package com.bea.sslplus;

import com.bea.sslplus.Channel2StreamUtil;
import com.certicom.io.InputSSLIO;
import com.certicom.io.OutputSSLIO;
import com.certicom.tls.ciphersuite.CryptoNames;
import com.rsa.certj.cms.InfoObjectFactory;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.Signature;
import java.util.ArrayList;
import java.util.StringTokenizer;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import netscape.ldap.LDAPDITContentRuleSchema;
import weblogic.deploy.service.datatransferhandlers.DataHandlerManager;
import weblogic.kernel.Kernel;
import weblogic.kernel.KernelStatus;
import weblogic.protocol.ProtocolImpl;
import weblogic.security.utils.SSLIOContext;
import weblogic.security.utils.SSLIOContextTable;
import weblogic.security.utils.SSLSetup;
import weblogic.servlet.internal.dd.UserDataConstraint;

/* loaded from: input_file:com/bea/sslplus/WeblogicHandler.class */
public final class WeblogicHandler {
    public static final String ALLOW_SMALL_RSA_EXPONENT_PROPERTY = "weblogic.security.SSL.allowSmallRSAExponent";
    public static final String SESSION_TTL_PROPERTY = "weblogic.security.SSL.sessionCache.ttl";
    public static final String NO_JCE_PROPERTY = "weblogic.security.SSL.nojce";
    public static final String DISABLE_EMPTY_SSL_RECORDS = "weblogic.security.SSL.DisableSSLEmptyRecords";
    public static final String NO_STRING_EXTENSIONS = "weblogic.security.SSL.noStringExtensions";
    public static final int UNKNOWN_PROTOCOL = -1;
    public static final int HTTP_PROTOCOL = 0;
    public static final int T3_PROTOCOL = 1;
    public static final int GIOP_PROTOCOL = 2;
    public static final int MAX_PROTOCOL_INDEX = 2;
    private static boolean debugEaten;
    private static boolean useJCEProvider;
    private static boolean disableEmptySSLRecords;
    private static boolean allowSmallRSAExponent;
    private static boolean _noStringExtensions;
    private static final String NOT_SUPPORTED_MAC_PROVIDER = "SunPKCS11";
    private static final String[] NOT_SUPPORTED_MAC_PROVIDERS;
    private static final String NOT_SUPPORTED_CIPHER_PROVIDER = "SunPKCS11";
    private static final String[] NOT_SUPPORTED_CIPHER_PROVIDERS;
    private static final String[] NOT_SUPPORTED_KEYFACTORY_PROVIDERS;
    private static final String[] NOT_SUPPORTED_SIGNATURE_PROVIDERS;
    private static final String[] NOT_SUPPORTED_MESSAGEDIGEST_PROVIDERS;
    private static final String[] NOT_SUPPORTED_KEYPAIRGENERATOR_PROVIDERS;
    private static final String[] NOT_SUPPORTED_KEYAGREEMENT_PROVIDERS;
    private static boolean checkedLicense;
    private static int overrideSSLFragmentSize;
    private static boolean debug = false;
    private static ArrayList allowedPolicyIds = new ArrayList();
    private static final BigInteger THREE = BigInteger.valueOf(3);
    public static final int DEBUG_FATAL = 0;
    public static final int DEBUG_ERROR = 1;
    public static final int DEBUG_WARN = 2;
    public static final int DEBUG_INFO = 3;
    private static final String FAILURE_DETAILS = SSLSetup.FAILURE_DETAILS;

    public static void setFailureDetails(SSLSession sSLSession, String str) {
        sSLSession.putValue(FAILURE_DETAILS, str);
    }

    public static String getFailureDetails(SSLSession sSLSession) {
        return (String) sSLSession.getValue(FAILURE_DETAILS);
    }

    public static boolean isSupported(Mac mac) {
        String name = mac.getProvider().getName();
        return (contains(NOT_SUPPORTED_MAC_PROVIDERS, name) || name.startsWith("SunPKCS11")) ? false : true;
    }

    public static boolean isSupportedCipher(String str) {
        return (contains(NOT_SUPPORTED_CIPHER_PROVIDERS, str) || str.startsWith("SunPKCS11")) ? false : true;
    }

    public static boolean isSupported(KeyFactory keyFactory, String str) {
        String name = keyFactory.getProvider().getName();
        return (contains(NOT_SUPPORTED_KEYFACTORY_PROVIDERS, name) || (name.startsWith("SunRsaSign") && str.equalsIgnoreCase("RSA"))) ? false : true;
    }

    public static boolean isSupported(Signature signature) {
        return !contains(NOT_SUPPORTED_SIGNATURE_PROVIDERS, signature.getProvider().getName());
    }

    public static boolean isSupported(MessageDigest messageDigest) {
        return !contains(NOT_SUPPORTED_MESSAGEDIGEST_PROVIDERS, messageDigest.getProvider().getName());
    }

    public static boolean isSupported(KeyPairGenerator keyPairGenerator) {
        return !contains(NOT_SUPPORTED_KEYPAIRGENERATOR_PROVIDERS, keyPairGenerator.getProvider().getName());
    }

    public static boolean isSupported(KeyAgreement keyAgreement, String str) {
        return (str.equalsIgnoreCase(InfoObjectFactory.KEYAGREE_DH) || str.equalsIgnoreCase(CryptoNames.DIFFIE_HELLMAN) || contains(NOT_SUPPORTED_KEYAGREEMENT_PROVIDERS, keyAgreement.getProvider().getName())) ? false : true;
    }

    private static boolean contains(String[] strArr, String str) {
        for (String str2 : strArr) {
            if (str.equals(str2)) {
                return true;
            }
        }
        return false;
    }

    public static String matchPlainText(int i, int i2, int i3) {
        if ((i == 71 || i == 103) && ((i2 == 69 || i2 == 101) && (i3 == 84 || i3 == 116))) {
            return DataHandlerManager.HTTP_FILE_BASED_HANDLER;
        }
        if ((i == 80 || i == 112) && ((i2 == 85 || i2 == 117) && (i3 == 84 || i3 == 116))) {
            return DataHandlerManager.HTTP_FILE_BASED_HANDLER;
        }
        if ((i == 71 || i == 103) && ((i2 == 73 || i2 == 105) && (i3 == 79 || i3 == 111))) {
            return "GIOP";
        }
        if ((i != 116 && i != 84) || i2 != 51) {
            return null;
        }
        if (i3 != 117 || !isDebugEnabled(DEBUG_WARN)) {
            return ProtocolImpl.PROTOCOL_T3_NAME;
        }
        debug(DEBUG_WARN, "Appears to be using an incompatable version of the T3 protocol", (Exception) null);
        return ProtocolImpl.PROTOCOL_T3_NAME;
    }

    public static int getOverrideSSLFragmentSize() {
        if (overrideSSLFragmentSize == 0) {
            overrideSSLFragmentSize = 4080;
            try {
                String property = System.getProperty("weblogic.security.SSL.overrideFragmentSize");
                if (property != null) {
                    int parseInt = Integer.parseInt(property);
                    if (parseInt != -1) {
                        if (parseInt < 512) {
                            parseInt = 512;
                        } else if (parseInt > 16384) {
                            parseInt = 16384;
                        }
                        overrideSSLFragmentSize = parseInt;
                    }
                }
            } catch (NumberFormatException e) {
                if (isDebugEnabled(DEBUG_INFO)) {
                    debug(DEBUG_INFO, "Ignoring invalid value for system property weblogic.security.SSL.overrideFragmentSize", e);
                }
            } catch (SecurityException e2) {
                if (isDebugEnabled(DEBUG_INFO)) {
                    debug(DEBUG_INFO, "Ignoring security exception while initializing overrideSSLFragmentSize", e2);
                }
            }
        }
        return overrideSSLFragmentSize;
    }

    public static boolean useJCEProvider() {
        return useJCEProvider;
    }

    public static boolean disableEmptySSLRecrods() {
        return disableEmptySSLRecords;
    }

    public static boolean isValidRSAPublicExponent(BigInteger bigInteger) {
        return allowSmallRSAExponent || !bigInteger.equals(THREE);
    }

    public static boolean noStringExtensions() {
        return _noStringExtensions;
    }

    public static String getErrorName(int i) {
        String str;
        if (i == 0) {
            return UserDataConstraint.NONE;
        }
        str = "";
        str = (i & 1) != 0 ? str + " CERT_CHAIN_INVALID" : "";
        if ((i & 2) != 0) {
            str = str + " CERT_CHAIN_INVALID";
        }
        if ((i & 4) != 0) {
            str = str + " CERT_CHAIN_INCOMPLETE";
        }
        if ((i & 8) != 0) {
            str = str + " SIGNATURE_INVALID";
        }
        if ((i & 16) != 0) {
            str = str + " CERT_CHAIN_UNTRUSTED";
        }
        if ((i & 32) != 0) {
            str = str + " VALIDATION_FAILED";
        }
        return str;
    }

    public static SSLIOContext addSSLIOContext(InputStream inputStream, OutputStream outputStream, SSLSocket sSLSocket) throws IOException {
        SSLIOContext sSLIOContext = new SSLIOContext(inputStream, outputStream, sSLSocket);
        SSLIOContextTable.addContext(sSLIOContext);
        if (isDebugEnabled(DEBUG_INFO)) {
            debug(DEBUG_INFO, "SSLSocket will " + (SSLSetup.getIOModel() == 1 ? "" : LDAPDITContentRuleSchema.NOT) + " be Muxing", (Exception) null);
        }
        return sSLIOContext;
    }

    public static SSLIOContext addSSLIOContext(InputSSLIO inputSSLIO, OutputSSLIO outputSSLIO, SSLSocket sSLSocket) throws IOException {
        Channel2StreamUtil.ChanInputStream chanInputStream = new Channel2StreamUtil.ChanInputStream(sSLSocket.getChannel());
        Channel2StreamUtil.ChanOutputStream chanOutputStream = new Channel2StreamUtil.ChanOutputStream(sSLSocket.getChannel());
        if (isDebugEnabled(DEBUG_INFO)) {
            debug(DEBUG_INFO, "Nio collection from client: " + sSLSocket.getInetAddress().getHostAddress(), (Exception) null);
        }
        return addSSLIOContext(chanInputStream, chanOutputStream, sSLSocket);
    }

    public static void removeSSLIOContext(SSLIOContext sSLIOContext) {
        SSLIOContextTable.removeContext(sSLIOContext);
    }

    public static void checkLicense() {
        if (checkedLicense) {
            return;
        }
        SSLSetup.getLicenseLevel();
        checkedLicense = true;
    }

    public static boolean isDebugEnabled(int i) {
        return SSLSetup.isDebugEnabled(i);
    }

    public static void debug(int i, String str, Exception exc) {
        SSLSetup.debug(i, exc, str);
    }

    public static void debugEaten(Throwable th) {
        if (debugEaten) {
            SSLSetup.debug(DEBUG_INFO, th, "........... Eating Exception ..........");
        }
    }

    public static void logSSLUsingNullCipher() {
        SSLSetup.logSSLUsingNullCipher();
    }

    public static void loadAllowedCertIds() {
        try {
            if (KernelStatus.isApplet()) {
                return;
            }
        } catch (NoClassDefFoundError e) {
            if (Kernel.isApplet()) {
                return;
            }
        }
        String property = System.getProperty("weblogic.security.SSL.allowedcertificatepolicyids");
        if (property != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(property, ",");
            while (stringTokenizer.hasMoreTokens()) {
                allowedPolicyIds.add(stringTokenizer.nextToken());
            }
        }
    }

    public static boolean isPolicyAllowed(String str) {
        return allowedPolicyIds.contains(str);
    }

    static {
        debugEaten = false;
        useJCEProvider = true;
        disableEmptySSLRecords = false;
        allowSmallRSAExponent = false;
        _noStringExtensions = false;
        debugEaten = SSLSetup.getDebugEaten();
        loadAllowedCertIds();
        try {
            useJCEProvider = !Boolean.getBoolean(NO_JCE_PROPERTY);
            disableEmptySSLRecords = Boolean.getBoolean(DISABLE_EMPTY_SSL_RECORDS);
            allowSmallRSAExponent = Boolean.getBoolean(ALLOW_SMALL_RSA_EXPONENT_PROPERTY);
            _noStringExtensions = Boolean.getBoolean(NO_STRING_EXTENSIONS);
        } catch (Exception e) {
        }
        NOT_SUPPORTED_MAC_PROVIDERS = new String[]{"SunJCE", "IAIK", "JsafeJCE", "nCipherKM", "ERACOM", "IBMJCE", "Entrust", "BC"};
        NOT_SUPPORTED_CIPHER_PROVIDERS = new String[]{"BC", "IBMJCE", "ERACOM", "Entrust", "IAIK"};
        NOT_SUPPORTED_KEYFACTORY_PROVIDERS = new String[]{"ERACOM", "Entrust"};
        NOT_SUPPORTED_SIGNATURE_PROVIDERS = new String[]{"BC", "IBMJCE", "IAIK"};
        NOT_SUPPORTED_MESSAGEDIGEST_PROVIDERS = new String[]{"BC", "IBMJCE"};
        NOT_SUPPORTED_KEYPAIRGENERATOR_PROVIDERS = new String[]{"IBMJCE"};
        NOT_SUPPORTED_KEYAGREEMENT_PROVIDERS = new String[]{"BC", "IBMJCE", "ERACOM", "Entrust"};
        checkedLicense = false;
        overrideSSLFragmentSize = 0;
    }
}
