package org.apache.cxf.transport.https;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.lang.reflect.Method;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.servlet.http.HttpServletRequest;
import oracle.net.ns.SQLnetDef;
import org.apache.axis2.Constants;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.SystemPropertyAction;
import org.apache.cxf.configuration.security.FiltersType;
import org.apache.cxf.message.Message;
import org.apache.cxf.security.transport.TLSSessionInfo;
import org.apache.struts2.components.UrlProvider;

/* loaded from: input_file:WEB-INF/lib/cxf-rt-transports-http-2.5.0.jar:org/apache/cxf/transport/https/SSLUtils.class */
public final class SSLUtils {
    static final String PKCS12_TYPE = "PKCS12";
    private static final String DEFAULT_KEYSTORE_TYPE = "PKCS12";
    private static final String DEFAULT_TRUST_STORE_TYPE = "JKS";
    private static final String DEFAULT_SECURE_SOCKET_PROTOCOL = "TLSv1";
    private static final String CERTIFICATE_FACTORY_TYPE = "X.509";
    private static final String SSL_CIPHER_SUITE_ATTRIBUTE = "javax.servlet.request.cipher_suite";
    private static final String SSL_PEER_CERT_CHAIN_ATTRIBUTE = "javax.servlet.request.X509Certificate";
    private static final boolean DEFAULT_REQUIRE_CLIENT_AUTHENTICATION = false;
    private static final boolean DEFAULT_WANT_CLIENT_AUTHENTICATION = true;
    private static final List<String> DEFAULT_CIPHERSUITE_FILTERS_INCLUDE = Arrays.asList(".*");
    private static final List<String> DEFAULT_CIPHERSUITE_FILTERS_EXCLUDE = Arrays.asList(".*_NULL_.*", ".*_anon_.*");

    private SSLUtils() {
    }

    public static KeyManager[] getKeyStoreManagers(String str, String str2, String str3, String str4, String str5, String str6, Logger logger) throws Exception {
        if (str3 != null && str4 != null && !str3.equals(str4)) {
            LogUtils.log(logger, Level.WARNING, "KEY_PASSWORD_NOT_SAME_KEYSTORE_PASSWORD");
        }
        KeyManager[] keyManagerArr = null;
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str5);
        KeyStore keyStore = KeyStore.getInstance(str2);
        if (str2.equalsIgnoreCase("PKCS12")) {
            DataInputStream dataInputStream = new DataInputStream(new FileInputStream(str));
            byte[] bArr = new byte[dataInputStream.available()];
            dataInputStream.readFully(bArr);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            if (str3 != null) {
                keyManagerArr = loadKeyStore(keyManagerFactory, keyStore, byteArrayInputStream, str, str3, logger);
            }
        } else {
            byte[] loadClientCredential = loadClientCredential(str);
            if (loadClientCredential != null && loadClientCredential.length > 0 && str3 != null) {
                keyManagerArr = loadKeyStore(keyManagerFactory, keyStore, new ByteArrayInputStream(loadClientCredential), str, str3, logger);
            }
        }
        if (str3 == null && str != null) {
            LogUtils.log(logger, Level.WARNING, "FAILED_TO_LOAD_KEYSTORE_NULL_PASSWORD", str);
        }
        return keyManagerArr;
    }

    public static KeyManager[] loadKeyStore(KeyManagerFactory keyManagerFactory, KeyStore keyStore, ByteArrayInputStream byteArrayInputStream, String str, String str2, Logger logger) {
        KeyManager[] keyManagerArr = null;
        try {
            keyStore.load(byteArrayInputStream, str2.toCharArray());
            keyManagerFactory.init(keyStore, str2.toCharArray());
            keyManagerArr = keyManagerFactory.getKeyManagers();
            LogUtils.log(logger, Level.FINE, "LOADED_KEYSTORE", str);
        } catch (Exception e) {
            LogUtils.log(logger, Level.WARNING, "FAILED_TO_LOAD_KEYSTORE", new Object[]{str, e.getMessage()});
        }
        return keyManagerArr;
    }

    public static TrustManager[] getTrustStoreManagers(boolean z, String str, String str2, String str3, Logger logger) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(str);
        if (z) {
            TrustManager[] trustManagerArr = new TrustManager[1];
            keyStore.load(null, "".toCharArray());
            CertificateFactory certificateFactory = CertificateFactory.getInstance(CERTIFICATE_FACTORY_TYPE);
            byte[] loadCACert = loadCACert(str2);
            if (loadCACert != null) {
                try {
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(loadCACert);
                    X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                    keyStore.setCertificateEntry(x509Certificate.getIssuerDN().toString(), x509Certificate);
                    byteArrayInputStream.close();
                } catch (Exception e) {
                    LogUtils.log(logger, Level.WARNING, "FAILED_TO_LOAD_TRUST_STORE", new Object[]{str2, e.getMessage()});
                }
            }
        } else {
            keyStore.load(new FileInputStream(str2), null);
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str3);
        trustManagerFactory.init(keyStore);
        LogUtils.log(logger, Level.FINE, "LOADED_TRUST_STORE", str2);
        return trustManagerFactory.getTrustManagers();
    }

    protected static byte[] loadClientCredential(String str) throws IOException {
        if (str == null) {
            return null;
        }
        FileInputStream fileInputStream = new FileInputStream(str);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[512];
        int read = fileInputStream.read(bArr);
        while (true) {
            int i = read;
            if (i <= 0) {
                fileInputStream.close();
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, i);
            read = fileInputStream.read(bArr);
        }
    }

    protected static byte[] loadCACert(String str) throws IOException {
        if (str == null) {
            return null;
        }
        FileInputStream fileInputStream = new FileInputStream(str);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[512];
        int read = fileInputStream.read(bArr);
        while (true) {
            int i = read;
            if (i <= 0) {
                fileInputStream.close();
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, i);
            read = fileInputStream.read(bArr);
        }
    }

    public static String getKeystore(String str, Logger logger) {
        String str2;
        if (str != null) {
            str2 = "KEY_STORE_SET";
        } else {
            str = SystemPropertyAction.getProperty(SQLnetDef.JAVAX_NET_SSL_KEYSTORE);
            if (str != null) {
                str2 = "KEY_STORE_SYSTEM_PROPERTY_SET";
            } else {
                str = SystemPropertyAction.getProperty(Constants.USER_HOME) + "/.keystore";
                str2 = "KEY_STORE_NOT_SET";
            }
        }
        LogUtils.log(logger, Level.FINE, str2, str);
        return str;
    }

    public static String getKeystoreType(String str, Logger logger) {
        String str2;
        if (str != null) {
            str2 = "KEY_STORE_TYPE_SET";
        } else {
            str = "PKCS12";
            str2 = "KEY_STORE_TYPE_NOT_SET";
        }
        LogUtils.log(logger, Level.FINE, str2, str);
        return str;
    }

    public static String getKeystorePassword(String str, Logger logger) {
        String str2;
        if (str != null) {
            str2 = "KEY_STORE_PASSWORD_SET";
        } else {
            str = SystemPropertyAction.getProperty(SQLnetDef.JAVAX_NET_SSL_KEYSTOREPASSWORD);
            str2 = str != null ? "KEY_STORE_PASSWORD_SYSTEM_PROPERTY_SET" : "KEY_STORE_PASSWORD_NOT_SET";
        }
        LogUtils.log(logger, Level.FINE, str2);
        return str;
    }

    public static String getKeyPassword(String str, Logger logger) {
        String str2;
        if (str != null) {
            str2 = "KEY_PASSWORD_SET";
        } else {
            str = SystemPropertyAction.getProperty(SQLnetDef.JAVAX_NET_SSL_KEYSTOREPASSWORD);
            str2 = str != null ? "KEY_PASSWORD_SYSTEM_PROPERTY_SET" : "KEY_PASSWORD_NOT_SET";
        }
        LogUtils.log(logger, Level.FINE, str2);
        return str;
    }

    public static String getKeystoreAlgorithm(String str, Logger logger) {
        String str2;
        if (str != null) {
            str2 = "KEY_STORE_ALGORITHM_SET";
        } else {
            str = KeyManagerFactory.getDefaultAlgorithm();
            str2 = "KEY_STORE_ALGORITHM_NOT_SET";
        }
        LogUtils.log(logger, Level.FINE, str2, str);
        return str;
    }

    public static String getTrustStoreAlgorithm(String str, Logger logger) {
        String str2;
        if (str != null) {
            str2 = "TRUST_STORE_ALGORITHM_SET";
        } else {
            str = TrustManagerFactory.getDefaultAlgorithm();
            str2 = "TRUST_STORE_ALGORITHM_NOT_SET";
        }
        LogUtils.log(logger, Level.FINE, str2, str);
        return str;
    }

    public static SSLContext getSSLContext(String str, KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sSLContext = SSLContext.getInstance(str);
        sSLContext.init(keyManagerArr, trustManagerArr, null);
        return sSLContext;
    }

    public static String[] getSupportedCipherSuites(SSLContext sSLContext) {
        return sSLContext.getSocketFactory().getSupportedCipherSuites();
    }

    public static String[] getServerSupportedCipherSuites(SSLContext sSLContext) {
        return sSLContext.getServerSocketFactory().getSupportedCipherSuites();
    }

    public static String[] getCiphersuites(List<String> list, String[] strArr, FiltersType filtersType, Logger logger, boolean z) {
        String[] ciphersFromList;
        if (list == null || list.isEmpty()) {
            LogUtils.log(logger, Level.FINE, "CIPHERSUITES_NOT_SET");
            if (filtersType == null) {
                LogUtils.log(logger, Level.FINE, "CIPHERSUITE_FILTERS_NOT_SET");
            }
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            List<Pattern> compileRegexPatterns = filtersType != null ? compileRegexPatterns(filtersType.getInclude(), true, logger) : compileRegexPatterns(DEFAULT_CIPHERSUITE_FILTERS_INCLUDE, true, logger);
            List<Pattern> compileRegexPatterns2 = filtersType != null ? compileRegexPatterns(filtersType.getExclude(), false, logger) : compileRegexPatterns(DEFAULT_CIPHERSUITE_FILTERS_EXCLUDE, true, logger);
            for (int i = 0; i < strArr.length; i++) {
                if (!matchesOneOf(strArr[i], compileRegexPatterns) || matchesOneOf(strArr[i], compileRegexPatterns2)) {
                    LogUtils.log(logger, Level.FINE, "CIPHERSUITE_EXCLUDED", strArr[i]);
                    arrayList2.add(strArr[i]);
                } else {
                    LogUtils.log(logger, Level.FINE, "CIPHERSUITE_INCLUDED", strArr[i]);
                    arrayList.add(strArr[i]);
                }
            }
            LogUtils.log(logger, Level.FINE, "CIPHERSUITES_FILTERED", arrayList);
            LogUtils.log(logger, Level.FINE, "CIPHERSUITES_EXCLUDED", arrayList2);
            ciphersFromList = z ? getCiphersFromList(arrayList2, logger, z) : getCiphersFromList(arrayList, logger, z);
        } else {
            ciphersFromList = getCiphersFromList(list, logger, z);
        }
        return ciphersFromList;
    }

    private static List<Pattern> compileRegexPatterns(List<String> list, boolean z, Logger logger) {
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            String str = z ? "CIPHERSUITE_INCLUDE_FILTER" : "CIPHERSUITE_EXCLUDE_FILTER";
            for (String str2 : list) {
                LogUtils.log(logger, Level.FINE, str, str2);
                arrayList.add(Pattern.compile(str2));
            }
        }
        return arrayList;
    }

    private static boolean matchesOneOf(String str, List<Pattern> list) {
        boolean z = false;
        if (list != null) {
            Iterator<Pattern> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (it.next().matcher(str).matches()) {
                    z = true;
                    break;
                }
            }
        }
        return z;
    }

    private static String[] getCiphersFromList(List<String> list, Logger logger, boolean z) {
        String[] strArr = (String[]) list.toArray(new String[list.size()]);
        if (logger.isLoggable(Level.FINE)) {
            StringBuilder sb = new StringBuilder();
            for (String str : strArr) {
                if (sb.length() != 0) {
                    sb.append(", ");
                }
                sb.append(str);
            }
            LogUtils.log(logger, Level.FINE, z ? "CIPHERSUITES_EXCLUDED" : "CIPHERSUITES_SET", sb.toString());
        }
        return strArr;
    }

    public static String getTrustStore(String str, Logger logger) {
        String str2;
        if (str != null) {
            str2 = "TRUST_STORE_SET";
        } else {
            str = SystemPropertyAction.getProperty(SQLnetDef.JAVAX_NET_SSL_TRUSTSTORE);
            if (str != null) {
                str2 = "TRUST_STORE_SYSTEM_PROPERTY_SET";
            } else {
                str = SystemPropertyAction.getProperty("java.home") + "/lib/security/cacerts";
                str2 = "TRUST_STORE_NOT_SET";
            }
        }
        LogUtils.log(logger, Level.FINE, str2, str);
        return str;
    }

    public static String getTrustStoreType(String str, Logger logger) {
        String str2;
        if (str != null) {
            str2 = "TRUST_STORE_TYPE_SET";
        } else {
            str = DEFAULT_TRUST_STORE_TYPE;
            str2 = "TRUST_STORE_TYPE_NOT_SET";
        }
        LogUtils.log(logger, Level.FINE, str2, str);
        return str;
    }

    public static String getSecureSocketProtocol(String str, Logger logger) {
        if (str != null) {
            LogUtils.log(logger, Level.FINE, "SECURE_SOCKET_PROTOCOL_SET", str);
        } else {
            LogUtils.log(logger, Level.FINE, "SECURE_SOCKET_PROTOCOL_NOT_SET");
            str = DEFAULT_SECURE_SOCKET_PROTOCOL;
        }
        return str;
    }

    public static boolean getRequireClientAuthentication(boolean z, Boolean bool, Logger logger) {
        boolean z2 = false;
        if (z) {
            z2 = bool.booleanValue();
            LogUtils.log(logger, Level.FINE, "REQUIRE_CLIENT_AUTHENTICATION_SET", Boolean.valueOf(z2));
        } else {
            LogUtils.log(logger, Level.WARNING, "REQUIRE_CLIENT_AUTHENTICATION_NOT_SET");
        }
        return z2;
    }

    public static boolean getWantClientAuthentication(boolean z, Boolean bool, Logger logger) {
        boolean z2 = true;
        if (z) {
            z2 = bool.booleanValue();
            LogUtils.log(logger, Level.FINE, "WANT_CLIENT_AUTHENTICATION_SET", Boolean.valueOf(z2));
        } else {
            LogUtils.log(logger, Level.WARNING, "WANT_CLIENT_AUTHENTICATION_NOT_SET");
        }
        return z2;
    }

    public static void propogateSecureSession(HttpServletRequest httpServletRequest, Message message) {
        String str = (String) httpServletRequest.getAttribute(SSL_CIPHER_SUITE_ATTRIBUTE);
        if (str != null) {
            message.put((Class<Class>) TLSSessionInfo.class, (Class) new TLSSessionInfo(str, null, (Certificate[]) httpServletRequest.getAttribute(SSL_PEER_CERT_CHAIN_ATTRIBUTE)));
        }
    }

    public static void logUnSupportedPolicies(Object obj, boolean z, String[] strArr, Logger logger) {
        for (int i = 0; i < strArr.length; i++) {
            try {
                logUnSupportedPolicy(((Boolean) obj.getClass().getMethod("isSet" + strArr[i], new Class[0]).invoke(obj, (Object[]) null)).booleanValue(), z, strArr[i], logger);
            } catch (Exception e) {
            }
        }
    }

    private static void logUnSupportedPolicy(boolean z, boolean z2, String str, Logger logger) {
        if (z) {
            LogUtils.log(logger, Level.WARNING, z2 ? "UNSUPPORTED_SSL_CLIENT_POLICY_DATA" : "UNSUPPORTED_SSL_SERVER_POLICY_DATA", str);
        }
    }

    public static boolean testAllDataHasSetupMethod(Object obj, String[] strArr, String[] strArr2) {
        Method[] declaredMethods = obj.getClass().getDeclaredMethods();
        Method[] methods = SSLUtils.class.getMethods();
        boolean z = true;
        for (int i = 0; i < declaredMethods.length && z; i++) {
            String name = declaredMethods[i].getName();
            if (name.startsWith("isSet")) {
                String substring = name.substring("isSet".length(), name.length());
                z = hasMethod(methods, new StringBuilder().append(UrlProvider.GET).append(substring).toString()) || isExcluded(strArr, substring) || isExcluded(strArr2, substring);
            }
        }
        return z;
    }

    private static boolean hasMethod(Method[] methodArr, String str) {
        boolean z = false;
        for (int i = 0; i < methodArr.length && !z; i++) {
            z = methodArr[i].getName().equals(str);
        }
        return z;
    }

    private static boolean isExcluded(String[] strArr, String str) {
        boolean z = false;
        for (int i = 0; i < strArr.length && !z; i++) {
            z = strArr[i].equals(str);
        }
        return z;
    }
}
