package com.ibm.eNetwork.security.ssl;

import com.ibm.eNetwork.ECL.ECLErr;
import com.ibm.eNetwork.ECL.ECLHostPrintSession;
import com.ibm.eNetwork.ECL.ECLSession;
import com.ibm.eNetwork.HOD.acs.AcsHod;
import com.ibm.eNetwork.HOD.acs.LogUtility;
import com.ibm.eNetwork.HOD.common.BaseEnvironment;
import com.ibm.eNetwork.HOD.common.Environment;
import com.ibm.eNetwork.HOD.jni.MD5FactoryJNI;
import com.ibm.eNetwork.HODUtil.services.ras.DebugFlag;
import com.ibm.eNetwork.security.intf.HODSSLCertIntf;
import com.ibm.eNetwork.security.intf.HODSSLSessionIntf;
import com.ibm.eNetwork.security.intf.HODSSLTokenIntf;
import com.ibm.iaccess.baselite.AcsConstants;
import com.ibm.icu.impl.Normalizer2Impl;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.util.Enumeration;
import java.util.Properties;
import java.util.Vector;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import org.apache.poi.ddf.EscherProperties;
import org.apache.xmlbeans.XmlOptions;

/* loaded from: input_file:plugins/emulator/acshod2.jar:com/ibm/eNetwork/security/ssl/HODJSSEImpl.class */
public class HODJSSEImpl implements HODSSLProvider, HandshakeCompletedListener {
    static SSLContext sslContext;
    private HODSSLCertImplJSSE certImpl;
    private HODSSLCertImplJSSE localCertImpl;
    private SSLSocket sslSocket_;
    static final int MAX_DLL_VERSIONS = 100;
    private static final int BUFFER_SIZE = 4096;
    private static Properties passwordCache = new Properties();
    private static Vector<String> promptCache = new Vector<>();
    private static Object syncObject = new Object();
    static final String fs = System.getProperty("file.separator");
    protected HODSSLImpl impl = null;
    private int traceLevel = 0;
    protected HODSSLSessionIntf sessionSrc = null;
    private String mriUseAnyCert = AcsHod.getMessage("KEY_SSL_ANY_CERT", new String[0]);
    private String mriNoCertsFound = AcsHod.getMessage("KEY_SSL_NO_CERTS_FOUND", new String[0]);

    protected HODJSSEImpl() {
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void setSessionIntf(HODSSLSessionIntf hODSSLSessionIntf) {
        this.sessionSrc = hODSSLSessionIntf;
        synchronized (syncObject) {
            try {
                initContext(this.sessionSrc, this.traceLevel > 0);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public HODSSLSessionIntf getSessionIntf() {
        return this.sessionSrc;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void setDebug(int i) {
        this.traceLevel = i;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public Socket createSocket() throws ECLErr, UnknownHostException, IOException {
        return createSocket(null, false, (short) 1);
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public Socket createSocket(short s) throws ECLErr, UnknownHostException, IOException {
        return createSocket(null, false, s);
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public Socket createSocket(Socket socket) throws ECLErr, UnknownHostException, IOException {
        return createSocket(socket, false, (short) 1);
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public Socket createSocket(Socket socket, short s) throws ECLErr, UnknownHostException, IOException {
        return createSocket(socket, false, s);
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public Socket createSocket(Socket socket, boolean z) throws ECLErr, UnknownHostException, IOException {
        return createSocket(socket, z, (short) 1);
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public Socket createSocket(Socket socket, boolean z, short s) throws ECLErr, UnknownHostException, IOException {
        String str = null;
        String host = this.sessionSrc.getHost();
        int port = this.sessionSrc.getPort();
        boolean z2 = false;
        Socket socket2 = socket;
        checkConfiguredCertificatePrompted();
        while (!z2) {
            z2 = true;
            if (socket2 == null) {
                try {
                    str = this.sessionSrc.getRandomizeHost();
                    socket2 = new Socket(str, port);
                } catch (ECLErr e) {
                    throw e;
                } catch (UnknownHostException e2) {
                    debug(e2.getMessage());
                } catch (SSLHandshakeException e3) {
                    debug(e3);
                    if (AcsHod.isDynamicCertificateRetry(e3.getCause())) {
                        return createSocket(socket, z, s);
                    }
                    boolean z3 = false;
                    boolean z4 = false;
                    String lowerCase = e3.getMessage().toLowerCase();
                    if (lowerCase != null) {
                        z3 = lowerCase.equalsIgnoreCase("unknown certificate") | (lowerCase.indexOf("unable to find valid certification path to requested target") >= 0) | (lowerCase.indexOf("no trusted certificate found") >= 0);
                        z4 = lowerCase.indexOf("the certificate issued") >= 0 && lowerCase.indexOf("is not trusted") >= 0;
                    }
                    if (lowerCase != null) {
                        z3 = lowerCase.equalsIgnoreCase("unknown certificate") | (lowerCase.indexOf("unable to find valid certification path to requested target") >= 0) | (lowerCase.indexOf("No trusted certificate found") >= 0);
                    }
                    if (z3) {
                        throw new ECLErr("HODJSSEImpl::createSocket():1", "ECL0009", host + ":" + this.sessionSrc.getPort());
                    }
                    if (z4) {
                        throw new ECLErr("HODJSSEImpl::createSocket():1", "ECL0035", host + ":" + this.sessionSrc.getPort(), AcsHod.getMessage("KEY_SSH_KS_FILE_PATH", new String[0]));
                    }
                    if (lowerCase == null || lowerCase.indexOf("handshake_failure") < 0) {
                        throw new ECLErr("HODJSSEImpl::createSocket():3", "ECL0046", e3.toString(), "-1");
                    }
                    throw new ECLErr("HODJSSEImpl::createSocket():2", "ECL0043", host + ":" + this.sessionSrc.getPort());
                } catch (SSLException e4) {
                    debug(e4);
                    Throwable cause = e4.getCause();
                    if (cause == null) {
                        cause = e4;
                    }
                    throw new ECLErr("HODJSSEImpl:createSocket():1", "ECL0046", cause.toString(), "-1");
                } catch (Throwable th) {
                    debug(th);
                }
            }
            if (sslContext != null) {
                initClientCertificateKeyStore();
                this.sslSocket_ = (SSLSocket) sslContext.getSocketFactory().createSocket(socket2, host, port, true);
                this.sslSocket_.addHandshakeCompletedListener(this);
                this.sslSocket_.startHandshake();
            } else {
                this.sslSocket_ = (SSLSocket) ((SSLSocketFactory) SSLSocketFactory.getDefault()).createSocket(socket2, host, port, true);
            }
            String[] enabledProtocols = this.sslSocket_.getEnabledProtocols();
            if (this.traceLevel > 0) {
                for (String str2 : enabledProtocols) {
                    System.out.println("Enabled protocol: " + str2);
                }
            }
        }
        if (BaseEnvironment.isAcsPackage()) {
            LogUtility.logConfig("Server authentication: " + this.sessionSrc.getServerAuth());
        }
        if (this.sessionSrc.getServerAuth()) {
            int i = 0;
            while (true) {
                if (this.certImpl != null) {
                    break;
                }
                try {
                    i += 50;
                    Thread.sleep(i);
                } catch (InterruptedException e5) {
                }
                if (i > 10000) {
                    LogUtility.logConfig("Logic error: delay had no effect");
                    break;
                }
            }
            if (this.certImpl == null) {
                this.sslSocket_.close();
                LogUtility.logConfig("certImpl is null");
                throw new ECLErr("HODSSLImpl::createSocket():9", "ECL0007", "null");
            }
            String name = this.certImpl.getName();
            LogUtility.logConfig("commonName=" + name);
            if (name == null || name.length() == 0) {
                this.sslSocket_.close();
                LogUtility.logConfig("commonName has no value");
                throw new ECLErr("HODSSLImpl::createSocket():6", "ECL0007", "null");
            }
            try {
                InetAddress[] allByName = InetAddress.getAllByName(name);
                InetAddress[] allByName2 = InetAddress.getAllByName(str);
                boolean z5 = false;
                boolean z6 = true;
                for (int i2 = 0; i2 < allByName.length && !z5; i2++) {
                    LogUtility.logConfig("c[" + i2 + "]:" + allByName[i2]);
                    int i3 = 0;
                    while (true) {
                        if (i3 >= allByName2.length || z5) {
                            break;
                        }
                        if (z6) {
                            LogUtility.logConfig("r[" + i3 + "]:" + allByName2[i3]);
                        }
                        if (allByName2[i3].equals(allByName[i2])) {
                            z5 = true;
                            break;
                        }
                        i3++;
                    }
                    z6 = false;
                    if (z5) {
                        break;
                    }
                }
                if (!z5) {
                    this.sslSocket_.close();
                    LogUtility.logConfig("No match was found");
                    throw new ECLErr("HODSSLImpl::createSocket():8", "ECL0007", name);
                }
                if (BaseEnvironment.isAcsPackage()) {
                    LogUtility.logConfig("Server authentication was successful");
                }
            } catch (UnknownHostException e6) {
                this.sslSocket_.close();
                LogUtility.logConfig("UnknownHostException");
                throw new ECLErr("HODSSLImpl::createSocket():7", "ECL0007", name);
            } catch (Exception e7) {
                this.sslSocket_.close();
                LogUtility.logConfig(e7);
                throw new ECLErr("HODSSLImpl::createSocket():111", "ECL0007", name);
            }
        }
        return this.sslSocket_;
    }

    private void initClientCertificateKeyStore() throws ECLErr {
        if (getConfiguredCertificateProvided()) {
            try {
                debug("initClientCertificateKeyStore(): Assigning local certificate for client authentication");
                KeyManagerFactory keyManagerFactory = null;
                try {
                    keyManagerFactory = KeyManagerFactory.getInstance("IbmX509");
                } catch (NoSuchAlgorithmException e) {
                }
                if (keyManagerFactory == null) {
                    keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                }
                char[] charArray = getConfiguredCertificatePassword().toCharArray();
                KeyStore clientCertificateKeyStore = getClientCertificateKeyStore(getConfiguredCertificateURL().toLowerCase().endsWith(".p12") ? "PKCS12" : AcsConstants.JKS_STR, charArray);
                String configuredCertificateName = getConfiguredCertificateName();
                if (isSpecificCertificateName(configuredCertificateName)) {
                    debug("chosen alias = " + configuredCertificateName);
                    debug("initial alias count = " + clientCertificateKeyStore.size());
                    Enumeration<String> aliases = clientCertificateKeyStore.aliases();
                    while (aliases.hasMoreElements()) {
                        String nextElement = aliases.nextElement();
                        if (clientCertificateKeyStore.isKeyEntry(nextElement) && !nextElement.equals(configuredCertificateName)) {
                            debug("Removing alias " + nextElement);
                            clientCertificateKeyStore.deleteEntry(nextElement);
                        }
                    }
                    debug("final alias count = " + clientCertificateKeyStore.size());
                }
                keyManagerFactory.init(clientCertificateKeyStore, charArray);
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(clientCertificateKeyStore);
                sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
                debug("initClientCertificateKeyStore(): Successful initialization");
            } catch (IOException e2) {
                String message = e2.getMessage();
                if (nonNullStr(message)) {
                    message.toLowerCase();
                    if (message.indexOf("password was incorrect") >= 0) {
                        throw new ECLErr("HODJSSEImpl::initClientCertificateKeyStore():1", "ECL0034", getConfiguredCertificateURL());
                    }
                }
                debug(e2);
            } catch (Throwable th) {
                debug(th);
            }
        }
    }

    protected KeyStore getClientCertificateKeyStore(String str, char[] cArr) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(str);
        FileInputStream fileInputStream = new FileInputStream(getConfiguredCertificateURL());
        keyStore.load(fileInputStream, cArr);
        fileInputStream.close();
        return keyStore;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getCipherSuite() {
        String str = null;
        if (this.sslSocket_ != null && this.sslSocket_.getSession() != null) {
            str = this.sslSocket_.getSession().getCipherSuite();
            if (DebugFlag.DEBUG && this.traceLevel > 0) {
                System.out.println("Cipher Suite: " + str + ", Protocol: " + this.sslSocket_.getSession().getProtocol());
            }
            if (DebugFlag.DEBUG && this.traceLevel > 0) {
                Certificate[] localCertificates = this.sslSocket_.getSession().getLocalCertificates();
                System.out.println("------------------");
                System.out.println("local certificates");
                if (localCertificates != null) {
                    for (Certificate certificate : localCertificates) {
                        System.out.println("-> " + certificate.toString());
                    }
                } else {
                    System.out.println("null certificate");
                }
                try {
                    Certificate[] peerCertificates = this.sslSocket_.getSession().getPeerCertificates();
                    System.out.println("------------------");
                    System.out.println("peer  certificates");
                    if (peerCertificates != null) {
                        for (Certificate certificate2 : peerCertificates) {
                            System.out.println("-> " + certificate2.toString());
                        }
                    } else {
                        System.out.println("null certificate");
                    }
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
        }
        return str;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public int getSecurityProtocolUsed() {
        String str = "";
        if (this.sslSocket_ != null && this.sslSocket_.getSession() != null) {
            str = this.sslSocket_.getSession().getProtocol();
        }
        if (str == null) {
            return 0;
        }
        if (str.indexOf("SSL") != -1) {
            return Normalizer2Impl.MIN_CCC_LCCC_CP;
        }
        if (str.indexOf("TLS") != -1) {
            return EscherProperties.SHAPE__MASTER;
        }
        return 0;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getInetName() {
        return this.sslSocket_ != null ? this.sslSocket_.getInetAddress().toString().toLowerCase() : "";
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public HODSSLCertIntf getServerCertificate() {
        return this.certImpl;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String[] getClientTrust() {
        return null;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean getConfiguredCertificateProvided() {
        if (this.sessionSrc != null) {
            return this.sessionSrc.getCertificateProvided();
        }
        return false;
    }

    public void setConfiguredCertificateProvided(boolean z) {
        if (this.sessionSrc != null) {
            this.sessionSrc.setCertificateProvided(z);
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getConfiguredCertificateSource() {
        return this.sessionSrc != null ? this.sessionSrc.getCertificateSource() : "SESSION_SSL_CERTIFICATE_IN_URL";
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void setConfiguredCertificateSource(String str) {
        if (this.sessionSrc != null) {
            this.sessionSrc.setCertificateSource(str);
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getConfiguredCertificateURL() {
        return this.sessionSrc != null ? this.sessionSrc.getCertificateURL() : "";
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void setConfiguredCertificateURL(String str) {
        if (!sameFile(str) && this.sessionSrc != null) {
            this.sessionSrc.setCertificateURL(str);
        }
        addToCache();
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getConfiguredCertificatePassword() {
        if (this.sessionSrc != null) {
            String certificatePassword = this.sessionSrc.getCertificatePassword();
            debug("getConfiguredCertificatePassword:1 - " + certificatePassword);
            if (!nonNullStr(certificatePassword)) {
                debug("getConfiguredCertificatePassword:2");
                String configuredCertificateURL = getConfiguredCertificateURL();
                String configuredCertificatePromptHowOften = getConfiguredCertificatePromptHowOften();
                if (nonNullStr(configuredCertificatePromptHowOften) && nonNullStr(configuredCertificateURL)) {
                    if (configuredCertificatePromptHowOften.equals(ECLSession.SESSION_SSL_CERTIFICATE_PROMPT_ONLY_ONCE)) {
                        String configuredCertificateHash = getConfiguredCertificateHash();
                        if (nonNullStr(configuredCertificateHash) && !configuredCertificateHash.equals(ECLSession.SESSION_SSL_CERTIFICATE_HAS_BEEN_PROMPTED)) {
                            byte[] bytes = MD5FactoryJNI.makeMD5(new BufferedInputStream(new ByteArrayInputStream((MD5FactoryJNI.makeMD5(new BufferedInputStream(new ByteArrayInputStream(configuredCertificateURL.getBytes()))) + configuredCertificateURL).getBytes()))).getBytes();
                            byte[] bArr = new byte[configuredCertificateHash.length() / 2];
                            for (int i = 0; i < bArr.length; i++) {
                                bArr[i] = Byte.decode("0x" + configuredCertificateHash.substring(i * 2, (i * 2) + 2)).byteValue();
                            }
                            byte[] bArr2 = new byte[bArr.length];
                            for (int i2 = 0; i2 < bArr.length; i2++) {
                                bArr2[i2] = (byte) (bArr[i2] ^ bytes[i2 % bytes.length]);
                            }
                            certificatePassword = new String(bArr2);
                        }
                    } else if (configuredCertificatePromptHowOften.equals("SESSION_SSL_CERTIFICATE_PROMPT_FIRST_CONNECT")) {
                        certificatePassword = (String) passwordCache.get(configuredCertificateURL);
                    } else if (configuredCertificatePromptHowOften.equals("SESSION_SSL_CERTIFICATE_PROMPT_FIRST_CERTIFICATE")) {
                        String configuredCertificateName = getConfiguredCertificateName();
                        certificatePassword = isSpecificCertificateName(configuredCertificateName) ? (String) passwordCache.get(configuredCertificateName) : (String) passwordCache.get(configuredCertificateURL);
                    }
                }
            }
            if (nonNullStr(certificatePassword)) {
                return certificatePassword;
            }
        }
        debug("getConfiguredCertificatePassword: unable to find the password");
        return "";
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void setConfiguredCertificatePassword(String str) {
        if (this.sessionSrc != null) {
            String configuredCertificatePassword = getConfiguredCertificatePassword();
            this.sessionSrc.setCertificatePassword(str);
            if (!nonNullStr(configuredCertificatePassword) || configuredCertificatePassword.equals(str)) {
                return;
            }
            addToCache();
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getConfiguredCertificateName() {
        return this.sessionSrc != null ? this.sessionSrc.getCertificateName() : "";
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void setConfiguredCertificateName(String str) {
        if (this.sessionSrc != null) {
            this.sessionSrc.setCertificateName(str);
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getConfiguredCertificatePromptHowOften() {
        return this.sessionSrc != null ? this.sessionSrc.getCertificatePromptHowOften() : "SESSION_SSL_CERTIFICATE_PROMPT_FIRST_CONNECT";
    }

    public void setConfiguredCertificatePromptHowOften(String str) {
        if (this.sessionSrc != null) {
            this.sessionSrc.setCertificatePromptHowOften(str);
            addToCache();
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean getConfiguredCertificatePromptBeforeConnect() {
        if (this.sessionSrc != null) {
            return this.sessionSrc.getCertificatePromptBeforeConnect();
        }
        return false;
    }

    public void setConfiguredCertificatePromptBeforeConnect(boolean z) {
        this.sessionSrc.setCertificatePromptBeforeConnect(z);
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getConfiguredCertificateHash() {
        return this.sessionSrc != null ? this.sessionSrc.getCertificateHash() : "";
    }

    public void setConfiguredCertificateHash(String str) {
        if (this.sessionSrc != null) {
            this.sessionSrc.setCertificateHash(str);
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean getConfiguredCertificatePrompted() {
        if (this.sessionSrc != null) {
            return this.sessionSrc.getCertificatePrompted();
        }
        return false;
    }

    public void setConfiguredCertificatePrompted(boolean z) {
        this.sessionSrc.setCertificatePrompted(z);
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void setConfiguredCryptoModule(String str) {
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getConfiguredCryptoModule() {
        return "";
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void setConfiguredCryptoLabel(String str) {
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getConfiguredCryptoLabel() {
        return "";
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void setConfiguredCryptoPwd(String str) {
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getConfiguredCryptoPwd() {
        return "";
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean getAllowCertificateProvidedModify() {
        return false;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean getAllowCertificateSourceModify() {
        return false;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean getAllowCertificateURLModify() {
        return false;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean getAllowCertificateNameModify() {
        return false;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean getAllowCertificatePromptHowOftenModify() {
        return false;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean getAllowCertificatePromptBeforeConnectModify() {
        return false;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void updateConfiguration(boolean z) throws ECLErr {
        setConfiguredCertificatePrompted(z);
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getConfiguredHost() {
        return this.sessionSrc.getHost();
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean isRestartable() {
        return true;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public HODSSLTokenIntf getHODSSLTokenIntf() {
        return null;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public HODSSLTokenIntf getHODSSLTokenIntf(boolean z, String str, String str2, String str3, String str4, String str5, boolean z2, String str6) {
        return null;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String[] getPrivateCertNames() {
        return new String[0];
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean isSessionPrompted(String str) {
        return promptCache.indexOf(str) != -1;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void setSessionPrompted(String str, boolean z) {
        if (z) {
            setSessionPrompted(str);
        }
    }

    public static void setSessionPrompted(String str) {
        if (promptCache.contains(str)) {
            debug("setSessionPrompted: " + str + " - Session already saved as prompted");
        } else {
            debug("setSessionPrompted: " + str);
            promptCache.addElement(str);
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean isPasswordCached(String str) {
        return nonNullStr((String) passwordCache.get(str));
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public HODSSLCertIntf getLastCertificateSent() {
        return this.localCertImpl;
    }

    static void initContext(HODSSLSessionIntf hODSSLSessionIntf, boolean z) throws IOException {
        KeyManagerFactory keyManagerFactory;
        TrustManagerFactory trustManagerFactory;
        if (!BaseEnvironment.isAcsPackage() && !ECLSession.isUseJSSENonFIPSMode() && !"SESSION_PROTOCOL_SSL".equals(hODSSLSessionIntf.getSecurityProtocol())) {
            try {
                String property = System.getProperty("java.vendor");
                String property2 = System.getProperty("java.version");
                if (property != null && property.startsWith(ECLHostPrintSession.SESSION_PRINT_5250_PRINTER_MANUFACTURER_DEFAULT)) {
                    if (property2.startsWith(XmlOptions.GENERATE_JAVA_14)) {
                        Class.forName("com.ibm.fips.jsse.JSSESocketFactory");
                        Security.insertProviderAt((Provider) Class.forName("com.ibm.fips.jsse.IBMJSSEFIPSProvider").newInstance(), 1);
                        Security.setProperty("ssl.SocketFactory.provider", "com.ibm.fips.jsse.JSSESocketFactory");
                    } else {
                        Security.insertProviderAt((Provider) Class.forName("com.ibm.crypto.fips.provider.IBMJCEFIPS").newInstance(), 1);
                        System.setProperty("com.ibm.jsse2.JSSEFIPS", "true");
                    }
                }
            } catch (Throwable th) {
                th.printStackTrace();
            }
        }
        InputStream inputStream = null;
        try {
            inputStream = getCustomizedCAs(hODSSLSessionIntf);
        } catch (Throwable th2) {
        }
        if (inputStream == null) {
            if (DebugFlag.DEBUG && z) {
                System.out.println("Using default trustStore");
                return;
            }
            return;
        }
        if (DebugFlag.DEBUG && z) {
            System.out.println("Using custom trustStore");
        }
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(hODSSLSessionIntf.getJSSETrustStoreType());
                keyStore.load(inputStream, hODSSLSessionIntf.getJSSETrustStorePassword().toCharArray());
                String property3 = Security.getProperty("ssl.SocketFactory.provider");
                if (DebugFlag.DEBUG && z) {
                    System.out.println("ProviderClass: " + property3);
                }
                if ("com.ibm.fips.jsse.JSSESocketFactory".equals(property3) || "true".equals(System.getProperty("com.ibm.jsse2.JSSEFIPS"))) {
                    keyManagerFactory = KeyManagerFactory.getInstance("IbmX509");
                    keyManagerFactory.init(keyStore, hODSSLSessionIntf.getJSSETrustStorePassword().toCharArray());
                    trustManagerFactory = TrustManagerFactory.getInstance("IbmX509");
                    trustManagerFactory.init(keyStore);
                    if ("true".equals(System.getProperty("com.ibm.jsse2.JSSEFIPS"))) {
                        sslContext = SSLContext.getInstance("TLS");
                    } else {
                        sslContext = SSLContext.getInstance("TLS", "IBMJSSEFIPS");
                    }
                } else {
                    keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore, hODSSLSessionIntf.getJSSETrustStorePassword().toCharArray());
                    trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(keyStore);
                    if ("SESSION_PROTOCOL_SSL".equals(hODSSLSessionIntf.getSecurityProtocol())) {
                        sslContext = SSLContext.getInstance("SSL");
                    } else {
                        sslContext = SSLContext.getInstance("TLS");
                    }
                }
                sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
                if (DebugFlag.DEBUG && z) {
                    System.out.println("SSL Context successfully initialized");
                }
            } finally {
                if (inputStream != null) {
                    inputStream.close();
                }
            }
        } catch (Throwable th3) {
            th3.printStackTrace();
            if (!(th3 instanceof IOException)) {
                throw new IOException("JSSE initialization failed 1");
            }
            throw ((IOException) th3);
        }
    }

    private static InputStream getCustomizedCAs(HODSSLSessionIntf hODSSLSessionIntf) throws Exception {
        String str;
        String jSSETrustStore = hODSSLSessionIntf.getJSSETrustStore();
        if (jSSETrustStore == null || jSSETrustStore.trim().equals("") || hODSSLSessionIntf.getJSSETrustStoreType() == null || hODSSLSessionIntf.getJSSETrustStoreType().trim().equals("") || hODSSLSessionIntf.getJSSETrustStorePassword() == null || hODSSLSessionIntf.getJSSETrustStorePassword().trim().equals("")) {
            return null;
        }
        try {
            if (Environment.createEnvironment().getApplet() != null) {
                URL url = null;
                try {
                    url = new URL(jSSETrustStore);
                } catch (Exception e) {
                    try {
                        url = Environment.UrlForOfflineSupport(new URL(Environment.createEnvironment().getApplet().getCodeBase(), jSSETrustStore));
                    } catch (Exception e2) {
                    }
                }
                if (url == null || url.getProtocol().equals("file")) {
                    str = jSSETrustStore;
                } else {
                    BufferedInputStream bufferedInputStream = new BufferedInputStream(url.openConnection().getInputStream());
                    str = Environment.createEnvironment().getIOTmpDir() + jSSETrustStore;
                    saveInputStreamToFile(bufferedInputStream, str);
                }
            } else {
                str = jSSETrustStore;
            }
            return new FileInputStream(new File(str));
        } catch (Exception e3) {
            e3.printStackTrace();
            return null;
        }
    }

    private static void saveInputStreamToFile(InputStream inputStream, String str) throws IOException {
        String substring = str.substring(0, str.lastIndexOf(fs));
        String substring2 = str.substring(str.lastIndexOf(fs) + 1);
        File file = new File(substring);
        file.mkdirs();
        FileOutputStream fileOutputStream = new FileOutputStream(new File(file, substring2));
        int i = 0;
        byte[] bArr = new byte[4096];
        int read = inputStream.read(bArr);
        while (true) {
            int i2 = read;
            if (i2 == -1) {
                inputStream.close();
                fileOutputStream.flush();
                fileOutputStream.close();
                return;
            } else {
                fileOutputStream.write(bArr, 0, i2);
                i += i2;
                read = inputStream.read(bArr);
            }
        }
    }

    @Override // javax.net.ssl.HandshakeCompletedListener
    public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
        debug("Handshake completed");
        try {
            this.certImpl = new HODSSLCertImplJSSE(handshakeCompletedEvent.getPeerCertificates(), 0);
            if (handshakeCompletedEvent.getLocalCertificates() == null || handshakeCompletedEvent.getLocalCertificates().length < 1) {
                this.localCertImpl = null;
            } else {
                this.localCertImpl = new HODSSLCertImplJSSE();
                this.localCertImpl.setCert(handshakeCompletedEvent.getLocalCertificates()[0]);
            }
        } catch (Exception e) {
            System.out.println("HODJSSEImpl.handshakeCompleted exception " + e.getMessage());
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public HODSSLCertIntf getNamedCertificate(String str) throws ECLErr {
        return null;
    }

    private static void debug(Throwable th) {
        if (BaseEnvironment.isAcsPackage()) {
            LogUtility.logWarning(th);
        } else {
            th.printStackTrace();
        }
    }

    private static void debug(String str) {
        if (BaseEnvironment.isAcsPackage()) {
            LogUtility.logConfig(str);
        }
    }

    private static boolean nonNullStr(String str) {
        return (str == null || str.equals("")) ? false : true;
    }

    private synchronized void checkConfiguredCertificatePrompted() throws ECLErr {
        String configuredCertificatePassword;
        try {
            if (getConfiguredCertificateProvided()) {
                String configuredHost = getConfiguredHost();
                if (this.sessionSrc != null) {
                    configuredHost = configuredHost + ":" + this.sessionSrc.getPort();
                }
                String configuredCertificatePromptHowOften = getConfiguredCertificatePromptHowOften();
                if (configuredCertificatePromptHowOften.equals(ECLSession.SESSION_SSL_CERTIFICATE_PROMPT_EACH_CONNECT)) {
                    if (!getConfiguredCertificatePrompted()) {
                        setConfiguredCertificatePrompted(true);
                        debug("checkConfiguredCertificatePassword():1");
                        throw new ECLErr("HODJSSEImpl::checkConfiguredCertificatePassword():1", "ECL0032", configuredHost);
                    }
                    setConfiguredCertificatePrompted(false);
                } else if (configuredCertificatePromptHowOften.equals("SESSION_SSL_CERTIFICATE_PROMPT_FIRST_CONNECT")) {
                    String label = this.sessionSrc.getLabel();
                    if (!isSessionPrompted(label)) {
                        debug("checkConfiguredCertificatePassword():2 - " + label);
                        throw new ECLErr("HODJSSEImpl::checkConfiguredCertificatePassword():2", "ECL0032", configuredHost);
                    }
                } else if (configuredCertificatePromptHowOften.equals("SESSION_SSL_CERTIFICATE_PROMPT_FIRST_CERTIFICATE")) {
                    String configuredCertificateName = getConfiguredCertificateName();
                    String configuredCertificateURL = isSpecificCertificateName(configuredCertificateName) ? configuredCertificateName : getConfiguredCertificateURL();
                    if (!isPasswordCached(configuredCertificateURL)) {
                        debug("checkConfiguredCertificatePassword():3 - " + configuredCertificateURL);
                        throw new ECLErr("HODJSSEImpl::checkConfiguredCertificatePassword():3", "ECL0032", configuredHost);
                    }
                } else if (configuredCertificatePromptHowOften.equals(ECLSession.SESSION_SSL_CERTIFICATE_PROMPT_ONLY_ONCE) && ((configuredCertificatePassword = getConfiguredCertificatePassword()) == null || configuredCertificatePassword.length() == 0)) {
                    debug("checkConfiguredCertificatePassword():4");
                    throw new ECLErr("HODJSSEImpl::checkConfiguredCertificatePassword():4", "ECL0032", configuredHost);
                }
                debug("checkConfiguredCertificatePassword(): Session has already prompted for the password");
            }
        } catch (ECLErr e) {
            throw e;
        } catch (Throwable th) {
            LogUtility.logSevere(th);
        }
    }

    private void addToCache() {
        String configuredCertificateURL = getConfiguredCertificateURL();
        String configuredCertificatePassword = getConfiguredCertificatePassword();
        String configuredCertificatePromptHowOften = getConfiguredCertificatePromptHowOften();
        if (!nonNullStr(configuredCertificateURL) || !nonNullStr(configuredCertificatePassword) || !nonNullStr(configuredCertificatePromptHowOften)) {
            if (!nonNullStr(configuredCertificateURL) || nonNullStr(configuredCertificatePassword)) {
                return;
            }
            debug("addToCache: removing " + configuredCertificateURL);
            passwordCache.remove(configuredCertificateURL);
            return;
        }
        if (configuredCertificatePromptHowOften.equals(ECLSession.SESSION_SSL_CERTIFICATE_PROMPT_ONLY_ONCE)) {
            byte[] bytes = MD5FactoryJNI.makeMD5(new BufferedInputStream(new ByteArrayInputStream((MD5FactoryJNI.makeMD5(new BufferedInputStream(new ByteArrayInputStream(configuredCertificateURL.getBytes()))) + configuredCertificateURL).getBytes()))).getBytes();
            byte[] bytes2 = configuredCertificatePassword.getBytes();
            byte[] bArr = new byte[bytes2.length];
            for (int i = 0; i < bytes2.length; i++) {
                bArr[i] = (byte) (bytes2[i] ^ bytes[i % bytes.length]);
            }
            String hexString = MD5FactoryJNI.toHexString(bArr);
            debug("addToCache: hash=" + hexString);
            setConfiguredCertificateHash(hexString);
            return;
        }
        if (configuredCertificatePromptHowOften.equals("SESSION_SSL_CERTIFICATE_PROMPT_FIRST_CONNECT")) {
            debug("addToCache: " + configuredCertificateURL + "=" + configuredCertificatePassword);
            passwordCache.put(configuredCertificateURL, configuredCertificatePassword);
        } else if (configuredCertificatePromptHowOften.equals("SESSION_SSL_CERTIFICATE_PROMPT_FIRST_CERTIFICATE")) {
            String configuredCertificateName = getConfiguredCertificateName();
            if (isSpecificCertificateName(configuredCertificateName)) {
                debug("addToCache(ALIAS): " + configuredCertificateName + "=" + configuredCertificatePassword);
                passwordCache.put(configuredCertificateName, configuredCertificatePassword);
            } else {
                debug("addToCache(URL): " + configuredCertificateURL + "=" + configuredCertificatePassword);
                passwordCache.put(configuredCertificateURL, configuredCertificatePassword);
            }
        }
    }

    private boolean sameFile(String str) {
        String configuredCertificateURL = getConfiguredCertificateURL();
        if (configuredCertificateURL == null) {
            return str == null;
        }
        if (str == null) {
            return false;
        }
        return new File(configuredCertificateURL).equals(new File(str));
    }

    private boolean isSpecificCertificateName(String str) {
        return (str == null || str.equals(this.mriUseAnyCert) || str.equals(this.mriNoCertsFound)) ? false : true;
    }
}
