package lotus.priv.CORBA.iiop.ssl;

import com.ibm.sslight.SSLContext;
import com.ibm.sslight.SSLException;
import com.ibm.sslight.SSLSocket;
import com.ibm.sslight.SSLightKeyRing;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URL;
import java.net.UnknownHostException;
import java.util.Properties;
import java.util.StringTokenizer;
import lotus.priv.CORBA.iiop.CDRInputStream;
import lotus.priv.CORBA.iiop.Connection;
import lotus.priv.CORBA.iiop.IIOPConnection;
import lotus.priv.CORBA.iiop.ORB;
import lotus.priv.CORBA.iiop.Profile;
import org.omg.CORBA.INTERNAL;
import org.omg.CORBA.SystemException;

/* loaded from: input_file:lib/NCSO.jar:lotus/priv/CORBA/iiop/ssl/SSLSecurity.class */
public class SSLSecurity {
    public static final int TAG_SSL_SEC_TRANS = 20;
    private Properties sslProperties;
    private String sslPropertiesFile;
    private boolean sslDebug;
    private int sslClientTestPort;
    private int sslPort;

    public void setDebug(boolean z) {
        this.sslDebug = z;
    }

    public SSLSecurity() {
        this.sslProperties = null;
        this.sslPropertiesFile = null;
        this.sslDebug = false;
        this.sslClientTestPort = 0;
        this.sslPort = 0;
        this.sslProperties = new Properties();
        this.sslProperties.put("lotus.priv.CORBA.SSLSessionTimeout", "3600");
        this.sslProperties.put("lotus.priv.CORBA.SSLConnectionTimeout", "300");
        this.sslProperties.put("lotus.priv.CORBA.SSLSocketConnectionTimeout", "60");
        this.sslProperties.put("lotus.priv.CORBA.SSLCountryOfOrigin", "US_DOMESTIC");
        this.sslProperties.put("lotus.priv.CORBA.SSLCertificates", "TrustedCerts");
    }

    public SSLSecurity(ORB orb) throws SystemException {
        this();
        try {
            readPropertiesFile(orb.getSSLPropertiesURL());
        } catch (MalformedURLException e) {
            System.out.println(new StringBuffer().append(" SSLSecurity.readPropertiesFile - MalformedURLException, URL was ").append(orb.getSSLPropertiesURL().toString()).toString());
            throw new INTERNAL();
        } catch (IOException e2) {
            System.out.println(" SSLSecurity.readPropertiesFile - IOException");
            throw new INTERNAL();
        }
    }

    public ORBSSLContext createSSLContext() throws SystemException {
        try {
            return new ORBSSLContext(this.sslProperties);
        } catch (SystemException e) {
            if (this.sslDebug) {
                System.out.println(" SSLSecurity.createSSLContext() - SSLException from ORBSSLContext() ");
                System.out.println(" Invalid properties or setup error from ORBSSLContext()");
            }
            throw e;
        }
    }

    public Socket createSSLSocket(Profile profile, boolean z) throws SystemException {
        SSLTag sSLTag = new SSLTag();
        try {
            getSSLComponentTagValues(profile, sSLTag);
            if (this.sslDebug) {
                System.out.println(new StringBuffer().append(" SSLSecurity.createSSLSocket - target_requires ").append((int) sSLTag.getTargetRequires()).toString());
                System.out.println(new StringBuffer().append("                             - target_supports ").append((int) sSLTag.getTargetSupports()).toString());
                System.out.println(new StringBuffer().append("                             - ssl port ").append(sSLTag.getSSLPort()).toString());
            }
            if (sSLTag.getTargetRequires() > sSLTag.getTargetSupports()) {
                if (this.sslDebug) {
                    System.out.println(" SSLSecurity.createSSLSocket - AssociationOption target_requires exceeds target_supports.");
                    System.out.println(" SSLSecurity.createSSLSocket - Unable to determine SSL cipher suites to use.");
                }
                throw new INTERNAL();
            }
            try {
                ORBSSLContext createSSLContext = createSSLContext();
                String host = profile.getHost();
                try {
                    if (this.sslDebug) {
                        System.out.println(new StringBuffer().append(" SSLSecurity.createSSLSocket - host ").append(host).append(", sslPort ").append(sSLTag.getSSLPort()).append(", client ").append(z).append(", port ").append(profile.getPort()).toString());
                    }
                    SSLSocket sSLSocket = z ? new SSLSocket(host, sSLTag.getSSLPort(), (SSLContext) createSSLContext, false, (Object) null) : new SSLSocket(host, sSLTag.getSSLPort(), (SSLContext) createSSLContext, true, (Object) null);
                    if (modifyCiphersWithAssocOpt(sSLTag.getTargetRequires(), sSLSocket.getCipherSuite()).length() > 0) {
                        if (this.sslDebug) {
                            System.out.println(" SSLSecurity.createSSLSocket - SSLSocket created. Exiting ");
                        }
                        return sSLSocket;
                    }
                    if (this.sslDebug) {
                        System.out.println(" SSLSecurity.createSSLSocket - Negotiated cipher suite does not meet minimum security requirements. ");
                        System.out.println(" SSLSecurity.createSSLSocket - SSLSocket not created. ");
                    }
                    try {
                        sSLSocket.close();
                        return null;
                    } catch (Exception e) {
                        return null;
                    }
                } catch (SSLException e2) {
                    if (this.sslDebug) {
                        System.out.println(new StringBuffer().append(" SSLSecurity.createSSLSocket - SSLException from SSLSocket() ").append(e2).toString());
                    }
                    throw new INTERNAL();
                } catch (UnknownHostException e3) {
                    if (this.sslDebug) {
                        System.out.println(new StringBuffer().append(" SSLSecurity.createSSLSocket - UnknownHostException from SSLSocket() ").append(e3).toString());
                    }
                    throw new INTERNAL();
                } catch (IOException e4) {
                    if (this.sslDebug) {
                        System.out.println(new StringBuffer().append(" SSLSecurity.createSSLSocket - IOException from SSLSocket() ").append(e4).toString());
                    }
                    throw new INTERNAL();
                }
            } catch (SystemException e5) {
                if (this.sslDebug) {
                    System.out.println(new StringBuffer().append(" SSLSecurity.createSSLSocket - SystemException from createSSLContext() ").append(e5).toString());
                }
                throw e5;
            }
        } catch (Exception e6) {
            if (this.sslDebug) {
                System.out.println(new StringBuffer().append(" SSLSecurity.createSSLSocket - Bad or non-exixtant SSL component tag. ").append(e6).toString());
            }
            throw new INTERNAL();
        }
    }

    public Socket createSSLSocket(Profile profile, boolean z, Socket socket, ORBSSLContext oRBSSLContext) throws SystemException {
        ORBSSLContext createSSLContext;
        SSLSocket sSLSocket;
        SSLTag sSLTag = new SSLTag();
        try {
            getSSLComponentTagValues(profile, sSLTag);
            if (sSLTag.getTargetRequires() > sSLTag.getTargetSupports()) {
                if (this.sslDebug) {
                    System.out.println(" SSLSecurity.createSSLSocket - AssociationOption target_requires exceeds target_supports.");
                    System.out.println(" SSLSecurity.createSSLSocket - Unable to determine SSL cipher suites to use.");
                }
                throw new INTERNAL();
            }
            if (oRBSSLContext == null) {
                try {
                    createSSLContext = createSSLContext();
                } catch (SystemException e) {
                    if (this.sslDebug) {
                        System.out.println(new StringBuffer().append(" SSLSecurity.createSSLSocket - SystemException from createSSLContext() ").append(e).toString());
                    }
                    throw e;
                }
            } else {
                createSSLContext = oRBSSLContext;
            }
            if (socket != null) {
                if (this.sslDebug) {
                    System.out.println(new StringBuffer().append(" SSLSecurity.createSSLSocket - socket ").append(socket).append(", client ").append(z).toString());
                }
                try {
                    sSLSocket = z ? new SSLSocket(socket, false, (SSLContext) createSSLContext, false, (Object) null) : new SSLSocket(socket, false, (SSLContext) createSSLContext, true, (Object) null);
                } catch (SSLException e2) {
                    if (this.sslDebug) {
                        System.out.println(new StringBuffer().append(" SSLSecurity.createSSLSocket - SSLException from SSLSocket() ").append(e2).toString());
                    }
                    throw new INTERNAL();
                } catch (IOException e3) {
                    if (this.sslDebug) {
                        System.out.println(new StringBuffer().append(" SSLSecurity.createSSLSocket - IOException from SSLSocket() ").append(e3).toString());
                    }
                    throw new INTERNAL();
                }
            } else {
                String host = profile.getHost();
                if (this.sslDebug) {
                    System.out.println(new StringBuffer().append(" SSLSecurity.createSSLSocket - host ").append(host).append(", sslPort ").append(sSLTag.getSSLPort()).append(", client ").append(z).append(", port ").append(profile.getPort()).toString());
                }
                try {
                    sSLSocket = z ? new SSLSocket(host, sSLTag.getSSLPort(), (SSLContext) createSSLContext, false, (Object) null) : new SSLSocket(host, sSLTag.getSSLPort(), (SSLContext) createSSLContext, true, (Object) null);
                } catch (SSLException e4) {
                    if (this.sslDebug) {
                        System.out.println(new StringBuffer().append(" SSLSecurity.createSSLSocket - SSLException from SSLSocket() ").append(e4).toString());
                    }
                    throw new INTERNAL();
                } catch (UnknownHostException e5) {
                    if (this.sslDebug) {
                        System.out.println(new StringBuffer().append(" SSLSecurity.createSSLSocket - UnknownHostException from SSLSocket() ").append(e5).toString());
                    }
                    throw new INTERNAL();
                } catch (IOException e6) {
                    if (this.sslDebug) {
                        System.out.println(new StringBuffer().append(" SSLSecurity.createSSLSocket - IOException from SSLSocket() ").append(e6).toString());
                    }
                    throw new INTERNAL();
                }
            }
            if (modifyCiphersWithAssocOpt(sSLTag.getTargetRequires(), sSLSocket.getCipherSuite()).length() > 0) {
                if (this.sslDebug) {
                    System.out.println(" SSLSecurity.createSSLSocket - SSLSocket created. Exiting ");
                }
                return sSLSocket;
            }
            if (this.sslDebug) {
                System.out.println(" SSLSecurity.createSSLSocket - Negotiated cipher suite does not meet minimum security requirements. ");
                System.out.println(" SSLSecurity.createSSLSocket - SSLSocket not created. ");
            }
            try {
                sSLSocket.close();
                return null;
            } catch (Exception e7) {
                return null;
            }
        } catch (Exception e8) {
            if (this.sslDebug) {
                System.out.println(new StringBuffer().append(" SSLSecurity.createSSLSocket - Bad or non-exixtant SSL component tag. ").append(e8).toString());
            }
            throw new INTERNAL();
        }
    }

    public Socket createSSLSocket(String str, String[] strArr) throws IOException, UnknownHostException, ClassNotFoundException, InstantiationException, IllegalAccessException {
        int i;
        String str2 = null;
        SSLContext sSLContext = new SSLContext();
        int indexOf = str.indexOf(58);
        if (indexOf == -1) {
            i = 443;
        } else {
            try {
                i = Integer.parseInt(str.substring(indexOf + 1));
                str = str.substring(0, indexOf);
                if (this.sslDebug) {
                    System.out.println(new StringBuffer().append(" SSLSecurity: set host to ").append(str).toString());
                    System.out.println(new StringBuffer().append(" SSLSecurity: set SSL port to ").append(i).toString());
                }
            } catch (NumberFormatException e) {
                if (this.sslDebug) {
                    System.out.println(new StringBuffer().append(" SSLSecurity: Error converting ").append(str).toString());
                }
                i = 443;
            }
        }
        if (strArr.length != 0) {
            for (int i2 = 0; i2 < strArr.length && strArr[i2] != null; i2++) {
                if (strArr[i2].startsWith("-ORBSSLCertificates=")) {
                    str2 = strArr[i2].substring(20);
                    this.sslProperties.put("lotus.priv.CORBA.SSLCertificates", str2);
                    if (this.sslDebug) {
                        System.out.println(new StringBuffer().append(" SSLSecurity: set keyring filename to ").append(str2).toString());
                    }
                }
            }
        }
        if (str2 == null) {
            str2 = this.sslProperties.getProperty("lotus.priv.CORBA.SSLCertificates");
        }
        sSLContext.importKeyRings(((SSLightKeyRing) Class.forName(str2).newInstance()).getKeyRingData(), "");
        return new SSLSocket(str, i, sSLContext, false, (Object) null);
    }

    public Connection createSSLConnection(ORB orb, Profile profile, boolean z) throws SystemException {
        Socket socket = null;
        IIOPConnection iIOPConnection = null;
        if (!orb.SSLSecurityIsEnabled()) {
            if (!this.sslDebug) {
                return null;
            }
            System.out.println(" SSLSecurity.createSSLConnection. Configuration not using SSL. Exiting ");
            return null;
        }
        if (this.sslDebug) {
            System.out.println(" SSLSecurity.createSSLConnection. Configuration using SSL ");
        }
        try {
            socket = createSSLSocket(profile, z);
            if (socket != null) {
                iIOPConnection = new IIOPConnection(orb, profile.getHost(), socket.getPort(), socket, socket.getInputStream(), socket.getOutputStream(), z, orb.getConnectionTable());
            }
            return iIOPConnection;
        } catch (Exception e) {
            if (this.sslDebug) {
                System.out.println("            .createSSLConnection - Unable to create IIOPConnection with SSLSocket.");
            }
            if (socket != null) {
                try {
                    socket.close();
                } catch (Exception e2) {
                }
            }
            throw new INTERNAL();
        }
    }

    protected void readPropertiesFile(String str) throws MalformedURLException, IOException {
        readPropertiesFile(new URL(str));
        this.sslPropertiesFile = str;
    }

    protected void readPropertiesFile(URL url) throws MalformedURLException, IOException {
        InputStream openStream = url.openStream();
        Properties properties = new Properties(this.sslProperties);
        properties.load(openStream);
        openStream.close();
        if (properties.getProperty("lotus.priv.CORBA.SSLDebug") != null) {
            this.sslDebug = true;
            String property = properties.getProperty("lotus.priv.CORBA.SSLClientTestPort");
            if (property != null) {
                try {
                    this.sslClientTestPort = new Integer(property).intValue();
                } catch (Exception e) {
                }
            }
        }
        String property2 = properties.getProperty("lotus.priv.CORBA.SSLPort");
        if (property2 != null) {
            try {
                this.sslPort = new Integer(property2).intValue();
            } catch (Exception e2) {
                if (this.sslDebug) {
                    System.out.println("SSLSecurity.readPropertiesFile - NumberFormatException on sslPort");
                }
            }
        }
        this.sslProperties = properties;
        this.sslPropertiesFile = url.toString();
    }

    public void getSSLComponentTagValues(Profile profile, SSLTag sSLTag) throws IOException {
        if (this.sslDebug && this.sslClientTestPort != 0) {
            sSLTag.setTargetSupports((short) 4);
            sSLTag.setTargetRequires((short) 4);
            sSLTag.setSSLPort(this.sslClientTestPort);
            return;
        }
        byte[] taggedComponent = profile.getTaggedComponent(20);
        try {
            CDRInputStream cDRInputStream = new CDRInputStream(null, taggedComponent, taggedComponent.length);
            cDRInputStream.consumeEndian();
            sSLTag.setTargetSupports(cDRInputStream.read_short());
            sSLTag.setTargetRequires(cDRInputStream.read_short());
            sSLTag.setSSLPort(cDRInputStream.read_short());
        } catch (SystemException e) {
            if (this.sslDebug) {
                System.out.println("SSLSecurity.getSSLComponentTagValues - Exception while reading SSL component tag");
            }
            throw e;
        }
    }

    public int getSSLPort(Profile profile) {
        SSLTag sSLTag = new SSLTag();
        try {
            getSSLComponentTagValues(profile, sSLTag);
            return sSLTag.getSSLPort();
        } catch (Exception e) {
            return 0;
        }
    }

    public String modifyCiphersWithAssocOpt(short s, String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str);
        StringBuffer stringBuffer = new StringBuffer();
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if ((s & 1) != 0 && nextToken.indexOf("WITH_NULL_NULL") != -1) {
                stringBuffer.append(nextToken);
                stringBuffer.append(" ");
            } else if ((s & 2) != 0 && nextToken.indexOf("WITH_NULL") != -1) {
                stringBuffer.append(nextToken);
                stringBuffer.append(" ");
            } else if ((s & 4) != 0) {
                stringBuffer.append(nextToken);
                stringBuffer.append(" ");
            }
        }
        return stringBuffer.toString();
    }

    public void addProperty(String str, String str2) {
        this.sslProperties.setProperty(str, str2);
    }

    public void setProperties(Properties properties) {
        if (properties != null) {
            this.sslProperties = properties;
        }
    }

    public Properties getProperties() {
        return this.sslProperties;
    }

    public void setPropertiesFile(String str) throws SystemException {
        try {
            readPropertiesFile(str);
        } catch (MalformedURLException e) {
            if (this.sslDebug) {
                System.out.println(new StringBuffer().append(" SSLSecurity.setPropertiesFile - MalformedURLException, URL was ").append(str).toString());
            }
            throw new INTERNAL();
        } catch (IOException e2) {
            if (this.sslDebug) {
                System.out.println(" SSLSecurity.setPropertiesFile - IOException");
            }
            throw new INTERNAL();
        }
    }

    public String getPropertiesFile() {
        return this.sslPropertiesFile;
    }
}
