package com.ibm.ws.management.system.dmagent;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.syncml4j.Transport;
import com.ibm.websphere.management.system.util.JobConstants;
import com.ibm.websphere.security.WSSecurityHelper;
import com.ibm.websphere.ssl.JSSEHelper;
import com.ibm.websphere.ssl.SSLConfigChangeListener;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.management.AdminHelper;
import com.ibm.ws.management.filetransfer.FileTransferUtils;
import com.ibm.ws.management.util.RSAPropagationHelper;
import com.ibm.ws.management.util.SecurityHelper;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.ssl.config.SSLConfigManager;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.net.UnknownHostException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
import javax.net.ssl.HttpsURLConnection;

/* loaded from: input_file:com/ibm/ws/management/system/dmagent/WASTransport.class */
public class WASTransport implements Transport {
    private static final String CLASSNAME = "com.ibm.ws.management.system.dmagent.WASTransport";
    private boolean secEnabled;
    private String hostName;
    private static final long EXPIRATION_BUFFER = 900000;
    public static final String PROXY = "Proxy";
    public static final String COOKIE = "Cookie";
    private HttpURLConnection connection;
    private int length;
    private String proxy;
    private String respURI;
    private String mimeType;
    private String hmac;
    private String userName;
    private String password;
    private String cookie;
    private static TraceComponent tc = Tr.register(WASTransport.class, "WASTransport", "com.ibm.ws.management.system.resources.system");
    private static Map<String, X509Certificate> targetCerts = new ConcurrentHashMap();
    private X509Certificate targetCert = null;
    private String hostUUID = null;
    private String hostSecRealm = null;
    private String hostKerberosSPN = null;
    private boolean checkedForJobs = false;
    private boolean useHttps = false;
    private String protocolToUse = null;

    /* loaded from: input_file:com/ibm/ws/management/system/dmagent/WASTransport$QuietException.class */
    public static class QuietException extends RuntimeException {

        /* loaded from: input_file:com/ibm/ws/management/system/dmagent/WASTransport$QuietException$Reason.class */
        public enum Reason {
            NOJOB,
            JMDOWN,
            DOWNLEVEL_JM
        }

        public QuietException(Reason reason) {
            super(reason.toString());
        }

        public QuietException(Reason reason, Throwable th) {
            super(reason.toString(), th);
        }

        @Override // java.lang.Throwable
        public void printStackTrace() {
        }
    }

    public WASTransport() {
        this.secEnabled = false;
        this.hostName = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "WASTransport constructor " + this);
        }
        this.secEnabled = WSSecurityHelper.isGlobalSecurityEnabled();
        try {
            this.hostName = AdminHelper.getInstance().getHostName();
        } catch (UnknownHostException e) {
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "secEnabled: " + this.secEnabled + ", hostname: " + this.hostName);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "WASTransport constructor");
        }
    }

    public String getAttribute(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAttribute: " + str);
        }
        String str2 = null;
        if (str.equals("MIMEType")) {
            str2 = this.mimeType;
        } else if (str.equals("HMAC")) {
            str2 = this.hmac;
        } else if (str.equals("RespURI")) {
            str2 = this.respURI;
        } else if (str.equals(PROXY)) {
            str2 = this.proxy;
        } else if (str.equals("UserName")) {
            str2 = this.userName;
        } else if (str.equals(COOKIE)) {
            str2 = this.cookie;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAttribute: " + str + " = " + str2);
        }
        return str2;
    }

    public void setAttribute(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setAttribute: " + str + "=" + str2);
        }
        if (str.equals("MIMEType")) {
            this.mimeType = str2;
            return;
        }
        if (str.equals("HMAC")) {
            this.hmac = str2;
            return;
        }
        if (str.equals("RespURI")) {
            this.respURI = str2;
            if (this.proxy != null) {
                this.useHttps = false;
                return;
            } else {
                this.useHttps = this.respURI != null && this.respURI.startsWith("https");
                return;
            }
        }
        if (str.equals(PROXY)) {
            this.proxy = str2;
            if (this.proxy != null) {
                this.useHttps = false;
                return;
            } else {
                this.useHttps = this.respURI != null && this.respURI.startsWith("https");
                return;
            }
        }
        if (str.equals("UserName")) {
            this.userName = str2;
        } else if (str.equals("Password")) {
            this.password = str2;
        } else if (str.equals(COOKIE)) {
            this.cookie = str2;
        }
    }

    public void open() throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "WASTransport.open");
            Tr.exit(tc, "WASTransport.open");
        }
    }

    public void close() throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "WASTransport.close");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "WASTransport.close");
        }
    }

    public boolean isSecure() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isSecure");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isSecure:" + this.useHttps);
        }
        return this.useHttps;
    }

    public byte[] readMessage(byte[] bArr, int i) throws IOException {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "readMessage: " + (bArr == null ? -1 : bArr.length) + "," + i);
        }
        this.length = this.connection.getContentLength();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "contentLength: " + this.length);
        }
        this.hmac = this.connection.getHeaderField("x-syncml-hmac");
        this.cookie = this.connection.getHeaderField("set-cookie");
        InputStream inputStream = null;
        try {
            InputStream inputStream2 = this.connection.getInputStream();
            if (this.length == -1) {
                this.length = 0;
                int i2 = i == -1 ? 5000 : i / 10;
                if (bArr == null) {
                    bArr = new byte[i2];
                }
                while (true) {
                    int read = inputStream2.read(bArr, this.length, bArr.length - this.length);
                    if (read == -1) {
                        break;
                    }
                    this.length += read;
                    if (bArr.length == this.length) {
                        byte[] bArr2 = new byte[this.length + i2];
                        System.arraycopy(bArr, 0, bArr2, 0, this.length);
                        bArr = bArr2;
                    }
                }
            } else {
                if (i != -1 && this.length > i) {
                    throw new IOException("Message size violation - " + this.length);
                }
                if (bArr == null || bArr.length < this.length) {
                    bArr = new byte[this.length];
                }
                int i3 = 0;
                while (i3 != this.length) {
                    i3 += inputStream2.read(bArr, i3, this.length - i3);
                }
            }
            if (inputStream2 != null) {
                inputStream2.close();
            }
            if (tc.isDebugEnabled()) {
                Tr.exit(tc, "readMessage: " + (bArr == null ? -1 : bArr.length) + "," + this.length);
            }
            return bArr;
        } catch (Throwable th) {
            if (0 != 0) {
                inputStream.close();
            }
            throw th;
        }
    }

    public int readMessageSize() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "readMessageSize: " + this.length);
        }
        return this.length;
    }

    public void sendMessage(byte[] bArr, int i, int i2) throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "sendMessage: " + this + ":" + (bArr == null ? -1 : bArr.length) + "," + i + "," + i2);
        }
        if (this.secEnabled && this.useHttps) {
            doInitialConnection();
        }
        openConnection();
        OutputStream outputStream = null;
        try {
            outputStream = this.connection.getOutputStream();
            outputStream.write(bArr, i, i2);
            outputStream.flush();
            if (outputStream != null) {
                outputStream.close();
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "sendMessage");
            }
        } catch (Throwable th) {
            if (outputStream != null) {
                outputStream.close();
            }
            throw th;
        }
    }

    private void doInitialConnection() throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "doInitialConnection");
        }
        this.targetCert = targetCerts.get(this.respURI);
        if (this.targetCert != null && aboutToExpire(this.targetCert)) {
            this.targetCert = null;
        }
        if (this.targetCert == null || !this.checkedForJobs) {
            try {
                openConnection();
                int responseCode = this.connection.getResponseCode();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "received HTTP response code: " + responseCode);
                }
                abortIfDownlevelServer();
                cacheTargetCert();
                if (!this.checkedForJobs) {
                    abortIfNoJobs();
                }
            } catch (IOException e) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "doInitialConnection", "Rethrowing IOException: " + e);
                }
                throw e;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "doInitialConnection");
        }
    }

    private void openConnection() throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "WASTransport.openConnection");
        }
        try {
            Thread.sleep(1000L);
        } catch (InterruptedException e) {
            e.printStackTrace();
        }
        String str = this.proxy != null ? "http://" + this.proxy : this.respURI;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "urlString: " + str);
        }
        if (str == null) {
            throw new IOException("Unable to open connection to null");
        }
        URL url = new URL(str);
        this.protocolToUse = url.getProtocol();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "protocolTouse: " + this.protocolToUse);
        }
        if (!this.useHttps && !this.protocolToUse.equals("http")) {
            throw new IOException("The protocol " + this.protocolToUse + " is unsupported. Only http or https are supported");
        }
        if (this.useHttps) {
            SSLConfigManager.getInstance().initializeClientSSL();
        }
        this.connection = (HttpURLConnection) url.openConnection();
        this.connection.setDoOutput(true);
        this.connection.setRequestProperty("Accept", this.mimeType);
        this.connection.setRequestProperty("Accept-Charset", JobConstants.UTF8_CHARSET);
        this.connection.setRequestProperty("User-Agent", "IBM Java SyncML Client");
        this.connection.setRequestProperty("Content-Type", this.mimeType);
        this.connection.setRequestProperty("Cache-Control", "private");
        if (this.checkedForJobs) {
            this.connection.setRequestProperty("No-Job-Check", "true");
        }
        if (this.secEnabled && this.useHttps) {
            try {
                RSAPropagationHelper.addRSAAuthHeader(this.connection, this.targetCert, this.hostName, this.hostUUID, this.hostSecRealm, this.hostKerberosSPN);
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.management.system.dmagent.WASTransport.openConnection", "336", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "openConnection: Exception:", e2);
                }
                IOException iOException = new IOException(e2);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "openConnection", iOException);
                }
                throw iOException;
            }
        }
        if (this.hmac != null) {
            this.connection.setRequestProperty("x-syncml-hmac", this.hmac);
            this.hmac = null;
        }
        if (this.cookie != null) {
            this.connection.setRequestProperty(COOKIE, this.cookie);
        }
        connectToServer(this.connection);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "WASTranport.openConnection");
        }
    }

    private void connectToServer(URLConnection uRLConnection) throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "connectToServer(1) URL=" + uRLConnection.getURL().toString());
        }
        Boolean bool = Boolean.FALSE;
        try {
            if (this.protocolToUse.equals("https")) {
                URL url = uRLConnection.getURL();
                String num = Integer.toString(url.getPort());
                String host = url.getHost();
                final HashMap hashMap = new HashMap();
                hashMap.put("com.ibm.ssl.direction", "outbound");
                hashMap.put("com.ibm.ssl.endPointName", "ADMIN_SOAP");
                if (host != null) {
                    hashMap.put("com.ibm.ssl.remoteHost", host);
                }
                if (num != null) {
                    hashMap.put("com.ibm.ssl.remotePort", num);
                }
                try {
                    bool = (Boolean) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.management.system.dmagent.WASTransport.1
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            Boolean bool2 = Boolean.FALSE;
                            String clientSSLAlias = SecurityHelper.getHelper().getClientSSLAlias();
                            if (WASTransport.tc.isDebugEnabled()) {
                                Tr.debug(WASTransport.tc, "sslAlias for WASTransport: " + clientSSLAlias);
                            }
                            Properties properties = JSSEHelper.getInstance().getProperties(clientSSLAlias, hashMap, (SSLConfigChangeListener) null);
                            if (properties != null) {
                                JSSEHelper.getInstance().setSSLPropertiesOnThread(properties);
                                bool2 = Boolean.TRUE;
                            }
                            return bool2;
                        }
                    });
                } catch (PrivilegedActionException e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Throwing exception trying to get SSL config.", e.getException());
                    }
                    throw new IOException(e.getException());
                }
            }
            try {
                uRLConnection.connect();
                if (this.protocolToUse.equals("https")) {
                    try {
                        if (waitForHandshake(uRLConnection) == null) {
                            uRLConnection.connect();
                            if (waitForHandshake(uRLConnection) == null) {
                                throw new IOException("Cannot connect to server with HttpsURLStreamHandler.");
                            }
                        }
                    } catch (ClassCastException e2) {
                    } catch (Exception e3) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "connectToServer exception.", new Object[]{e3});
                        }
                        FFDCFilter.processException(e3, "com.ibm.ws.management.system.dmagent.WASTransport.connectToServer", "437", this);
                        IOException iOException = new IOException("Exception occurred: " + e3.getMessage(), e3);
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "connectoToServer", iOException);
                        }
                        throw iOException;
                    }
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "connectoToServer");
                }
            } catch (IOException e4) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception in WASTransport.connectToServer. This is expected when jobmgr is down or cannot be contacted: " + e4);
                }
                throw new QuietException(QuietException.Reason.JMDOWN, e4);
            }
        } finally {
            if (bool.equals(Boolean.TRUE)) {
                clearSSLPropertiesOnThread();
            }
        }
    }

    private static String waitForHandshake(URLConnection uRLConnection) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "waitForHandshake");
        }
        int i = 0;
        do {
            String str = null;
            try {
                str = ((HttpsURLConnection) uRLConnection).getCipherSuite();
            } catch (IllegalStateException e) {
            }
            if (str != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Handshake complete.  Cipher suite used: " + str);
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "waitForHandshake");
                }
                return str;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Waiting 20ms for handshake to complete.");
            }
            try {
                try {
                    Thread.sleep(20L);
                    i++;
                } catch (Exception e2) {
                    i++;
                }
            } catch (Throwable th) {
                int i2 = i + 1;
                throw th;
            }
        } while (i < 5);
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "waitForHandshake -> null");
        return null;
    }

    public void setDeviceId(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "WASTransport.setDeviceId", str);
        }
        this.hostUUID = str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "WASTransport.setDeviceId");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setDeviceRealm(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "WASTransport.setDeviceRealm", str);
        }
        this.hostSecRealm = str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "WASTransport.setDeviceRealm");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setDeviceKerberosSPN(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "WASTransport.setDeviceKerberosSPN", str);
        }
        this.hostKerberosSPN = str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "WASTransport.setDeviceKerberosSPN");
        }
    }

    private void clearSSLPropertiesOnThread() throws IOException {
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.management.system.dmagent.WASTransport.2
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    JSSEHelper.getInstance().setSSLPropertiesOnThread((Properties) null);
                    return null;
                }
            });
        } catch (PrivilegedActionException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred clearing SSL properties from the thread", new Object[]{e});
            }
            throw new IOException(e.getException());
        }
    }

    private void cacheTargetCert() throws IOException {
        if (!RSAPropagationHelper.hasTargetCert(this.connection)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "no cert in response from " + this.respURI);
                return;
            }
            return;
        }
        this.targetCert = RSAPropagationHelper.extractTargetCert(this.connection);
        if (this.targetCert != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "caching cert for " + this.respURI);
            }
            targetCerts.put(this.respURI, this.targetCert);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "unable to get cert for " + this.respURI);
        }
    }

    private void abortIfNoJobs() {
        if (this.checkedForJobs) {
            return;
        }
        this.checkedForJobs = true;
        if (this.connection.getHeaderField("Return-Empty") != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No job available");
            }
            throw new QuietException(QuietException.Reason.NOJOB);
        }
    }

    private void abortIfDownlevelServer() {
        String headerField = this.connection.getHeaderField("JOBMGR_VER");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "abortIfDownlevelServer: jobMgrVer = " + headerField);
        }
        if (!FileTransferUtils.isThisClientCompatibleWithJobMgr(headerField)) {
            throw new QuietException(QuietException.Reason.DOWNLEVEL_JM);
        }
    }

    private boolean aboutToExpire(X509Certificate x509Certificate) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "aboutToExpire");
        }
        boolean z = false;
        Date date = new Date(System.currentTimeMillis() + EXPIRATION_BUFFER);
        try {
            if (this.targetCert != null) {
                this.targetCert.checkValidity(date);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Certificate is null");
            }
        } catch (CertificateExpiredException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Certificate is expired");
            }
            FFDCFilter.processException(e, "com.ibm.ws.management.system.dmagent.WASTransport.aboutToExpire", "665", this);
            z = true;
        } catch (CertificateNotYetValidException e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Certificate is not yet valid");
            }
            FFDCFilter.processException(e2, "com.ibm.ws.management.system.dmagent.WASTransport.aboutToExpire", "673", this);
            z = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "aboutToExpire", Boolean.valueOf(z));
        }
        return z;
    }
}
