package com.tivoli.framework.runtime;

import com.installshield.wizard.service.file.FileService;
import com.tivoli.messages.RuntimeErrors;
import java.io.EOFException;
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.security.Provider;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

/* loaded from: input_file:installer/IY81367.jar:efixes/IY81367/components/tpm/update.jar:/apps/tcje.ear:lib/jcf.jar:com/tivoli/framework/runtime/SecureConnect.class */
public class SecureConnect extends Connect implements HandshakeCompletedListener {
    private SSLSocketFactory sslSockFactory;
    private boolean isClientSSLCapable;
    private boolean sslCapabilityChecked;

    public SecureConnect(InetAddress inetAddress, int i) throws IOException {
        super(inetAddress, i);
        this.sslSockFactory = null;
        this.isClientSSLCapable = false;
        this.sslCapabilityChecked = false;
        checkSystemPropertyForProvider();
        this.sslSockFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
        try {
            doSSLNegotiation();
            this.isClientSSLCapable = true;
        } catch (IOException e) {
            handleSSLFailure();
        }
        this.sslCapabilityChecked = true;
    }

    public SecureConnect(int i, InetAddress inetAddress) throws IOException {
        super(inetAddress, i);
        this.sslSockFactory = null;
        this.isClientSSLCapable = false;
        this.sslCapabilityChecked = false;
        checkSystemPropertyForProvider();
        this.sslSockFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
        try {
            ControlMsg controlMsg = new ControlMsg();
            controlMsg.setNormalSslStartType();
            controlMsg.send(this.ioStreams.getOutputStream());
            createSSLSocket();
            this.isClientSSLCapable = true;
        } catch (IOException e) {
            handleSSLFailure();
        }
        this.sslCapabilityChecked = true;
    }

    @Override // javax.net.ssl.HandshakeCompletedListener
    public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
        Debug.msg(262144, new StringBuffer().append("Completed SSL handshake, suite=").append(handshakeCompletedEvent.getCipherSuite()).toString());
    }

    private void checkSystemPropertyForProvider() {
        try {
            java.security.Security.insertProviderAt((Provider) Class.forName(System.getProperty("com.tivoli.jsseprovider")).newInstance(), 1);
        } catch (SecurityException e) {
            System.out.println("Security Manager has denied the current application from adding JSSEProvider");
            System.out.println("Please include the jcf policies into your policy file");
        } catch (Exception e2) {
        }
    }

    private void handleSSLFailure() throws IOException {
        System.out.println(new Message("RuntimeErrors", RuntimeErrors.Index.NoJSSEProvider, null).bind());
        System.out.println(new Message("RuntimeErrors", RuntimeErrors.Index.JSSESecurityFile, new StringBuffer().append(System.getProperty("java.home")).append(File.separator).append(FileService.LIB_DIR).append(File.separator).append("security").append(File.separator).append("java.security").toString()).bind());
        this.isClientSSLCapable = false;
        closeSocket();
        recreateSocket();
    }

    private boolean isClientSSLCapable() {
        return false;
    }

    private void doSSLNegotiation() throws IOException {
        try {
            ControlMsg controlMsg = new ControlMsg();
            controlMsg.setControlSendType();
            controlMsg.send(this.ioStreams.getOutputStream());
            ControlMsg controlMsg2 = new ControlMsg();
            controlMsg2.receive(this.ioStreams.getInputStream());
            if (controlMsg2 != null && controlMsg2.getType() == 1) {
                createSSLSocket();
            }
        } catch (EOFException e) {
            recreateSocket();
        } catch (IOException e2) {
            Debug.msg(262144, new StringBuffer().append("SSL negotiation failed: ").append(e2.toString()).toString());
            Debug.msg(262144, new StringBuffer().append("java.security file at ").append(System.getProperty("java.home")).append(File.separator).append(FileService.LIB_DIR).append(File.separator).append("security").append(File.separator).append("java.security").toString());
            Debug.printStackTrace(262144, e2);
            System.out.println(new Message("RuntimeErrors", RuntimeErrors.Index.SSLNegotiationFailed, null).bind());
            throw e2;
        }
    }

    private void createSSLSocket() throws IOException {
        try {
            SSLSocket sSLSocket = (SSLSocket) this.sslSockFactory.createSocket(this.socket, this.serverAddress.getHostName(), this.serverPort, true);
            sSLSocket.addHandshakeCompletedListener(this);
            sSLSocket.startHandshake();
            this.socket = sSLSocket;
            this.isConnectionSSL = true;
            this.ioStreams = new Streams(this.socket);
        } catch (SSLHandshakeException e) {
            if (!e.getMessage().equals("unknown certificate")) {
                throw e;
            }
            System.out.println(new Message("RuntimeErrors", RuntimeErrors.Index.SSLRequestRejected, e.toString()).bind());
            System.out.println(new Message("RuntimeErrors", RuntimeErrors.Index.NoCertificate, null).bind());
            String str = null;
            try {
                str = new StringBuffer().append("at ").append(System.getProperty("javax.net.ssl.trustStore")).toString();
            } catch (IllegalArgumentException e2) {
            } catch (NullPointerException e3) {
                str = "not set in system properties";
            } catch (SecurityException e4) {
                str = "Insufficient permissions to access javax.net.ssl.trustStore system property";
            }
            System.out.println(new Message("RuntimeErrors", RuntimeErrors.Index.trustStoreFile, str).bind());
            recreateSocket();
        } catch (SSLException e5) {
            if (!e5.getMessage().equals("untrusted server cert chain")) {
                throw e5;
            }
            System.out.println(new Message("RuntimeErrors", RuntimeErrors.Index.SSLRequestRejected, e5.toString()).bind());
            System.out.println(new Message("RuntimeErrors", RuntimeErrors.Index.NoCertificate, null).bind());
            recreateSocket();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.tivoli.framework.runtime.Connect
    public void recreateSocket() throws IOException {
        this.isClientSSLCapable = false;
        super.recreateSocket();
    }
}
