package weblogic.security.SSL.jsseadapter;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Vector;
import java.util.logging.Level;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import weblogic.security.SSL.jsseadapter.JaLogger;
import weblogic.security.utils.BasicConstraintsSSLContextDelegate;
import weblogic.security.utils.SSLHostnameVerifier;
import weblogic.security.utils.SSLTrustValidator;
import weblogic.security.utils.SSLTruster;
import weblogic.socket.JSSESocketFactory;

/* loaded from: input_file:weblogic/security/SSL/jsseadapter/JaSSLContextImpl.class */
public final class JaSSLContextImpl extends JaSSLContext implements BasicConstraintsSSLContextDelegate {
    private String specifiedProviderName;
    private Provider specifiedProvider;
    private SecureRandom secureRandom;
    private SSLContext sslContext;
    private int protocolVersion;
    private static final String DEFAULT_PROTOCOL = "TLS";
    private volatile SSLTruster truster;
    private volatile SSLHostnameVerifier hostnameVerifier;
    private int enforceConstraintsLevel;
    private boolean enableUnencryptedNullCipher;
    private int exportRefreshCount;
    private Vector<X509Certificate> trustedCAs = new Vector<>();
    private PrivateKey identityPrivateKey;
    private X509Certificate[] certChain;
    private static final String CERT_HEADER = "-----BEGIN CERTIFICATE-----";

    @Override // weblogic.security.utils.SSLContextDelegate
    public void addTrustedCA(X509Certificate x509Certificate) throws CertificateException {
        if (JaLogger.isLoggable(Level.FINEST)) {
            JaLogger.log(Level.FINEST, JaLogger.Component.SSLCONTEXT, "addTrustedCA called.", new Object[0]);
        }
        this.trustedCAs.add(x509Certificate);
    }

    @Override // weblogic.security.utils.SSLContextDelegate
    public X509Certificate[] getTrustedCAs() {
        return (X509Certificate[]) this.trustedCAs.toArray(new X509Certificate[this.trustedCAs.size()]);
    }

    @Override // weblogic.security.utils.SSLContextDelegate
    public PrivateKey inputPrivateKey(InputStream inputStream, char[] cArr) throws KeyManagementException {
        if (JaLogger.isLoggable(Level.FINEST)) {
            JaLogger.log(Level.FINEST, JaLogger.Component.SSLCONTEXT, "inputPrivateKey called.", new Object[0]);
        }
        return JaSSLSupport.getLocalIdentityPrivateKey(inputStream, cArr);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // weblogic.security.utils.SSLContextDelegate
    public X509Certificate[] inputCertChain(InputStream inputStream) throws KeyManagementException {
        if (JaLogger.isLoggable(Level.FINEST)) {
            JaLogger.log(Level.FINEST, JaLogger.Component.SSLCONTEXT, "inputCertChain called.", new Object[0]);
        }
        String str = null;
        byte[] bArr = null;
        Collection arrayList = new ArrayList();
        try {
            bArr = JaSSLSupport.readFully(inputStream);
            if (bArr != null) {
                str = new String(bArr);
            }
        } catch (IOException e) {
            if (JaLogger.isLoggable(Level.SEVERE)) {
                JaLogger.log(Level.SEVERE, JaLogger.Component.SSLCONTEXT, e, "Error reading data from from the certificate inputstream: " + e.getMessage(), new Object[0]);
            }
        }
        if (str != null) {
            Matcher matcher = Pattern.compile("-----BEGIN CERTIFICATE-----.+?-----END CERTIFICATE-----", 32).matcher(str);
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                int i = 0;
                while (matcher.find()) {
                    arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(matcher.group().getBytes())));
                    i++;
                }
                if (!(i > 0)) {
                    arrayList = certificateFactory.generateCertificates(new ByteArrayInputStream(bArr));
                }
            } catch (CertificateException e2) {
                if (JaLogger.isLoggable(Level.SEVERE)) {
                    JaLogger.log(Level.SEVERE, JaLogger.Component.SSLCONTEXT, e2, "Error retrieving certifcate(s) from inputstream: " + e2.getMessage(), new Object[0]);
                }
            }
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    @Override // weblogic.security.utils.SSLContextDelegate
    public void loadLocalIdentity(InputStream inputStream, char[] cArr) throws KeyManagementException {
        if (JaLogger.isLoggable(Level.FINEST)) {
            JaLogger.log(Level.FINEST, JaLogger.Component.SSLCONTEXT, "loadLocalIdentity called, ignored by JSSE for now.", new Object[0]);
        }
    }

    @Override // weblogic.security.utils.SSLContextDelegate
    public void loadTrustedCerts(InputStream inputStream) throws CertificateException, KeyManagementException {
        if (JaLogger.isLoggable(Level.FINEST)) {
            JaLogger.log(Level.FINEST, JaLogger.Component.SSLCONTEXT, "loadTrustedCerts called.", new Object[0]);
        }
        for (X509Certificate x509Certificate : inputCertChain(inputStream)) {
            this.trustedCAs.add(x509Certificate);
        }
    }

    @Override // weblogic.security.utils.SSLContextDelegate
    public void addIdentity(X509Certificate[] x509CertificateArr, PrivateKey privateKey) {
        this.identityPrivateKey = privateKey;
        this.certChain = x509CertificateArr;
        if (JaLogger.isLoggable(Level.FINEST)) {
            JaLogger.log(Level.FINEST, JaLogger.Component.SSLCONTEXT, "addIdentity called.", new Object[0]);
        }
    }

    @Override // weblogic.security.utils.SSLContextDelegate
    public boolean doKeysMatch(PublicKey publicKey, PrivateKey privateKey) throws KeyManagementException {
        if (JaLogger.isLoggable(Level.FINEST)) {
            JaLogger.log(Level.FINEST, JaLogger.Component.SSLCONTEXT, "doKeysMatch called.", new Object[0]);
        }
        boolean equals = publicKey.getAlgorithm().equals(privateKey.getAlgorithm());
        boolean z = equals;
        if (equals) {
            try {
                Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
                Cipher cipher2 = Cipher.getInstance(privateKey.getAlgorithm());
                cipher.init(1, publicKey);
                cipher2.init(2, privateKey);
                z = "Hello there!".equals(new String(cipher2.doFinal(cipher.doFinal("Hello there!".getBytes()))));
            } catch (Exception e) {
                if (JaLogger.isLoggable(Level.FINEST)) {
                    JaLogger.log(Level.FINEST, JaLogger.Component.SSLCONTEXT, "Error getting Cipher instance.", e.getMessage());
                }
            }
        }
        return z;
    }

    @Override // weblogic.security.utils.SSLContextDelegate
    public void setExportRefreshCount(int i) {
        this.exportRefreshCount = i;
        if (JaLogger.isLoggable(Level.FINEST)) {
            JaLogger.log(Level.FINEST, JaLogger.Component.SSLCONTEXT, "Set exportRefreshCount to {0}.", Integer.valueOf(i));
        }
    }

    @Override // weblogic.security.utils.SSLContextDelegate
    public void setProtocolVersion(int i) throws IllegalArgumentException {
        this.protocolVersion = i;
        if (JaLogger.isLoggable(Level.FINEST)) {
            JaLogger.log(Level.FINEST, JaLogger.Component.SSLCONTEXT, "Set protocolVersion to {0}.", Integer.valueOf(this.protocolVersion));
        }
    }

    @Override // weblogic.security.utils.SSLContextDelegate
    public SSLServerSocketFactory getSSLServerSocketFactory() {
        return new JaSSLServerSocketFactory(this, false);
    }

    @Override // weblogic.security.utils.SSLContextDelegate
    public SSLSocketFactory getSSLSocketFactory() {
        return getConfiguredSSLSocketFactory();
    }

    @Override // weblogic.security.utils.SSLContextDelegate
    public void setTrustManager(SSLTruster sSLTruster) {
        this.truster = sSLTruster;
        if (JaLogger.isLoggable(Level.FINEST)) {
            JaLogger.log(Level.FINEST, JaLogger.Component.SSLCONTEXT, "Set weblogic.security.utils.SSLTruster to {0}.", sSLTruster);
        }
    }

    @Override // weblogic.security.utils.SSLContextDelegate
    public SSLTruster getTrustManager() {
        return this.truster;
    }

    @Override // weblogic.security.utils.SSLContextDelegate
    public void setHostnameVerifier(SSLHostnameVerifier sSLHostnameVerifier) {
        this.hostnameVerifier = sSLHostnameVerifier;
        if (JaLogger.isLoggable(Level.FINEST)) {
            JaLogger.log(Level.FINEST, JaLogger.Component.SSLCONTEXT, "Set weblogic.security.utils.SSLHostnameVerifier to {0}.", sSLHostnameVerifier);
        }
    }

    @Override // weblogic.security.utils.SSLContextDelegate
    public SSLHostnameVerifier getHostnameVerifier() {
        return this.hostnameVerifier;
    }

    @Override // weblogic.security.utils.SSLContextDelegate
    public void enforceConstraints(int i) {
        this.enforceConstraintsLevel = i;
        JaSSLSupport.setX509BasicConstraintsStrict(2 == i || 3 == i);
        JaSSLSupport.setNoV1CAs(4 == i || 3 == i);
        if (JaLogger.isLoggable(Level.FINEST)) {
            JaLogger.log(Level.FINEST, JaLogger.Component.SSLCONTEXT, "Set enforceConstraints level to {0}.", Integer.valueOf(i));
        }
    }

    @Override // weblogic.security.utils.SSLContextDelegate2
    public void enableUnencryptedNullCipher(boolean z) {
        this.enableUnencryptedNullCipher = z;
        JaSSLSupport.isUnEncrytedNullCipherAllowed();
        if (JaLogger.isLoggable(Level.FINEST)) {
            JaLogger.log(Level.FINEST, JaLogger.Component.SSLCONTEXT, "Set enableUnencryptedNullCipher to {0}.", Boolean.valueOf(z));
        }
    }

    @Override // weblogic.security.utils.SSLContextDelegate2
    public boolean isUnencryptedNullCipherEnabled() {
        return this.enableUnencryptedNullCipher;
    }

    @Override // weblogic.security.utils.SSLContextDelegate2
    public SSLServerSocketFactory getSSLNioServerSocketFactory() {
        return new JaSSLServerSocketFactory(this, true);
    }

    @Override // weblogic.security.utils.SSLContextDelegate2
    public SSLSocketFactory getSSLNioSocketFactory() {
        return getSSLSocketFactory();
    }

    @Override // weblogic.security.utils.SSLContextDelegate2
    public JaSSLEngine createSSLEngine() throws SSLException {
        try {
            JaSSLEngine jaSSLEngine = new JaSSLEngine(this, getSSLContext().createSSLEngine());
            configureSslEngine(jaSSLEngine);
            return jaSSLEngine;
        } catch (Exception e) {
            throw new SSLException(e);
        }
    }

    @Override // weblogic.security.utils.SSLContextDelegate2
    public JaSSLEngine createSSLEngine(String str, int i) throws SSLException {
        try {
            JaSSLEngine jaSSLEngine = new JaSSLEngine(this, getSSLContext().createSSLEngine(str, i));
            configureSslEngine(jaSSLEngine);
            return jaSSLEngine;
        } catch (Exception e) {
            throw new SSLException(e);
        }
    }

    @Override // weblogic.security.utils.SSLContextDelegate2
    public String[] getDefaultCipherSuites() {
        return JaCipherSuiteNameMap.fromJsse(getSSLContext().createSSLEngine().getEnabledCipherSuites());
    }

    @Override // weblogic.security.utils.SSLContextDelegate2
    public String[] getSupportedCipherSuites() {
        return JaCipherSuiteNameMap.fromJsse(getSSLContext().createSSLEngine().getSupportedCipherSuites());
    }

    @Override // weblogic.security.utils.SSLContextDelegate2
    public String[] getDefaultProtocols() {
        return getSSLContext().createSSLEngine().getEnabledProtocols();
    }

    @Override // weblogic.security.utils.SSLContextDelegate2
    public String[] getSupportedProtocols() {
        return getSSLContext().createSSLEngine().getSupportedProtocols();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // weblogic.security.SSL.jsseadapter.JaSSLContext
    public synchronized SSLContext getSSLContext() {
        if (null == this.sslContext) {
            Provider specifiedProvider = getSpecifiedProvider();
            try {
                SSLContext sSLContext = null == specifiedProvider ? SSLContext.getInstance(DEFAULT_PROTOCOL) : SSLContext.getInstance(DEFAULT_PROTOCOL, specifiedProvider);
                initializeContext(sSLContext);
                this.sslContext = sSLContext;
                if (JaLogger.isLoggable(Level.FINEST)) {
                    JaLogger.log(Level.FINEST, JaLogger.Component.SSLCONTEXT, "Got SSLContext, protocol={0}, provider={1}", DEFAULT_PROTOCOL, sSLContext.getProvider().getName());
                }
            } catch (Exception e) {
                if (JaLogger.isLoggable(Level.FINE)) {
                    Level level = Level.FINE;
                    JaLogger.Component component = JaLogger.Component.SSLCONTEXT;
                    Object[] objArr = new Object[2];
                    objArr[0] = DEFAULT_PROTOCOL;
                    objArr[1] = null == specifiedProvider ? specifiedProvider : specifiedProvider.getName();
                    JaLogger.log(level, component, e, "Unable to construct SSLContext, protocol={0}, provider={1}", objArr);
                }
                throw new RuntimeException(e);
            }
        }
        return this.sslContext;
    }

    synchronized String getSpecifiedProviderName() {
        return this.specifiedProviderName;
    }

    synchronized SecureRandom getSecureRandom() throws NoSuchAlgorithmException {
        if (null == this.secureRandom) {
            Provider specifiedProvider = getSpecifiedProvider();
            try {
                SecureRandom secureRandom = null == specifiedProvider ? SecureRandom.getInstance("SHA1PRNG") : SecureRandom.getInstance("SHA1PRNG", specifiedProvider);
                this.secureRandom = secureRandom;
                if (JaLogger.isLoggable(Level.FINEST)) {
                    JaLogger.log(Level.FINEST, JaLogger.Component.SSLCONTEXT, "Got SecureRandom, algorithm={0}, provider={1}", "SHA1PRNG", secureRandom.getProvider().getName());
                }
            } catch (RuntimeException e) {
                log_getSecureRandom(e, "SHA1PRNG", specifiedProvider);
                throw e;
            } catch (NoSuchAlgorithmException e2) {
                log_getSecureRandom(e2, "SHA1PRNG", specifiedProvider);
                throw e2;
            }
        }
        return this.secureRandom;
    }

    private void log_getSecureRandom(Exception exc, String str, Provider provider) {
        if (JaLogger.isLoggable(Level.FINE)) {
            Level level = Level.FINE;
            JaLogger.Component component = JaLogger.Component.SSLCONTEXT;
            Object[] objArr = new Object[2];
            objArr[0] = str;
            objArr[1] = null == provider ? provider : provider.getName();
            JaLogger.log(level, component, exc, "Unable to get SecureRandom, algorithm={0}, provider={1}", objArr);
        }
    }

    synchronized boolean hasSpecifiedProvider() {
        return null != getSpecifiedProviderName();
    }

    synchronized Provider getSpecifiedProvider() {
        if (!hasSpecifiedProvider()) {
            return null;
        }
        if (null == this.specifiedProvider) {
            String specifiedProviderName = getSpecifiedProviderName();
            try {
                this.specifiedProvider = Security.getProvider(specifiedProviderName);
                if (null == this.specifiedProvider) {
                    throw new IllegalArgumentException("Specified provider \"" + specifiedProviderName + "\" has not been installed.");
                }
                if (JaLogger.isLoggable(Level.FINEST)) {
                    JaLogger.log(Level.FINEST, JaLogger.Component.SSLCONTEXT, "Got Provider, name={0}", specifiedProviderName);
                }
            } catch (RuntimeException e) {
                if (JaLogger.isLoggable(Level.FINE)) {
                    JaLogger.log(Level.FINE, JaLogger.Component.SSLCONTEXT, e, "Unable to get specified provider, name={0}.", specifiedProviderName);
                }
                throw e;
            }
        }
        return this.specifiedProvider;
    }

    private void log_getKeyStore(Exception exc, String str, Provider provider) {
        if (JaLogger.isLoggable(Level.FINE)) {
            Level level = Level.FINE;
            JaLogger.Component component = JaLogger.Component.SSLCONTEXT;
            Object[] objArr = new Object[2];
            objArr[0] = str;
            objArr[1] = null == provider ? provider : provider.getName();
            JaLogger.log(level, component, exc, "Unable to get KeyStore, type={0}, provider={1}", objArr);
        }
    }

    private void log_getTrustStore(Exception exc, String str, Provider provider) {
        if (JaLogger.isLoggable(Level.FINE)) {
            Level level = Level.FINE;
            JaLogger.Component component = JaLogger.Component.SSLCONTEXT;
            Object[] objArr = new Object[2];
            objArr[0] = str;
            objArr[1] = null == provider ? provider : provider.getName();
            JaLogger.log(level, component, exc, "Unable to get TrustStore, type={0}, provider={1}", objArr);
        }
    }

    private void initializeContext(SSLContext sSLContext) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException {
        if (sSLContext != null) {
            X509Certificate[] x509CertificateArr = new X509Certificate[this.trustedCAs.size()];
            this.trustedCAs.copyInto(x509CertificateArr);
            TrustManager[] trustManagerArr = {new JaTrustManager(x509CertificateArr)};
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            char[] cArr = null;
            if (null != this.identityPrivateKey) {
                String num = Integer.toString(this.identityPrivateKey.hashCode());
                cArr = num.toCharArray();
                keyStore.setKeyEntry(num, this.identityPrivateKey, cArr, this.certChain);
            }
            keyManagerFactory.init(keyStore, cArr);
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerArr, null);
        }
    }

    private void configureSslEngine(JaSSLEngine jaSSLEngine) {
        JaSSLParameters jaSSLParameters = new JaSSLParameters(getSSLContext());
        jaSSLParameters.setUnencryptedNullCipherEnabled(isUnencryptedNullCipherEnabled());
        jaSSLParameters.configureSslEngine(jaSSLEngine);
        SSLTruster trustManager = getTrustManager();
        if (trustManager instanceof SSLTrustValidator) {
            jaSSLEngine.setNeedClientAuth(((SSLTrustValidator) trustManager).isPeerCertsRequired());
        }
    }

    private SSLSocketFactory getConfiguredSSLSocketFactory() {
        return JSSESocketFactory.getSSLSocketFactory(new JaSSLEngineFactoryImpl(this));
    }
}
