package com.ibm.rational.clearcase.remote_core.rpc;

import com.ibm.icu.impl.locale.BaseLocale;
import com.ibm.rational.clearcase.remote_core.util.CCLog;
import com.ibm.rational.clearcase.remote_core.util.ResourceManager;
import com.ibm.rational.stp.cs.internal.util.HttpUrl;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.httpclient.cookie.CookiePolicy;
import org.apache.commons.httpclient.protocol.Protocol;
import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;

/* loaded from: input_file:remote_core.jar:com/ibm/rational/clearcase/remote_core/rpc/CCX509TrustManager.class */
public class CCX509TrustManager implements X509TrustManager {
    private static final String homeKeyStoreName = ".keystore";
    private static final String ccrcKeyStoreName = ".keystore_clearcase";
    private static final String ccrcExceptionStoreName = ".keystore_clearcase_exc";
    private static final String DISABLE_HOSTNAME_VERIFICATION = "com.ibm.rational.ccrc.disableHostnameVerification";
    private static final String rviewKeyStoreName = ".keystore_cc_rview";
    private int aliasNum;
    private IServerCertificateListener m_serverCertificateListener;
    private IClientCertificateListener m_clientCertificateListener;
    private KeyTrustUtil m_helper;
    private KeyStore m_exceptionStore;
    private boolean m_loadedExceptionStore;
    X509TrustManager m_defaultX509TrustManager;
    private KeyStore m_trustStore;
    private boolean m_loadedTrustStore;
    private CCLog mTracer;
    private final boolean m_skip_hncheck;
    private static CCX509TrustManager tmSingleton = null;
    private static final char[] ccrcTrustStorePasswd = {'r', 'a', 't', 'i', 'o', 'n', 'a', 'l'};
    private static ConcurrentMap<String, CCX509HostTrustManager> tm_map = new ConcurrentHashMap();
    private static String user_home = System.getProperty("user.home");
    private static String file_sep = System.getProperty("file.separator");
    private static ResourceManager rsc = ResourceManager.getManager("com.ibm.rational.clearcase.remote_core");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:remote_core.jar:com/ibm/rational/clearcase/remote_core/rpc/CCX509TrustManager$CCX509HostTrustManager.class */
    public class CCX509HostTrustManager implements X509TrustManager {
        private CCX509TrustManager m_tm;
        private String m_host;
        private int m_port;

        public CCX509HostTrustManager(String str, int i, CCX509TrustManager cCX509TrustManager) {
            this.m_tm = cCX509TrustManager;
            this.m_host = str;
            this.m_port = i;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.m_tm.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.m_tm.checkServerTrusted(x509CertificateArr, str, this.m_host, this.m_port);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.m_tm.getAcceptedIssuers();
        }
    }

    /* loaded from: input_file:remote_core.jar:com/ibm/rational/clearcase/remote_core/rpc/CCX509TrustManager$CertListener.class */
    public interface CertListener {
        public static final int CertNotTrusted = 1;
        public static final int CertDateOutOfRange = 2;
        public static final int CertNameMismatch = 4;
        public static final int CertRejected = 0;
        public static final int CertOK = 1;
        public static final int CertOKInstall = 2;

        int certProblem(X509Certificate x509Certificate, int i, CertificateException certificateException);
    }

    private CCX509TrustManager(IServerCertificateListener iServerCertificateListener, IClientCertificateListener iClientCertificateListener) throws NoSuchAlgorithmException, NoSuchProviderException, KeyManagementException, KeyStoreException {
        this.aliasNum = 0;
        this.m_loadedExceptionStore = false;
        this.m_trustStore = null;
        this.m_loadedTrustStore = false;
        this.mTracer = new CCLog(CCLog.CTRC_CORE, CCX509TrustManager.class);
        this.m_serverCertificateListener = iServerCertificateListener;
        this.m_clientCertificateListener = iClientCertificateListener;
        this.m_helper = KeyTrustUtil.getInstance();
        TrustManagerFactory x509TrustFactory = this.m_helper.getX509TrustFactory();
        this.m_trustStore = this.m_helper.initEmptyKeyStore("JKS");
        this.m_exceptionStore = this.m_helper.initEmptyKeyStore("JKS");
        this.m_skip_hncheck = System.getProperty(DISABLE_HOSTNAME_VERIFICATION) != null;
        loadTrustStore();
        x509TrustFactory.init(this.m_trustStore);
        this.m_defaultX509TrustManager = (X509TrustManager) x509TrustFactory.getTrustManagers()[0];
        loadExceptionStore();
        String property = System.getProperty("com.ibm.rational.clearcase.transport.client.protocol");
        if (property == null || property.isEmpty()) {
            SSLContext.getInstance("TLSv1.2");
        } else {
            SSLContext.getInstance(property);
        }
        Protocol.registerProtocol(HttpUrl.SCHEME_HTTPS, new Protocol(HttpUrl.SCHEME_HTTPS, (ProtocolSocketFactory) CCSSLProtocolSocketFactory.getProtocolSocketFactory(this), 443));
    }

    public static synchronized void initTrustManager(IServerCertificateListener iServerCertificateListener, IClientCertificateListener iClientCertificateListener) throws NoSuchAlgorithmException, NoSuchProviderException, KeyManagementException, KeyStoreException {
        if (tmSingleton == null) {
            tmSingleton = new CCX509TrustManager(iServerCertificateListener, iClientCertificateListener);
        }
        tmSingleton.m_serverCertificateListener = iServerCertificateListener;
        tmSingleton.m_clientCertificateListener = iClientCertificateListener;
    }

    private static String generateAliasString(String str, int i) {
        return "cc_" + generateHostId(str, i);
    }

    private static String generateHostId(String str, int i) {
        return str.toLowerCase() + "(" + Integer.toString(i) + ")";
    }

    private static String generateHostFilename(String str, int i) {
        return generateHostId(str, i).replace(':', '+');
    }

    public synchronized CCX509HostTrustManager getTM(String str, int i, CCX509TrustManager cCX509TrustManager) {
        String generateAliasString = generateAliasString(str, i);
        CCX509HostTrustManager cCX509HostTrustManager = tm_map.get(generateAliasString);
        if (cCX509HostTrustManager == null) {
            cCX509HostTrustManager = new CCX509HostTrustManager(str, i, cCX509TrustManager);
            tm_map.put(generateAliasString, cCX509HostTrustManager);
        }
        return cCX509HostTrustManager;
    }

    private CCX509TrustManager() throws KeyStoreException, NoSuchAlgorithmException {
        TrustManagerFactory trustManagerFactory;
        this.aliasNum = 0;
        this.m_loadedExceptionStore = false;
        this.m_trustStore = null;
        this.m_loadedTrustStore = false;
        this.mTracer = new CCLog(CCLog.CTRC_CORE, CCX509TrustManager.class);
        try {
            trustManagerFactory = TrustManagerFactory.getInstance("IbmX509");
        } catch (NoSuchAlgorithmException e) {
            trustManagerFactory = null;
        }
        trustManagerFactory = trustManagerFactory == null ? TrustManagerFactory.getInstance("SunX509") : trustManagerFactory;
        this.m_trustStore = KeyStore.getInstance("JKS");
        this.m_exceptionStore = KeyStore.getInstance("JKS");
        try {
            this.m_trustStore.load(null, null);
            this.m_exceptionStore.load(null, null);
        } catch (Exception e2) {
        }
        this.m_skip_hncheck = System.getProperty(DISABLE_HOSTNAME_VERIFICATION) != null;
        loadTrustStore();
        trustManagerFactory.init(this.m_trustStore);
        this.m_defaultX509TrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        loadExceptionStore();
        String property = System.getProperty("com.ibm.rational.clearcase.transport.client.protocol");
        if (property == null || property.isEmpty()) {
            SSLContext.getInstance("TLSv1.2");
        } else {
            SSLContext.getInstance(property);
        }
        Protocol.registerProtocol(HttpUrl.SCHEME_HTTPS, new Protocol(HttpUrl.SCHEME_HTTPS, (ProtocolSocketFactory) CCSSLProtocolSocketFactory.getProtocolSocketFactory(this), 443));
    }

    public SSLSocketFactory getSocketFactory(String str, int i) throws KeyManagementException, NoSuchAlgorithmException {
        String property = System.getProperty("com.ibm.rational.clearcase.transport.client.protocol");
        SSLContext sSLContext = (property == null || property.isEmpty()) ? SSLContext.getInstance("TLSv1.2") : SSLContext.getInstance(property);
        try {
            sSLContext.init(new KeyManager[]{CcKeyManager.getInstance(this.m_helper, getCCRCTrustStorePath(), ccrcTrustStorePasswd, this.m_clientCertificateListener)}, new TrustManager[]{getTM(str, i, this)}, null);
            return sSLContext.getSocketFactory();
        } catch (Exception e) {
            throw new KeyManagementException("Unable to load keystore:" + e.toString());
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.m_defaultX509TrustManager.getAcceptedIssuers();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.m_defaultX509TrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new CertificateException("Interface failure: host name required for certificate validation");
    }

    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, String str2, int i) throws CertificateException {
        int i2 = 0;
        CertificateException certificateException = null;
        String generateAliasString = generateAliasString(str2, i);
        if (isException(x509CertificateArr, generateAliasString)) {
            return;
        }
        try {
            this.m_defaultX509TrustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateExpiredException e) {
            i2 = 0 | 2;
            certificateException = e;
        } catch (CertificateNotYetValidException e2) {
            i2 = 0 | 2;
            certificateException = e2;
        } catch (CertificateException e3) {
            i2 = 0 | 1;
            certificateException = e3;
        }
        if (!this.m_skip_hncheck) {
            try {
                new DefaultHostnameVerifier().verify(str2, x509CertificateArr[0]);
            } catch (SSLException e4) {
                if (certificateException == null) {
                    certificateException = new CertificateException(e4.getLocalizedMessage());
                }
                i2 |= 4;
            }
        }
        if (certificateException == null) {
            deleteRviewKeystore(str2, i);
            return;
        }
        if (this.m_serverCertificateListener == null) {
            throw new CertificateException(rsc.getString("CCX509TrustManager.NoCertificateExceptionListener", new Object[0]));
        }
        int certProblem = this.m_serverCertificateListener.certProblem(x509CertificateArr[0], i2, certificateException);
        if (certProblem == 0) {
            throw new CertificateException(rsc.getString("CCX509TrustManager.UserRejectedCertificate", new Object[0]));
        }
        try {
            addToTrustStore(x509CertificateArr[0], this.m_exceptionStore, generateAliasString);
        } catch (CertificateException e5) {
            CCLog.logWarning(getClass(), rsc.getString("CCX509TrustManager.UnableToInstallTempCertificate", new Object[0]), e5);
        }
        if (certProblem == 2) {
            installCertificate(x509CertificateArr[0], generateAliasString);
        }
        initRviewKeystore(str2, i, x509CertificateArr);
    }

    private void addToTrustStore(X509Certificate x509Certificate, KeyStore keyStore, String str) throws CertificateException {
        try {
            synchronized (keyStore) {
                keyStore.setCertificateEntry(str, x509Certificate);
            }
        } catch (KeyStoreException e) {
            throw new CertificateException(rsc.getString("CCX509TrustManager.UnableToInstallCertificate", e.toString()));
        }
    }

    private void installCertificate(X509Certificate x509Certificate, String str) throws CertificateException {
        installCertificateToFile(x509Certificate, getCCRCExceptionStorePath(), str);
    }

    private synchronized void installCertificateToFile(X509Certificate x509Certificate, String str, String str2) throws CertificateException {
        File file = new File(str);
        try {
            KeyStore readKeyStore = readKeyStore(file, "JKS", ccrcTrustStorePasswd);
            if (readKeyStore == null) {
                readKeyStore = KeyStore.getInstance("JKS");
                readKeyStore.load(null, null);
            }
            addToTrustStore(x509Certificate, readKeyStore, str2);
            try {
                readKeyStore.store(new BufferedOutputStream(new FileOutputStream(file)), ccrcTrustStorePasswd);
            } catch (Exception e) {
                throw new CertificateException(rsc.getString("CCX509TrustManager.UnableToWriteCertificate", str) + ProtocolConstant.LF + e.toString());
            }
        } catch (Exception e2) {
            throw new CertificateException(rsc.getString("CCX509TrustManager.UnableToReadKeystore", str) + ProtocolConstant.LF + e2.toString());
        }
    }

    private String getCCRCTrustStorePath() {
        return user_home + file_sep + ccrcKeyStoreName;
    }

    private String getCCRCExceptionStorePath() {
        return user_home + file_sep + ccrcExceptionStoreName;
    }

    private String getRVIEWTrustStorePath() {
        return System.getProperty("user.home") + System.getProperty("file.separator") + rviewKeyStoreName;
    }

    private String getRVIEWTrustStoreExceptionPath(String str, int i) {
        return user_home + file_sep + rviewKeyStoreName + BaseLocale.SEP + generateHostFilename(str, i);
    }

    private synchronized void loadTrustStore() {
        String str;
        if (this.m_loadedTrustStore) {
            return;
        }
        this.m_loadedTrustStore = true;
        String property = System.getProperty("javax.net.ssl.trustStore");
        String property2 = System.getProperty("java.home");
        try {
            String cCRCTrustStorePath = getCCRCTrustStorePath();
            readTrustStore(cCRCTrustStorePath, this.m_trustStore, false);
            String str2 = user_home + file_sep + homeKeyStoreName;
            readTrustStore(str2, this.m_trustStore, false);
            String str3 = cCRCTrustStorePath + ':' + str2;
            if (property != null) {
                readTrustStore(property, this.m_trustStore, false);
                str = str3 + ':' + property;
            } else {
                String str4 = property2 + file_sep + "lib" + file_sep + "security";
                String str5 = str4 + file_sep + "jssecacerts";
                readTrustStore(str5, this.m_trustStore, false);
                String str6 = str3 + ':' + str5;
                String str7 = str4 + file_sep + "cacerts";
                readTrustStore(str7, this.m_trustStore, false);
                str = str6 + ':' + str7;
            }
            if (this.m_trustStore == null) {
                CCLog.logWarning(getClass(), rsc.getString("CCX509TrustManager.UnableToLocateTrustedKeystores", str), null);
            }
            initRviewKeystore();
        } catch (CertificateException e) {
            CCLog.logWarning(getClass(), rsc.getString("CCX509TrustManager.NoLocalCertificates", new Object[0]), e);
        }
    }

    private void copyCerts(KeyStore keyStore, KeyStore keyStore2) throws KeyStoreException, CertificateException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                addToTrustStore((X509Certificate) keyStore.getCertificate(nextElement), keyStore2, nextElement);
            }
        }
    }

    private synchronized void initRviewKeystore() throws CertificateException {
        String rVIEWTrustStorePath = getRVIEWTrustStorePath();
        File file = new File(rVIEWTrustStorePath);
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null, null);
            try {
                copyCerts(this.m_trustStore, keyStore);
                try {
                    BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(file));
                    Throwable th = null;
                    try {
                        try {
                            keyStore.store(bufferedOutputStream, ccrcTrustStorePasswd);
                            handleHostSignalFile(this.m_skip_hncheck, rVIEWTrustStorePath);
                            if (bufferedOutputStream != null) {
                                if (0 != 0) {
                                    try {
                                        bufferedOutputStream.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    bufferedOutputStream.close();
                                }
                            }
                        } finally {
                        }
                    } finally {
                    }
                } catch (Exception e) {
                    throw new CertificateException(rsc.getString("CCX509TrustManager.UnableToWriteCertificate", rVIEWTrustStorePath) + rsc.getString("CCX509TrustManager.AutomaticViewSSLConnectFail", new Object[0]) + ProtocolConstant.LF + e.toString());
                }
            } catch (KeyStoreException e2) {
                throw new CertificateException(rsc.getString("CCX509TrustManager.UnableToWriteCertificate", rVIEWTrustStorePath) + rsc.getString("CCX509TrustManager.AutomaticViewSSLConnectFail", new Object[0]) + ProtocolConstant.LF + e2.toString());
            }
        } catch (Exception e3) {
            throw new CertificateException(rsc.getString("CCX509TrustManager.UnableToCreatePKCS12", rVIEWTrustStorePath) + ProtocolConstant.LF + e3.toString());
        }
    }

    private synchronized void initRviewKeystore(String str, int i, X509Certificate[] x509CertificateArr) throws CertificateException {
        String rVIEWTrustStoreExceptionPath = getRVIEWTrustStoreExceptionPath(str, i);
        File file = new File(rVIEWTrustStoreExceptionPath);
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null, null);
            addToTrustStore(x509CertificateArr[0], keyStore, CookiePolicy.DEFAULT);
            try {
                BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(file));
                Throwable th = null;
                try {
                    try {
                        keyStore.store(bufferedOutputStream, ccrcTrustStorePasswd);
                        if (bufferedOutputStream != null) {
                            if (0 != 0) {
                                try {
                                    bufferedOutputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                bufferedOutputStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (Exception e) {
                throw new CertificateException(rsc.getString("CCX509TrustManager.UnableToWriteCertificate", rVIEWTrustStoreExceptionPath) + rsc.getString("CCX509TrustManager.AutomaticViewSSLConnectFail", new Object[0]) + ProtocolConstant.LF + e.toString());
            }
        } catch (Exception e2) {
            throw new CertificateException(rsc.getString("CCX509TrustManager.UnableToCreatePKCS12", rVIEWTrustStoreExceptionPath) + ProtocolConstant.LF + e2.toString());
        }
    }

    private void handleHostSignalFile(boolean z, String str) throws IOException {
        File file = new File(getHostnameFailPath(str));
        if (z) {
            if (file.exists()) {
                return;
            }
            file.createNewFile();
        } else if (file.exists()) {
            file.delete();
        }
    }

    private String getHostnameFailPath(String str) {
        return str + "_hnfail";
    }

    private synchronized void deleteRviewKeystore(String str, int i) {
        File file = new File(getRVIEWTrustStoreExceptionPath(str, i));
        if (file.exists()) {
            file.delete();
        }
    }

    private synchronized void loadExceptionStore() {
        if (this.m_loadedExceptionStore) {
            return;
        }
        this.m_loadedExceptionStore = true;
        try {
            readTrustStore(getCCRCExceptionStorePath(), this.m_exceptionStore, true);
        } catch (Exception e) {
        }
    }

    private void readTrustStore(String str, KeyStore keyStore, boolean z) throws CertificateException {
        File file = new File(str);
        try {
            KeyStore readKeyStore = readKeyStore(file, "JKS", null);
            if (readKeyStore == null) {
                return;
            }
            String str2 = file.getName() + BaseLocale.SEP;
            try {
                Enumeration<String> aliases = readKeyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (readKeyStore.isCertificateEntry(nextElement)) {
                        Certificate certificate = readKeyStore.getCertificate(nextElement);
                        if (z) {
                            keyStore.setCertificateEntry(nextElement, certificate);
                        } else {
                            StringBuilder append = new StringBuilder().append(str2);
                            int i = this.aliasNum;
                            this.aliasNum = i + 1;
                            keyStore.setCertificateEntry(append.append(i).append('_').append(nextElement).toString(), certificate);
                        }
                    }
                }
            } catch (KeyStoreException e) {
                CCLog.logWarning(getClass(), rsc.getString("CCX509TrustManager.UnableToMergeKeystores", new Object[0]) + e.toString(), null);
            }
        } catch (Exception e2) {
            throw new CertificateException(rsc.getString("CCX509TrustManager.UnableToReadAnyKeystore", new Object[0]) + e2.toString());
        }
    }

    private KeyStore readKeyStore(File file, String str, char[] cArr) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = null;
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            Throwable th = null;
            try {
                try {
                    keyStore = KeyStore.getInstance(str);
                    keyStore.load(fileInputStream, cArr);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th3;
            }
        } catch (FileNotFoundException e) {
            return null;
        } catch (IOException e2) {
            CCLog.logWarning(getClass(), rsc.getString("CCX509TrustManager.KeystoreReadIOError", file.getPath()), e2);
        } catch (CertificateException e3) {
            CCLog.logWarning(getClass(), rsc.getString("CCX509TrustManager.UnableToReadSomeCertificates", file.getPath()), e3);
        }
        return keyStore;
    }

    private boolean isException(X509Certificate[] x509CertificateArr, String str) {
        try {
            X509Certificate x509Certificate = (X509Certificate) this.m_exceptionStore.getCertificate(str);
            if (x509Certificate == null || !x509CertificateArr[0].equals(x509Certificate)) {
                return false;
            }
            if (!this.mTracer.shouldTrace(4)) {
                return true;
            }
            this.mTracer.writeTrace("isException", "Found in in-memory exception store");
            return true;
        } catch (KeyStoreException e) {
            return false;
        }
    }
}
