package com.certicom.tls.interfaceimpl;

import com.bea.sslplus.WeblogicHandler;
import com.certicom.io.InputSSLIO;
import com.certicom.io.OutputSSLIO;
import com.certicom.locale.Resources;
import com.certicom.security.asn1.ASN1Type;
import com.certicom.security.cert.internal.x509.ServerGatedCryptoCert;
import com.certicom.tls.TLSConnection;
import com.certicom.tls.TLSSessionDB;
import com.certicom.tls.ciphersuite.CipherSuite;
import com.certicom.tls.ciphersuite.CipherSuiteSupport;
import com.certicom.tls.ciphersuite.CryptoNames;
import com.rsa.jsafe.JSAFE_SecureRandom;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Enumeration;
import java.util.Properties;
import java.util.Vector;
import javax.net.ssl.SSLSocket;
import weblogic.kernel.Kernel;

/* loaded from: input_file:com/certicom/tls/interfaceimpl/TLSSystem.class */
public final class TLSSystem implements Serializable, Cloneable {
    private static SecureRandom randomNumberGenerator;
    private TLSSessionDB sessionDB;
    private Vector enabledCipherSuites;
    private Vector authenticatedCipherSuites;
    private CertificateSupport certificateSupport;
    private ProtocolVersion helloProtocol;
    private boolean exportLimited;
    private boolean strongLimited;
    private boolean debugFlag;
    private boolean srvGatedCryptoOn;
    private int WRITE_BLOCK_SIZE;
    private static boolean certBasicConstBug = false;
    private static boolean HandshakeRollBackBug = false;
    private static boolean acceptEmptyCertRequest = false;
    private static boolean sendEmptyCertRequest = false;
    private static int maxHandshakeMessageSize = 65535;
    private static boolean x509StrictConstraints = false;
    private static boolean x509NoV1CAs = false;

    public static synchronized void setX509StrictConstraints(boolean z) {
        x509StrictConstraints = z;
    }

    public static synchronized boolean getX509StrictConstraints() {
        return x509StrictConstraints;
    }

    public static synchronized void setX509NoV1CAs(boolean z) {
        x509NoV1CAs = z;
    }

    public static synchronized boolean getX509NoV1CAs() {
        return x509NoV1CAs;
    }

    public TLSSystem() {
        this(new CertificateSupport());
    }

    public TLSSystem(CertificateSupport certificateSupport) {
        this.sessionDB = new SessionDBImpl();
        this.enabledCipherSuites = new Vector();
        this.authenticatedCipherSuites = new Vector();
        this.exportLimited = false;
        this.strongLimited = true;
        this.debugFlag = false;
        this.srvGatedCryptoOn = false;
        this.WRITE_BLOCK_SIZE = 16384;
        this.strongLimited = false;
        setCertificateSupport(certificateSupport);
        this.sessionDB = new SessionDBImpl();
        this.helloProtocol = ProtocolVersion.TLS10_WITH_SSL20_HELLO;
        if (Kernel.isApplet()) {
            return;
        }
        if (System.getProperty("UsePointCompression") == null) {
            Properties properties = System.getProperties();
            properties.put("UserPointCompression", "no");
            System.setProperties(properties);
        }
        if (System.getProperty("GuessPointCompression") == null) {
            Properties properties2 = System.getProperties();
            properties2.put("GuessPointCompression", "yes");
            System.setProperties(properties2);
        }
    }

    public void setCertificateSupport(CertificateSupport certificateSupport) {
        this.certificateSupport = certificateSupport;
        resetCipherSuiteSupport();
    }

    public CertificateSupport getCertificateSupport() {
        return this.certificateSupport;
    }

    public void resetCipherSuiteSupport() {
        CipherSuite[] cipherSuites = CipherSuiteSupport.getCipherSuites();
        this.enabledCipherSuites.removeAllElements();
        for (int i = 0; i < cipherSuites.length; i++) {
            if ((!this.strongLimited || (!cipherSuites[i].getCertificateType().equalsIgnoreCase(CryptoNames.ANONYMOUS) && cipherSuites[i].getDescription().indexOf("NULL") == -1)) && (!this.exportLimited || cipherSuites[i].isExportable())) {
                this.enabledCipherSuites.addElement(cipherSuites[i]);
            }
        }
        if (this.enabledCipherSuites.size() == 0) {
            throw new IllegalStateException(Resources.getMessage("82"));
        }
        resetAuthenticatedCipherSuiteSupport();
    }

    public boolean getIsExportedLimited() {
        return this.exportLimited;
    }

    public boolean getIsStrongCipherSuiteLimited() {
        return this.strongLimited;
    }

    public boolean getServerGatedCryptoEnabled() {
        return this.srvGatedCryptoOn;
    }

    public void setIsExportedLimited(boolean z) {
        this.exportLimited = z;
        resetCipherSuiteSupport();
    }

    public void setIsStrongCipherSuiteLimited(boolean z) {
        this.strongLimited = z;
        resetCipherSuiteSupport();
    }

    public void setServerGatedCryptoEnabled(boolean z) {
        this.srvGatedCryptoOn = z;
    }

    private void resetAuthenticatedCipherSuiteSupport() {
        this.authenticatedCipherSuites.removeAllElements();
        boolean z = false;
        X509Certificate[] authChain = this.certificateSupport.getAuthChain("RSA", 0);
        boolean z2 = authChain != null;
        boolean z3 = this.certificateSupport.getAuthChain(CryptoNames.DSA, 0) != null;
        boolean z4 = this.certificateSupport.getAuthChain(CryptoNames.ECDSA, 0) != null;
        boolean z5 = this.certificateSupport.getAuthChain(CryptoNames.HYBRID, 0) != null;
        if (z2 && this.srvGatedCryptoOn) {
            z = new ServerGatedCryptoCert(authChain).getSGCCertificateType() != 0;
        }
        for (int i = 0; i < this.enabledCipherSuites.size(); i++) {
            CipherSuite cipherSuite = (CipherSuite) this.enabledCipherSuites.elementAt(i);
            int keyAgreementAlgorithm = cipherSuite.getKeyAgreementAlgorithm();
            if (keyAgreementAlgorithm == 2 && z3) {
                if (cipherSuite.isExportable() || !this.exportLimited) {
                    this.authenticatedCipherSuites.addElement(cipherSuite);
                }
            } else if (keyAgreementAlgorithm == 10 && z2) {
                if (cipherSuite.isExportable() || !this.exportLimited) {
                    this.authenticatedCipherSuites.addElement(cipherSuite);
                }
            } else if (keyAgreementAlgorithm == 4 && z3) {
                if (cipherSuite.isExportable() || !this.exportLimited) {
                    this.authenticatedCipherSuites.addElement(cipherSuite);
                }
            } else if (keyAgreementAlgorithm == 3 && z3) {
                if (cipherSuite.isExportable() || !this.exportLimited) {
                    this.authenticatedCipherSuites.addElement(cipherSuite);
                }
            } else if (keyAgreementAlgorithm == 11 && z2) {
                if (cipherSuite.isExportable() || !this.exportLimited) {
                    this.authenticatedCipherSuites.addElement(cipherSuite);
                }
            } else if (keyAgreementAlgorithm == 5 && z4) {
                if (cipherSuite.isExportable() || !this.exportLimited) {
                    this.authenticatedCipherSuites.addElement(cipherSuite);
                }
            } else if (keyAgreementAlgorithm == 12 && z5) {
                if (cipherSuite.isExportable() || !this.exportLimited) {
                    this.authenticatedCipherSuites.addElement(cipherSuite);
                }
            } else if (keyAgreementAlgorithm == 1 || keyAgreementAlgorithm == 9) {
                if (cipherSuite.isExportable() || !this.exportLimited) {
                    this.authenticatedCipherSuites.addElement(cipherSuite);
                }
            } else if (keyAgreementAlgorithm == 6 && z2) {
                if (cipherSuite.isExportable() || !this.exportLimited || z) {
                    this.authenticatedCipherSuites.addElement(cipherSuite);
                }
            } else if (keyAgreementAlgorithm == 7 && z2) {
                if ((((RSAPublicKey) this.certificateSupport.getAuthChain("RSA", 0)[0].getPublicKey()).getModulus().bitLength() <= 512 || this.certificateSupport.getRSAExportKey(512) != null) && (cipherSuite.isExportable() || !this.exportLimited || z)) {
                    this.authenticatedCipherSuites.addElement(cipherSuite);
                }
            } else if (keyAgreementAlgorithm == 8 && z2 && ((((RSAPublicKey) this.certificateSupport.getAuthChain("RSA", 0)[0].getPublicKey()).getModulus().bitLength() <= 1024 || this.certificateSupport.getRSAExportKey(1024) != null) && (cipherSuite.isExportable() || !this.exportLimited || z))) {
                this.authenticatedCipherSuites.addElement(cipherSuite);
            }
        }
    }

    public String[] getEnabledCipherSuites() {
        Enumeration elements = this.enabledCipherSuites.elements();
        String[] strArr = new String[this.enabledCipherSuites.size()];
        int i = 0;
        while (elements.hasMoreElements()) {
            strArr[i] = ((CipherSuite) elements.nextElement()).getDescription();
            i++;
        }
        return strArr;
    }

    public String[] getAuthenticatedEnabledCipherSuites() {
        Enumeration elements = this.authenticatedCipherSuites.elements();
        String[] strArr = new String[this.authenticatedCipherSuites.size()];
        int i = 0;
        while (elements.hasMoreElements()) {
            strArr[i] = ((CipherSuite) elements.nextElement()).getDescription();
            i++;
        }
        return strArr;
    }

    public static String[] getSupportedCipherSuites() {
        return CipherSuiteSupport.getCipherSuiteNames();
    }

    public String[] setEnabledCipherSuites(String[] strArr) throws IllegalArgumentException {
        Vector vector = new Vector();
        for (int i = 0; i < strArr.length; i++) {
            try {
                CipherSuite cipherSuite = CipherSuiteSupport.getCipherSuite(strArr[i]);
                if (this.exportLimited && !cipherSuite.isExportable()) {
                    throw new IllegalArgumentException(Resources.getMessage("45") + strArr[i]);
                }
                vector.addElement(cipherSuite);
            } catch (NoSuchAlgorithmException e) {
                WeblogicHandler.debugEaten(e);
                throw new IllegalArgumentException(strArr[i] + " " + Resources.getMessage("134"));
            }
        }
        this.enabledCipherSuites.removeAllElements();
        for (int i2 = 0; i2 < vector.size(); i2++) {
            this.enabledCipherSuites.addElement(vector.elementAt(i2));
        }
        resetAuthenticatedCipherSuiteSupport();
        return getEnabledCipherSuites();
    }

    public String[] enableCipherSuite(String str) {
        try {
            disableCipherSuite(str);
            this.enabledCipherSuites.insertElementAt(CipherSuiteSupport.getCipherSuite(str), 0);
        } catch (NoSuchAlgorithmException e) {
            WeblogicHandler.debugEaten(e);
        }
        resetAuthenticatedCipherSuiteSupport();
        return getEnabledCipherSuites();
    }

    public String[] disableCipherSuite(String str) {
        boolean z = true;
        try {
            CipherSuiteSupport.getCipherSuite(str);
        } catch (NoSuchAlgorithmException e) {
            WeblogicHandler.debugEaten(e);
            z = false;
        }
        if (this.enabledCipherSuites.size() == 1) {
            z = false;
        }
        if (z) {
            CipherSuite[] cipherSuiteArr = new CipherSuite[this.enabledCipherSuites.size()];
            this.enabledCipherSuites.copyInto(cipherSuiteArr);
            for (int i = 0; i < this.enabledCipherSuites.size(); i++) {
                CipherSuite cipherSuite = cipherSuiteArr[i];
                if (cipherSuite.equals(str)) {
                    this.enabledCipherSuites.removeElement(cipherSuite);
                }
            }
        }
        resetAuthenticatedCipherSuiteSupport();
        return getEnabledCipherSuites();
    }

    public static synchronized SecureRandom getRandomNumberGenerator() {
        SecureRandom jSAFE_SecureRandom;
        if (randomNumberGenerator == null) {
            randomNumberGenerator = new SecureRandom();
            try {
                jSAFE_SecureRandom = JSAFE_SecureRandom.getInstance("FIPS186Random", "Java");
                if (WeblogicHandler.isDebugEnabled(WeblogicHandler.DEBUG_INFO)) {
                    WeblogicHandler.debug(WeblogicHandler.DEBUG_INFO, "Using PRNG algorithm: FIPS186Random", (Exception) null);
                }
            } catch (NoSuchAlgorithmException e) {
                if (WeblogicHandler.isDebugEnabled(WeblogicHandler.DEBUG_INFO)) {
                    WeblogicHandler.debug(WeblogicHandler.DEBUG_INFO, "Failed to instantiate FIPS186Random SecureRandom, trying SHA1Random", (Exception) null);
                }
                try {
                    jSAFE_SecureRandom = JSAFE_SecureRandom.getInstance("SHA1Random", "Java");
                    if (WeblogicHandler.isDebugEnabled(WeblogicHandler.DEBUG_INFO)) {
                        WeblogicHandler.debug(WeblogicHandler.DEBUG_INFO, "Using PRNG algorithm: SHA1Random", (Exception) null);
                    }
                } catch (NoSuchAlgorithmException e2) {
                    if (WeblogicHandler.isDebugEnabled(WeblogicHandler.DEBUG_INFO)) {
                        WeblogicHandler.debug(WeblogicHandler.DEBUG_INFO, "Failed to instantiate SHA1Random SecureRandom.", (Exception) null);
                    }
                    throw new RuntimeException("Failed to instantiate a SecureRandom provider: " + e2.getMessage());
                }
            }
            jSAFE_SecureRandom.setSeed(randomNumberGenerator.generateSeed(64));
            randomNumberGenerator = jSAFE_SecureRandom;
        }
        return randomNumberGenerator;
    }

    public static synchronized void setRandomNumberGenerator(SecureRandom secureRandom) {
        randomNumberGenerator = secureRandom;
    }

    public synchronized TLSSessionDB getSessionDB() {
        return this.sessionDB;
    }

    public synchronized void setSessionDB(TLSSessionDB tLSSessionDB) {
        this.sessionDB = tLSSessionDB;
    }

    public String getHelloProtocol() {
        return this.helloProtocol.toString();
    }

    public void setHelloProtocol(String str) throws IllegalArgumentException {
        this.helloProtocol = new ProtocolVersion(str);
    }

    public TLSConnection createClient(SSLSocket sSLSocket, InputStream inputStream, OutputStream outputStream, Serializable serializable) throws IOException {
        TLSConnectionImpl tLSConnectionImpl = new TLSConnectionImpl(sSLSocket, inputStream, outputStream, serializable, this.sessionDB, new ProtocolVersion(getHelloProtocol()), (Vector) this.enabledCipherSuites.clone(), (Vector) this.authenticatedCipherSuites.clone(), this.certificateSupport, true, this.exportLimited, this.srvGatedCryptoOn);
        if (this.debugFlag) {
            tLSConnectionImpl.setDebugFlag();
        }
        tLSConnectionImpl.setWriteFragmentLength(this.WRITE_BLOCK_SIZE);
        if (HandshakeRollBackBug) {
            tLSConnectionImpl.setHandshakeRollBackBug(HandshakeRollBackBug);
        }
        return tLSConnectionImpl;
    }

    public TLSConnection createServer(SSLSocket sSLSocket, InputStream inputStream, OutputStream outputStream, Serializable serializable) throws IOException {
        TLSConnectionImpl tLSConnectionImpl = new TLSConnectionImpl(sSLSocket, inputStream, outputStream, serializable, this.sessionDB, new ProtocolVersion(getHelloProtocol()), (Vector) this.enabledCipherSuites.clone(), (Vector) this.authenticatedCipherSuites.clone(), this.certificateSupport, false, this.exportLimited, this.srvGatedCryptoOn);
        if (this.debugFlag) {
            tLSConnectionImpl.setDebugFlag();
        }
        tLSConnectionImpl.setWriteFragmentLength(this.WRITE_BLOCK_SIZE);
        if (HandshakeRollBackBug) {
            tLSConnectionImpl.setHandshakeRollBackBug(HandshakeRollBackBug);
        }
        return tLSConnectionImpl;
    }

    public TLSConnection createServer(SSLSocket sSLSocket, InputSSLIO inputSSLIO, OutputSSLIO outputSSLIO, Serializable serializable) throws IOException {
        TLSConnectionImpl tLSConnectionImpl = new TLSConnectionImpl(sSLSocket, inputSSLIO, outputSSLIO, serializable, this.sessionDB, new ProtocolVersion(getHelloProtocol()), (Vector) this.enabledCipherSuites.clone(), (Vector) this.authenticatedCipherSuites.clone(), this.certificateSupport, false, this.exportLimited, this.srvGatedCryptoOn);
        if (this.debugFlag) {
            tLSConnectionImpl.setDebugFlag();
        }
        tLSConnectionImpl.setWriteFragmentLength(this.WRITE_BLOCK_SIZE);
        if (HandshakeRollBackBug) {
            tLSConnectionImpl.setHandshakeRollBackBug(HandshakeRollBackBug);
        }
        return tLSConnectionImpl;
    }

    public TLSConnection createClient(SSLSocket sSLSocket, InputSSLIO inputSSLIO, OutputSSLIO outputSSLIO, Serializable serializable) throws IOException {
        TLSConnectionImpl tLSConnectionImpl = new TLSConnectionImpl(sSLSocket, inputSSLIO, outputSSLIO, serializable, this.sessionDB, new ProtocolVersion(getHelloProtocol()), (Vector) this.enabledCipherSuites.clone(), (Vector) this.authenticatedCipherSuites.clone(), this.certificateSupport, true, this.exportLimited, this.srvGatedCryptoOn);
        if (this.debugFlag) {
            tLSConnectionImpl.setDebugFlag();
        }
        tLSConnectionImpl.setWriteFragmentLength(this.WRITE_BLOCK_SIZE);
        if (HandshakeRollBackBug) {
            tLSConnectionImpl.setHandshakeRollBackBug(HandshakeRollBackBug);
        }
        return tLSConnectionImpl;
    }

    public TLSConnection createClient(InputSSLIO inputSSLIO, OutputSSLIO outputSSLIO, Serializable serializable) {
        TLSConnectionImpl tLSConnectionImpl = new TLSConnectionImpl(inputSSLIO, outputSSLIO, serializable, this.sessionDB, new ProtocolVersion(getHelloProtocol()), (Vector) this.enabledCipherSuites.clone(), (Vector) this.authenticatedCipherSuites.clone(), this.certificateSupport, true, this.exportLimited, this.srvGatedCryptoOn);
        if (this.debugFlag) {
            tLSConnectionImpl.setDebugFlag();
        }
        tLSConnectionImpl.setWriteFragmentLength(this.WRITE_BLOCK_SIZE);
        if (HandshakeRollBackBug) {
            tLSConnectionImpl.setHandshakeRollBackBug(HandshakeRollBackBug);
        }
        return tLSConnectionImpl;
    }

    public TLSConnection createServer(InputSSLIO inputSSLIO, OutputSSLIO outputSSLIO, Serializable serializable) {
        TLSConnectionImpl tLSConnectionImpl = new TLSConnectionImpl(inputSSLIO, outputSSLIO, serializable, this.sessionDB, new ProtocolVersion(getHelloProtocol()), (Vector) this.enabledCipherSuites.clone(), (Vector) this.authenticatedCipherSuites.clone(), this.certificateSupport, false, this.exportLimited, this.srvGatedCryptoOn);
        if (this.debugFlag) {
            tLSConnectionImpl.setDebugFlag();
        }
        tLSConnectionImpl.setWriteFragmentLength(this.WRITE_BLOCK_SIZE);
        if (HandshakeRollBackBug) {
            tLSConnectionImpl.setHandshakeRollBackBug(HandshakeRollBackBug);
        }
        return tLSConnectionImpl;
    }

    public static synchronized void setX509BasicConstraintBug(boolean z) {
        certBasicConstBug = z;
    }

    public static synchronized boolean getX509BasicConstraintBug() {
        return certBasicConstBug;
    }

    public static synchronized void setHandshakeRollBackBug(boolean z) {
        HandshakeRollBackBug = z;
    }

    public static synchronized boolean getHandshakeRollBackBug() {
        return HandshakeRollBackBug;
    }

    public static synchronized void setMaxHandshakeMessageLength(int i) throws IllegalArgumentException {
        if (0 >= i || i >= 16777216) {
            throw new IllegalArgumentException(Resources.getMessage("281"));
        }
        maxHandshakeMessageSize = i;
        ASN1Type.setMaxObjectLength(maxHandshakeMessageSize);
    }

    public static synchronized int getMaxHandshakeMessageLength() {
        return maxHandshakeMessageSize;
    }

    public synchronized void setDebugFlag() {
        this.debugFlag = true;
    }

    public void setWriteFragmentLength(int i) {
        if (i <= 0 || i >= 16385) {
            System.out.println(Resources.getMessage("253"));
        } else {
            this.WRITE_BLOCK_SIZE = i;
        }
    }

    public static synchronized void setAcceptEmptyCertRequest(boolean z) {
        acceptEmptyCertRequest = z;
    }

    public static synchronized boolean getAcceptEmptyCertRequest() {
        return acceptEmptyCertRequest;
    }

    public static synchronized void setSendEmptyCertRequest(boolean z) {
        sendEmptyCertRequest = z;
    }

    public static synchronized boolean getSendEmptyCertRequest() {
        return sendEmptyCertRequest;
    }

    static {
        CipherSuiteSupport.reset();
    }
}
