package com.tibco.tibjms;

import com.tibco.security.AXSecurityException;
import com.tibco.security.Cert;
import com.tibco.security.CertFactory;
import com.tibco.security.CertUtils;
import com.tibco.security.Identity;
import com.tibco.security.IdentityFactory;
import com.tibco.security.PK;
import com.tibco.security.PKFactory;
import com.tibco.security.ShroudedPK;
import com.tibco.security.TIBCOSecurity;
import com.tibco.security.TrustedCerts;
import com.tibco.security.TrustedCertsFactory;
import com.tibco.security.ssl.SSLConstants;
import com.tibco.security.ssl.SSLFactory;
import com.tibco.tibjms.naming.TibjmsNamingConstants;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintStream;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Hashtable;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.jms.JMSException;
import javax.jms.JMSSecurityException;

/* loaded from: input_file:com/tibco/tibjms/TibjmsSSL.class */
public class TibjmsSSL {
    public static final int SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 3;
    public static final int SSL_RSA_WITH_RC4_128_MD5 = 4;
    public static final int SSL_RSA_WITH_RC4_128_SHA = 5;
    public static final int SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 6;
    public static final int SSL_RSA_EXPORT_WITH_DES_40_CBC_SHA = 7;
    public static final int SSL_RSA_WITH_DES_CBC_SHA = 8;
    public static final int SSL_RSA_WITH_3DES_EDE_CBC_SHA = 9;
    public static final int SSL_DHE_DSS_EXPORT_WITH_DES_40_CBC_SHA = 100;
    public static final int SSL_DHE_DSS_WITH_DES_CBC_SHA = 101;
    public static final int SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 102;
    public static final int SSL_RSA_WITH_NULL_MD5 = 1;
    public static final int SSL_RSA_WITH_NULL_SHA = 2;
    static final int _COP_NONE = 0;
    static final int _COP_REMOVE = 1;
    static final int _COP_ADD = 2;
    static final int _COP_MOVE_END = 3;
    static final int _COP_MOVE_FRONT = 4;
    static final char _COP_REMOVE_CHAR = '-';
    static final char _COP_ADD_CHAR = '+';
    public static final String VENDOR = "com.tibco.tibjms.ssl.vendor";
    public static final String TRACE = "com.tibco.tibjms.ssl.trace";
    public static final String AUTH_ONLY = "com.tibco.tibjms.ssl.auth_only";
    public static final String DEBUG_TRACE = "com.tibco.tibjms.ssl.debug_trace";
    public static final String TRUSTED_CERTIFICATES = "com.tibco.tibjms.ssl.trusted_certs";
    public static final String ENABLE_VERIFY_HOST = "com.tibco.tibjms.ssl.enable_verify_host";
    public static final String ENABLE_VERIFY_HOST_NAME = "com.tibco.tibjms.ssl.enable_verify_hostname";
    public static final String EXPECTED_HOST_NAME = "com.tibco.tibjms.ssl.expected_hostname";
    public static final String HOST_NAME_VERIFIER = "com.tibco.tibjms.ssl.hostname_verifier";
    public static final String IDENTITY = "com.tibco.tibjms.ssl.identity";
    public static final String IDENTITY_ENCODING = "com.tibco.tibjms.ssl.identity_encoding";
    public static final String ISSUER_CERTIFICATES = "com.tibco.tibjms.ssl.issuer_certs";
    public static final String PRIVATE_KEY = "com.tibco.tibjms.ssl.private_key";
    public static final String PRIVATE_KEY_ENCODING = "com.tibco.tibjms.ssl.private_key_encoding";
    public static final String PASSWORD = "com.tibco.tibjms.ssl.password";
    public static final String CIPHER_SUITES = "com.tibco.tibjms.ssl.cipher_suites";
    public static final int ENCODING_AUTO = 0;
    public static final int ENCODING_PEM = 1;
    public static final int ENCODING_DER = 2;
    static final int ENCODING_BER = 4;
    public static final int ENCODING_PKCS7 = 16;
    public static final int ENCODING_PKCS8 = 32;
    public static final int ENCODING_PKCS12 = 64;
    public static final int ENCODING_ENTRUST = 256;
    public static final int ENCODING_KEYSTORE = 512;
    private static final String _noinit = "Security is not initialized";
    private static final String _NAMING_SSL_PREFIX = "com.tibco.tibjms.naming.ssl_";
    private static final String _TIBJMS_SSL_PREFIX = "com.tibco.tibjms.ssl.";
    public static final int SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 212;
    public static final int SSL_DHE_RSA_WITH_DES_CBC_SHA = 211;
    public static final int SSL_DHE_RSA_EXPORT_WITH_DES_40_CBC_SHA = 210;
    static TibjmsSSLCipherInfo[] _ciphersList = {new TibjmsSSLCipherInfo("101", "SSL_RSA_WITH_RC4_128_MD5", 4, "RC4-MD5", "RSA key, 128-bit RC4, MD5 hash."), new TibjmsSSLCipherInfo("102", "SSL_RSA_WITH_RC4_128_SHA", 5, "RC4-SHA", "RSA key, 128-bit RC4, SHA1 hash."), new TibjmsSSLCipherInfo("103", "SSL_RSA_WITH_DES_CBC_SHA", 8, "DES-CBC-SHA", "RSA key, 56-bit DES in CBC mode, SHA1 hash."), new TibjmsSSLCipherInfo("104", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 9, "DES-CBC3-SHA", "RSA key, 168-bit Triple-DES in EDE-CBC mode, SHA1 hash."), new TibjmsSSLCipherInfo("110", "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 6, "EXP-RC2-CBC-MD5", "RSA key, 40-bit RC2 in CBC mode, MD5 hash."), new TibjmsSSLCipherInfo("111", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 3, "EXP-RC4-MD5", "RSA key, 40-bit RC4, MD5 hash."), new TibjmsSSLCipherInfo("112", "SSL_RSA_EXPORT_WITH_DES_40_CBC_SHA", 7, "EXP-DES-CBC-SHA", "RSA key, 40-bit DES in CBC mode, SHA1 hash."), new TibjmsSSLCipherInfo("120", "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "EDH-RSA-DES-CBC3-SHA", "Ephemeral DH key with RSA, 168-bit Triple-DES in EDE-CBC mode, SHA1 hash."), new TibjmsSSLCipherInfo("121", "SSL_DHE_RSA_WITH_DES_CBC_SHA", SSL_DHE_RSA_WITH_DES_CBC_SHA, "EDH-RSA-DES-CBC-SHA", "Ephemeral DH key with RSA, 56-bit DES, SHA1 hash."), new TibjmsSSLCipherInfo("122", "SSL_DHE_RSA_EXPORT_WITH_DES_40_CBC_SHA", SSL_DHE_RSA_EXPORT_WITH_DES_40_CBC_SHA, "EXP-EDH-RSA-DES-CBC-SHA", "Ephemeral DH key with RSA, 40-bit DES, SHA1 hash."), new TibjmsSSLCipherInfo("130", "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 102, "EDH-DSS-DES-CBC3-SHA", "Ephemeral DH key with DSS, 168-bit Triple-DES in EDE-CBC mode, SHA1 hash."), new TibjmsSSLCipherInfo("131", "SSL_DHE_DSS_WITH_DES_CBC_SHA", 101, "EDH-DSS-DES-CBC-SHA", "Ephemeral DH key with DSS, 56-bit DES, SHA1 hash."), new TibjmsSSLCipherInfo("132", "SSL_DHE_DSS_EXPORT_WITH_DES_40_CBC_SHA", 100, "EXP-EDH-DSS-DES-CBC-SHA", "Ephemeral DH key with DSS, 40-bit DES, SHA1 hash."), new TibjmsSSLCipherInfo("140", "TLS_RSA_WITH_AES_128_CBC_SHA", 20, "AES128-SHA", "128-bit AES cipher with RSA key and SHA hash algorithm"), new TibjmsSSLCipherInfo("141", "TLS_RSA_WITH_AES_256_CBC_SHA", 21, "AES256-SHA", "256-bit AES cipher with RSA key and SHA hash algorithm"), new TibjmsSSLCipherInfo("142", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 120, "DHE-DSS-AES128-SHA", "Ephemeral DH key signed with DSS, 128-bit AES cipher in CBC mode, SHA1 hash algorithm"), new TibjmsSSLCipherInfo("143", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 121, "DHE-DSS-AES256-SHA", "Ephemeral DH key signed with DSS, 256-bit AES cipher in CBC mode, SHA1 hash algorithm"), new TibjmsSSLCipherInfo("144", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 220, "DHE-RSA-AES128-SHA", "Ephemeral DH key signed with RSA, 128-bit AES cipher in CBC mode, SHA1 hash algorithm"), new TibjmsSSLCipherInfo("145", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 221, "DHE-RSA-AES256-SHA", "Ephemeral DH key signed with RSA, 256-bit AES cipher in CBC mode, SHA1 hash algorithm"), new TibjmsSSLCipherInfo("200", "SSL_RSA_WITH_NULL_MD5", 1, "NULL-MD5", "RSA, no encryption, MD5 hash algorithm"), new TibjmsSSLCipherInfo("201", "SSL_RSA_WITH_NULL_SHA", 2, "NULL-SHA", "RSA, no encryption, SHA1 hash algorithm")};
    static Hashtable _ciphersHash = null;
    private static String _DEFAULT_SSL_VENDOR = "j2se-default";
    private static boolean _sslInitialized = false;
    private static Object _sslLock = new Object();
    static TibjmsSSLParams _default = new TibjmsSSLParams();
    private static SecureRandom secureRandom = null;

    static void _initCiphers() {
        synchronized (_sslLock) {
            if (_ciphersHash != null) {
                return;
            }
            _ciphersHash = new Hashtable();
            for (int i = 0; i < _ciphersList.length; i++) {
                TibjmsSSLCipherInfo tibjmsSSLCipherInfo = _ciphersList[i];
                _ciphersHash.put(tibjmsSSLCipherInfo.tibjmsName, tibjmsSSLCipherInfo);
                _ciphersHash.put(tibjmsSSLCipherInfo.javaName, tibjmsSSLCipherInfo);
                _ciphersHash.put(tibjmsSSLCipherInfo.opensslName, tibjmsSSLCipherInfo);
            }
        }
    }

    static TibjmsSSLCipherInfo _getCipher(String str) {
        TibjmsSSLCipherInfo tibjmsSSLCipherInfo;
        if (str == null || str.length() == 0) {
            return null;
        }
        synchronized (_sslLock) {
            _initCiphers();
            tibjmsSSLCipherInfo = (TibjmsSSLCipherInfo) _ciphersHash.get(str);
        }
        return tibjmsSSLCipherInfo;
    }

    /* JADX WARN: Multi-variable type inference failed */
    static int[] _ciphersFromSpec(String str) throws JMSSecurityException {
        if (str == null) {
            return null;
        }
        Vector vector = new Vector();
        for (int i : getSupportedCipherSuites()) {
            vector.addElement(new Integer(i));
        }
        boolean z = -1;
        StringTokenizer stringTokenizer = new StringTokenizer(str, ":,");
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (nextToken.length() >= 2) {
                boolean z2 = nextToken.charAt(0) == '-';
                if (nextToken.charAt(0) == '+') {
                    z2 = 2;
                }
                if (nextToken.charAt(0) == '>') {
                    z2 = 3;
                }
                if (nextToken.charAt(0) == '<') {
                    z2 = 4;
                }
                if (z2) {
                    nextToken = nextToken.substring(1);
                } else if (z == -1) {
                    z = false;
                }
                if (!nextToken.equalsIgnoreCase("all")) {
                    if (!z) {
                        vector.removeAllElements();
                    }
                    if (!z) {
                        z = true;
                    }
                    TibjmsSSLCipherInfo _getCipher = _getCipher(nextToken);
                    if (_getCipher == null) {
                        throw new JMSSecurityException("Invalid cipher suite name: " + nextToken);
                    }
                    boolean z3 = false;
                    int i2 = 0;
                    while (true) {
                        if (i2 >= vector.size()) {
                            break;
                        }
                        Integer num = (Integer) vector.elementAt(i2);
                        if (num.intValue() == _getCipher.javaID) {
                            z3 = true;
                            if (z2) {
                                vector.removeElementAt(i2);
                            } else if (z2 == 3) {
                                vector.removeElementAt(i2);
                                vector.addElement(num);
                            } else if (z2 == 4) {
                                vector.removeElementAt(i2);
                                vector.insertElementAt(num, 0);
                            }
                        } else {
                            i2++;
                        }
                    }
                    if (!z3) {
                        if (z2 == 2 || !z2) {
                            vector.addElement(new Integer(_getCipher.javaID));
                        } else if (z2 == 3) {
                            vector.addElement(new Integer(_getCipher.javaID));
                        } else if (z2 == 4) {
                            vector.insertElementAt(new Integer(_getCipher.javaID), 0);
                        }
                    }
                } else if (z2) {
                    vector.removeAllElements();
                }
            }
        }
        if (vector.size() == 0) {
            throw new JMSSecurityException("Unable to proceed: all ciphers have been removed by user preference");
        }
        int[] iArr = new int[vector.size()];
        for (int i3 = 0; i3 < vector.size(); i3++) {
            iArr[i3] = ((Integer) vector.elementAt(i3)).intValue();
        }
        return iArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean _hasSSLParams(Map map) {
        if (map == null) {
            return false;
        }
        for (Object obj : map.keySet()) {
            if (obj != null && (obj instanceof String)) {
                String str = (String) obj;
                if (str.startsWith(_NAMING_SSL_PREFIX) || str.startsWith(_TIBJMS_SSL_PREFIX)) {
                    return true;
                }
            }
        }
        return false;
    }

    private static PrintStream _tracerValue(Map map, String str, PrintStream printStream) throws JMSSecurityException {
        Object _getDual = _getDual(map, str);
        if (_getDual != null) {
            if (_getDual instanceof PrintStream) {
                return (PrintStream) _getDual;
            }
            if (_getDual instanceof String) {
                String str2 = (String) _getDual;
                if (str2.equalsIgnoreCase("out")) {
                    return System.out;
                }
                if (!str2.equalsIgnoreCase(TibjmsxConst.JMS_ERROR_CODE) && !new Boolean(str2).booleanValue()) {
                    return printStream;
                }
                return System.err;
            }
            if (!(_getDual instanceof Boolean)) {
                throw new JMSSecurityException("Invalid value of " + str);
            }
            if (((Boolean) _getDual).booleanValue()) {
                return System.err;
            }
        }
        return printStream;
    }

    static Object _getDual(Map map, String str) {
        if (str == null || str.length() == 0) {
            return null;
        }
        Object obj = map.get(str);
        if (obj == null) {
            String str2 = str.startsWith(_NAMING_SSL_PREFIX) ? _TIBJMS_SSL_PREFIX + str.substring(_NAMING_SSL_PREFIX.length()) : str.startsWith(_TIBJMS_SSL_PREFIX) ? _NAMING_SSL_PREFIX + str.substring(_TIBJMS_SSL_PREFIX.length()) : null;
            if (str2 != null) {
                obj = map.get(str2);
            }
        }
        return obj;
    }

    private static boolean _getEnvBool(Map map, String str, boolean z) throws JMSException {
        boolean z2 = z;
        Object _getDual = _getDual(map, str);
        if (_getDual != null) {
            if (_getDual instanceof String) {
                return new Boolean((String) _getDual).booleanValue();
            }
            if (!(_getDual instanceof Boolean)) {
                throw new JMSException("Invalid value of '" + str + "': must be Boolean value or String representing a Boolean");
            }
            z2 = ((Boolean) _getDual).booleanValue();
        }
        return z2;
    }

    private static String _getEnvString(Map map, String str, String str2) throws JMSException {
        String str3 = str2;
        Object _getDual = _getDual(map, str);
        if (_getDual != null) {
            if (!(_getDual instanceof String)) {
                throw new JMSException("Invalid value of '" + str + "': must be String value");
            }
            str3 = (String) _getDual;
        }
        return str3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Integer _getEnvEncoding(Map map, String str) throws JMSException {
        Object _getDual = _getDual(map, str);
        if (_getDual == null) {
            return null;
        }
        if (_getDual instanceof String) {
            try {
                int encodingNameToInt = encodingNameToInt((String) _getDual);
                return encodingNameToInt != 0 ? new Integer(encodingNameToInt) : new Integer((String) _getDual);
            } catch (NumberFormatException e) {
                throw new JMSException("Invalid value of '" + str + "': must be Number value or String representing a number or encoding");
            }
        }
        if (_getDual instanceof Number) {
            return new Integer(((Number) _getDual).intValue());
        }
        throw new JMSException("Invalid value of '" + str + "': must be Number value or String representing a number or encoding");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void initFromEnvironment(Map map, TibjmsSSLParams tibjmsSSLParams) throws JMSException {
        Integer _getEnvEncoding;
        if (map == null) {
            throw new IllegalArgumentException("null parameter");
        }
        synchronized (_sslLock) {
            tibjmsSSLParams.vendor = _getEnvString(map, VENDOR, tibjmsSSLParams.vendor);
            tibjmsSSLParams.tracer = _tracerValue(map, TRACE, tibjmsSSLParams.tracer);
            tibjmsSSLParams.debug_trace = _getEnvBool(map, DEBUG_TRACE, tibjmsSSLParams.debug_trace);
            tibjmsSSLParams.expected_hostname = _getEnvString(map, EXPECTED_HOST_NAME, tibjmsSSLParams.expected_hostname);
            tibjmsSSLParams.disable_verify_host = !_getEnvBool(map, ENABLE_VERIFY_HOST, !tibjmsSSLParams.disable_verify_host);
            tibjmsSSLParams.disable_verify_hostname = !_getEnvBool(map, ENABLE_VERIFY_HOST_NAME, !tibjmsSSLParams.disable_verify_hostname);
            tibjmsSSLParams.auth_only = _getEnvBool(map, AUTH_ONLY, tibjmsSSLParams.auth_only);
            Object _getDual = _getDual(map, HOST_NAME_VERIFIER);
            if (_getDual != null) {
                if (!(_getDual instanceof TibjmsSSLHostNameVerifier)) {
                    throw new JMSSecurityException("Invalid value of 'com.tibco.tibjms.ssl.hostname_verifier': must be instance of class " + TibjmsSSLHostNameVerifier.class.getName());
                }
                tibjmsSSLParams.verifier = (TibjmsSSLHostNameVerifier) _getDual;
            }
            Object _getDual2 = _getDual(map, CIPHER_SUITES);
            if (_getDual2 != null) {
                if (_getDual2 instanceof String) {
                    if (((String) _getDual2).length() > 0) {
                        _setCipherSuites(tibjmsSSLParams, (String) _getDual2);
                    }
                } else {
                    if (!(_getDual2 instanceof int[])) {
                        throw new JMSSecurityException("Invalid value of 'com.tibco.tibjms.ssl.cipher_suites': must be a String or int[]");
                    }
                    int[] iArr = (int[]) _getDual2;
                    if (iArr.length > 0) {
                        int[] iArr2 = new int[iArr.length];
                        System.arraycopy(iArr, 0, iArr2, 0, iArr.length);
                        _setCipherSuites(tibjmsSSLParams, iArr2);
                        tibjmsSSLParams.cipher_suites = iArr2;
                    }
                }
            }
            Object _getDual3 = _getDual(map, TRUSTED_CERTIFICATES);
            if (_getDual3 != null) {
                if (_getDual3 instanceof String) {
                    _addTrustedCerts(tibjmsSSLParams, (String) _getDual3, 0);
                } else {
                    if (!(_getDual3 instanceof Vector)) {
                        throw new JMSSecurityException("Invalid value of 'com.tibco.tibjms.ssl.trusted_certs': must be Vector");
                    }
                    Vector vector = (Vector) _getDual3;
                    int i = 0;
                    while (i < vector.size()) {
                        int i2 = 0;
                        Object elementAt = vector.elementAt(i);
                        i++;
                        if (elementAt == null) {
                            throw new JMSSecurityException("Invalid content of 'com.tibco.tibjms.ssl.trusted_certs'");
                        }
                        if (elementAt instanceof String) {
                            i2 = encodingNameToInt((String) elementAt);
                        }
                        if (!(elementAt instanceof Number) && i2 == 0) {
                            _addTrustedCerts(tibjmsSSLParams, elementAt, 0);
                        } else {
                            if (i > vector.size() - 1) {
                                throw new JMSSecurityException("Invalid content of 'com.tibco.tibjms.ssl.trusted_certs'");
                            }
                            Object elementAt2 = vector.elementAt(i);
                            if (i2 == 0) {
                                i2 = ((Number) elementAt).intValue();
                            }
                            i++;
                            _addTrustedCerts(tibjmsSSLParams, elementAt2, i2);
                        }
                    }
                }
            }
            Object _getDual4 = _getDual(map, ISSUER_CERTIFICATES);
            if (_getDual4 != null) {
                if (_getDual4 instanceof String) {
                    _addIssuerCerts(tibjmsSSLParams, (String) _getDual4, 0);
                } else {
                    if (!(_getDual4 instanceof Vector)) {
                        throw new JMSSecurityException("Invalid value of 'com.tibco.tibjms.ssl.issuer_certs': must be Vector");
                    }
                    Vector vector2 = (Vector) _getDual4;
                    int i3 = 0;
                    while (i3 < vector2.size()) {
                        int i4 = 0;
                        Object elementAt3 = vector2.elementAt(i3);
                        i3++;
                        if (elementAt3 == null) {
                            throw new JMSSecurityException("Invalid content of 'com.tibco.tibjms.ssl.issuer_certs'");
                        }
                        if (elementAt3 instanceof String) {
                            i4 = encodingNameToInt((String) elementAt3);
                        }
                        if (!(elementAt3 instanceof Number) && i4 == 0) {
                            _addIssuerCerts(tibjmsSSLParams, elementAt3, 0);
                        } else {
                            if (i3 > vector2.size() - 1) {
                                throw new JMSSecurityException("Invalid content of 'com.tibco.tibjms.ssl.issuer_certs'");
                            }
                            Object elementAt4 = vector2.elementAt(i3);
                            if (i4 == 0) {
                                i4 = ((Number) elementAt3).intValue();
                            }
                            i3++;
                            _addIssuerCerts(tibjmsSSLParams, elementAt4, i4);
                        }
                    }
                }
            }
            Object _getDual5 = _getDual(map, IDENTITY);
            if (_getDual5 != null) {
                int i5 = 0;
                int i6 = 0;
                char[] cArr = null;
                Integer _getEnvEncoding2 = _getEnvEncoding(map, IDENTITY_ENCODING);
                if (_getEnvEncoding2 != null) {
                    i5 = _getEnvEncoding2.intValue();
                }
                Object _getDual6 = _getDual(map, PRIVATE_KEY);
                if (_getDual6 != null && (_getEnvEncoding = _getEnvEncoding(map, PRIVATE_KEY_ENCODING)) != null) {
                    i6 = _getEnvEncoding.intValue();
                }
                Object _getDual7 = _getDual(map, PASSWORD);
                if (_getDual7 != null) {
                    if (!(_getDual7 instanceof String) && !(_getDual7 instanceof char[])) {
                        throw new JMSSecurityException("Invalid value of 'com.tibco.tibjms.ssl.password': must be a String or char[]");
                    }
                    cArr = _getDual7 instanceof String ? ((String) _getDual7).toCharArray() : (char[]) _getDual7;
                }
                if (_getDual6 != null) {
                    _setIdentity(tibjmsSSLParams, _getDual5, i5, _getDual6, i6, cArr);
                } else {
                    _setIdentity(tibjmsSSLParams, _getDual5, i5, null, 0, cArr);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void _enableVendorTrace(boolean z) {
        if (z) {
            try {
                if (System.getProperty("javax.net.debug") == null) {
                    System.setProperty("javax.net.debug", "ssl:handshake:trustmanager");
                }
            } catch (Throwable th) {
            }
        }
    }

    public static String getVendor() {
        synchronized (_sslLock) {
            if (_sslInitialized || TIBCOSecurity.isInitialized()) {
                return TIBCOSecurity.getVendor();
            }
            return _default.vendor != null ? _default.vendor : _DEFAULT_SSL_VENDOR;
        }
    }

    public static void setVendor(String str) throws JMSSecurityException {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("null or empty String");
        }
        synchronized (_sslLock) {
            if (0 == 0) {
                _default.vendor = str;
            } else if (str.equalsIgnoreCase(null)) {
            }
        }
    }

    public static void initialize() throws JMSSecurityException {
        synchronized (_sslLock) {
            initialize(null);
        }
    }

    public static void initialize(String str) throws JMSSecurityException {
        initialize(_default, str);
    }

    private static void put_if(Hashtable hashtable, String str, String str2) {
        if (str2 == null || str2.length() <= 0) {
            return;
        }
        hashtable.put(str, str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void initialize(TibjmsSSLParams tibjmsSSLParams, String str) throws JMSSecurityException {
        try {
            if (_default.tracer == null && Tibjmsx.sslTrace) {
                _default.tracer = System.out;
            }
        } catch (Exception e) {
        }
        try {
            if (!_default.debug_trace && Tibjmsx.sslDebugTrace) {
                _default.debug_trace = true;
            }
        } catch (Exception e2) {
        }
        PrintStream _getTracer = _getTracer(tibjmsSSLParams);
        synchronized (_sslLock) {
            if (_sslInitialized) {
                return;
            }
            Hashtable hashtable = new Hashtable();
            put_if(hashtable, VENDOR, Tibjmsx.ssl_vendor);
            put_if(hashtable, TRACE, Tibjmsx.ssl_trace);
            put_if(hashtable, DEBUG_TRACE, Tibjmsx.ssl_debug_trace);
            put_if(hashtable, ENABLE_VERIFY_HOST, Tibjmsx.ssl_verify_host);
            put_if(hashtable, ENABLE_VERIFY_HOST_NAME, Tibjmsx.ssl_verify_hostname);
            put_if(hashtable, EXPECTED_HOST_NAME, Tibjmsx.ssl_expected_hostname);
            put_if(hashtable, AUTH_ONLY, Tibjmsx.ssl_auth_only);
            put_if(hashtable, IDENTITY, Tibjmsx.ssl_identity);
            put_if(hashtable, PRIVATE_KEY, Tibjmsx.ssl_private_key);
            put_if(hashtable, PASSWORD, Tibjmsx.ssl_password);
            put_if(hashtable, CIPHER_SUITES, Tibjmsx.ssl_ciphers);
            if (Tibjmsx.ssl_trusted != null) {
                Vector vector = new Vector();
                vector.addElement(Tibjmsx.ssl_trusted);
                if (Tibjmsx.ssl_trusted1 != null) {
                    vector.addElement(Tibjmsx.ssl_trusted1);
                }
                if (Tibjmsx.ssl_trusted2 != null) {
                    vector.addElement(Tibjmsx.ssl_trusted2);
                }
                if (Tibjmsx.ssl_trusted3 != null) {
                    vector.addElement(Tibjmsx.ssl_trusted3);
                }
                hashtable.put(TRUSTED_CERTIFICATES, vector);
            }
            if (Tibjmsx.ssl_issuer != null) {
                Vector vector2 = new Vector();
                vector2.addElement(Tibjmsx.ssl_issuer);
                if (Tibjmsx.ssl_issuer1 != null) {
                    vector2.addElement(Tibjmsx.ssl_issuer1);
                }
                if (Tibjmsx.ssl_issuer2 != null) {
                    vector2.addElement(Tibjmsx.ssl_issuer2);
                }
                if (Tibjmsx.ssl_issuer3 != null) {
                    vector2.addElement(Tibjmsx.ssl_issuer3);
                }
                hashtable.put(ISSUER_CERTIFICATES, vector2);
            }
            if (hashtable.size() > 0) {
                try {
                    initFromEnvironment(hashtable, _default);
                } catch (JMSException e3) {
                    throw new JMSSecurityException(e3.getMessage());
                }
            }
            String str2 = str;
            if (str2 == null) {
                str2 = _default.vendor;
            }
            if (str2 == null) {
                str2 = _DEFAULT_SSL_VENDOR;
            }
            if (_getTracer != null) {
                _sslTrace(_getTracer, "initializing security with vendor '" + str2 + TibjmsNamingConstants.SYNTAX_QUOTE, null);
            }
            try {
                TIBCOSecurity.init(str2, true, false, false, secureRandom);
                if (_getTracer != null) {
                    _sslTrace(_getTracer, "client version 5.1.0, security version " + TIBCOSecurity.getVersionString() + ", SSL initialized with vendor '" + TIBCOSecurity.getVendor() + TibjmsNamingConstants.SYNTAX_QUOTE, null);
                }
                _sslInitialized = true;
            } catch (AXSecurityException e4) {
                JMSSecurityException jMSSecurityException = new JMSSecurityException("Failed to initialize security environment for vendor " + str2 + ", reason: " + e4.getMessage());
                jMSSecurityException.setLinkedException(e4);
                throw jMSSecurityException;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TibjmsSSLParams getDefaultParameters() {
        return _default;
    }

    public static void setDebugTraceEnabled(boolean z) {
        _default.debug_trace = z;
    }

    public static void setAuthOnly(boolean z) {
        _default.auth_only = z;
    }

    public static boolean isAuthOnly() {
        return _default.auth_only;
    }

    public static boolean getDebugTraceEnabled() {
        return _default.debug_trace;
    }

    public static void setClientTracer(PrintStream printStream) {
        _default.tracer = printStream;
    }

    public static PrintStream getClientTracer() {
        return _default.tracer;
    }

    public static void setSecureRandom(SecureRandom secureRandom2) {
        secureRandom = secureRandom2;
    }

    public static String getCipherSuiteName(int i) throws JMSSecurityException {
        if (!_sslInitialized) {
            throw new JMSSecurityException(_noinit);
        }
        try {
            return SSLConstants.getSuiteName(i);
        } catch (AXSecurityException e) {
            throw new JMSSecurityException("Unknown cipher suite");
        }
    }

    public static boolean isCipherSuiteSupported(int i) throws JMSSecurityException {
        if (_sslInitialized) {
            return SSLFactory.getInstance().isCipherSuiteSupported(i);
        }
        throw new JMSSecurityException(_noinit);
    }

    public static int[] getSupportedCipherSuites() throws JMSSecurityException {
        if (_sslInitialized) {
            return SSLFactory.getInstance().getSupportedCipherSuites();
        }
        throw new JMSSecurityException(_noinit);
    }

    public static void setCipherSuites(int[] iArr) throws JMSSecurityException {
        _setCipherSuites(_default, iArr);
    }

    static void _setCipherSuites(TibjmsSSLParams tibjmsSSLParams, int[] iArr) throws JMSSecurityException {
        if (iArr != null && iArr.length == 0) {
            throw new IllegalArgumentException("Parameter can not be zero-length array");
        }
        if (iArr == null) {
            tibjmsSSLParams.cipher_suites = null;
            return;
        }
        int[] iArr2 = new int[iArr.length];
        System.arraycopy(iArr, 0, iArr2, 0, iArr.length);
        tibjmsSSLParams.cipher_suites = iArr2;
    }

    public static void setCipherSuites(String str) throws JMSSecurityException {
        _setCipherSuites(_default, str);
    }

    static void _setCipherSuites(TibjmsSSLParams tibjmsSSLParams, String str) throws JMSSecurityException {
        if (str != null && str.length() == 0) {
            throw new IllegalArgumentException("Parameter can not be empty String");
        }
        tibjmsSSLParams.cipher_specs = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int[] _getCipherSuites(TibjmsSSLParams tibjmsSSLParams) throws JMSSecurityException {
        if (tibjmsSSLParams == null) {
            return null;
        }
        int[] iArr = tibjmsSSLParams.cipher_suites != null ? tibjmsSSLParams.cipher_suites : null;
        if (tibjmsSSLParams.cipher_specs != null) {
            iArr = _ciphersFromSpec(tibjmsSSLParams.cipher_specs);
        }
        PrintStream _getTracer = _getTracer(tibjmsSSLParams);
        if (_getTracer != null && iArr != null) {
            if (!_sslInitialized) {
                throw new JMSSecurityException(_noinit);
            }
            SSLFactory sSLFactory = SSLFactory.getInstance();
            for (int i = 0; i < iArr.length; i++) {
                if (!sSLFactory.isCipherSuiteSupported(iArr[i])) {
                    String str = "<unknown>";
                    try {
                        str = getCipherSuiteName(iArr[i]);
                    } catch (JMSSecurityException e) {
                    }
                    _sslTrace(_getTracer, "Warning: specified cipher suite not supported: suite=" + iArr[i] + ", name=" + str, null);
                }
            }
        }
        return iArr;
    }

    public static void setVerifyHost(boolean z) {
        _default.disable_verify_host = !z;
    }

    public static boolean getVerifyHost() {
        return !_default.disable_verify_host;
    }

    public static void setExpectedHostName(String str) {
        _default.expected_hostname = str;
    }

    public static String getExpectedHostName() {
        return _default.expected_hostname;
    }

    public static void setVerifyHostName(boolean z) {
        _default.disable_verify_hostname = !z;
    }

    public static boolean getVerifyHostName() {
        return !_default.disable_verify_hostname;
    }

    public static void setHostNameVerifier(TibjmsSSLHostNameVerifier tibjmsSSLHostNameVerifier) {
        synchronized (_sslLock) {
            _default.verifier = tibjmsSSLHostNameVerifier;
        }
    }

    public static TibjmsSSLHostNameVerifier getHostNameVerifier() {
        return _default.verifier;
    }

    public static void clearTrustedCerts() throws JMSSecurityException {
        synchronized (_sslLock) {
            _default.trusted = null;
        }
    }

    public static void addTrustedCerts(Object obj) throws JMSSecurityException {
        addTrustedCerts(obj, 0);
    }

    public static void addTrustedCerts(Object obj, int i) throws JMSSecurityException {
        synchronized (_sslLock) {
            _addTrustedCerts(_default, obj, i);
        }
    }

    static void _addTrustedCerts(TibjmsSSLParams tibjmsSSLParams, Object obj, int i) throws JMSSecurityException {
        if (obj == null || tibjmsSSLParams == null) {
            throw new IllegalArgumentException("null parameter");
        }
        int encodingToPrecise = encodingToPrecise(i);
        checkValidTrustedEncoding(encodingToPrecise);
        TibjmsSSLCI tibjmsSSLCI = new TibjmsSSLCI(obj, encodingToPrecise);
        if (tibjmsSSLParams.trusted == null) {
            tibjmsSSLParams.trusted = new Vector();
        }
        tibjmsSSLParams.trusted.addElement(tibjmsSSLCI);
    }

    public static void clearIssuerCerts() throws JMSSecurityException {
        synchronized (_sslLock) {
            _default.issuers = null;
        }
    }

    public static void addIssuerCerts(Object obj) throws JMSSecurityException {
        addIssuerCerts(obj, 0);
    }

    public static void addIssuerCerts(Object obj, int i) throws JMSSecurityException {
        synchronized (_sslLock) {
            _addIssuerCerts(_default, obj, i);
        }
    }

    static void _addIssuerCerts(TibjmsSSLParams tibjmsSSLParams, Object obj, int i) throws JMSSecurityException {
        if (obj == null || tibjmsSSLParams == null) {
            throw new IllegalArgumentException("null parameter");
        }
        TibjmsSSLCI tibjmsSSLCI = new TibjmsSSLCI(obj, encodingToPrecise(i));
        if (tibjmsSSLParams.issuers == null) {
            tibjmsSSLParams.issuers = new Vector();
        }
        tibjmsSSLParams.issuers.addElement(tibjmsSSLCI);
    }

    static PrintStream _getTracer(TibjmsSSLParams tibjmsSSLParams) {
        return (tibjmsSSLParams == null || tibjmsSSLParams.tracer == null) ? _default.tracer : tibjmsSSLParams.tracer;
    }

    public static void setIdentity(Object obj, char[] cArr) throws JMSSecurityException {
        setIdentity(obj, 0, null, 0, cArr);
    }

    public static void setIdentity(Object obj, Object obj2, char[] cArr) throws JMSSecurityException {
        setIdentity(obj, 0, obj2, 0, cArr);
    }

    public static void setIdentity(Object obj, int i, char[] cArr) throws JMSSecurityException {
        setIdentity(obj, i, null, 0, cArr);
    }

    public static void setIdentity(Object obj, int i, Object obj2, char[] cArr) throws JMSSecurityException {
        setIdentity(obj, i, obj2, 0, cArr);
    }

    public static void setIdentity(Object obj, int i, Object obj2, int i2, char[] cArr) throws JMSSecurityException {
        synchronized (_sslLock) {
            _setIdentity(_default, obj, i, obj2, i2, cArr);
        }
    }

    public static void setPassword(char[] cArr) {
        _setPassword(_default, cArr);
    }

    /* JADX WARN: Code restructure failed: missing block: B:21:0x0010, code lost:
    
        if (r5.length == 0) goto L10;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    static void _setPassword(com.tibco.tibjms.TibjmsSSLParams r4, char[] r5) {
        /*
            java.lang.Object r0 = com.tibco.tibjms.TibjmsSSL._sslLock
            r1 = r0
            r6 = r1
            monitor-enter(r0)
            r0 = r4
            if (r0 == 0) goto L13
            r0 = r5
            if (r0 == 0) goto L1d
            r0 = r5
            int r0 = r0.length     // Catch: java.lang.Throwable -> L46
            if (r0 != 0) goto L1d
        L13:
            java.lang.IllegalArgumentException r0 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L46
            r1 = r0
            java.lang.String r2 = "invalid parameters"
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L46
            throw r0     // Catch: java.lang.Throwable -> L46
        L1d:
            r0 = r4
            char[] r0 = r0.password     // Catch: java.lang.Throwable -> L46
            if (r0 == 0) goto L3c
            r0 = 0
            r7 = r0
        L26:
            r0 = r7
            r1 = r4
            char[] r1 = r1.password     // Catch: java.lang.Throwable -> L46
            int r1 = r1.length     // Catch: java.lang.Throwable -> L46
            if (r0 >= r1) goto L3c
            r0 = r4
            char[] r0 = r0.password     // Catch: java.lang.Throwable -> L46
            r1 = r7
            r2 = 0
            r0[r1] = r2     // Catch: java.lang.Throwable -> L46
            int r7 = r7 + 1
            goto L26
        L3c:
            r0 = r4
            r1 = r5
            r0.password = r1     // Catch: java.lang.Throwable -> L46
            r0 = r6
            monitor-exit(r0)     // Catch: java.lang.Throwable -> L46
            goto L4d
        L46:
            r8 = move-exception
            r0 = r6
            monitor-exit(r0)     // Catch: java.lang.Throwable -> L46
            r0 = r8
            throw r0
        L4d:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.tibco.tibjms.TibjmsSSL._setPassword(com.tibco.tibjms.TibjmsSSLParams, char[]):void");
    }

    static void _setIdentity(TibjmsSSLParams tibjmsSSLParams, Object obj, int i, Object obj2, int i2, char[] cArr) throws JMSSecurityException {
        if (tibjmsSSLParams == null || obj == null) {
            throw new IllegalArgumentException("null parameter");
        }
        int encodingToPrecise = encodingToPrecise(i);
        int encodingToPrecise2 = encodingToPrecise(i2);
        tibjmsSSLParams.identity_data = new TibjmsSSLCI(obj, encodingToPrecise);
        if (obj2 != null) {
            tibjmsSSLParams.pk_key_data = new TibjmsSSLCI(obj2, encodingToPrecise2);
        }
        tibjmsSSLParams.password = cArr;
    }

    static TrustedCerts _createTrustedCerts() throws JMSSecurityException {
        return _createTrustedCerts(_default);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TrustedCerts _createTrustedCerts(TibjmsSSLParams tibjmsSSLParams) throws JMSSecurityException {
        synchronized (_sslLock) {
            if (!_sslInitialized) {
                throw new JMSSecurityException(_noinit);
            }
            if (tibjmsSSLParams.trusted == null) {
                return null;
            }
            try {
                TrustedCerts createTrustedCerts = TrustedCertsFactory.createTrustedCerts();
                for (int i = 0; i < tibjmsSSLParams.trusted.size(); i++) {
                    _addTrustedCerts(tibjmsSSLParams, createTrustedCerts, (TibjmsSSLCI) tibjmsSSLParams.trusted.elementAt(i));
                }
                return createTrustedCerts;
            } catch (AXSecurityException e) {
                JMSSecurityException jMSSecurityException = new JMSSecurityException("Failed to create trusted certificates store");
                jMSSecurityException.setLinkedException(e);
                throw jMSSecurityException;
            }
        }
    }

    private static void _addTrustedCerts(TibjmsSSLParams tibjmsSSLParams, TrustedCerts trustedCerts, TibjmsSSLCI tibjmsSSLCI) throws JMSSecurityException {
        synchronized (_sslLock) {
            if (tibjmsSSLCI != null) {
                if (tibjmsSSLCI.data != null && trustedCerts != null) {
                    if (!_sslInitialized) {
                        throw new JMSSecurityException(_noinit);
                    }
                    if ((tibjmsSSLCI.encoding & 16) == 0) {
                        checkValidTrustedEncoding(tibjmsSSLCI.encoding);
                        Cert[] _readCerts = _readCerts(tibjmsSSLParams, TibjmsXMLConst.TIBJMS_XML_TRUSTED, tibjmsSSLCI.data, tibjmsSSLCI.encoding, false);
                        if (_readCerts != null && _readCerts.length > 0) {
                            _addTrusted(tibjmsSSLParams, trustedCerts, _readCerts);
                        }
                    } else {
                        _readTrustedFromPKCS7(tibjmsSSLParams, tibjmsSSLCI.data, trustedCerts);
                    }
                }
            }
            throw new IllegalArgumentException("null parameter");
        }
    }

    static void _addTrusted(TibjmsSSLParams tibjmsSSLParams, TrustedCerts trustedCerts, Cert[] certArr) throws JMSSecurityException {
        PrintStream _getTracer = _getTracer(tibjmsSSLParams);
        synchronized (_sslLock) {
            if (!_sslInitialized) {
                throw new JMSSecurityException(_noinit);
            }
            if (trustedCerts == null) {
                throw new IllegalArgumentException("null parameter");
            }
            if (certArr == null || certArr.length == 0) {
                return;
            }
            for (int i = 0; i < certArr.length; i++) {
                try {
                    if (_getTracer != null) {
                        _sslTrace(_getTracer, "adding trusted certificate [" + getCertDescription(certArr[i]) + "]", null);
                    }
                    trustedCerts.addCertificate(certArr[i]);
                } catch (Exception e) {
                    JMSSecurityException jMSSecurityException = new JMSSecurityException("Error adding trusted certificate: " + e.getMessage());
                    jMSSecurityException.setLinkedException(e);
                    throw jMSSecurityException;
                }
            }
        }
    }

    static void _readTrustedFromPKCS7(TibjmsSSLParams tibjmsSSLParams, Object obj, TrustedCerts trustedCerts) throws JMSSecurityException {
        if (obj == null || trustedCerts == null) {
            throw new IllegalArgumentException("null parameter");
        }
        InputStream inputStream = null;
        boolean z = false;
        String str = null;
        PrintStream _getTracer = _getTracer(tibjmsSSLParams);
        if (obj instanceof String) {
            str = (String) obj;
            if (_getTracer != null) {
                _sslTrace(_getTracer, "reading trusted certificate(s) from PKCS7 file '" + str + TibjmsNamingConstants.SYNTAX_QUOTE, null);
            }
            inputStream = _fileToStream(str);
        } else if (obj instanceof byte[]) {
            if (_getTracer != null) {
                _sslTrace(_getTracer, "reading trusted certificate(s) from PKCS7 byte array", null);
            }
            inputStream = new ByteArrayInputStream((byte[]) obj);
        } else if (obj instanceof InputStream) {
            if (_getTracer != null) {
                _sslTrace(_getTracer, "reading trusted certificate(s) from PKCS7 input stream", null);
            }
            inputStream = (InputStream) obj;
            z = true;
        }
        try {
            if (inputStream == null) {
                throw new JMSSecurityException("Invalid trusted certs object of class " + obj.getClass().getName());
            }
            try {
                TrustedCerts createTrustedCerts = TrustedCertsFactory.createTrustedCerts(inputStream, "PKCS7");
                if (!z && inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e) {
                    }
                }
                try {
                    try {
                        Cert[] certificateList = createTrustedCerts.getCertificateList();
                        if (certificateList != null) {
                            for (int i = 0; i < certificateList.length; i++) {
                                if (_getTracer != null) {
                                    _sslTrace(_getTracer, "adding trusted certificate [" + getCertDescription(certificateList[i]) + "]", null);
                                }
                                trustedCerts.addCertificate(certificateList[i]);
                            }
                        }
                        createTrustedCerts.dispose();
                    } catch (Exception e2) {
                        createTrustedCerts.dispose();
                        JMSSecurityException jMSSecurityException = new JMSSecurityException("Error adding trusted certificate from PKCS7 object: " + e2.getMessage());
                        jMSSecurityException.setLinkedException(e2);
                        throw jMSSecurityException;
                    }
                } catch (Throwable th) {
                    createTrustedCerts.dispose();
                    throw th;
                }
            } catch (Exception e3) {
                JMSSecurityException jMSSecurityException2 = new JMSSecurityException((str != null ? "Error reading certs from PKCS7 file '" + str + TibjmsNamingConstants.SYNTAX_QUOTE : "Error reading certs from PKCS7 object") + ": " + e3.getMessage());
                jMSSecurityException2.setLinkedException(e3);
                throw jMSSecurityException2;
            }
        } catch (Throwable th2) {
            if (!z && inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e4) {
                }
            }
            throw th2;
        }
    }

    /* JADX WARN: Finally extract failed */
    static Cert[] _readCerts(TibjmsSSLParams tibjmsSSLParams, String str, Object obj, int i, boolean z) throws JMSSecurityException {
        Cert[] certArr;
        if (obj == null) {
            throw new IllegalArgumentException("null parameter");
        }
        InputStream inputStream = null;
        boolean z2 = false;
        String str2 = null;
        PrintStream _getTracer = _getTracer(tibjmsSSLParams);
        if ((i & 32) != 0) {
            throw new JMSSecurityException("PKCS8 can not be used as certificate encoding");
        }
        if (obj instanceof String) {
            str2 = (String) obj;
            if (_getTracer != null && str != null) {
                _sslTrace(_getTracer, "reading " + str + " certificate(s) from file '" + str2 + "', format=" + encodingToName(i), null);
            }
            inputStream = _fileToStream(str2);
        } else if (obj instanceof byte[]) {
            if (_getTracer != null && str != null) {
                _sslTrace(_getTracer, "reading " + str + " certificate(s) from byte array, format=" + encodingToName(i), null);
            }
            inputStream = new ByteArrayInputStream((byte[]) obj);
        } else if (obj instanceof InputStream) {
            if (_getTracer != null && str != null) {
                _sslTrace(_getTracer, "reading " + str + " certificate(s) from byte array, format=" + (i != 0 ? encodingToName(i) : "PEM or DER"), null);
            }
            inputStream = (InputStream) obj;
            z2 = true;
        } else if (obj instanceof X509Certificate[]) {
            if (_getTracer != null && str != null) {
                _sslTrace(_getTracer, "reading " + str + " certificate(s) from array of X509Certificate objects", null);
            }
            try {
                return CertUtils.convertCertificateList((X509Certificate[]) obj);
            } catch (Exception e) {
                JMSSecurityException jMSSecurityException = new JMSSecurityException("Error reading certs from X509Certificate[] object");
                jMSSecurityException.setLinkedException(e);
                throw jMSSecurityException;
            }
        }
        try {
            try {
                if (inputStream != null) {
                    certArr = !z ? CertUtils.streamToCerts(inputStream) : new Cert[]{CertFactory.createCert(inputStream)};
                } else if (obj instanceof X509Certificate) {
                    if (_getTracer != null && str != null) {
                        _sslTrace(_getTracer, "reading " + str + " certificate from X509Certificate object", null);
                    }
                    certArr = new Cert[]{CertFactory.createCert((X509Certificate) obj)};
                } else {
                    if (_getTracer != null && str != null) {
                        _sslTrace(_getTracer, "reading " + str + " certificate(s) from object of class " + obj.getClass().getName() + ", format=" + encodingToName(i), null);
                    }
                    certArr = new Cert[]{CertFactory.createCert(obj)};
                }
                if (!z2 && inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e2) {
                    }
                }
                return certArr;
            } catch (Throwable th) {
                if (!z2 && inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e3) {
                    }
                }
                throw th;
            }
        } catch (Exception e4) {
            JMSSecurityException jMSSecurityException2 = new JMSSecurityException((str2 != null ? "Error reading certs from file '" + str2 : "Error reading certs from " + obj.getClass().getName() + " object") + ": " + e4.getMessage());
            jMSSecurityException2.setLinkedException(e4);
            throw jMSSecurityException2;
        }
    }

    static Identity createIdentity() throws JMSSecurityException {
        Identity createIdentity;
        synchronized (_sslLock) {
            createIdentity = createIdentity(_default);
        }
        return createIdentity;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Identity createIdentity(TibjmsSSLParams tibjmsSSLParams) throws JMSSecurityException {
        PrintStream _getTracer = _getTracer(tibjmsSSLParams);
        if (tibjmsSSLParams.identity_data == null) {
            if (_getTracer != null) {
                _sslTrace(_getTracer, "client identity not set, using empty identity.", null);
            }
            try {
                return IdentityFactory.createIdentity();
            } catch (AXSecurityException e) {
                JMSSecurityException jMSSecurityException = new JMSSecurityException("Can not create empty identity: " + e.getMessage());
                jMSSecurityException.setLinkedException(e);
                throw jMSSecurityException;
            }
        }
        InputStream inputStream = null;
        boolean z = false;
        tibjmsSSLParams.identity_data.encoding = encodingToPrecise(tibjmsSSLParams.identity_data.encoding);
        if (tibjmsSSLParams.pk_key_data != null) {
            tibjmsSSLParams.pk_key_data.encoding = encodingToPrecise(tibjmsSSLParams.pk_key_data.encoding);
        }
        try {
            try {
                Object obj = tibjmsSSLParams.identity_data.data;
                if (tibjmsSSLParams.identity_data.data instanceof String) {
                    String str = (String) tibjmsSSLParams.identity_data.data;
                    if (_getTracer != null) {
                        _sslTrace(_getTracer, "reading client identity from file '" + str + "', format=" + encodingToName(tibjmsSSLParams.identity_data.encoding), null);
                    }
                    inputStream = _fileToStream(str);
                } else if (tibjmsSSLParams.identity_data.data instanceof byte[]) {
                    if (_getTracer != null) {
                        _sslTrace(_getTracer, "reading client identity from byte array, format=" + encodingToName(tibjmsSSLParams.identity_data.encoding), null);
                    }
                    inputStream = new ByteArrayInputStream((byte[]) tibjmsSSLParams.identity_data.data);
                } else if (tibjmsSSLParams.identity_data.data instanceof InputStream) {
                    z = true;
                    inputStream = (InputStream) tibjmsSSLParams.identity_data.data;
                    if (_getTracer != null) {
                        _sslTrace(_getTracer, "reading client identity from input stream, format=" + encodingToName(tibjmsSSLParams.identity_data.encoding), null);
                    }
                }
                if (inputStream != null) {
                    obj = inputStream;
                }
                if (tibjmsSSLParams.pk_key_data != null && (tibjmsSSLParams.identity_data.encoding == 512 || tibjmsSSLParams.identity_data.encoding == 64 || tibjmsSSLParams.identity_data.encoding == 256)) {
                    throw new JMSSecurityException("Conflicting parameters: private key should not be specified when identity is a store");
                }
                Identity _identityFromStore = tibjmsSSLParams.pk_key_data == null ? _identityFromStore(tibjmsSSLParams, obj, tibjmsSSLParams.identity_data.encoding, tibjmsSSLParams.password) : _identityFromCertAndKey(tibjmsSSLParams, obj, tibjmsSSLParams.identity_data.encoding, tibjmsSSLParams.pk_key_data.data, tibjmsSSLParams.pk_key_data.encoding, tibjmsSSLParams.password);
                if (!z && inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e2) {
                    }
                }
                return _identityFromStore;
            } catch (JMSSecurityException e3) {
                throw e3;
            }
        } catch (Throwable th) {
            if (0 == 0 && 0 != 0) {
                try {
                    inputStream.close();
                } catch (IOException e4) {
                }
            }
            throw th;
        }
    }

    static Identity _identityFromStore(TibjmsSSLParams tibjmsSSLParams, Object obj, int i, char[] cArr) throws JMSSecurityException {
        Identity createIdentity;
        PrintStream _getTracer = _getTracer(tibjmsSSLParams);
        if (i == 512) {
            try {
                if (obj instanceof InputStream) {
                    if (_getTracer != null) {
                        _sslTrace(_getTracer, "creating KeyStore from input stream", null);
                    }
                    KeyStore keyStore = KeyStore.getInstance("JKS");
                    try {
                        keyStore.load((InputStream) obj, cArr);
                        obj = keyStore;
                    } catch (Exception e) {
                        JMSSecurityException jMSSecurityException = new JMSSecurityException("Failed to read KeyStore object: " + e.getMessage());
                        jMSSecurityException.setLinkedException(e);
                        throw jMSSecurityException;
                    }
                }
            } catch (Exception e2) {
                JMSSecurityException jMSSecurityException2 = new JMSSecurityException("Error occured while reading identity data: " + e2.getMessage());
                jMSSecurityException2.setLinkedException(e2);
                throw jMSSecurityException2;
            }
        }
        if (obj instanceof KeyStore) {
            if (_getTracer != null) {
                _sslTrace(_getTracer, "reading client identity from KeyStore object", null);
            }
            createIdentity = IdentityFactory.createIdentity((KeyStore) obj, cArr);
        } else if ((obj instanceof InputStream) && i == 64) {
            if (_getTracer != null) {
                _sslTrace(_getTracer, "reading client identity from PKCS12 input stream", null);
            }
            createIdentity = IdentityFactory.createIdentity((InputStream) obj, "PKCS12", cArr);
        } else {
            if (!(obj instanceof InputStream) || i != 256) {
                throw new JMSSecurityException("Invalid or not supported identity data");
            }
            if (_getTracer != null) {
                _sslTrace(_getTracer, "reading client identity from Entrust input stream", null);
            }
            createIdentity = IdentityFactory.createIdentity((InputStream) obj, "Entrust", cArr);
        }
        return createIdentity;
    }

    static Identity _identityFromCertAndKey(TibjmsSSLParams tibjmsSSLParams, Object obj, int i, Object obj2, int i2, char[] cArr) throws JMSSecurityException {
        ShroudedPK createShroudedPK;
        PK privateKey;
        if (obj == null || obj2 == null) {
            throw new IllegalArgumentException("null param");
        }
        InputStream inputStream = null;
        boolean z = false;
        PrintStream _getTracer = _getTracer(tibjmsSSLParams);
        if ((i2 & 16) != 0) {
            throw new JMSSecurityException("PKCS7 can not be used for private key encoding");
        }
        Cert[] _readCerts = _readCerts(tibjmsSSLParams, null, obj, i, false);
        if (tibjmsSSLParams.issuers != null) {
            for (int i3 = 0; i3 < tibjmsSSLParams.issuers.size(); i3++) {
                TibjmsSSLCI tibjmsSSLCI = (TibjmsSSLCI) tibjmsSSLParams.issuers.elementAt(i3);
                Cert[] _readCerts2 = _readCerts(tibjmsSSLParams, null, tibjmsSSLCI.data, tibjmsSSLCI.encoding, false);
                if (_readCerts2 != null && _readCerts2.length != 0) {
                    Cert[] certArr = new Cert[_readCerts.length + _readCerts2.length];
                    System.arraycopy(_readCerts, 0, certArr, 0, _readCerts.length);
                    System.arraycopy(_readCerts2, 0, certArr, _readCerts.length, _readCerts2.length);
                    _readCerts = certArr;
                }
            }
        }
        try {
            try {
                if (obj2 instanceof PrivateKey) {
                    if (_getTracer != null) {
                        _sslTrace(_getTracer, "reading client private key from PrivateKey object", null);
                    }
                    privateKey = PKFactory.createPK((PrivateKey) obj2);
                } else {
                    if (tibjmsSSLParams.pk_key_data.data instanceof String) {
                        String str = (String) tibjmsSSLParams.pk_key_data.data;
                        if (_getTracer != null) {
                            _sslTrace(_getTracer, "reading client private key from file '" + str + "', format=" + encodingToName(i2), null);
                        }
                        inputStream = _fileToStream(str);
                    } else if (tibjmsSSLParams.pk_key_data.data instanceof byte[]) {
                        inputStream = new ByteArrayInputStream((byte[]) tibjmsSSLParams.pk_key_data.data);
                        if (_getTracer != null) {
                            _sslTrace(_getTracer, "reading client private key from byte array, format=" + encodingToName(i2), null);
                        }
                    } else if (tibjmsSSLParams.pk_key_data.data instanceof InputStream) {
                        z = true;
                        inputStream = (InputStream) tibjmsSSLParams.pk_key_data.data;
                        if (_getTracer != null) {
                            _sslTrace(_getTracer, "reading client private key from input stream, format=" + encodingToName(i2), null);
                        }
                    }
                    try {
                        try {
                            if (inputStream == null) {
                                if (_getTracer != null) {
                                    _sslTrace(_getTracer, "reading client private key from vendor specific object: " + tibjmsSSLParams.pk_key_data.data.getClass().getName(), null);
                                }
                                createShroudedPK = PKFactory.createShroudedPK(tibjmsSSLParams.pk_key_data.data);
                            } else {
                                if (i2 != 0 && (i2 & 32) == 0) {
                                    throw new JMSSecurityException("Invalid object or encoding of client key");
                                }
                                createShroudedPK = PKFactory.createShroudedPK(inputStream);
                            }
                            privateKey = createShroudedPK.getPrivateKey(cArr);
                            if (!z && inputStream != null) {
                                try {
                                    inputStream.close();
                                } catch (IOException e) {
                                }
                            }
                        } catch (Exception e2) {
                            JMSSecurityException jMSSecurityException = new JMSSecurityException("Error occured while reading key data: " + e2.getMessage());
                            jMSSecurityException.setLinkedException(e2);
                            throw jMSSecurityException;
                        }
                    } finally {
                        if (!z && inputStream != null) {
                            try {
                                inputStream.close();
                            } catch (IOException e3) {
                            }
                        }
                    }
                }
                return IdentityFactory.createIdentity(privateKey, cArr, _readCerts, (String) null);
            } catch (Throwable th) {
                if (0 == 0 && 0 != 0) {
                    try {
                        inputStream.close();
                    } catch (IOException e4) {
                    }
                }
                throw th;
            }
        } catch (Exception e5) {
            JMSSecurityException jMSSecurityException2 = new JMSSecurityException("Error occured while reading identity or key data: " + e5.getMessage());
            jMSSecurityException2.setLinkedException(e5);
            throw jMSSecurityException2;
        } catch (JMSSecurityException e6) {
            throw e6;
        }
    }

    static String getDNField(String str, String str2) {
        if (str == null) {
            return null;
        }
        int indexOf = str.toLowerCase().indexOf(str2.toLowerCase() + "=");
        if (indexOf < 0) {
            return null;
        }
        int length = indexOf + str2.length() + 1;
        if (length >= str.length()) {
            return "";
        }
        int indexOf2 = str.indexOf(TibjmsNamingConstants.URL_SEPARATOR, length);
        return indexOf2 < 0 ? str.substring(length, str.length()) : str.substring(length, indexOf2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getCertCN(Cert cert) {
        Principal subjectDN;
        if (cert == null || (subjectDN = cert.getSubjectDN()) == null) {
            return null;
        }
        return getDNField(subjectDN.getName(), "CN");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getCertDescription(Cert cert) {
        if (cert == null) {
            return "null";
        }
        Principal subjectDN = cert.getSubjectDN();
        Principal issuerDN = cert.getIssuerDN();
        String str = (subjectDN == null ? "CertCN=[no subject]" : "CertCN=" + getDNField(subjectDN.getName(), "CN")) + ", IssuerCN=";
        return issuerDN == null ? str + "[no issuer]" : str + getDNField(issuerDN.getName(), "CN");
    }

    static void checkValidTrustedEncoding(int i) throws JMSSecurityException {
        int encodingToPrecise = encodingToPrecise(i);
        switch (encodingToPrecise) {
            case 0:
            case 1:
            case 2:
            case 17:
            case 20:
            case 64:
            case ENCODING_KEYSTORE /* 512 */:
                return;
            default:
                throw new JMSSecurityException("Invalid encoding of trusted certificates: " + encodingToName(encodingToPrecise));
        }
    }

    static String encodingToName(int i) {
        switch (i) {
            case 0:
                return "AUTO";
            case 1:
                return "PEM";
            case 2:
                return "DER";
            case 4:
                return "BER";
            case 16:
                return "PKCS7";
            case 17:
                return "PKCS7(PEM)";
            case 20:
                return "PKCS7(BER)";
            case 32:
                return "PKCS8";
            case 33:
                return "PKCS8(PEM)";
            case 36:
                return "PKCS8(BER)";
            case 64:
                return "PKCS12";
            case ENCODING_ENTRUST /* 256 */:
                return "ENTRUST";
            case ENCODING_KEYSTORE /* 512 */:
                return "KEYSTORE";
            default:
                return "UNKNOWN";
        }
    }

    static void isValidEncoding(int i) throws JMSSecurityException {
        switch (i) {
            case 0:
            case 1:
            case 2:
            case 17:
            case 20:
            case 33:
            case 36:
            case 64:
            case ENCODING_ENTRUST /* 256 */:
            case ENCODING_KEYSTORE /* 512 */:
                return;
            default:
                throw new JMSSecurityException("Invalid encoding");
        }
    }

    static int encodingToPrecise(int i) {
        if (i == 16) {
            return 20;
        }
        if (i == 32) {
            return 33;
        }
        return i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int encodingNameToInt(String str) {
        if (str == null) {
            return 0;
        }
        if (str.equalsIgnoreCase("pem")) {
            return 1;
        }
        if (str.equalsIgnoreCase("der")) {
            return 2;
        }
        if (str.equalsIgnoreCase("p7") || str.equalsIgnoreCase("pkcs7") || str.equalsIgnoreCase("pkcs#7")) {
            return 17;
        }
        if (str.equalsIgnoreCase("p7b") || str.equalsIgnoreCase("pkcs7b") || str.equalsIgnoreCase("pkcs#7b")) {
            return 20;
        }
        if (str.equalsIgnoreCase("p8") || str.equalsIgnoreCase("pkcs8") || str.equalsIgnoreCase("pkcs#8")) {
            return 33;
        }
        if (str.equalsIgnoreCase("p8b") || str.equalsIgnoreCase("pkcs8b") || str.equalsIgnoreCase("pkcs#8b")) {
            return 36;
        }
        if (str.equalsIgnoreCase("p12") || str.equalsIgnoreCase("pkcs12") || str.equalsIgnoreCase("pkcs#12")) {
            return 64;
        }
        if (str.equalsIgnoreCase("jks")) {
            return ENCODING_KEYSTORE;
        }
        if (str.equalsIgnoreCase("epf")) {
            return ENCODING_ENTRUST;
        }
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String removeEncoding(String str) {
        if (str == null) {
            return null;
        }
        int indexOf = str.indexOf(58);
        return (indexOf <= 0 || encodingNameToInt(str.substring(0, indexOf)) == 0) ? str : str.substring(indexOf + 1, str.length());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int encodingFromFilename(String str) {
        int encodingNameToInt;
        if (str == null) {
            return 0;
        }
        int indexOf = str.indexOf(58);
        if (indexOf > 0 && (encodingNameToInt = encodingNameToInt(str.substring(0, indexOf))) != 0) {
            return encodingNameToInt;
        }
        int lastIndexOf = str.lastIndexOf(46);
        if (lastIndexOf >= 0) {
            return encodingNameToInt(str.substring(lastIndexOf + 1, str.length()));
        }
        return 0;
    }

    static InputStream _fileToStream(String str) throws JMSSecurityException {
        if (str == null || str.length() == 0) {
            throw new JMSSecurityException("empty file name");
        }
        try {
            return new FileInputStream(str);
        } catch (IOException e) {
            JMSSecurityException jMSSecurityException = new JMSSecurityException("File not found or access denied: '" + str + TibjmsNamingConstants.SYNTAX_QUOTE);
            jMSSecurityException.setLinkedException(e);
            throw jMSSecurityException;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void _erasePass(char[] cArr) {
        if (cArr != null) {
            for (int i = 0; i < cArr.length; i++) {
                cArr[i] = 0;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void _erasePass() {
        _erasePass(_default.password);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void _sslTrace(PrintStream printStream, String str, Object[] objArr) {
        TibjmsxTrace.write(printStream, "[SSL] " + str, objArr);
    }
}
