package com.ibm.iaccess.base;

import com.ibm.as400.access.AS400;
import com.ibm.as400.access.AS400SecurityException;
import com.ibm.as400.access.IFSFile;
import com.ibm.as400.access.IFSFileInputStream;
import com.ibm.iaccess.Copyright;
import com.ibm.iaccess.baselite.AcsConstants;
import com.ibm.iaccess.baselite.AcsFile;
import com.ibm.iaccess.baselite.AcsMessage;
import com.ibm.iaccess.baselite.exception.AcsException;
import com.ibm.iaccess.mri.current.AcsMriKeys_acsmsg;
import java.awt.Component;
import java.awt.Window;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.lang.reflect.Method;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;

@Copyright("Licensed Materials - Property of IBM\n5733-XJ1\n(C) Copyright IBM Corp. 2012, 2014.\nAll Rights Reserved.\nUS Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.\n")
/* loaded from: input_file:lib/acsbase.jar:com/ibm/iaccess/base/AcsSSLUtils.class */
public final class AcsSSLUtils implements AcsConstants {
    private static boolean m_isPrepared;
    private static File m_trustStoreFile;

    public static void downloadCert(AS400 as400) throws AcsException {
        try {
            prepareForSSL();
            IFSFile iFSFile = new IFSFile(as400, "/qibm/userdata/ICSS/cert/download/certauth/ca.cacrt");
            if (!iFSFile.exists()) {
                AcsLogUtil.logInfo("Certificate does not exist on server");
                throw new AcsException(new AcsMessage(AcsMessage.MESSAGETYPE.ERROR_MESSAGE, AcsMriKeys_acsmsg.MSG_SSL_CA_MISSING_OR_INVALID));
            }
            addCerts("ca400_" + as400.getSystemName() + " downloaded on " + new Date(), CertificateFactory.getInstance("X.509").generateCertificate(new IFSFileInputStream(iFSFile)));
        } catch (AS400SecurityException e) {
            throw new AcsException(e);
        } catch (IOException e2) {
            throw new AcsException(e2);
        } catch (KeyStoreException e3) {
            throw new AcsException(e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new AcsException(e4);
        } catch (CertificateException e5) {
            throw new AcsException(e5, new AcsMessage(AcsMessage.MESSAGETYPE.ERROR_MESSAGE, AcsMriKeys_acsmsg.MSG_SSL_CA_MISSING_OR_INVALID));
        }
    }

    public static char[] getKeystorePassword() {
        return "ca400".toCharArray();
    }

    public static File getCaCertFile() throws IOException {
        if (null != m_trustStoreFile) {
            return m_trustStoreFile;
        }
        AcsFile acsFile = new AcsFile(AcsUtilities.makeRestrictedDir() + FILESEP + "cacerts");
        FileInputStream fileInputStream = null;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(AcsConstants.JKS_STR);
                FileInputStream fileInputStream2 = new FileInputStream(acsFile);
                fileInputStream = fileInputStream2;
                keyStore.load(fileInputStream2, getKeystorePassword());
                if (null != fileInputStream) {
                    fileInputStream.close();
                }
                return acsFile;
            } catch (Exception e) {
                if (acsFile.exists()) {
                    AcsLogUtil.logSevere(e);
                }
                AcsFile acsFile2 = new AcsFile(System.getProperty(AcsConstants.JAVA_HOME) + FILESEP + "lib" + FILESEP + "security" + FILESEP + "cacerts");
                try {
                } catch (Exception e2) {
                    AcsLogUtil.logFine(e2);
                    FileOutputStream fileOutputStream = null;
                    try {
                        try {
                            KeyStore keyStore2 = KeyStore.getInstance(AcsConstants.JKS_STR);
                            keyStore2.load(null, null);
                            FileOutputStream fileOutputStream2 = new FileOutputStream(acsFile);
                            fileOutputStream = fileOutputStream2;
                            keyStore2.store(fileOutputStream2, getKeystorePassword());
                            if (null != fileOutputStream) {
                                fileOutputStream.flush();
                                fileOutputStream.close();
                            }
                        } catch (Exception e3) {
                            AcsLogUtil.logSevere(e3);
                            throw new IOException(e3);
                        }
                    } finally {
                        if (null != fileOutputStream) {
                            fileOutputStream.flush();
                            fileOutputStream.close();
                        }
                    }
                }
                if (!Boolean.getBoolean("com.ibm.iaccess.PreloadTruststore")) {
                    throw new RuntimeException("Not preloading truststore");
                }
                KeyStore keyStore3 = KeyStore.getInstance(AcsConstants.JKS_STR);
                keyStore3.load(new FileInputStream(acsFile2), null);
                keyStore3.store(new FileOutputStream(acsFile), getKeystorePassword());
                if (null != fileInputStream) {
                    fileInputStream.close();
                }
                m_trustStoreFile = acsFile;
                return acsFile;
            }
        } catch (Throwable th) {
            if (null != fileInputStream) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    public static void prepareForSSL() throws IOException {
        if (m_isPrepared) {
            return;
        }
        Security.insertProviderAt(new AcsSSLSecurityProvider(), 1);
        System.setProperty(AcsConstants.JT_USESSLIGHT, Boolean.toString(false));
        m_isPrepared = true;
    }

    public static void prepareForSSLOrDie(Window window) {
        try {
            prepareForSSL();
        } catch (Exception e) {
            AcsLogUtil.logSevere(e);
            AcsMsgUtil.msg((Component) window, (Throwable) e);
            try {
                AcsDumpManager.dumpImmed("sslinit", "An error occurred while preparing for SSL connections", false);
            } catch (IOException e2) {
                e2.printStackTrace();
            }
            System.exit(-78);
        }
    }

    private AcsSSLUtils() {
    }

    public static KeyStore getCaKeyStoreInstance() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
        return getKeyStoreInstanceFromFile(getCaCertFile());
    }

    public static KeyStore getKeyStoreInstanceFromFile(File file) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
        FileInputStream fileInputStream = null;
        try {
            KeyStore keyStore = KeyStore.getInstance(AcsConstants.JKS_STR);
            FileInputStream fileInputStream2 = new FileInputStream(file);
            fileInputStream = fileInputStream2;
            keyStore.load(fileInputStream2, getKeystorePassword());
            if (null != fileInputStream) {
                fileInputStream.close();
            }
            return keyStore;
        } catch (Throwable th) {
            if (null != fileInputStream) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    public static void mergeOtherCaKeyStoreFile(File file) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
        KeyStore caKeyStoreInstance = getCaKeyStoreInstance();
        KeyStore keyStoreInstanceFromFile = getKeyStoreInstanceFromFile(file);
        Iterator it = Collections.list(keyStoreInstanceFromFile.aliases()).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            caKeyStoreInstance.setCertificateEntry(str, keyStoreInstanceFromFile.getCertificate(str));
        }
        FileOutputStream fileOutputStream = new FileOutputStream(getCaCertFile());
        try {
            caKeyStoreInstance.store(fileOutputStream, getKeystorePassword());
        } finally {
            try {
                fileOutputStream.close();
            } catch (IOException e) {
                AcsLogUtil.logWarning(e);
            }
        }
    }

    public static void addCerts(String str, Certificate... certificateArr) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
        KeyStore caKeyStoreInstance = getCaKeyStoreInstance();
        int i = 0;
        for (Certificate certificate : certificateArr) {
            caKeyStoreInstance.setCertificateEntry(str + (0 == i ? "" : Integer.valueOf(i)), certificate);
            i++;
        }
        FileOutputStream fileOutputStream = new FileOutputStream(getCaCertFile());
        try {
            caKeyStoreInstance.store(fileOutputStream, getKeystorePassword());
        } finally {
            try {
                fileOutputStream.close();
            } catch (IOException e) {
                AcsLogUtil.logWarning(e);
            }
        }
    }

    public static List<Certificate> getAllCerts() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
        KeyStore caKeyStoreInstance = getCaKeyStoreInstance();
        LinkedList linkedList = new LinkedList();
        try {
            Iterator it = Collections.list(caKeyStoreInstance.aliases()).iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                Certificate[] certificateChain = caKeyStoreInstance.getCertificateChain(str);
                if (null != certificateChain) {
                    for (Certificate certificate : certificateChain) {
                        linkedList.add(certificate);
                    }
                }
                Certificate certificate2 = caKeyStoreInstance.getCertificate(str);
                if (null != certificate2) {
                    linkedList.add(certificate2);
                }
            }
        } catch (Exception e) {
            AcsLogUtil.logFine(e);
        }
        return linkedList;
    }

    public static boolean contains(Certificate certificate) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
        Iterator<Certificate> it = getAllCerts().iterator();
        while (it.hasNext()) {
            if (it.next().equals(certificate)) {
                return true;
            }
        }
        return false;
    }

    public static boolean containsAll(Certificate... certificateArr) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
        for (Certificate certificate : certificateArr) {
            if (!contains(certificate)) {
                return false;
            }
        }
        return true;
    }

    public static int getKeyLength(X509Certificate x509Certificate) {
        PublicKey publicKey = x509Certificate.getPublicKey();
        try {
            Method method = publicKey.getClass().getMethod("getModulus", new Class[0]);
            method.setAccessible(true);
            byte[] byteArray = ((BigInteger) method.invoke(publicKey, new Object[0])).toByteArray();
            return ((byteArray[0] == 0 ? -1 : 0) + byteArray.length) * 8;
        } catch (Exception e) {
            AcsLogUtil.logWarning(e);
            return 0;
        }
    }

    public static boolean isFIPS() {
        return AcsSSLSecurityProvider.isFIPS();
    }

    public static boolean isFIPSCapable() {
        return AcsSSLSecurityProvider.isFIPSCapable();
    }
}
