package com.ibm.cic.common.downloads;

import com.ibm.cic.common.core.internal.ComIbmCicCommonCorePlugin;
import com.ibm.cic.common.core.internal.downloads.CicX509TrustManager;
import com.ibm.cic.common.core.preferences.CicPreferenceManager;
import com.ibm.cic.common.core.preferences.ICicPreferenceConstants;
import com.ibm.cic.common.logging.Logger;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:com/ibm/cic/common/downloads/NonsecureConnectionManager.class */
public class NonsecureConnectionManager {
    static final Logger log;
    public static final NonsecureConnectionManager INSTANCE;
    private static ThreadLocal perThreadHost;
    private SSLContext sslContext;
    private ArrayList listeners = new ArrayList();
    private static final String LITERAL_DNEQ = "CN=";
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:com/ibm/cic/common/downloads/NonsecureConnectionManager$IDropConnectionsListener.class */
    public interface IDropConnectionsListener {
        void dropConnections();
    }

    static {
        $assertionsDisabled = !NonsecureConnectionManager.class.desiredAssertionStatus();
        log = Logger.getLogger(NonsecureConnectionManager.class, ComIbmCicCommonCorePlugin.getDefault());
        INSTANCE = new NonsecureConnectionManager();
        perThreadHost = new ThreadLocal();
    }

    private NonsecureConnectionManager() {
    }

    private static SSLContext createSSLContext() throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException {
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(null, new TrustManager[]{new CicX509TrustManager()}, null);
        return sSLContext;
    }

    public synchronized SSLContext getSSLContext() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
        if (this.sslContext == null) {
            this.sslContext = createSSLContext();
        }
        return this.sslContext;
    }

    public static void onBeforeSSLConnect(String str) {
        perThreadHost.set(str.toLowerCase());
    }

    public static void onPostSSLConnect() {
        perThreadHost.set(null);
    }

    public static String getSSLConnectingHost() {
        return (String) perThreadHost.get();
    }

    public synchronized void addListener(IDropConnectionsListener iDropConnectionsListener) {
        this.listeners.add(iDropConnectionsListener);
    }

    public synchronized void removeListener(IDropConnectionsListener iDropConnectionsListener) {
        this.listeners.remove(iDropConnectionsListener);
    }

    public synchronized void dropConnections() {
        log.debug("dropping connections");
        Iterator it = this.listeners.iterator();
        while (it.hasNext()) {
            ((IDropConnectionsListener) it.next()).dropConnections();
        }
        if (this.sslContext != null) {
            SSLSessionContext clientSessionContext = this.sslContext.getClientSessionContext();
            if (clientSessionContext != null) {
                Enumeration<byte[]> ids = clientSessionContext.getIds();
                while (ids.hasMoreElements()) {
                    clientSessionContext.getSession(ids.nextElement()).invalidate();
                }
            }
            this.sslContext = null;
        }
    }

    public synchronized boolean continueConnectionWithInvalidCertificates(String str, X509Certificate[] x509CertificateArr, String str2, CertificateException certificateException) {
        NonsecureConnectionSessionState nonsecureConnectionSessionState = NonsecureConnectionSessionState.INSTANCE;
        if (nonsecureConnectionSessionState.isNonsecureMode()) {
            warnNonsecureConnection(str, x509CertificateArr, str2, certificateException);
            return true;
        }
        if (PreferencesHolder.INSTANCE.isSSLNonsecureMode()) {
            warnNonsecureConnection(str, x509CertificateArr, str2, certificateException);
            return true;
        }
        INonsecureConnectionPrompter prompter = NonsecureConnectionPrompter.INSTANCE.getPrompter();
        if (prompter == null) {
            log.debug("No nonsecure connection prompter registered");
            return false;
        }
        int promptEnterNonsecureSSLMode = prompter.promptEnterNonsecureSSLMode(str, x509CertificateArr, str2, certificateException);
        if (promptEnterNonsecureSSLMode == 2) {
            warnNonsecureConnection(str, x509CertificateArr, str2, certificateException);
            nonsecureConnectionSessionState.setNonsecureMode(true);
            return true;
        }
        if (promptEnterNonsecureSSLMode == 4) {
            warnNonsecureConnection(str, x509CertificateArr, str2, certificateException);
            return true;
        }
        if (promptEnterNonsecureSSLMode != 1) {
            if ($assertionsDisabled || promptEnterNonsecureSSLMode == 3) {
                return false;
            }
            throw new AssertionError();
        }
        CicPreferenceManager cicPreferenceManager = CicPreferenceManager.getInstance();
        if (cicPreferenceManager != null) {
            cicPreferenceManager.setBoolean(ICicPreferenceConstants.SSL_NONSECURE_MODE, true);
        }
        warnNonsecureConnection(str, x509CertificateArr, str2, certificateException);
        return true;
    }

    private void warnNonsecureConnection(String str, X509Certificate[] x509CertificateArr, String str2, CertificateException certificateException) {
        X500Principal subjectX500Principal = x509CertificateArr[0].getSubjectX500Principal();
        String subjectCN = getSubjectCN(subjectX500Principal);
        if (subjectCN != null) {
            log.warning(Messages.NonsecureConnectionManager_WarningNonsecureConnectionWithSubjectCommonName, str, subjectCN, certificateException);
        } else {
            log.warning(Messages.NonsecureConnectionManager_FailedToParseCertificateSubject, subjectX500Principal.getName());
            log.warning(Messages.NonsecureConnectionManager_WarningNonsecureConnectionNoSubjectCommonName, str, certificateException);
        }
    }

    private String getSubjectCN(X500Principal x500Principal) {
        return getCN(x500Principal);
    }

    private String getCN(X500Principal x500Principal) {
        String name = x500Principal.getName();
        int indexOf = name.indexOf(LITERAL_DNEQ);
        if (indexOf == -1) {
            return null;
        }
        CharSequence subSequence = name.subSequence(indexOf + LITERAL_DNEQ.length(), name.length());
        int eatWS = eatWS(subSequence, indexOf);
        while (eatWS < subSequence.length()) {
            char charAt = subSequence.charAt(eatWS);
            if (charAt == '\\') {
                eatWS++;
            } else if (charAt == ',') {
                break;
            }
            eatWS++;
        }
        return subSequence.subSequence(0, eatWS).toString().trim();
    }

    private int eatWS(CharSequence charSequence, int i) {
        int length = charSequence.length();
        while (i < length && isWS(charSequence.charAt(i))) {
            i++;
        }
        return i;
    }

    private boolean isWS(char c) {
        return c == ' ';
    }
}
