package com.sun.enterprise.security.ssl;

import com.sun.enterprise.security.SecurityLoggerInfo;
import com.sun.enterprise.security.common.Util;
import com.sun.enterprise.security.integration.AppClientSSL;
import com.sun.enterprise.server.pluggable.SecuritySupport;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import java.io.IOException;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import java.util.PropertyPermission;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import org.glassfish.grizzly.config.SSLConfigurator;
import org.glassfish.hk2.api.PostConstruct;
import org.glassfish.internal.api.Globals;
import org.jvnet.hk2.annotations.Service;

@Singleton
@Service
/* loaded from: input_file:MICRO-INF/runtime/security.jar:com/sun/enterprise/security/ssl/SSLUtils.class */
public final class SSLUtils implements PostConstruct {
    private static final Logger LOGGER = SecurityLoggerInfo.getLogger();
    public static final String HTTPS_OUTBOUND_KEY_ALIAS = "com.sun.enterprise.security.httpsOutboundKeyAlias";
    private static final String DEFAULT_SSL_PROTOCOL = "TLS";

    @Inject
    private SecuritySupport securitySupport;
    private boolean hasKey;
    private KeyStore mergedTrustStore;
    private AppClientSSL appclientSsl;
    private SSLContext sslContext;

    @Override // org.glassfish.hk2.api.PostConstruct
    public void postConstruct() {
        try {
            if (this.securitySupport == null) {
                this.securitySupport = SecuritySupport.getDefaultInstance();
            }
            KeyStore[] keyStores = getKeyStores();
            if (keyStores != null) {
                for (KeyStore keyStore : keyStores) {
                    Enumeration<String> aliases = keyStore.aliases();
                    while (true) {
                        if (aliases.hasMoreElements()) {
                            if (keyStore.isKeyEntry(aliases.nextElement())) {
                                this.hasKey = true;
                                break;
                            }
                        } else {
                            break;
                        }
                    }
                    if (this.hasKey) {
                        break;
                    }
                }
            }
            this.mergedTrustStore = mergingTrustStores(this.securitySupport.getTrustStores());
            getSSLContext(null, null, null);
        } catch (Exception e) {
            LOGGER.log(Level.FINE, "SSLUtils static init fails.", (Throwable) e);
            throw new IllegalStateException(e);
        }
    }

    SSLContext getSSLContext(String str, String str2, String str3) {
        if (str == null) {
            str = "TLS";
        }
        try {
            this.sslContext = SSLContext.getInstance(str);
            String property = System.getProperty(HTTPS_OUTBOUND_KEY_ALIAS);
            KeyManager[] keyManagers = getKeyManagers(str2);
            if (property != null && property.length() > 0 && keyManagers != null) {
                for (int i = 0; i < keyManagers.length; i++) {
                    keyManagers[i] = new J2EEKeyManager((X509KeyManager) keyManagers[i], property);
                }
            }
            this.sslContext.init(keyManagers, getTrustManagers(str3), null);
            HttpsURLConnection.setDefaultSSLSocketFactory(this.sslContext.getSocketFactory());
            SSLContext.setDefault(this.sslContext);
            return this.sslContext;
        } catch (Exception e) {
            throw new Error(e);
        }
    }

    public boolean verifyMasterPassword(char[] cArr) {
        return this.securitySupport.verifyMasterPassword(cArr);
    }

    public KeyStore[] getKeyStores() throws IOException {
        return this.securitySupport.getKeyStores();
    }

    public KeyStore getKeyStore() throws IOException {
        return getKeyStores()[0];
    }

    public KeyStore[] getTrustStores() throws IOException {
        return this.securitySupport.getTrustStores();
    }

    public KeyStore[] getTrustStore() throws IOException {
        return getTrustStores();
    }

    public KeyStore getMergedTrustStore() {
        return this.mergedTrustStore;
    }

    public KeyManager[] getKeyManagers() throws Exception {
        return getKeyManagers(null);
    }

    public KeyManager[] getKeyManagers(String str) throws IOException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        return this.securitySupport.getKeyManagers(str);
    }

    public TrustManager[] getTrustManagers() throws Exception {
        return getTrustManagers(null);
    }

    public TrustManager[] getTrustManagers(String str) throws IOException, KeyStoreException, NoSuchAlgorithmException {
        return this.securitySupport.getTrustManagers(str);
    }

    public void setAppclientSsl(AppClientSSL appClientSSL) {
        this.appclientSsl = appClientSSL;
    }

    public AppClientSSL getAppclientSsl() {
        return this.appclientSsl;
    }

    public static String getKeyStoreType() {
        return System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType());
    }

    public static String getTrustStoreType() {
        return System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType());
    }

    public boolean isKeyAvailable() {
        return this.hasKey;
    }

    public boolean isTokenKeyAlias(String str) throws Exception {
        boolean z = false;
        if (str != null) {
            int indexOf = str.indexOf(58);
            KeyStore[] keyStores = getKeyStores();
            int i = -1;
            String str2 = null;
            if (indexOf != -1) {
                String[] tokenNames = this.securitySupport.getTokenNames();
                String substring = str.substring(0, indexOf);
                str2 = str.substring(indexOf + 1);
                for (int i2 = 0; i2 < tokenNames.length; i2++) {
                    if (substring.equals(tokenNames[i2])) {
                        i = i2;
                    }
                }
            }
            if (i != -1) {
                z = keyStores[i].isKeyEntry(str2);
            } else {
                int length = keyStores.length;
                int i3 = 0;
                while (true) {
                    if (i3 >= length) {
                        break;
                    }
                    if (keyStores[i3].isKeyEntry(str)) {
                        z = true;
                        break;
                    }
                    i3++;
                }
            }
        }
        return z;
    }

    public KeyStore.PrivateKeyEntry getPrivateKeyEntryFromTokenAlias(String str) throws Exception {
        checkPermission("javax.net.ssl.keyStorePassword");
        KeyStore.PrivateKeyEntry privateKeyEntry = null;
        if (str != null) {
            int indexOf = str.indexOf(58);
            KeyStore[] keyStores = getKeyStores();
            int i = -1;
            String str2 = str;
            if (indexOf != -1) {
                String[] tokenNames = this.securitySupport.getTokenNames();
                String substring = str.substring(0, indexOf);
                str2 = str.substring(indexOf + 1);
                for (int i2 = 0; i2 < tokenNames.length; i2++) {
                    if (substring.equals(tokenNames[i2])) {
                        i = i2;
                    }
                }
            }
            if (i == -1 || keyStores.length < i) {
                int i3 = 0;
                while (true) {
                    if (i3 >= keyStores.length) {
                        break;
                    }
                    PrivateKey privateKeyForAlias = this.securitySupport.getPrivateKeyForAlias(str2, i3);
                    if (privateKeyForAlias != null) {
                        privateKeyEntry = new KeyStore.PrivateKeyEntry(privateKeyForAlias, keyStores[i3].getCertificateChain(str2));
                        break;
                    }
                    i3++;
                }
            } else {
                PrivateKey privateKeyForAlias2 = this.securitySupport.getPrivateKeyForAlias(str2, i);
                if (privateKeyForAlias2 != null) {
                    privateKeyEntry = new KeyStore.PrivateKeyEntry(privateKeyForAlias2, keyStores[i].getCertificateChain(str2));
                }
            }
        }
        return privateKeyEntry;
    }

    public static void checkPermission(String str) {
        try {
            if (Util.isEmbeddedServer() || Globals.getDefaultHabitat() == null || Util.getInstance().isACC() || Util.getInstance().isNotServerOrACC()) {
                return;
            }
            AccessController.checkPermission(new RuntimePermission("SSLPassword"));
        } catch (AccessControlException e) {
            String message = e.getMessage();
            PropertyPermission propertyPermission = new PropertyPermission(str, "read");
            if (message != null) {
                message = message.replace(e.getPermission().toString(), propertyPermission.toString());
            }
            throw new AccessControlException(message, propertyPermission);
        }
    }

    public String[] getSupportedCipherSuites() {
        return HttpsURLConnection.getDefaultSSLSocketFactory().getSupportedCipherSuites();
    }

    private KeyStore mergingTrustStores(KeyStore[] keyStoreArr) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        KeyStore loadNullStore;
        try {
            loadNullStore = this.securitySupport.loadNullStore("CaseExactJKS", 0);
        } catch (KeyStoreException e) {
            loadNullStore = this.securitySupport.loadNullStore(SSLConfigurator.DEFAULT_KEYSTORE_TYPE, 0);
        }
        String[] tokenNames = this.securitySupport.getTokenNames();
        int i = 0;
        while (i < keyStoreArr.length) {
            Enumeration<String> aliases = keyStoreArr[i].aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate certificate = keyStoreArr[i].getCertificate(nextElement);
                String str = i < tokenNames.length - 1 ? tokenNames[i] + ":" + nextElement : nextElement;
                String str2 = str;
                boolean z = false;
                int i2 = 1;
                while (true) {
                    Certificate certificate2 = loadNullStore.getCertificate(str2);
                    if (certificate2 == null) {
                        break;
                    }
                    if (certificate2.equals(certificate)) {
                        z = true;
                        break;
                    }
                    int i3 = i2;
                    i2++;
                    str2 = str + "__" + i3;
                }
                if (!z) {
                    loadNullStore.setCertificateEntry(str2, certificate);
                }
            }
            i++;
        }
        return loadNullStore;
    }

    public SSLSocketFactory getAdminSocketFactory(String str, String str2) {
        return getAdminSSLContext(str, str2).getSocketFactory();
    }

    public SSLContext getAdminSSLContext(String str, String str2) {
        if (str2 == null) {
            str2 = "TLS";
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance(str2);
            KeyManager[] keyManagers = getKeyManagers();
            if (str != null && str.length() > 0 && keyManagers != null) {
                for (int i = 0; i < keyManagers.length; i++) {
                    keyManagers[i] = new J2EEKeyManager((X509KeyManager) keyManagers[i], str);
                }
            }
            sSLContext.init(keyManagers, getTrustManagers(), null);
            return sSLContext;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
