package com.ibm.eNetwork.security.ssl;

import com.ibm.db2.tools.common.CommonMessage;
import com.ibm.eNetwork.ECL.ECLErr;
import com.ibm.eNetwork.ECL.ECLSession;
import com.ibm.eNetwork.HOD.common.BaseEnvironment;
import com.ibm.eNetwork.HOD.common.Environment;
import com.ibm.eNetwork.HOD.common.HODConstants;
import com.ibm.eNetwork.HOD.common.HTMLConfigGenerator;
import com.ibm.hod5sslight.SSLCert;
import com.ibm.hod5sslight.SSLContext;
import com.ibm.hod5sslight.SSLPKCS12Token;
import com.ibm.hod5sslight.SSLSession;
import com.ibm.hod5sslight.SSLToken;
import com.ms.security.PermissionID;
import com.ms.security.PolicyEngine;
import java.util.StringTokenizer;
import java.util.Vector;

/* loaded from: input_file:habeansnlv2.jar:com/ibm/eNetwork/security/ssl/HODSSLContext.class */
class HODSSLContext extends SSLContext {
    protected HODSSLiteImpl impl;
    protected SSLCert lastCertSent;
    private Vector clientTrust;
    private static Vector promptCache = new Vector();
    static Object syncObject = new Object();

    protected HODSSLContext(HODSSLProvider hODSSLProvider) throws ECLErr, Exception {
        this(hODSSLProvider, (short) 1);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HODSSLContext(HODSSLProvider hODSSLProvider, short s) throws ECLErr, Exception {
        this.impl = null;
        this.lastCertSent = null;
        this.clientTrust = new Vector(100);
        this.impl = (HODSSLiteImpl) hODSSLProvider;
        synchronized (syncObject) {
            loadWellKnownTrustedCAs();
            loadCustomizedCAs();
            if (this.impl.getSSL() && this.impl.getBrowserKeyringAdded()) {
                addBrowserKeyring();
            }
        }
        if (s == 1) {
            ((SSLContext) this).asyncConnections = true;
        } else {
            ((SSLContext) this).asyncConnections = false;
        }
    }

    private void loadWellKnownTrustedCAs() {
        TokenCache singleton = TokenCache.getSingleton();
        try {
            if (!this.impl.getignoreWellKnownTrustedCAsOption()) {
                SSLPKCS12Token tokenFromLocalP12 = singleton.getTokenFromLocalP12("WellKnownTrustedCAs", "WellKnownTrustedCAs.p12", HODConstants.HOD_MSG_FILE);
                if (tokenFromLocalP12 == null) {
                    tokenFromLocalP12 = singleton.getTokenFromClass("WellKnownTrustedCAs", "WellKnownTrustedCAs", null);
                }
                if (tokenFromLocalP12 == null && Environment.createEnvironment().getApplet() != null) {
                    tokenFromLocalP12 = singleton.getTokenFromURL("WellKnownTrustedCAs", Environment.createEnvironment().getApplet().getCodeBase(), "WellKnownTrustedCAs.p12", HODConstants.HOD_MSG_FILE);
                }
                if (tokenFromLocalP12 == null) {
                    tokenFromLocalP12 = singleton.getTokenFromFile("WellKnownTrustedCAs", "WellKnownTrustedCAs.p12", HODConstants.HOD_MSG_FILE);
                }
                if (tokenFromLocalP12 != null) {
                    importToken(tokenFromLocalP12);
                    addCerts(tokenFromLocalP12);
                } else {
                    System.out.println("HODSSLContext():Error with WellKnownTrustedCAs. Could not read class,webserver or local filesystem.");
                }
            }
        } catch (Exception e) {
            System.out.println(new StringBuffer().append("HODSSLContext():Error with WellKnownTrustedCAs. Could not create a SSLPKCS12Token.").append(e.toString()).toString());
        }
    }

    private void loadCustomizedCAs() {
        TokenCache singleton = TokenCache.getSingleton();
        SSLToken sSLToken = null;
        String str = HODConstants.HOD_MSG_FILE;
        Environment createEnvironment = Environment.createEnvironment();
        String parameter = createEnvironment.getParameter("skipCustomizedCAs");
        ClassLoader customizedCAsClassLoader = this.impl.getCustomizedCAsClassLoader();
        String str2 = "";
        if (parameter == null || !parameter.equalsIgnoreCase("true")) {
            String useCustomizedCAsClassOption = createEnvironment.getUseCustomizedCAsClassOption();
            if (useCustomizedCAsClassOption == null || !useCustomizedCAsClassOption.equalsIgnoreCase(CommonMessage.yesCommand)) {
                String sSLP12Password = this.impl.getSSLP12Password();
                if (sSLP12Password != null && !sSLP12Password.equals("")) {
                    str = sSLP12Password;
                }
                try {
                    if (Environment.createEnvironment().getApplet() != null) {
                        sSLToken = singleton.getTokenFromURL("CustomizedCAs", Environment.createEnvironment().getApplet().getCodeBase(), "CustomizedCAs.p12", str);
                    } else {
                        str2 = this.impl.getTrustedSignerPath();
                        if (str2 == null || str2.equals("")) {
                            str2 = "CustomizedCAs.p12";
                        }
                        sSLToken = singleton.getTokenFromFile("CustomizedCAs", str2, str);
                    }
                    if (sSLToken == null) {
                        sSLToken = singleton.getTokenFromClass("CustomizedCAs", "CustomizedCAs", customizedCAsClassLoader);
                    }
                } catch (Exception e) {
                    System.out.println(new StringBuffer().append("load error for path ").append(str2).append(", ").append(e.toString()).toString());
                }
            } else {
                try {
                    sSLToken = singleton.getTokenFromClass("CustomizedCAs", "CustomizedCAs", customizedCAsClassLoader);
                } catch (Exception e2) {
                    System.out.println(new StringBuffer().append("loadCustomizedCAs() error.").append(e2.toString()).toString());
                }
            }
        }
        if (sSLToken != null) {
            importToken(sSLToken);
            addCerts(sSLToken);
        }
    }

    private void addBrowserKeyring() {
        SSLToken tokenFromBrowser = TokenCache.getSingleton().getTokenFromBrowser("BROWSER_KEYRING");
        if (tokenFromBrowser != null) {
            importToken(tokenFromBrowser);
            addCerts(tokenFromBrowser);
        }
    }

    protected boolean handleConnection(Object obj, SSLSession sSLSession, byte[] bArr) {
        return true;
    }

    protected boolean handlePeerCertificate(Object obj, SSLCert sSLCert) {
        HODSSLiteImpl hODSSLiteImpl = (HODSSLiteImpl) obj;
        hODSSLiteImpl.setServerNotTrusted(true);
        hODSSLiteImpl.setServerCertificate(new HODSSLCertImpl(sSLCert));
        return false;
    }

    protected synchronized boolean confirmPeerCertificate(Object obj, SSLCert sSLCert) {
        HODSSLiteImpl hODSSLiteImpl = (HODSSLiteImpl) obj;
        hODSSLiteImpl.setServerNotTrusted(false);
        hODSSLiteImpl.setServerCertificate(new HODSSLCertImpl(sSLCert));
        return true;
    }

    protected synchronized SSLCert getPrivateCertificate(Object obj, byte[] bArr, int i, int i2, int i3, boolean z) {
        HODSSLiteImpl hODSSLiteImpl = (HODSSLiteImpl) obj;
        if (!hODSSLiteImpl.getConfiguredCertificateProvided()) {
            throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":getPrivateCertificate():1").toString(), "ECL0043", hODSSLiteImpl.getConfiguredHost()));
        }
        if (hODSSLiteImpl.getConfiguredCertificatePromptHowOften().equals(ECLSession.SESSION_SSL_CERTIFICATE_PROMPT_EACH_CONNECT)) {
            if (!hODSSLiteImpl.getConfiguredCertificatePrompted()) {
                throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":getPrivateCertificate():1").toString(), "ECL0032", hODSSLiteImpl.getConfiguredHost()));
            }
            this.lastCertSent = findCertificate(hODSSLiteImpl, bArr, i, i2, i3);
            return this.lastCertSent;
        }
        if (hODSSLiteImpl.getConfiguredCertificatePromptHowOften().equals("SESSION_SSL_CERTIFICATE_PROMPT_FIRST_CONNECT")) {
            String configuredLabel = hODSSLiteImpl.getConfiguredLabel();
            if (promptCache.indexOf(configuredLabel) != -1) {
                this.lastCertSent = findCertificate(hODSSLiteImpl, bArr, i, i2, i3);
                return this.lastCertSent;
            }
            String configuredCertificatePassword = hODSSLiteImpl.getConfiguredCertificatePassword();
            if (hODSSLiteImpl.getConfiguredCertificateSource().equals("SESSION_SSL_CERTIFICATE_IN_URL") && configuredCertificatePassword != null && !configuredCertificatePassword.equals("")) {
                this.lastCertSent = findCertificate(hODSSLiteImpl, bArr, i, i2, i3);
                promptCache.addElement(configuredLabel);
                return this.lastCertSent;
            }
            if (!hODSSLiteImpl.getConfiguredCertificateSource().equals(ECLSession.SESSION_SSL_CERTIFICATE_IN_CSP)) {
                throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":getPrivateCertificate():2").toString(), "ECL0032", hODSSLiteImpl.getConfiguredHost()));
            }
            if (!hODSSLiteImpl.getConfiguredCertificatePrompted()) {
                throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":getPrivateCertificate():1").toString(), "ECL0032", hODSSLiteImpl.getConfiguredHost()));
            }
            this.lastCertSent = findCertificate(hODSSLiteImpl, bArr, i, i2, i3);
            promptCache.addElement(configuredLabel);
            return this.lastCertSent;
        }
        if (hODSSLiteImpl.getConfiguredCertificatePromptHowOften().equals("SESSION_SSL_CERTIFICATE_PROMPT_FIRST_CERTIFICATE")) {
            String configuredLabel2 = hODSSLiteImpl.getConfiguredLabel();
            if (hODSSLiteImpl.isPasswordCached(hODSSLiteImpl.getConfiguredCertificateURL())) {
                this.lastCertSent = findCertificate(hODSSLiteImpl, bArr, i, i2, i3);
                return this.lastCertSent;
            }
            String configuredCertificatePassword2 = hODSSLiteImpl.getConfiguredCertificatePassword();
            if (hODSSLiteImpl.getConfiguredCertificateSource().equals("SESSION_SSL_CERTIFICATE_IN_URL") && configuredCertificatePassword2 != null && !configuredCertificatePassword2.equals("")) {
                this.lastCertSent = findCertificate(hODSSLiteImpl, bArr, i, i2, i3);
                promptCache.addElement(configuredLabel2);
                return this.lastCertSent;
            }
            if (!hODSSLiteImpl.getConfiguredCertificateSource().equals(ECLSession.SESSION_SSL_CERTIFICATE_IN_CSP)) {
                throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":getPrivateCertificate():2").toString(), "ECL0032", hODSSLiteImpl.getConfiguredHost()));
            }
            if (!hODSSLiteImpl.getConfiguredCertificatePrompted()) {
                throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":getPrivateCertificate():1").toString(), "ECL0032", hODSSLiteImpl.getConfiguredHost()));
            }
            this.lastCertSent = findCertificate(hODSSLiteImpl, bArr, i, i2, i3);
            promptCache.addElement(configuredLabel2);
            return this.lastCertSent;
        }
        if (!hODSSLiteImpl.getConfiguredCertificatePromptHowOften().equals(ECLSession.SESSION_SSL_CERTIFICATE_PROMPT_ONLY_ONCE)) {
            if (!hODSSLiteImpl.getConfiguredCertificatePromptHowOften().equals(ECLSession.SESSION_SSL_CERTIFICATE_DO_NOT_PROMPT)) {
                return null;
            }
            this.lastCertSent = findCertificate(hODSSLiteImpl, bArr, i, i2, i3);
            return this.lastCertSent;
        }
        if (!hODSSLiteImpl.getConfiguredCertificateSource().equals(ECLSession.SESSION_SSL_CERTIFICATE_IN_CSP)) {
            this.lastCertSent = findCertificate(hODSSLiteImpl, bArr, i, i2, i3);
            return this.lastCertSent;
        }
        String configuredCertificateHash = hODSSLiteImpl.getConfiguredCertificateHash();
        if (configuredCertificateHash != null && !configuredCertificateHash.equals("")) {
            this.lastCertSent = findCertificate(hODSSLiteImpl, bArr, i, i2, i3);
            return this.lastCertSent;
        }
        HODSSLTokenImpl hODSSLTokenImpl = (HODSSLTokenImpl) hODSSLiteImpl.getHODSSLTokenIntf();
        if (hODSSLTokenImpl == null) {
            return null;
        }
        hODSSLTokenImpl.setCertificateHash(ECLSession.SESSION_SSL_CERTIFICATE_HAS_BEEN_PROMPTED);
        throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":getPrivateCertificate():1").toString(), "ECL0032", hODSSLiteImpl.getConfiguredHost()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setSessionPrompted(String str, boolean z) {
        if (z) {
            promptCache.addElement(str);
        }
    }

    private SSLCert findCertificate(HODSSLiteImpl hODSSLiteImpl, byte[] bArr, int i, int i2, int i3) throws HODSSLRuntimeException {
        return BaseEnvironment.getUseSecurityManager().equals("IE") ? findCertificate_IE(hODSSLiteImpl, bArr, i, i2, i3) : findCertificate_other(hODSSLiteImpl, bArr, i, i2, i3);
    }

    private SSLCert findCertificate_IE(HODSSLiteImpl hODSSLiteImpl, byte[] bArr, int i, int i2, int i3) throws HODSSLRuntimeException {
        try {
            PolicyEngine.assertPermission(PermissionID.NETIO);
        } catch (Exception e) {
            System.out.println("HODSSLContext::findCertificate() could not get privilege");
        }
        return findCertificate_tail(hODSSLiteImpl, bArr, i, i2, i3);
    }

    private SSLCert findCertificate_other(HODSSLiteImpl hODSSLiteImpl, byte[] bArr, int i, int i2, int i3) throws HODSSLRuntimeException {
        return findCertificate_tail(hODSSLiteImpl, bArr, i, i2, i3);
    }

    private SSLCert findCertificate_tail(HODSSLiteImpl hODSSLiteImpl, byte[] bArr, int i, int i2, int i3) throws HODSSLRuntimeException {
        String configuredCertificateSource = hODSSLiteImpl.getConfiguredCertificateSource();
        try {
            SSLToken token = ((HODSSLTokenImpl) hODSSLiteImpl.getHODSSLTokenIntf()).getToken();
            if (!configuredCertificateSource.equals(ECLSession.SESSION_SSL_CERTIFICATE_IN_CSP)) {
                if (!configuredCertificateSource.equals("SESSION_SSL_CERTIFICATE_IN_URL")) {
                    throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":findCertificate():6").toString(), "ECL0048", configuredCertificateSource));
                }
                try {
                    HODSSLCertImpl hODSSLCertImpl = (HODSSLCertImpl) hODSSLiteImpl.getPrivateCertificate();
                    if (hODSSLCertImpl == null) {
                        throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":findCertificate():5").toString(), "ECL0033", hODSSLiteImpl.getConfiguredCertificateURL()));
                    }
                    importToken(token);
                    return hODSSLCertImpl.getSSLCert();
                } catch (ECLErr e) {
                    throw new HODSSLRuntimeException(e);
                }
            }
            String configuredCertificateName = hODSSLiteImpl.getConfiguredCertificateName();
            if (configuredCertificateName == null || configuredCertificateName.equals("")) {
                SSLCert[] privateCertificates = token.getPrivateCertificates(bArr, i, i2, i3, false);
                if (privateCertificates == null || privateCertificates.length <= 0) {
                    throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":findCertificate():3").toString(), "ECL0044"));
                }
                for (int i4 = 0; i4 < privateCertificates.length; i4++) {
                    if (privateCertificates[i4].valid(false) && checkForKeyUsage(privateCertificates[i4])) {
                        importToken(token);
                        return privateCertificates[i4];
                    }
                }
                throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":findCertificate():3").toString(), "ECL0044"));
            }
            SSLCert[] privateCertificates2 = token.getPrivateCertificates((byte[]) null, 0, 0, i3, false);
            if (privateCertificates2 == null || privateCertificates2.length <= 0) {
                throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":findCertificate():3").toString(), "ECL0044"));
            }
            for (int i5 = 0; i5 < privateCertificates2.length; i5++) {
                HODSSLCertImpl hODSSLCertImpl2 = new HODSSLCertImpl(privateCertificates2[i5]);
                if (hODSSLCertImpl2 != null && hODSSLCertImpl2.matches(configuredCertificateName) && checkForKeyUsage(privateCertificates2[i5])) {
                    this.lastCertSent = privateCertificates2[i5];
                    importToken(token);
                    return this.lastCertSent;
                }
            }
            throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":findCertificate():2").toString(), "ECL0045", configuredCertificateName));
        } catch (ECLErr e2) {
            throw new HODSSLRuntimeException(e2);
        }
    }

    private boolean checkForKeyUsage(SSLCert sSLCert) {
        String certKeyUsage = Environment.createEnvironment().getCertKeyUsage();
        if (certKeyUsage != null) {
            return HODSSLImpl.checkKeyUsage(sSLCert, new StringTokenizer(certKeyUsage, HTMLConfigGenerator.LIST_DELIM));
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLCert getLastCertificateSent() {
        return this.lastCertSent;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] getClientTrust() {
        String[] strArr = null;
        int size = this.clientTrust.size();
        if (size > 0) {
            strArr = new String[size];
            this.clientTrust.copyInto(strArr);
        }
        return strArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isSessionPrompted(String str) {
        return promptCache.indexOf(str) != -1;
    }

    private void addCerts(SSLToken sSLToken) {
        SSLCert[] keyRing = sSLToken.getKeyRing(1);
        if (keyRing != null) {
            for (SSLCert sSLCert : keyRing) {
                this.clientTrust.addElement(new HODSSLCertImpl(sSLCert).getFullName());
            }
        }
        SSLCert[] keyRing2 = sSLToken.getKeyRing(2);
        if (keyRing2 != null) {
            for (SSLCert sSLCert2 : keyRing2) {
                this.clientTrust.addElement(new HODSSLCertImpl(sSLCert2).getFullName());
            }
        }
    }
}
