Throwable) e);
            }
            throw new IllegalStateException(e);
        }
    }
}
