package com.micromuse.objectserver;

import com.ibm.security.cmskeystore.CMSLoadStoreParameterFactory;
import com.ibm.security.cmskeystore.StashedPasswordProtection;
import com.micromuse.centralconfig.ConfigurationContext;
import com.micromuse.centralconfig.util.ShowDialog;
import com.micromuse.common.repository.BasicOS;
import com.micromuse.common.repository.BasicPA;
import com.micromuse.common.repository.util.Lib;
import com.micromuse.common.repository.util.Strings;
import com.sybase.jdbcx.SybSocketFactory;
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.rmi.RemoteException;
import java.security.KeyStore;
import java.util.Properties;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.security.cert.X509Certificate;

/* loaded from: input_file:nco_administrator-5.11.45-noarch.npm:omnibus/java/jars/ControlTower.jar:com/micromuse/objectserver/FIPSSSLSocketFactory.class */
public class FIPSSSLSocketFactory extends SSLSocketFactory implements SybSocketFactory {
    SSLSocketFactory sf;
    String SSL_ERROR = "SSL Error";

    SSLSocketFactory getSSLSocketFactory() throws Exception {
        if (this.sf == null) {
            installKeyStore();
        }
        return this.sf;
    }

    void installKeyStore() throws Exception {
        SSLContext sSLContext;
        KeyStore keyStore = KeyStore.getInstance("CMSKS");
        File file = new File(Crypto.getInstance().getKeyStoreDirName() + Lib.FS + Crypto.getInstance().getKeyStoreFileName());
        StashedPasswordProtection stashedPasswordProtection = new StashedPasswordProtection(new File(Crypto.getInstance().getStashDirName() + Lib.FS + Crypto.getInstance().getStashFileName()));
        keyStore.load(CMSLoadStoreParameterFactory.newCMSLoadParameter(file, stashedPasswordProtection));
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("IbmX509");
        keyManagerFactory.init(keyStore, stashedPasswordProtection.getPassword());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("IbmX509");
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (ObjectServerConnect.fipsMode()) {
            sSLContext = SSLContext.getInstance("TLS");
            System.setProperty("com.ibm.jsse2.JSSEFIPS", "true");
        } else {
            sSLContext = SSLContext.getInstance("SSL");
        }
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagers, null);
        this.sf = sSLContext.getSocketFactory();
    }

    public Socket establishSocket(String str, int i, boolean z) throws IOException, UnknownHostException {
        setSystemProperties();
        try {
            SSLSocket sSLSocket = (SSLSocket) getSSLSocketFactory().createSocket(str, i);
            sSLSocket.startHandshake();
            ConfigurationContext.getLogger().logAudit(10000, str + i, sSLSocket.getSession().getProtocol() + Strings.SPACE + sSLSocket.getSession().getCipherSuite());
            if (!validateSocket(sSLSocket, str, i, z)) {
                return null;
            }
            ConfigurationContext.getLogger().logAudit(20000, str + i, sSLSocket.getSession().toString());
            return sSLSocket;
        } catch (Exception e) {
            ConfigurationContext.getLogger().logSystem("FIPSSLSocketFactory:createSocket(2)", e);
            if (!z) {
                return null;
            }
            ShowDialog.showError(null, this.SSL_ERROR, e.getMessage());
            return null;
        }
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
        return establishSocket(str, i, true);
    }

    public Socket createSocket(String str, int i, Properties properties) throws IOException, UnknownHostException {
        return properties != null ? (properties.containsKey("APPLICATIONNAME") && !properties.get("APPLICATIONNAME").equals(null) && properties.get("APPLICATIONNAME").equals(ObjectServerConnect.PING_APPLICATION_NAME)) ? establishSocket(str, i, false) : establishSocket(str, i, true) : establishSocket(str, i, true);
    }

    boolean validateSocket(SSLSocket sSLSocket, String str, int i, boolean z) throws RemoteException {
        String str2 = null;
        BasicOS basicOS = (BasicOS) ConfigurationContext.getCurrentRemoteCentralRepository().findOS(str, null, i + "");
        if (basicOS != null) {
            str2 = basicOS.getName();
        } else {
            BasicPA basicPA = (BasicPA) ConfigurationContext.getCurrentRemoteCentralRepository().findPA(str, null, i + "");
            if (basicPA != null) {
                str2 = basicPA.getName();
            }
        }
        try {
            X509Certificate[] peerCertificateChain = sSLSocket.getSession().getPeerCertificateChain();
            boolean z2 = false;
            String str3 = Lib.tokenize(Lib.tokenize(peerCertificateChain[0].getSubjectDN().toString(), ",")[0], "=")[1];
            if (str2 != null && str3 != null) {
                z2 = str2.equals(str3);
            }
            if (!z2) {
                try {
                    z2 = Crypto.getInstance().isUserAllowedCert(str3, peerCertificateChain[0].getPublicKey()) ? true : z ? Crypto.getInstance().allowConnectionToProceed("Common name mismatch :\n expected " + str2 + " recieved " + str3, str3, peerCertificateChain[0]) : true;
                } catch (Exception e) {
                    ConfigurationContext.getLogger().logSystem("FIPSSLSocketFactory:createSocket(3)", e);
                    if (z) {
                        ShowDialog.showError(null, this.SSL_ERROR, e.getLocalizedMessage());
                    }
                    z2 = false;
                }
            }
            return z2;
        } catch (SSLPeerUnverifiedException e2) {
            ShowDialog.showError(null, this.SSL_ERROR, "Certificate rejected:\n" + e2.getMessage());
            return false;
        }
    }

    protected void setSystemProperties() {
        Crypto.getInstance().setProperties(System.getProperties());
    }

    protected void setProtocol(SSLSocket sSLSocket) {
        sSLSocket.setEnabledProtocols(new String[]{"TLSv1"});
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getDefaultCipherSuites() {
        return null;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getSupportedCipherSuites() {
        return null;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) {
        return null;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i) {
        return null;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) {
        return null;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) {
        return null;
    }
}
