package weblogic.security.utils;

import com.certicom.tls.interfaceimpl.TLSSystem;
import com.rsa.jsafe.CryptoJ;
import com.rsa.jsafe.JSAFE_InvalidUseException;
import java.io.FileInputStream;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.SocketException;
import java.security.AccessController;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Properties;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import weblogic.apache.xerces.impl.xs.SchemaSymbols;
import weblogic.kernel.Kernel;
import weblogic.logging.Loggable;
import weblogic.management.configuration.SSLMBean;
import weblogic.management.configuration.ServerMBean;
import weblogic.management.provider.CommandLine;
import weblogic.management.provider.ManagementService;
import weblogic.management.provider.RuntimeAccess;
import weblogic.security.SSL.HostnameVerifier;
import weblogic.security.SSL.SSLClientInfo;
import weblogic.security.SSL.SSLEnabledProtocolVersions;
import weblogic.security.SSL.SSLEnabledProtocolVersionsLogging;
import weblogic.security.SSL.TrustManager;
import weblogic.security.SecurityLogger;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityServiceManager;

/* loaded from: input_file:weblogic/security/utils/SSLSetup.class */
public final class SSLSetup extends SSLSetupLogging {
    public static final int STANDARD_IO = 0;
    public static final int MUXING_IO = 1;
    public static final int LICENSE_NOT_CHECKED = -1;
    public static final int LICENSE_NONE = 0;
    public static final int LICENSE_DOMESTIC = 1;
    public static final int LICENSE_EXPORT = 2;
    public static final String FAILURE_DETAILS = "weblogic.security.ssl.failureDetails";
    private static final String ENABLE_JSSE_PROPNAME = "weblogic.security.SSL.enableJSSE";
    private static final String CERTICOM_DELEGATE = "com.bea.sslplus.CerticomSSLContext";
    private static final String RSA_DELEGATE = "com.rsa.ssl.WeblogicContextWrapper";
    private static final String JSSE_DELEGATE = "weblogic.security.SSL.jsseadapter.JaSSLContextImpl";
    private static final AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static boolean ioModelAccessed = false;
    private static int ioModel = 0;
    private static volatile int licenseLevel = -1;
    private static int debugLevel = 0;
    private static volatile boolean protocolVersionChecked = false;
    private static volatile int protocolVersion = 3;
    private static boolean enforceConstraintsChecked = false;
    private static int enforceConstraints = 1;
    private static volatile boolean jsseEnabled = false;
    private static Class sslDelegateClass = null;

    public static synchronized int getLicenseLevel() {
        String str;
        if (licenseLevel > -1) {
            return licenseLevel;
        }
        boolean z = true;
        try {
            if (isFatClient()) {
                jsseEnabled = Boolean.getBoolean(ENABLE_JSSE_PROPNAME);
            } else {
                RuntimeAccess runtimeAccess = ManagementService.getRuntimeAccess(kernelId);
                if (null == runtimeAccess) {
                    debug(2, "Failure determining whether to enable JSSE, server RuntimeAccess is null for kernelId=" + kernelId + ".");
                    z = false;
                } else {
                    ServerMBean server = runtimeAccess.getServer();
                    if (null == server) {
                        debug(2, "Failure determining whether to enable JSSE, server ServerMBean is null for kernelId=" + kernelId + ".");
                    } else {
                        SSLMBean ssl = server.getSSL();
                        if (null == ssl) {
                            debug(2, "Failure determining whether to enable JSSE, server SSLMBean is null for kernelId=" + kernelId + ".");
                        } else {
                            jsseEnabled = ssl.isJSSEEnabled();
                        }
                    }
                }
            }
            try {
                if (CryptoJ.getMode() == 0) {
                    CryptoJ.setMode(2);
                }
            } catch (JSAFE_InvalidUseException e) {
                debug(2, (Throwable) e, "Failure switching from CryptoJ's FIPS140_MODE to FIPS140_SSL_MODE");
            }
            if (jsseEnabled) {
                str = JSSE_DELEGATE;
                info("Use JSSE SSL (default strength)");
            } else {
                str = CERTICOM_DELEGATE;
                info("Use Certicom SSL with Domestic strength");
            }
            setSSLDelegate(str);
            if (z) {
                licenseLevel = 1;
            }
            return licenseLevel;
        } catch (RuntimeException e2) {
            debug(2, e2, "Failure determining whether to enable JSSE.");
            throw e2;
        }
    }

    public static synchronized void initForServer() {
        setIOModel(1);
        info("Enabled muxing IO for SSL in server");
    }

    public static boolean isJSSEEnabled() {
        getLicenseLevel();
        return jsseEnabled;
    }

    private static void setSSLDelegate(String str) {
        try {
            sslDelegateClass = Class.forName(str);
            if (!SSLContextDelegate.class.isAssignableFrom(sslDelegateClass)) {
                throw new IllegalArgumentException("Cannot initialize SSL implementation. " + str + " does not implement " + SSLContextDelegate.class.getName());
            }
            boolean z = Boolean.getBoolean("weblogic.security.SSL.sendEmptyCAList");
            info("Empty CA List is enabled :" + z);
            if (z) {
                TLSSystem.setSendEmptyCertRequest(z);
            }
        } catch (ClassNotFoundException e) {
            throw new IllegalArgumentException(SecurityLogger.getClassNotFound(str), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SSLContextDelegate getSSLDelegateInstance() {
        if (licenseLevel == -1) {
            getLicenseLevel();
        }
        try {
            return (SSLContextDelegate) sslDelegateClass.newInstance();
        } catch (IllegalAccessException e) {
            throw new RuntimeException(SecurityLogger.getIllegalAccessOnContextWrapper(sslDelegateClass.getName()), e);
        } catch (InstantiationException e2) {
            throw new RuntimeException(SecurityLogger.getInstantiationExcOnContextWrapper(sslDelegateClass.getName()), e2);
        }
    }

    public static int getIOModel() {
        ioModelAccessed = true;
        return ioModel;
    }

    public static boolean logSSLRejections() {
        if (Kernel.isApplet()) {
            return false;
        }
        if (!Kernel.isServer()) {
            return true;
        }
        try {
            return ManagementService.getRuntimeAccess(kernelId).getServer().getSSL().isSSLRejectionLoggingEnabled();
        } catch (Exception e) {
            info(e, "Caught exception in SSLSetup.logSSLRejections");
            return false;
        }
    }

    public static void setIOModel(int i) {
        if (i != 0 && i != 1) {
            debug(2, "Attempt to change SSL IO model to invalid setting");
        } else if (ioModelAccessed) {
            debug(2, "Attempt to change SSL IO model after access");
        } else {
            ioModel = i;
        }
    }

    public static int getProtocolVersion() {
        if (!protocolVersionChecked) {
            try {
                String sSLMinimumProtocolVersion = CommandLine.getCommandLine().getSSLMinimumProtocolVersion();
                if (null != sSLMinimumProtocolVersion) {
                    protocolVersion = SSLEnabledProtocolVersions.getSSLContextDelegateProtocolVersions(sSLMinimumProtocolVersion, new SSLEnabledProtocolVersionsLogging());
                } else {
                    String sSLVersion = CommandLine.getCommandLine().getSSLVersion();
                    if (sSLVersion != null) {
                        if (sSLVersion.equalsIgnoreCase("SSL3")) {
                            protocolVersion = 1;
                        } else if (sSLVersion.equalsIgnoreCase("TLS1")) {
                            protocolVersion = 0;
                        } else if (sSLVersion.equalsIgnoreCase("ALL")) {
                            protocolVersion = 3;
                        }
                    }
                }
            } catch (SecurityException e) {
            }
            protocolVersionChecked = true;
        }
        return protocolVersion;
    }

    public static int getEnforceConstraints() {
        if (!enforceConstraintsChecked) {
            try {
                String sSLEnforcementConstraint = CommandLine.getCommandLine().getSSLEnforcementConstraint();
                if (sSLEnforcementConstraint != null) {
                    if (sSLEnforcementConstraint.equalsIgnoreCase("off") || sSLEnforcementConstraint.equalsIgnoreCase("false")) {
                        enforceConstraints = 0;
                    } else if (sSLEnforcementConstraint.equalsIgnoreCase("strong") || sSLEnforcementConstraint.equalsIgnoreCase("true")) {
                        enforceConstraints = 1;
                    } else if (sSLEnforcementConstraint.equalsIgnoreCase(SchemaSymbols.ATTVAL_STRICT)) {
                        enforceConstraints = 2;
                    } else if (BasicConstraintsSSLContextDelegate.class.isAssignableFrom(sslDelegateClass)) {
                        if (sSLEnforcementConstraint.equalsIgnoreCase("strong_nov1cas")) {
                            enforceConstraints = 4;
                        } else if (sSLEnforcementConstraint.equalsIgnoreCase("strict_nov1cas")) {
                            enforceConstraints = 3;
                        }
                    }
                }
            } catch (SecurityException e) {
            }
            enforceConstraintsChecked = true;
        }
        return enforceConstraints;
    }

    public static SSLContextWrapper getSSLContext() throws SocketException {
        return getSSLContext(null);
    }

    public static SSLContextWrapper getSSLContext(SSLClientInfo sSLClientInfo) throws SocketException {
        X509Certificate[] trustedCAs;
        SSLContextWrapper sSLContextWrapper = SSLContextWrapper.getInstance();
        if (!Kernel.isApplet() && (trustedCAs = getTrustedCAs(sSLContextWrapper)) != null) {
            try {
                sSLContextWrapper.addTrustedCA(trustedCAs);
            } catch (Exception e) {
                debug(2, e, "Failure loading trusted CA list");
            }
        }
        if (sSLClientInfo != null) {
            applyInfo(sSLContextWrapper, sSLClientInfo);
        }
        return sSLContextWrapper;
    }

    private static void applyInfo(SSLContextWrapper sSLContextWrapper, SSLClientInfo sSLClientInfo) throws SocketException {
        InputStream[] sSLClientCertificate = sSLClientInfo.getSSLClientCertificate();
        if (sSLClientCertificate != null && sSLClientCertificate.length >= 2) {
            info("clientInfo has old style certificate and key");
            try {
                String sSLClientKeyPassword = sSLClientInfo.getSSLClientKeyPassword();
                PrivateKey inputPrivateKey = sSLContextWrapper.inputPrivateKey(sSLClientCertificate[0], sSLClientKeyPassword != null ? sSLClientKeyPassword.toCharArray() : null);
                X509Certificate[] x509CertificateArr = new X509Certificate[sSLClientCertificate.length - 1];
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                for (int i = 1; i < sSLClientCertificate.length; i++) {
                    x509CertificateArr[i - 1] = (X509Certificate) certificateFactory.generateCertificate(sSLClientCertificate[i]);
                }
                sSLContextWrapper.addIdentity(x509CertificateArr, inputPrivateKey);
                info("client identity added");
            } catch (KeyManagementException e) {
                info(e, "Problem accessing private key");
                throw new SocketException(SecurityLogger.getProblemAccessingPrivateKey());
            } catch (CertificateException e2) {
                info(e2, "Problem with certificate chain");
                throw new SocketException(SecurityLogger.getProblemWithCertificateChain(e2.getMessage()));
            }
        }
        X509Certificate[] clientLocalIdentityCert = sSLClientInfo.getClientLocalIdentityCert();
        PrivateKey clientLocalIdentityKey = sSLClientInfo.getClientLocalIdentityKey();
        if (clientLocalIdentityCert != null && clientLocalIdentityKey != null) {
            info("clientInfo has new style certificate and key");
            sSLContextWrapper.addIdentity(clientLocalIdentityCert, clientLocalIdentityKey);
        }
        TrustManager trustManager = sSLClientInfo.getTrustManager();
        if (trustManager != null) {
            info("clientInfo has programmatic TrustManager");
            sSLContextWrapper.getTrustManager().setTrustManager(trustManager);
        }
        byte[][] rootCAfingerprints = sSLClientInfo.getRootCAfingerprints();
        if (rootCAfingerprints != null) {
            info("Adding legacy rootCA fingerprints");
            sSLContextWrapper.getTrustManager().setRootCAFingerPrints(rootCAfingerprints);
        }
        HostnameVerifier hostnameVerifier = sSLClientInfo.getHostnameVerifier();
        if (hostnameVerifier != null) {
            info("clientInfo has HostnameVerifier");
            sSLContextWrapper.getHostnameVerifier().setHostnameVerifier(hostnameVerifier);
        }
        String expectedName = sSLClientInfo.getExpectedName();
        if (expectedName != null) {
            info("clientInfo has expectedName");
            sSLContextWrapper.getHostnameVerifier().setExpectedName(expectedName);
        }
    }

    private static X509Certificate[] getTrustedCAs(SSLContextWrapper sSLContextWrapper) {
        X509Certificate[] x509CertificateArr = null;
        if (Kernel.isServer()) {
            info("SSLSetup: loading trusted CA certificates");
            if (SecurityServiceManager.isSecurityServiceInitialized()) {
                try {
                    x509CertificateArr = SSLContextManager.getServerTrustedCAs();
                } catch (Exception e) {
                    debug("Failed to load server trusted CAs", e);
                }
            } else {
                debug(2, "SSLSetup: using pre-mbean command line configuration for SSL trust");
                String sSLTrustCA = CommandLine.getCommandLine().getSSLTrustCA();
                x509CertificateArr = SSLContextManager.getTrustedCAs(sSLTrustCA != null ? new KeyStoreInfo[]{new KeyStoreInfo(sSLTrustCA, "jks", null)} : new KeyStoreConfigurationHelper(PreMBeanKeyStoreConfiguration.getInstance()).getTrustKeyStores());
            }
        } else {
            String sSLTrustCA2 = CommandLine.getCommandLine().getSSLTrustCA();
            KeyStoreInfo[] trustKeyStores = sSLTrustCA2 != null ? new KeyStoreInfo[]{new KeyStoreInfo(sSLTrustCA2, "jks", null)} : new KeyStoreConfigurationHelper(ClientKeyStoreConfiguration.getInstance()).getTrustKeyStores();
            ArrayList arrayList = new ArrayList();
            for (int i = 0; trustKeyStores != null && i < trustKeyStores.length; i++) {
                info("Trusted CA keystore: " + trustKeyStores[i].getFileName());
                try {
                    KeyStore keyStore = KeyStore.getInstance(trustKeyStores[i].getType());
                    FileInputStream fileInputStream = new FileInputStream(trustKeyStores[i].getFileName());
                    keyStore.load(fileInputStream, null);
                    arrayList.addAll(SSLCertUtility.getX509Certificates(keyStore));
                    fileInputStream.close();
                } catch (Exception e2) {
                    debug(2, e2, "Failure loading trusted CA list from: " + trustKeyStores[i].getFileName());
                }
            }
            x509CertificateArr = (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        }
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return null;
        }
        return x509CertificateArr;
    }

    public static void setFailureDetails(SSLSession sSLSession, String str) {
        sSLSession.putValue(FAILURE_DETAILS, str);
    }

    public static String getFailureDetails(SSLSession sSLSession) {
        return (String) sSLSession.getValue(FAILURE_DETAILS);
    }

    public static void logPlaintextProtocolClientError(SSLSocket sSLSocket, String str) {
        String peerName = getPeerName(sSLSocket);
        debug(2, "Connection to SSL port was made from " + peerName + " using plaintext protocol: " + str);
        if (logSSLRejections()) {
            Loggable logPlaintextProtocolClientErrorLoggable = SecurityLogger.logPlaintextProtocolClientErrorLoggable(str, peerName);
            logPlaintextProtocolClientErrorLoggable.log();
            setFailureDetails(sSLSocket.getSession(), logPlaintextProtocolClientErrorLoggable.getMessage());
        }
    }

    public static void logProtocolVersionError(SSLSocket sSLSocket) {
        String peerName = getPeerName(sSLSocket);
        debug(2, "Connection to SSL port from " + peerName + " appears to be either unknown SSL version or maybe is plaintext");
        if (logSSLRejections()) {
            Loggable logProtocolVersionErrorLoggable = SecurityLogger.logProtocolVersionErrorLoggable(peerName);
            logProtocolVersionErrorLoggable.log();
            setFailureDetails(sSLSocket.getSession(), logProtocolVersionErrorLoggable.getMessage());
        }
    }

    public static void logCertificateChainConstraintsStrictNonCriticalFailure(SSLSocket sSLSocket) {
        String peerName = getPeerName(sSLSocket);
        debug(2, "The certificate chain received from " + peerName + " contained a V3 CA certificate which had basic constraints which were not marked critical, this is being rejected due to the strict enforcement of basic constraints.");
        if (logSSLRejections()) {
            Loggable logCertificateChainConstraintsStrictNonCriticalFailureLoggable = SecurityLogger.logCertificateChainConstraintsStrictNonCriticalFailureLoggable(peerName);
            logCertificateChainConstraintsStrictNonCriticalFailureLoggable.log();
            setFailureDetails(sSLSocket.getSession(), logCertificateChainConstraintsStrictNonCriticalFailureLoggable.getMessage());
        }
    }

    public static void logCertificateChainMissingConstraintsFailure(SSLSocket sSLSocket) {
        String peerName = getPeerName(sSLSocket);
        debug(2, "The certificate chain received from " + peerName + " contained a V3 CA certificate which was missing the basic constraints extension");
        if (logSSLRejections()) {
            Loggable logCertificateChainMissingConstraintsFailureLoggable = SecurityLogger.logCertificateChainMissingConstraintsFailureLoggable(peerName);
            logCertificateChainMissingConstraintsFailureLoggable.log();
            setFailureDetails(sSLSocket.getSession(), logCertificateChainMissingConstraintsFailureLoggable.getMessage());
        }
    }

    public static void logCertificateChainNotACaConstraintsFailure(SSLSocket sSLSocket) {
        String peerName = getPeerName(sSLSocket);
        debug(2, "The certificate chain received from " + peerName + " contained a V3 CA certificate which didn't indicate it really is a CA");
        if (logSSLRejections()) {
            Loggable logCertificateChainNotACaConstraintsFailureLoggable = SecurityLogger.logCertificateChainNotACaConstraintsFailureLoggable(peerName);
            logCertificateChainNotACaConstraintsFailureLoggable.log();
            setFailureDetails(sSLSocket.getSession(), logCertificateChainNotACaConstraintsFailureLoggable.getMessage());
        }
    }

    public static void logCertificateChainNoV1CAFailure(SSLSocket sSLSocket) {
        String peerName = getPeerName(sSLSocket);
        debug(2, "The certificate chain received from " + peerName + " contained a V1 CA certificate which cannot be a CA");
        if (logSSLRejections()) {
            Loggable logCertificateChainNoV1CAFailureLoggable = SecurityLogger.logCertificateChainNoV1CAFailureLoggable(peerName);
            logCertificateChainNoV1CAFailureLoggable.log();
            setFailureDetails(sSLSocket.getSession(), logCertificateChainNoV1CAFailureLoggable.getMessage());
        }
    }

    public static void logCertificateChainPathLenExceededConstraintsFailure(SSLSocket sSLSocket) {
        String peerName = getPeerName(sSLSocket);
        debug(2, "The certificate chain received from " + peerName + " contained a V3 CA certificate which indicated a certificate chain path length in the basic constraints that was exceeded");
        if (logSSLRejections()) {
            Loggable logCertificateChainPathLenExceededConstraintsFailureLoggable = SecurityLogger.logCertificateChainPathLenExceededConstraintsFailureLoggable(peerName);
            logCertificateChainPathLenExceededConstraintsFailureLoggable.log();
            setFailureDetails(sSLSocket.getSession(), logCertificateChainPathLenExceededConstraintsFailureLoggable.getMessage());
        }
    }

    public static void logCertificateChainConstraintsConversionFailure(SSLSocket sSLSocket) {
        String peerName = getPeerName(sSLSocket);
        debug(2, "The certificate chain received from " + peerName + " contained a V3 CA certificate which couldn't be converted to be checked for basic constraints.");
        if (logSSLRejections()) {
            Loggable logCertificateChainConstraintsConversionFailureLoggable = SecurityLogger.logCertificateChainConstraintsConversionFailureLoggable(peerName);
            logCertificateChainConstraintsConversionFailureLoggable.log();
            setFailureDetails(sSLSocket.getSession(), logCertificateChainConstraintsConversionFailureLoggable.getMessage());
        }
    }

    public static void logCertificateChainUnrecognizedExtensionFailure(SSLSocket sSLSocket, String str) {
        String peerName = getPeerName(sSLSocket);
        debug(2, "The certificate chain received from " + peerName + " contained a V3 certificate with unrecognized critical extension: " + str);
        if (logSSLRejections()) {
            Loggable logCertificateChainUnrecognizedExtensionFailureLoggable = SecurityLogger.logCertificateChainUnrecognizedExtensionFailureLoggable(peerName, str);
            logCertificateChainUnrecognizedExtensionFailureLoggable.log();
            setFailureDetails(sSLSocket.getSession(), logCertificateChainUnrecognizedExtensionFailureLoggable.getMessage());
        }
    }

    public static void logCertificateChainAlgKeyUsageFailure(SSLSocket sSLSocket) {
        String peerName = getPeerName(sSLSocket);
        debug(2, "The certificate chain received from " + peerName + " contained a V3 certificate which key usage constraints indicate its key cannot be used in quality required by the key agreement algorithm");
        if (logSSLRejections()) {
            Loggable logCertificateChainAlgKeyUsageFailureLoggable = SecurityLogger.logCertificateChainAlgKeyUsageFailureLoggable(peerName);
            logCertificateChainAlgKeyUsageFailureLoggable.log();
            setFailureDetails(sSLSocket.getSession(), logCertificateChainAlgKeyUsageFailureLoggable.getMessage());
        }
    }

    public static void logCertificateChainCheckKeyUsageFailure(SSLSocket sSLSocket) {
        String peerName = getPeerName(sSLSocket);
        debug(2, "Cannot check key usage constraints of certificate recieved from " + peerName + " because of the failure to determine the key agreement algorithm");
        if (logSSLRejections()) {
            Loggable logCertificateChainCheckKeyUsageFailureLoggable = SecurityLogger.logCertificateChainCheckKeyUsageFailureLoggable(peerName);
            logCertificateChainCheckKeyUsageFailureLoggable.log();
            setFailureDetails(sSLSocket.getSession(), logCertificateChainCheckKeyUsageFailureLoggable.getMessage());
        }
    }

    public static void logCertificateChainCertSignKeyUsageFailure(SSLSocket sSLSocket) {
        String peerName = getPeerName(sSLSocket);
        debug(2, "The certificate chain received from " + peerName + " contained a V3 CA certificate which key usage constraints indicate its key cannot be used to sign certificates");
        if (logSSLRejections()) {
            Loggable logCertificateChainCertSignKeyUsageFailureLoggable = SecurityLogger.logCertificateChainCertSignKeyUsageFailureLoggable(peerName);
            logCertificateChainCertSignKeyUsageFailureLoggable.log();
            setFailureDetails(sSLSocket.getSession(), logCertificateChainCertSignKeyUsageFailureLoggable.getMessage());
        }
    }

    public static void logCertificatePolicyIdDoesntExistIntheList(SSLSocket sSLSocket, String str) {
        getPeerName(sSLSocket);
        debug(2, "Certificate Policies Extension Processing Failed,PolicyId: " + str + " doesn't Exist in the allowed list");
        if (logSSLRejections()) {
            Loggable logCertificatePolicyIdDoesntExistIntheListLoggable = SecurityLogger.logCertificatePolicyIdDoesntExistIntheListLoggable(str);
            logCertificatePolicyIdDoesntExistIntheListLoggable.log();
            setFailureDetails(sSLSocket.getSession(), logCertificatePolicyIdDoesntExistIntheListLoggable.getMessage());
        }
    }

    public static void logPolicyQualifierIdNotCPS(SSLSocket sSLSocket, String str) {
        getPeerName(sSLSocket);
        debug(2, "PolicyQualifier Id Found in the Certificate" + str + " doesn't match with CPS Qualifier Id");
        if (logSSLRejections()) {
            Loggable logPolicyQualifierIdNotCPSLoggable = SecurityLogger.logPolicyQualifierIdNotCPSLoggable(str);
            logPolicyQualifierIdNotCPSLoggable.log();
            setFailureDetails(sSLSocket.getSession(), logPolicyQualifierIdNotCPSLoggable.getMessage());
        }
    }

    public static String getPeerName(SSLSocket sSLSocket) {
        InetAddress inetAddress;
        String str = "unknown";
        if (sSLSocket != null && (inetAddress = sSLSocket.getInetAddress()) != null) {
            try {
                str = inetAddress.getHostName() + " - " + inetAddress.getHostAddress();
            } catch (SecurityException e) {
                str = inetAddress.getHostAddress();
            }
            if (str == null) {
                str = inetAddress.toString();
            }
        }
        return str;
    }

    public static void logAlertReceivedFromPeer(SSLSocket sSLSocket, int i) {
        Loggable logAlertReceivedFromPeerLoggable;
        if (!logSSLRejections() || i == 0 || i == 90) {
            return;
        }
        String peerName = getPeerName(sSLSocket);
        switch (i) {
            case 10:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logUnexpectedMessageAlertReceivedFromPeerLoggable(peerName);
                break;
            case 11:
            case 12:
            case 13:
            case 14:
            case 15:
            case 16:
            case 17:
            case 18:
            case 19:
            case 23:
            case 24:
            case 25:
            case 26:
            case 27:
            case 28:
            case 29:
            case 31:
            case 32:
            case 33:
            case 34:
            case 35:
            case 36:
            case 37:
            case 38:
            case 39:
            case 52:
            case 53:
            case 54:
            case 55:
            case 56:
            case 57:
            case 58:
            case 59:
            case 61:
            case 62:
            case 63:
            case 64:
            case 65:
            case 66:
            case 67:
            case 68:
            case 69:
            case 72:
            case 73:
            case 74:
            case 75:
            case 76:
            case 77:
            case 78:
            case 79:
            case 81:
            case 82:
            case 83:
            case 84:
            case 85:
            case 86:
            case 87:
            case 88:
            case 89:
            case 90:
            case 91:
            case 92:
            case 93:
            case 94:
            case 95:
            case 96:
            case 97:
            case 98:
            case 99:
            default:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logAlertReceivedFromPeerLoggable(peerName, Integer.toString(i));
                break;
            case 20:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logBadRecordMacAlertReceivedFromPeerLoggable(peerName);
                break;
            case 21:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logDecryptionFailedAlertReceivedFromPeerLoggable(peerName);
                break;
            case 22:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logRecordOverFlowAlertReceivedFromPeerLoggable(peerName);
                break;
            case 30:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logDecompressionFailureAlertReceivedFromPeerLoggable(peerName);
                break;
            case 40:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logHandshakeFailureAlertReceivedFromPeerLoggable(peerName);
                break;
            case 41:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logNoCertificateAlertReceivedFromPeerLoggable(peerName);
                break;
            case 42:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logBadCertificateAlertReceivedFromPeerLoggable(peerName);
                break;
            case 43:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logUnsupportedCertificateAlertReceivedFromPeerLoggable(peerName);
                break;
            case 44:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logCertificateRevokedAlertReceivedFromPeerLoggable(peerName);
                break;
            case 45:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logCertificateExpiredAlertReceivedFromPeerLoggable(peerName);
                break;
            case 46:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logCertificateUnknownAlertReceivedFromPeerLoggable(peerName);
                break;
            case 47:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logIllegalParameterAlertReceivedFromPeerLoggable(peerName);
                break;
            case 48:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logUnknownCAAlertReceivedFromPeerLoggable(peerName);
                break;
            case 49:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logAccessDeniedAlertReceivedFromPeerLoggable(peerName);
                break;
            case 50:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logDecodeErrorAlertReceivedFromPeerLoggable(peerName);
                break;
            case 51:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logDecryptErrorAlertReceivedFromPeerLoggable(peerName);
                break;
            case 60:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logExportRestrictionAlertReceivedFromPeerLoggable(peerName);
                break;
            case 70:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logProtocolVersionAlertReceivedFromPeerLoggable(peerName);
                break;
            case 71:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logInsufficientSecurityAlertReceivedFromPeerLoggable(peerName);
                break;
            case 80:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logInternalErrorAlertReceivedFromPeerLoggable(peerName);
                break;
            case 100:
                logAlertReceivedFromPeerLoggable = SecurityLogger.logNoRenegotiationAlertReceivedFromPeerLoggable(peerName);
                break;
        }
        logAlertReceivedFromPeerLoggable.log();
        setFailureDetails(sSLSocket.getSession(), logAlertReceivedFromPeerLoggable.getMessage());
    }

    public static Properties getSSLTrustProperties(ServerMBean serverMBean) {
        Properties properties = new Properties();
        String keyStores = serverMBean.getKeyStores();
        if (KeyStoreConstants.DEMO_IDENTITY_AND_DEMO_TRUST.equals(keyStores)) {
            add(properties, KeyStoreConstants.TRUST_KEYSTORE_BOOT_PROP, KeyStoreConstants.DEMO_TRUST);
            add(properties, "JavaStandardTrustKeyStorePassPhrase", serverMBean.getJavaStandardTrustKeyStorePassPhrase());
        } else if (KeyStoreConstants.CUSTOM_IDENTITY_AND_JAVA_STANDARD_TRUST.equals(keyStores)) {
            add(properties, KeyStoreConstants.TRUST_KEYSTORE_BOOT_PROP, KeyStoreConstants.JAVA_STANDARD_TRUST);
            add(properties, "JavaStandardTrustKeyStorePassPhrase", serverMBean.getJavaStandardTrustKeyStorePassPhrase());
        } else if (KeyStoreConstants.CUSTOM_IDENTITY_AND_CUSTOM_TRUST.equals(keyStores)) {
            add(properties, KeyStoreConstants.TRUST_KEYSTORE_BOOT_PROP, KeyStoreConstants.CUSTOM_TRUST);
            add(properties, KeyStoreConstants.CUSTOM_TRUST_KEYSTORE_FILENAME_BOOT_PROP, serverMBean.getCustomTrustKeyStoreFileName());
            add(properties, KeyStoreConstants.CUSTOM_TRUST_KEYSTORE_TYPE_BOOT_PROP, serverMBean.getCustomTrustKeyStoreType());
            add(properties, "CustomTrustKeyStorePassPhrase", serverMBean.getCustomTrustKeyStorePassPhrase());
        } else if (!KeyStoreConstants.CUSTOM_IDENTITY_AND_COMMAND_LINE_TRUST.equals(keyStores)) {
            throw new RuntimeException(SecurityLogger.getAssertionIllegalKeystoresValue(keyStores));
        }
        return properties;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isFatClient() {
        return !Kernel.isServer();
    }

    public static void logSSLUsingNullCipher() {
        SecurityLogger.logSSLUsingNullCipher();
    }

    private static void add(Properties properties, String str, String str2) {
        if (str2 != null) {
            properties.setProperty(str, str2);
        }
    }

    static {
        if (Kernel.isServer()) {
            return;
        }
        SecurityUtils.turnOffCryptoJDefaultJCEVerification();
        SecurityUtils.changeCryptoJDefaultPRNG();
    }
}
