package weblogic.webservice.client;

import com.certicom.net.ssl.SSLContext;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.net.Socket;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.util.Enumeration;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.security.cert.CertificateException;
import javax.security.cert.X509Certificate;
import org.apache.xerces.impl.xs.SchemaSymbols;
import weblogic.utils.encoders.BASE64Encoder;

/* loaded from: input_file:weblogic/webservice/client/BaseWLSSLAdapter.class */
public abstract class BaseWLSSLAdapter implements SSLAdapter {
    public static final String STRICT_CHECKING_DEFAULT = "weblogic.webservice.client.ssl.strictcertchecking";
    public static final String VERBOSE_PROPERTY = "weblogic.webservice.client.verbose";
    public static final String TRUSTED_CERTS = "weblogic.webservice.client.ssl.trustedcertfile";
    public static final String ENFORCE_CONSTRAINTS = "weblogic.security.SSL.enforceConstraints";
    private static final String HTTPS_PROXY_HOST = "weblogic.webservice.transport.https.proxy.host";
    private static final String HTTPS_PROXY_PORT = "weblogic.webservice.transport.https.proxy.port";
    protected static boolean verbose;
    private static boolean strictCheckingDefault;
    protected static String trustedCertFile;
    private SSLContext context = null;
    private final TrustManager trustingManager = new NullTrustManager(null);
    private TrustManager strictManager = null;
    private SSLSocketFactory socketFactory = null;
    protected boolean strictCertChecking = true;
    private String[] enabledCiphers = null;
    private String proxyHost;
    private int proxyPort;
    private static String defaultProxyHost;
    private static int defaultProxyPort;
    private static final int CONSTRAINTS_OFF = 0;
    private static final int CONSTRAINTS_STRONG = 1;
    private static final int CONSTRAINTS_STRICT = 2;
    static int enforceConstraints;
    private static final CertificateFactory javaCertFactory;

    /* renamed from: weblogic.webservice.client.BaseWLSSLAdapter$1, reason: invalid class name */
    /* loaded from: input_file:weblogic/webservice/client/BaseWLSSLAdapter$1.class */
    class AnonymousClass1 {
    }

    /* loaded from: input_file:weblogic/webservice/client/BaseWLSSLAdapter$NullTrustManager.class */
    private static class NullTrustManager implements TrustManager {
        private NullTrustManager() {
        }

        @Override // weblogic.webservice.client.TrustManager
        public boolean certificateCallback(X509Certificate[] x509CertificateArr, int i, Object obj) {
            if (!BaseWLSSLAdapter.verbose) {
                return true;
            }
            try {
                String str = (String) obj;
                if (x509CertificateArr.length == 0) {
                    System.out.println("Warning: empty cert chain");
                } else {
                    if ((i & 1) != 0) {
                        System.out.println("Warning: cert chain invalid");
                    }
                    if ((i & 2) != 0) {
                        System.out.println("Warning: cert expired");
                    }
                    if ((i & 4) != 0) {
                        System.out.println("Warning: cert chain incomplete");
                    }
                    if ((i & 8) != 0) {
                        System.out.println("Warning: cert signature invalid");
                    }
                    if ((i & 16) != 0) {
                        System.out.println("Warning: cert chain untrusted");
                    }
                    String subjectCN = getSubjectCN(x509CertificateArr[0].getSubjectDN());
                    if (!subjectCN.equals(str)) {
                        System.out.println(new StringBuffer().append("Warning: subject (").append(subjectCN).append(") does not match server name (").append(str).append(")").toString());
                    }
                }
                return true;
            } catch (Throwable th) {
                System.out.println("In Trust manager");
                th.printStackTrace();
                return true;
            }
        }

        private String getSubjectCN(Principal principal) {
            return principal.getName().substring(principal.getName().indexOf("CN=") + "CN=".length());
        }

        NullTrustManager(AnonymousClass1 anonymousClass1) {
            this();
        }
    }

    public BaseWLSSLAdapter() {
        this.proxyHost = null;
        if (defaultProxyHost != null) {
            this.proxyHost = defaultProxyHost;
            this.proxyPort = defaultProxyPort;
        }
        if (trustedCertFile != null) {
            FileInputStream fileInputStream = null;
            try {
                try {
                    fileInputStream = new FileInputStream(trustedCertFile);
                    loadTrustedCertificates(fileInputStream);
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e) {
                            if (verbose) {
                                System.out.println(new StringBuffer().append("Warning: trusted cert file close error: ").append(e.getMessage()).toString());
                            }
                        }
                    }
                } catch (Exception e2) {
                    System.out.println(new StringBuffer().append("Warning: Unable to load trusted certificates from file ").append(trustedCertFile).append(":").append(e2.getMessage()).toString());
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e3) {
                            if (verbose) {
                                System.out.println(new StringBuffer().append("Warning: trusted cert file close error: ").append(e3.getMessage()).toString());
                            }
                        }
                    }
                }
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e4) {
                        if (verbose) {
                            System.out.println(new StringBuffer().append("Warning: trusted cert file close error: ").append(e4.getMessage()).toString());
                        }
                        throw th;
                    }
                }
                throw th;
            }
        }
    }

    @Override // weblogic.webservice.client.SSLAdapter
    public final Socket createSocket(String str, int i) throws IOException {
        try {
            SSLSocket sSLSocket = this.proxyHost != null ? (SSLSocket) createProxySocket(str, i) : (SSLSocket) getSocketFactory().createSocket(str, i);
            if (this.enabledCiphers != null) {
                sSLSocket.setEnabledCipherSuites(this.enabledCiphers);
            }
            if (verbose) {
                System.out.println(new StringBuffer().append("Connecting to:").append(str).append(" port:").append(i).append(" socket:").append(sSLSocket).toString());
            }
            return sSLSocket;
        } catch (ClassCastException e) {
            throw new IOException("Unable to create SSLSocket instance");
        }
    }

    @Override // weblogic.webservice.client.SSLAdapter
    public abstract URLConnection openConnection(URL url) throws IOException;

    public static void setStrictCheckingDefault(boolean z) {
        if (verbose) {
            System.out.println(new StringBuffer().append("Set default cert checking to ").append(z ? SchemaSymbols.ATTVAL_STRICT : "accepting").toString());
        }
        strictCheckingDefault = z;
    }

    public void setVerbose(boolean z) {
        verbose = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void _setStrictChecking(boolean z) {
        if (adapterUsed()) {
            throw new IllegalArgumentException("Cannot change certificate checking once the adapter has been used");
        }
        if (z) {
            if (verbose) {
                System.out.println(new StringBuffer().append("Enabling strict checking on adapter ").append(this).toString());
            }
            setTrustManager(this.strictManager);
        } else {
            if (verbose) {
                System.out.println(new StringBuffer().append("Disabling strict checking on adapter ").append(this).toString());
            }
            setTrustManager(this.trustingManager);
        }
        this.strictCertChecking = z;
    }

    public void setTrustedCertificatesFile(String str) {
        if (adapterUsed()) {
            throw new IllegalArgumentException("Cannot change trusted certificate file once the adapter has been used");
        }
        boolean z = false;
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            if (new BufferedReader(new InputStreamReader(fileInputStream)).readLine().equalsIgnoreCase("-----BEGIN CERTIFICATE-----")) {
                z = true;
            }
            fileInputStream.close();
            if (!z) {
                if (verbose) {
                    System.out.println("Could not locate PEM preamble, now trying file as JKS");
                }
                try {
                    File doPemCvt = doPemCvt(str);
                    if (doPemCvt != null) {
                        if (verbose) {
                            System.out.println(new StringBuffer().append("temp PEM file created: ").append(doPemCvt.getAbsolutePath()).toString());
                        }
                        str = doPemCvt.getAbsolutePath();
                        z = true;
                    }
                } catch (Exception e) {
                    throw new IllegalArgumentException(new StringBuffer().append("Could not obtain certificate from file as JKS: ").append(str).append(" due to error: ").append(e).toString());
                }
            }
            if (!z) {
                throw new IllegalArgumentException(new StringBuffer().append("Could not obtain certificate from file: ").append(str).toString());
            }
            trustedCertFile = str;
            if (trustedCertFile != null) {
                FileInputStream fileInputStream2 = null;
                try {
                    try {
                        fileInputStream2 = new FileInputStream(trustedCertFile);
                        loadTrustedCertificates(fileInputStream2);
                        if (fileInputStream2 != null) {
                            try {
                                fileInputStream2.close();
                            } catch (IOException e2) {
                                if (verbose) {
                                    System.out.println(new StringBuffer().append("Warning: set trusted cert file close error: ").append(e2.getMessage()).toString());
                                }
                            }
                        }
                    } catch (Exception e3) {
                        System.out.println(new StringBuffer().append("Warning: Unable to load trusted certificates from file ").append(trustedCertFile).append(":").append(e3.getMessage()).toString());
                        if (fileInputStream2 != null) {
                            try {
                                fileInputStream2.close();
                            } catch (IOException e4) {
                                if (verbose) {
                                    System.out.println(new StringBuffer().append("Warning: set trusted cert file close error: ").append(e4.getMessage()).toString());
                                }
                            }
                        }
                    }
                } catch (Throwable th) {
                    if (fileInputStream2 != null) {
                        try {
                            fileInputStream2.close();
                        } catch (IOException e5) {
                            if (verbose) {
                                System.out.println(new StringBuffer().append("Warning: set trusted cert file close error: ").append(e5.getMessage()).toString());
                            }
                            throw th;
                        }
                    }
                    throw th;
                }
            }
        } catch (Exception e6) {
            throw new IllegalArgumentException(new StringBuffer().append("Could not load trusted certificate file: ").append(str).append(" due to error: ").append(e6).toString());
        }
    }

    private final void loadTrustedCertificates(InputStream inputStream) throws KeyManagementException {
        getContext().loadTrustedCertificates(inputStream);
        if (verbose) {
            System.out.println(new StringBuffer().append("Loaded local trusted certificates from ").append(inputStream).toString());
        }
    }

    public final void loadLocalIdentity(InputStream inputStream, char[] cArr) throws KeyManagementException {
        if (adapterUsed()) {
            throw new IllegalArgumentException("Cannot load identities once the adapter has been used");
        }
        getContext().loadLocalIdentity(inputStream, cArr);
        if (verbose) {
            System.out.println(new StringBuffer().append("Loaded local identity from ").append(inputStream).toString());
        }
    }

    public final X509Certificate[] getIdentity(String str, int i) {
        return getContext().getAuthChain(str, i);
    }

    public final void addIdentity(X509Certificate[] x509CertificateArr, byte[] bArr) {
        if (adapterUsed()) {
            throw new IllegalStateException("Cannot add identities once the adapter has been used");
        }
        getContext().addAuthChain(x509CertificateArr, bArr);
    }

    public final void addIdentity(X509Certificate[] x509CertificateArr, PrivateKey privateKey) {
        if (adapterUsed()) {
            throw new IllegalStateException("Cannot add identities once the adapter has been used");
        }
        getContext().addAuthChain(x509CertificateArr, privateKey);
    }

    public final void addIdentity(java.security.cert.X509Certificate[] x509CertificateArr, PrivateKey privateKey) {
        try {
            addIdentity(X509java2javax(x509CertificateArr), privateKey);
        } catch (CertificateEncodingException e) {
            throw new IllegalArgumentException(new StringBuffer().append("failed to process provided certificates:").append(e).toString());
        } catch (CertificateException e2) {
            throw new IllegalArgumentException(new StringBuffer().append("failed to process provided certificates: ").append(e2).toString());
        }
    }

    public final void removeIdentity(X509Certificate x509Certificate) {
        if (adapterUsed()) {
            throw new IllegalArgumentException("Cannot add identities once the adapter has been used");
        }
        getContext().removeAuthChain(x509Certificate);
    }

    public final void removeIdentity(java.security.cert.X509Certificate x509Certificate) {
        try {
            removeIdentity(X509java2javax(x509Certificate));
        } catch (CertificateEncodingException e) {
            throw new IllegalArgumentException(new StringBuffer().append("failed to process provided certificates: ").append(e).toString());
        } catch (CertificateException e2) {
            throw new IllegalArgumentException(new StringBuffer().append("failed to process provided certificates: ").append(e2).toString());
        }
    }

    public final void setProtocolVersion(String str) {
        if (adapterUsed()) {
            throw new IllegalArgumentException("Cannot change protocol version once adapter has been used");
        }
        getContext().setHelloProtocol(str);
    }

    public final String getProtocolVersion() {
        return getContext().getHelloProtocol();
    }

    public final void setTrustManager(TrustManager trustManager) {
        if (adapterUsed()) {
            throw new IllegalArgumentException("Cannot change trust manager once the adapter has been used");
        }
        getContext().setTrustManager(trustManager);
        if (verbose) {
            System.out.println(new StringBuffer().append("Set TrustManager to ").append(trustManager).toString());
        }
    }

    public final void setTrustManager(TrustManager trustManager, Object obj) {
        if (adapterUsed()) {
            throw new IllegalArgumentException("Cannot change trust manager once the adapter has been used");
        }
        this.strictManager = trustManager;
        getContext().setTrustManager(trustManager, obj);
        resetFactory();
        if (verbose) {
            System.out.println(new StringBuffer().append("Set TrustManager to ").append(trustManager).append(" with callback ").append(obj).toString());
        }
    }

    public void setProxy(String str, int i) {
        if (str == null) {
            throw new IllegalArgumentException("Must provide a proxy hostname");
        }
        this.proxyHost = str;
        this.proxyPort = i;
    }

    public void clearProxy() {
        this.proxyHost = null;
    }

    protected final SSLContext getContext() {
        if (this.context == null) {
            this.context = new SSLContext();
            setX509ConstraintBug(this.context);
        }
        return this.context;
    }

    private void setX509ConstraintBug(SSLContext sSLContext) {
        if (enforceConstraints == 2) {
            sSLContext.setX509BasicConstraintBug(false);
            sSLContext.setX509StrictConstraints(true);
        } else if (enforceConstraints == 0) {
            sSLContext.setX509BasicConstraintBug(true);
            sSLContext.setX509StrictConstraints(false);
        } else {
            sSLContext.setX509BasicConstraintBug(false);
            sSLContext.setX509StrictConstraints(false);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean getStrictCheckingDefault() {
        return strictCheckingDefault;
    }

    private void resetFactory() {
        this.socketFactory = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SSLSocketFactory getSocketFactory() {
        if (this.socketFactory == null) {
            this.socketFactory = getContext().getSocketFactory();
            if (verbose) {
                System.out.println(new StringBuffer().append("Got new socketfactory ").append(this.socketFactory).toString());
            }
        }
        return this.socketFactory;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean adapterUsed() {
        return this.socketFactory != null;
    }

    private Socket createProxySocket(String str, int i) throws IOException {
        Socket socket = new Socket(this.proxyHost, this.proxyPort);
        SSLUtil.doTunnelHandshake(socket, str, i);
        return getSocketFactory().createSocket(socket, str, i, false);
    }

    public static final X509Certificate X509java2javax(java.security.cert.X509Certificate x509Certificate) throws CertificateEncodingException, CertificateException {
        return X509Certificate.getInstance(x509Certificate.getEncoded());
    }

    public static final java.security.cert.X509Certificate X509javax2java(X509Certificate x509Certificate) throws java.security.cert.CertificateException, javax.security.cert.CertificateEncodingException {
        return (java.security.cert.X509Certificate) javaCertFactory.generateCertificate(new ByteArrayInputStream(x509Certificate.getEncoded()));
    }

    public static final X509Certificate[] X509java2javax(java.security.cert.X509Certificate[] x509CertificateArr) throws CertificateException, CertificateEncodingException {
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            x509CertificateArr2[i] = X509java2javax(x509CertificateArr[i]);
        }
        return x509CertificateArr2;
    }

    public static final java.security.cert.X509Certificate[] X509javax2java(X509Certificate[] x509CertificateArr) throws javax.security.cert.CertificateEncodingException, java.security.cert.CertificateException {
        java.security.cert.X509Certificate[] x509CertificateArr2 = new java.security.cert.X509Certificate[x509CertificateArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            x509CertificateArr2[i] = X509javax2java(x509CertificateArr[i]);
        }
        return x509CertificateArr2;
    }

    private File doPemCvt(String str) throws Exception {
        File file;
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        try {
            file = File.createTempFile("wls", ".pem");
            file.deleteOnExit();
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            PrintWriter printWriter = new PrintWriter((OutputStream) fileOutputStream, true);
            BASE64Encoder bASE64Encoder = new BASE64Encoder();
            keyStore.load(new FileInputStream(new File(str)), null);
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String encodeBuffer = bASE64Encoder.encodeBuffer(keyStore.getCertificate(aliases.nextElement()).getEncoded());
                printWriter.println("-----BEGIN CERTIFICATE-----");
                printWriter.println(encodeBuffer);
                printWriter.println("-----END CERTIFICATE-----");
            }
            fileOutputStream.flush();
            fileOutputStream.close();
        } catch (Exception e) {
            if (verbose) {
                System.out.println(e.getMessage());
            }
            file = null;
        }
        return file;
    }

    static {
        verbose = false;
        strictCheckingDefault = true;
        trustedCertFile = null;
        defaultProxyHost = null;
        defaultProxyPort = 8080;
        enforceConstraints = 1;
        try {
            verbose = Boolean.getBoolean(VERBOSE_PROPERTY);
            if (verbose) {
                System.out.println("SSLAdapter verbose output enabled");
            }
            if (SchemaSymbols.ATTVAL_FALSE.equals(System.getProperty(STRICT_CHECKING_DEFAULT))) {
                strictCheckingDefault = false;
                if (verbose) {
                    System.out.println("Strict cert checking disabled by default");
                }
            }
            trustedCertFile = System.getProperty(TRUSTED_CERTS);
            if (trustedCertFile != null && verbose) {
                System.out.println(new StringBuffer().append("Trusted certificates will be loaded from ").append(trustedCertFile).toString());
            }
            defaultProxyHost = System.getProperty(HTTPS_PROXY_HOST);
            String property = System.getProperty(HTTPS_PROXY_PORT);
            if (property != null) {
                defaultProxyPort = Integer.parseInt(property);
            }
            String property2 = System.getProperty(ENFORCE_CONSTRAINTS);
            if (property2 != null) {
                if (property2.equalsIgnoreCase("off") || property2.equalsIgnoreCase(SchemaSymbols.ATTVAL_FALSE)) {
                    enforceConstraints = 0;
                } else if (property2.equalsIgnoreCase("strong") || property2.equalsIgnoreCase(SchemaSymbols.ATTVAL_TRUE)) {
                    enforceConstraints = 1;
                } else if (property2.equalsIgnoreCase(SchemaSymbols.ATTVAL_STRICT)) {
                    enforceConstraints = 2;
                }
            }
            if (enforceConstraints == 0 && verbose) {
                System.out.println("BasicContraints enforcement is disabled");
            }
        } catch (Throwable th) {
            if (verbose) {
                System.out.println(new StringBuffer().append("SSLAdapter error: ").append(th.getMessage()).toString());
                th.printStackTrace();
            }
        }
        CertificateFactory certificateFactory = null;
        try {
            certificateFactory = CertificateFactory.getInstance("X.509");
        } catch (java.security.cert.CertificateException e) {
            if (verbose) {
                System.out.println("Warning -- Peer did not provide auth chain");
            }
        }
        javaCertFactory = certificateFactory;
    }
}
