package jeus.io.protocol.ssl;

import java.io.FileInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPathParameters;
import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.Vector;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import jeus.net.log.JeusMessage_Network;
import jeus.nodemanager.NodeManagerConstants;
import jeus.security.util.Constants;
import jeus.util.config.Config;
import jeus.util.file.FileUtils;
import jeus.util.logging.JeusLogger;
import jeus.util.properties.JeusNetProperties;
import jeus.util.properties.JeusSslProperties;

/* loaded from: input_file:jeus/io/protocol/ssl/SSLConfig.class */
public class SSLConfig extends Config {
    private static final JeusLogger logger = (JeusLogger) JeusLogger.getLogger(SSLConfig.class);
    protected static final String PROPERTY_PREFIX = "jeus.io.protocol.ssl.";
    public static final String ENABLED_CIPHER_SUITES = "jeus.io.protocol.ssl.enabled-cipher-suites";
    public static final String ENABLED_PROTOCOLS = "jeus.io.protocol.ssl.enabled-protocols";
    public static final String USE_CLIENT_MODE = "jeus.io.protocol.ssl.use-client-mode";
    public static final String CLIENT_AUTH = "jeus.io.protocol.ssl.client-auth";
    public static final String ENABLE_SESSION_CREATION = "jeus.io.protocol.ssl.enable-session-creation";
    public static final String KEY_STORE_TYPE = "jeus.io.protocol.ssl.key-store-type";
    public static final String KEY_STORE_PASS = "jeus.io.protocol.ssl.key-store-passphrase";
    public static final String KEY_STORE_KEY_PASS = "jeus.io.protocol.ssl.key-store-key-passphrase";
    public static final String KEY_ALIAS = "jeus.io.protocol.ssl.key-alias";
    public static final String KEY_STORE_FILE = "jeus.io.protocol.ssl.key-store-file";
    public static final String KEY_MANAGEMENT_ALGORITHM = "jeus.io.protocol.ssl.key-management-algorithm";
    public static final String CRLS_FILE = "jeus.io.protocol.ssl.crls-file";
    public static final String TRUST_STORE_TYPE = "jeus.io.protocol.ssl.trust-store-type";
    public static final String TRUST_STORE_PASS = "jeus.io.protocol.ssl.trust-store-passphrase";
    public static final String TRUST_STORE_FILE = "jeus.io.protocol.ssl.trust-store-file";
    public static final String TRUST_MANAGEMENT_ALGORITHM = "jeus.io.protocol.ssl.trust-management-algorithm";
    public static final String PROTOCOL = "jeus.io.protocol.ssl.protocol";
    public static final String DEFAULT_STORE_TYPE = "JKS";
    public static final String DEFAULT_STORE_PASS = "changeit";
    public static final String DEFAULT_MANAGEMENT_ALGORITHM_SUN = "SunX509";
    public static final String DEFAULT_MANAGEMENT_ALGORITHM_IBM = "IbmX509";
    public static final String DEFAULT_PROTOCOL_SUN = "TLS";
    public static final String DEFAULT_PROTOCOL_IBM = "SSL";

    /* loaded from: input_file:jeus/io/protocol/ssl/SSLConfig$ClientAuth.class */
    public enum ClientAuth {
        NEED,
        WANT,
        NOT_NEED
    }

    @Override // jeus.util.config.Config
    protected boolean accept(String str) {
        return str != null && str.trim().startsWith(PROPERTY_PREFIX);
    }

    private static String getPropertyValueWithDefaultValue(Properties properties, String str, String str2, String str3) {
        String property = properties.getProperty(str);
        if (property == null) {
            property = properties.getProperty(str2, str3);
        }
        return property;
    }

    private static String getPropertyValue(Properties properties, String str, String str2) {
        String property = properties.getProperty(str);
        if (property == null) {
            property = properties.getProperty(str2);
        }
        return property;
    }

    public static SSLConfig createWithSystemProperties() {
        Properties properties;
        Properties properties2 = null;
        String str = JeusNetProperties.SSL_PROPERTIES_FILE;
        if (str != null) {
            try {
                String readFile = FileUtils.readFile(str);
                properties2 = new Properties();
                properties2.load(new StringReader(readFile.replace('\\', '/')));
            } catch (IOException e) {
                e.printStackTrace();
                if (logger.isLoggable(JeusMessage_Network._300_LEVEL)) {
                    logger.log(JeusMessage_Network._300_LEVEL, JeusMessage_Network._300);
                }
            }
        }
        if (properties2 != null) {
            Properties properties3 = System.getProperties();
            properties3.putAll(properties2);
            properties = properties3;
        } else {
            if (!JeusNetProperties.SSL_FOR_CLIENT) {
                return null;
            }
            properties = System.getProperties();
        }
        SSLConfig sSLConfig = new SSLConfig();
        sSLConfig.setUseClientMode(true);
        Provider provider = null;
        try {
            try {
                provider = (Provider) SSLConfig.class.getClassLoader().loadClass("com.tmax.jce.provider.TmaxProvider").newInstance();
            } catch (Exception e2) {
            }
            if (provider != null) {
                EncryptionUtil.init(properties.getProperty(Constants.KEYPATH_PROPERTY), provider);
                String property = properties.getProperty(Constants.MASTERPASSWORD_PROPERTY);
                if (property != null) {
                    EncryptionUtil.setMasterPassword(property);
                }
            }
            sSLConfig.setKeyStoreFile(getPropertyValue(properties, JeusSslProperties.JEUS_SSL_KEY_STORE, "javax.net.ssl.keyStore"));
            sSLConfig.setKeyStorePassphrase(EncryptionUtil.decryptPassword(getPropertyValueWithDefaultValue(properties, JeusSslProperties.JEUS_SSL_KEY_PASSWORD, "javax.net.ssl.keyStorePassword", "jeuskeypass")));
            sSLConfig.setKeyStoreKeyPassphrase(EncryptionUtil.decryptPassword(properties.getProperty("jeus.ssl.keystorekeypass")));
            sSLConfig.setKeyStoreType(properties.getProperty("javax.net.ssl.keyStoreType"));
            sSLConfig.setKeyManagementAlgorithm(properties.getProperty("ssl.KeyManagerFactory.algorithm"));
            sSLConfig.setTrustStoreFile(getPropertyValue(properties, JeusSslProperties.JEUS_SSL_TRUST_STORE, "javax.net.ssl.trustStore"));
            sSLConfig.setTrustStorePassphrase(EncryptionUtil.decryptPassword(getPropertyValueWithDefaultValue(properties, JeusSslProperties.JEUS_SSL_TRUST_PASSWORD, "javax.net.ssl.trustStorePassword", "jeustrustpass")));
            sSLConfig.setTrustStoreType(properties.getProperty("javax.net.ssl.trustStoreType"));
            sSLConfig.setTrustManagementAlgorithm(properties.getProperty("ssl.TrustManagerFactory.algorithm"));
            String property2 = properties.getProperty("jeus.net.ssl.protocolVersions");
            if (property2 != null) {
                sSLConfig.setProtocols(property2.replaceAll(NodeManagerConstants.SPACE, "").split(","));
            }
        } catch (Exception e3) {
            if (logger.isLoggable(JeusMessage_Network._303_LEVEL)) {
                logger.log(JeusMessage_Network._303_LEVEL, JeusMessage_Network._303, (Throwable) e3);
            }
        }
        if (logger.isLoggable(JeusMessage_Network._302_LEVEL)) {
            logger.log(JeusMessage_Network._302_LEVEL, JeusMessage_Network._302, sSLConfig);
        }
        return sSLConfig;
    }

    public void setCipherSuites(List<String> list) {
        int i = 0;
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            setProperty("jeus.io.protocol.ssl.enabled-cipher-suites." + i2, it.next());
        }
    }

    public void setCipherSuites(String[] strArr) {
        for (int i = 0; i < strArr.length; i++) {
            setProperty("jeus.io.protocol.ssl.enabled-cipher-suites." + i, strArr[i]);
        }
    }

    public String[] getCipherSuites() {
        ArrayList arrayList = new ArrayList();
        int i = 0;
        while (true) {
            String property = getProperty("jeus.io.protocol.ssl.enabled-cipher-suites." + i);
            if (property == null) {
                break;
            }
            arrayList.add(property);
            i++;
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public void setProtocols(String[] strArr) {
        for (int i = 0; i < strArr.length; i++) {
            setProperty("jeus.io.protocol.ssl.enabled-protocols." + i, strArr[i]);
        }
    }

    public String[] getProtocols() {
        ArrayList arrayList = new ArrayList();
        int i = 0;
        while (true) {
            String property = getProperty("jeus.io.protocol.ssl.enabled-protocols." + i);
            if (property == null) {
                break;
            }
            arrayList.add(property);
            i++;
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public void setUseClientMode(boolean z) {
        setBooleanProperty(USE_CLIENT_MODE, z);
    }

    public boolean isUseClientMode() {
        return getBooleanProperty(USE_CLIENT_MODE, false);
    }

    public void setClientAuth(ClientAuth clientAuth) {
        setProperty(CLIENT_AUTH, clientAuth.name());
    }

    public boolean isWantClientAuth() {
        return getProperty(CLIENT_AUTH, ClientAuth.NOT_NEED.name()).equals(ClientAuth.WANT.name());
    }

    public boolean isNeedClientAuth() {
        return getProperty(CLIENT_AUTH, ClientAuth.NOT_NEED.name()).equals(ClientAuth.NEED.name());
    }

    public void setEnableSessionCreation(boolean z) {
        setBooleanProperty(ENABLE_SESSION_CREATION, z);
    }

    public boolean isEnableSessionCreation() {
        return getBooleanProperty(ENABLE_SESSION_CREATION);
    }

    public void setKeyStoreType(String str) {
        if (str != null) {
            setProperty(KEY_STORE_TYPE, str);
        }
    }

    public String getKeyStoreType() {
        return getProperty(KEY_STORE_TYPE, DEFAULT_STORE_TYPE);
    }

    public void setKeyStorePassphrase(String str) {
        if (str != null) {
            setProperty(KEY_STORE_PASS, str);
        }
    }

    public String getKeyStorePassphrase() {
        return getProperty(KEY_STORE_PASS, DEFAULT_STORE_PASS);
    }

    public void setKeyStoreKeyPassphrase(String str) {
        if (str != null) {
            setProperty(KEY_STORE_KEY_PASS, str);
        }
    }

    public String getKeyStoreKeyPassphrase() {
        return getProperty(KEY_STORE_KEY_PASS, getKeyStorePassphrase());
    }

    public void setKeyAlias(String str) {
        if (str != null) {
            setProperty(KEY_ALIAS, str);
        }
    }

    public String getKeyAlias() {
        return getProperty(KEY_ALIAS);
    }

    public void setKeyStoreFile(String str) {
        if (str != null) {
            setProperty(KEY_STORE_FILE, str);
        }
    }

    public String getKeyStoreFile() {
        return getProperty(KEY_STORE_FILE);
    }

    public void setKeyManagementAlgorithm(String str) {
        if (str != null) {
            setProperty(KEY_MANAGEMENT_ALGORITHM, str);
        }
    }

    public String getKeyManagementAlgorithm() {
        return getProperty(KEY_MANAGEMENT_ALGORITHM, isIbmJDK() ? DEFAULT_MANAGEMENT_ALGORITHM_IBM : DEFAULT_MANAGEMENT_ALGORITHM_SUN);
    }

    public void setCRLsFile(String str) {
        if (str != null) {
            setProperty(CRLS_FILE, str);
        }
    }

    public String getCRLsFile() {
        return getProperty(CRLS_FILE);
    }

    public void setProtocol(String str) {
        if (str != null) {
            setProperty(PROTOCOL, str);
        }
    }

    public String getProtocol() {
        return getProperty(PROTOCOL, isIbmJDK() ? "SSL" : DEFAULT_PROTOCOL_SUN);
    }

    public void setTrustStoreType(String str) {
        if (str != null) {
            setProperty(TRUST_STORE_TYPE, str);
        }
    }

    public String getTrustStoreType() {
        return getProperty(TRUST_STORE_TYPE, DEFAULT_STORE_TYPE);
    }

    public void setTrustStorePassphrase(String str) {
        if (str != null) {
            setProperty(TRUST_STORE_PASS, str);
        }
    }

    public String getTrustStorePassphrase() {
        return getProperty(TRUST_STORE_PASS, DEFAULT_STORE_PASS);
    }

    public void setTrustStoreFile(String str) {
        if (str != null) {
            setProperty(TRUST_STORE_FILE, str);
        }
    }

    public String getTrustStoreFile() {
        return getProperty(TRUST_STORE_FILE);
    }

    public void setTrustManagementAlgorithm(String str) {
        if (str != null) {
            setProperty(TRUST_MANAGEMENT_ALGORITHM, str);
        }
    }

    public String getTrustManagementAlgorithm() {
        return getProperty(TRUST_MANAGEMENT_ALGORITHM, isIbmJDK() ? DEFAULT_MANAGEMENT_ALGORITHM_IBM : DEFAULT_MANAGEMENT_ALGORITHM_SUN);
    }

    private static boolean isIbmJDK() {
        return System.getProperty("java.vm.vendor").contains("ibm");
    }

    public SSLContext getSSLContext() {
        try {
            SSLContext sSLContext = SSLContext.getInstance(getProtocol());
            sSLContext.init(getKeyManagers(), getTrustManagers(), new SecureRandom());
            return sSLContext;
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (GeneralSecurityException e2) {
            throw new RuntimeException(e2);
        }
    }

    private KeyManager[] getKeyManagers() throws GeneralSecurityException, IOException {
        KeyStore store = getStore(getKeyStoreType(), getKeyStoreFile(), getKeyStorePassphrase());
        String keyAlias = getKeyAlias();
        if (keyAlias != null && store != null && !store.isKeyEntry(keyAlias)) {
            throw new KeyStoreException("Given key alias " + keyAlias + " does not exist in KeyStore's key entry.");
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(getKeyManagementAlgorithm());
        keyManagerFactory.init(store, getKeyStoreKeyPassphrase().toCharArray());
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (keyAlias != null) {
            if (DEFAULT_STORE_TYPE.equals(getKeyStoreType())) {
                keyAlias = keyAlias.toLowerCase();
            }
            for (int i = 0; i < keyManagers.length; i++) {
                keyManagers[i] = new X509KeyManagerImpl((X509KeyManager) keyManagers[i], keyAlias);
            }
        }
        return keyManagers;
    }

    private TrustManager[] getTrustManagers() throws IOException, GeneralSecurityException {
        KeyStore store = getStore(getTrustStoreType(), getTrustStoreFile(), getTrustStorePassphrase());
        String cRLsFile = getCRLsFile();
        TrustManager[] trustManagerArr = null;
        if (store != null) {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(getTrustManagementAlgorithm());
            if (cRLsFile != null) {
                trustManagerFactory.init(new CertPathTrustManagerParameters(getParameters(getTrustManagementAlgorithm(), cRLsFile, store)));
            } else {
                trustManagerFactory.init(store);
            }
            trustManagerArr = trustManagerFactory.getTrustManagers();
        }
        return trustManagerArr;
    }

    private CertPathParameters getParameters(String str, String str2, KeyStore keyStore) throws IOException, GeneralSecurityException {
        if (!"PKIX".equalsIgnoreCase(str)) {
            throw new CRLException("Unsupported CRLs type : " + str);
        }
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(getCRLs(str2))));
        pKIXBuilderParameters.setRevocationEnabled(true);
        return pKIXBuilderParameters;
    }

    private Collection getCRLs(String str) throws IOException, GeneralSecurityException {
        FileInputStream fileInputStream = null;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            fileInputStream = new FileInputStream(str);
            Collection<? extends CRL> generateCRLs = certificateFactory.generateCRLs(fileInputStream);
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (Exception e) {
                }
            }
            return generateCRLs;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (Exception e2) {
                }
            }
            throw th;
        }
    }

    private KeyStore getStore(String str, String str2, String str3) throws IOException, GeneralSecurityException {
        FileInputStream fileInputStream = null;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(str);
                if (!"PKCS11".equalsIgnoreCase(str)) {
                    fileInputStream = new FileInputStream(str2);
                }
                keyStore.load(fileInputStream, str3.toCharArray());
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                    }
                }
                return keyStore;
            } catch (Exception e2) {
                if (logger.isLoggable(JeusMessage_Network._301_LEVEL)) {
                    logger.log(JeusMessage_Network._301_LEVEL, JeusMessage_Network._301, (Object) str2, (Throwable) e2);
                }
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e3) {
                    }
                }
                return null;
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e4) {
                }
            }
            throw th;
        }
    }

    private String[] getEnabledCiphers(String[] strArr, String[] strArr2) {
        String[] strArr3;
        if (strArr == null) {
            return strArr2;
        }
        Vector vector = null;
        for (String str : strArr) {
            String trim = str.trim();
            if (trim.length() > 0) {
                int i = 0;
                while (true) {
                    if (strArr2 != null && i < strArr2.length) {
                        if (strArr2[i].equals(trim)) {
                            if (vector == null) {
                                vector = new Vector();
                            }
                            vector.addElement(trim);
                        } else {
                            i++;
                        }
                    }
                }
            }
        }
        if (vector != null) {
            strArr3 = new String[vector.size()];
            vector.copyInto(strArr3);
        } else {
            strArr3 = strArr2;
        }
        return strArr3;
    }

    public void setSSLPropertiesOnEngine(SSLEngine sSLEngine) {
        sSLEngine.setUseClientMode(isUseClientMode());
        if (getCipherSuites() != null) {
            sSLEngine.setEnabledCipherSuites(getEnabledCiphers(getCipherSuites(), getSSLContext().getSupportedSSLParameters().getCipherSuites()));
        }
        if (getProtocols() != null) {
            sSLEngine.setEnabledProtocols(getProtocols());
        }
        if (getProperty(ENABLE_SESSION_CREATION) != null) {
            sSLEngine.setEnableSessionCreation(isEnableSessionCreation());
        }
        if (isUseClientMode()) {
            return;
        }
        if (isWantClientAuth()) {
            sSLEngine.setWantClientAuth(isWantClientAuth());
        } else if (isNeedClientAuth()) {
            sSLEngine.setNeedClientAuth(isNeedClientAuth());
        }
    }

    public void setSSLPropertiesOnServerSocket(SSLServerSocket sSLServerSocket) {
        sSLServerSocket.setUseClientMode(isUseClientMode());
        if (getCipherSuites() != null) {
            sSLServerSocket.setEnabledCipherSuites(getEnabledCiphers(getCipherSuites(), getSSLContext().getSupportedSSLParameters().getCipherSuites()));
        }
        if (getProtocols() != null) {
            sSLServerSocket.setEnabledProtocols(getProtocols());
        }
        if (getProperty(ENABLE_SESSION_CREATION) != null) {
            sSLServerSocket.setEnableSessionCreation(isEnableSessionCreation());
        }
        if (isUseClientMode()) {
            return;
        }
        if (isWantClientAuth()) {
            sSLServerSocket.setWantClientAuth(isWantClientAuth());
        } else if (isNeedClientAuth()) {
            sSLServerSocket.setNeedClientAuth(isNeedClientAuth());
        }
    }

    public void setSSLPropertiesOnSocket(SSLSocket sSLSocket) {
        sSLSocket.setUseClientMode(isUseClientMode());
        if (getCipherSuites() != null) {
            sSLSocket.setEnabledCipherSuites(getEnabledCiphers(getCipherSuites(), getSSLContext().getSupportedSSLParameters().getCipherSuites()));
        }
        if (getProtocols() != null) {
            sSLSocket.setEnabledProtocols(getProtocols());
        }
        if (getProperty(ENABLE_SESSION_CREATION) != null) {
            sSLSocket.setEnableSessionCreation(isEnableSessionCreation());
        }
        if (isUseClientMode()) {
            return;
        }
        if (isWantClientAuth()) {
            sSLSocket.setWantClientAuth(isWantClientAuth());
        } else if (isNeedClientAuth()) {
            sSLSocket.setNeedClientAuth(isNeedClientAuth());
        }
    }
}
