package com.wm.ext.iaik;

import com.wm.app.b2b.util.ServerIf;
import com.wm.cert.CertManager;
import com.wm.cert.X509CertIf;
import com.wm.data.IDataCursor;
import com.wm.net.SocketProviderIf;
import com.wm.net.resources.ListenerBundle;
import com.wm.net.resources.ServerListenerExceptionBundle;
import com.wm.net.resources.ServerListenerExceptionBundle_en;
import com.wm.net.socket.ISocketFactory;
import com.wm.security.TrustDeciderManager;
import com.wm.security.TrustManager;
import com.wm.security.Util;
import com.wm.security.WmSecurityProvider;
import com.wm.security.ssl.wmChainVerifier;
import com.wm.security.wmTrustDecider;
import com.wm.util.Config;
import com.wm.util.JournalLogger;
import com.wm.util.SecurityUtil;
import com.wm.util.ServerException;
import com.wm.util.Values;
import iaik.asn1.structures.AlgorithmID;
import iaik.security.random.SecRandom;
import iaik.security.ssl.CipherSuite;
import iaik.security.ssl.CipherSuiteList;
import iaik.security.ssl.KeyAndCert;
import iaik.security.ssl.SSLClientContext;
import iaik.security.ssl.SSLServerContext;
import iaik.security.ssl.SSLServerSocket;
import iaik.security.ssl.SSLSocket;
import iaik.x509.X509Certificate;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPrivateKey;
import java.util.HashMap;
import java.util.Iterator;

/* loaded from: input_file:com/wm/ext/iaik/IaikSecureSocket.class */
public class IaikSecureSocket implements SocketProviderIf, ISocketFactory {
    static final String CLIENT_TIMEOUT_PROPERTY = "watt.net.ssl.server.clientHandshakeTimeout";
    static int clientTimeout;
    static final int SSL_SETUP_ERROR = 4;
    static final int SSL_RESTRICTED = 6;
    static final int SSL_CIPHER_INFO = 7;
    static final int LOAD_CERT_FROM = 8;
    static final int LOAD_NOCERT_FROM = 9;
    static final int PORT_REQ_CERT = 10;
    static final int START_SSL_HANDSHAKE = 11;
    static final int FINISHED_SSL_HANDSHAKE = 12;
    static final int NULL_PEER_CERT_CHAIN = 13;
    static final int PEER_CERT_NOT_MAPPED = 14;
    static final int PEER_CERT_CHAIN_NOT_TRUSTED = 15;
    static final int SSL_HANDSHAKE_FAILED = 16;
    static final int ASYMMETRIC_EXPORT_GRADE = 512;
    protected Values _context;
    protected boolean _usingServerDefaults;
    protected boolean _requestCerts;
    protected boolean _requireCerts;
    String[] _certChain;
    String _key;
    String _caDir;
    String _keyStoreCADir;
    protected static HashMap keyStoreTypes = new HashMap();
    protected static HashMap keyStoreTypeAliases = new HashMap();
    public static final String DEFAULT_JAVA_SECURITY_PROVIDER = "sun.security.provider.Sun";
    protected String _keyStoreProvider;
    protected String _keyStoreProviderClass;
    protected String _keyStoreType;
    protected String _keyStorePassword;
    protected String _keyStoreLocation;
    protected String _alias;
    protected boolean _useHSM;
    protected Provider _provider;
    protected wmChainVerifier _verifier;
    static final String MIN_VERSION_PROP = "watt.net.ssl.client.handshake.minVersion";
    static final String MAX_VERSION_PROP = "watt.net.ssl.client.handshake.maxVersion";
    static final int MIN_VERSION_DEFAULT = 2;
    static final int MAX_VERSION_DEFAULT = 769;
    private static CipherSuite[] reallyStrongCiphers;
    private static boolean useReallyStrongCiphers;
    static int MinVersion;
    static int MaxVersion;
    static boolean sslDebug;
    protected SSLServerContext gServerContext;
    protected SSLClientContext gClientContext;
    protected SSLSocket gSocket;
    protected boolean gAutoHandshake;
    CipherSuite[] strongCiphers;
    CipherSuite[] exportCiphers;
    public static final int HTTPSLSTN_SSLSETUP_MSG = 14;
    public static final int HTTPSLSTN_CERTNOTLOADED_MSG = 15;
    public static final int HTTPSLSTN_PROVIDER_NOT_LOADED = 18;
    public static final int HTTPSLSTN_PROVIDER_NOT_SPECIFIED = 19;
    public static final int HTTPSLSTN_KEYSTORE_PASSWD_NOT_SPECIFIED = 20;

    public IaikSecureSocket() {
        this._usingServerDefaults = false;
        this._requestCerts = false;
        this._requireCerts = false;
        this.gServerContext = null;
        this.gClientContext = null;
        this.gSocket = null;
        this.strongCiphers = new CipherSuite[]{CipherSuite.SSL_RSA_WITH_RC4_MD5, CipherSuite.SSL_RSA_WITH_RC4_SHA, CipherSuite.SSL_RSA_WITH_IDEA_CBC_SHA, CipherSuite.SSL_RSA_WITH_DES_CBC_SHA, CipherSuite.SSL_RSA_WITH_3DES_EDE_CBC_SHA, CipherSuite.SSL_RSA_EXPORT_WITH_RC4_40_MD5, CipherSuite.SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, CipherSuite.SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, CipherSuite.SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, CipherSuite.SSL_DH_DSS_WITH_DES_CBC_SHA, CipherSuite.SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA, CipherSuite.SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, CipherSuite.SSL_DH_RSA_WITH_DES_CBC_SHA, CipherSuite.SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA, CipherSuite.SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, CipherSuite.SSL_DHE_DSS_WITH_DES_CBC_SHA, CipherSuite.SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, CipherSuite.SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, CipherSuite.SSL_DHE_RSA_WITH_DES_CBC_SHA, CipherSuite.SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, CipherSuite.SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, CipherSuite.SSL_DH_anon_WITH_RC4_MD5, CipherSuite.SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, CipherSuite.SSL_DH_anon_WITH_DES_CBC_SHA, CipherSuite.SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, CipherSuite.SSL_RSA_WITH_NULL_MD5, CipherSuite.SSL_RSA_WITH_NULL_SHA};
        this.exportCiphers = new CipherSuite[]{CipherSuite.SSL_RSA_EXPORT_WITH_RC4_40_MD5, CipherSuite.SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, CipherSuite.SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, CipherSuite.SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, CipherSuite.SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, CipherSuite.SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, CipherSuite.SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, CipherSuite.SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, CipherSuite.SSL_DH_anon_EXPORT_WITH_RC4_40_MD5};
        this.gAutoHandshake = true;
    }

    public IaikSecureSocket(Values values) {
        this();
        this._context = values;
        initProperties(this._context);
        setup();
    }

    @Override // com.wm.net.SocketProviderIf
    public void setup() {
        this.gClientContext = new SSLClientContext();
        if (useReallyStrongCiphers) {
            this.gClientContext.setEnabledCipherSuites(reallyStrongCiphers);
        } else {
            this.gClientContext.setEnabledCipherSuites(this.strongCiphers);
        }
        this.gClientContext.setAllowedProtocolVersions(MinVersion, MaxVersion);
        if (sslDebug) {
            this.gClientContext.setDebugStream(System.out);
        }
    }

    @Override // com.wm.net.SocketProviderIf
    public Object newRandomGenerator() {
        return SecRandom.getDefault();
    }

    @Override // com.wm.net.SocketProviderIf
    public void setRandomGenerator(Object obj) {
        if (this.gClientContext != null) {
            this.gClientContext.setRandomGenerator((SecureRandom) obj);
        }
    }

    @Override // com.wm.net.SocketProviderIf, com.wm.net.socket.ISocketFactory
    public void setAutoHandshake(boolean z) {
        this.gAutoHandshake = z;
        if (this.gSocket != null) {
            this.gSocket.setAutoHandshake(this.gAutoHandshake);
        }
    }

    public Socket newSocket(Socket socket) throws IOException {
        wmTrustDecider wmtrustdecider;
        TrustDeciderManager manager = TrustManager.getManager();
        if (manager != null && (wmtrustdecider = (wmTrustDecider) manager.createTrustDecider()) != null) {
            wmtrustdecider.init();
            this.gClientContext.setTrustDecider(wmtrustdecider);
        }
        SSLSocket sSLSocket = new SSLSocket(socket, this.gClientContext);
        sSLSocket.setAutoHandshake(this.gAutoHandshake);
        return sSLSocket;
    }

    public ServerSocket newServerSocket(int i) throws IOException {
        wmTrustDecider wmtrustdecider;
        SSLServerContext sSLServerContext = new SSLServerContext();
        sSLServerContext.setDebugStream(this.gClientContext.getDebugStream());
        sSLServerContext.setEnabledCipherSuites(this.gClientContext.getEnabledCipherSuites());
        sSLServerContext.setAllowedProtocolVersions(768, MAX_VERSION_DEFAULT);
        TrustDeciderManager manager = TrustManager.getManager();
        if (manager != null && (wmtrustdecider = (wmTrustDecider) manager.createTrustDecider()) != null) {
            wmtrustdecider.init();
            sSLServerContext.setTrustDecider(wmtrustdecider);
        }
        return new SSLServerSocket(i, sSLServerContext);
    }

    public Socket newSecureSocket(Socket socket, boolean z, boolean z2) throws IOException {
        wmTrustDecider wmtrustdecider;
        if (this.gServerContext == null) {
            try {
                setupServer();
                setupClientCert();
            } catch (Exception e) {
                throw new IOException(e.getMessage());
            }
        }
        this.gServerContext.setDebugStream(this.gClientContext.getDebugStream());
        this.gServerContext.setEnabledCipherSuites(this.gClientContext.getEnabledCipherSuites());
        this.gServerContext.setAllowedProtocolVersions(768, MAX_VERSION_DEFAULT);
        TrustDeciderManager manager = TrustManager.getManager();
        if (manager != null && (wmtrustdecider = (wmTrustDecider) manager.createTrustDecider()) != null) {
            wmtrustdecider.init();
            this.gServerContext.setTrustDecider(wmtrustdecider);
            wmtrustdecider.setKeyAndCert(this.gServerContext.getServerCredentials(1));
        }
        SSLSocket sSLSocket = new SSLSocket(socket, this.gServerContext);
        sSLSocket.setUseClientMode(z);
        sSLSocket.setAutoHandshake(z2);
        return sSLSocket;
    }

    @Override // com.wm.net.SocketProviderIf
    public Socket newSocket(String str, int i) throws IOException {
        wmTrustDecider wmtrustdecider;
        TrustDeciderManager manager = TrustManager.getManager();
        if (manager != null && (wmtrustdecider = (wmTrustDecider) manager.createTrustDecider()) != null) {
            wmtrustdecider.init();
            this.gClientContext.setTrustDecider(wmtrustdecider);
        }
        this.gSocket = new SSLSocket(str, i, this.gClientContext);
        this.gSocket.setAutoHandshake(this.gAutoHandshake);
        return this.gSocket;
    }

    public Socket newSocket(String str, int i, KeyAndCert keyAndCert) throws IOException {
        wmTrustDecider wmtrustdecider;
        TrustDeciderManager manager = TrustManager.getManager();
        if (manager != null && (wmtrustdecider = (wmTrustDecider) manager.createTrustDecider()) != null) {
            if (keyAndCert != null) {
                try {
                    wmtrustdecider.setKeyAndCert(keyAndCert);
                } catch (Exception e) {
                    JournalLogger.logError(9998, 6, e);
                }
            }
            wmtrustdecider.init();
            this.gClientContext.setTrustDecider(wmtrustdecider);
        }
        this.gSocket = new SSLSocket(str, i, this.gClientContext);
        this.gSocket.setAutoHandshake(this.gAutoHandshake);
        return this.gSocket;
    }

    @Override // com.wm.net.SocketProviderIf
    public boolean startHandshake() throws IOException {
        if (this.gSocket == null) {
            return false;
        }
        int soTimeout = this.gSocket.getSoTimeout();
        this.gSocket.setSoTimeout(clientTimeout);
        this.gSocket.startHandshake();
        this.gSocket.setSoTimeout(soTimeout);
        return true;
    }

    public static void startHandshake(Socket socket) throws IOException {
        if (socket == null || !(socket instanceof SSLSocket)) {
            return;
        }
        int soTimeout = socket.getSoTimeout();
        socket.setSoTimeout(clientTimeout);
        JournalLogger.logDebugPlus(5, 11, 6, "");
        try {
            ((SSLSocket) socket).startHandshake();
            JournalLogger.logDebugPlus(5, 12, 6, "");
            socket.setSoTimeout(soTimeout);
        } catch (IOException e) {
            JournalLogger.logError(9998, 6, e);
            JournalLogger.logError(16, 6, "");
            throw e;
        }
    }

    @Override // com.wm.net.SocketProviderIf
    public boolean handleIOException(IOException iOException) {
        return false;
    }

    @Override // com.wm.net.SocketProviderIf
    public InputStream getSocketInputStream() throws IOException {
        return this.gSocket.getInputStream();
    }

    @Override // com.wm.net.SocketProviderIf
    public OutputStream getSocketOutputStream() throws IOException {
        return this.gSocket.getOutputStream();
    }

    private KeyAndCert getKeyAndCert() throws Exception {
        boolean z = false;
        boolean z2 = false;
        try {
            if (this._key == null || this._key.trim().length() == 0) {
                this._key = Config.getProperty(wmTrustDecider.PRIV_KEY_PROP);
                z = true;
            }
            if (this._key == null) {
                if (z) {
                    this._key = null;
                }
                if (0 != 0) {
                    this._certChain = null;
                }
                return null;
            }
            if (this._certChain == null || this._certChain.length == 0) {
                this._certChain = new String[2];
                this._certChain[0] = Config.getProperty(wmTrustDecider.SIGNED_CERT_PROP);
                this._certChain[1] = Config.getProperty(wmTrustDecider.CA_CERT_PROP);
                z2 = true;
            } else if (this._certChain.length == 2 && (this._certChain[0] == null || this._certChain[0].trim().length() == 0)) {
                this._certChain[0] = Config.getProperty(wmTrustDecider.SIGNED_CERT_PROP);
                this._certChain[1] = Config.getProperty(wmTrustDecider.CA_CERT_PROP);
                z2 = true;
            }
            if (this._certChain.length != 2 || this._certChain[0] == null) {
                return null;
            }
            File file = new File(this._key);
            if (!file.exists()) {
                if (z) {
                    this._key = null;
                }
                if (z2) {
                    this._certChain = null;
                }
                return null;
            }
            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) Util.loadRSAPrivateKey(file);
            if (rSAPrivateKey == null) {
                throw new Exception("Private key either not in the correct format (PKCS#1 or PKCS#8) or is protected: " + this._key);
            }
            try {
                try {
                    KeyAndCert keyAndCert = new KeyAndCert(Util.loadX509Chain(this._certChain), rSAPrivateKey);
                    if (z) {
                        this._key = null;
                    }
                    if (z2) {
                        this._certChain = null;
                    }
                    return keyAndCert;
                } catch (Exception e) {
                    throw new ServerException(e.getMessage());
                }
            } catch (CertificateException e2) {
                throw new ServerException(ServerListenerExceptionBundle.class, ServerListenerExceptionBundle.BAD_CERTIFICATE, "", this._key);
            }
        } finally {
            if (z) {
                this._key = null;
            }
            if (z2) {
                this._certChain = null;
            }
        }
    }

    public static Object[] getClientCredentials(Socket socket) {
        if (socket == null || !(socket instanceof SSLSocket)) {
            return null;
        }
        try {
            X509Certificate[] convertCertificateChain = iaik.utils.Util.convertCertificateChain(((SSLSocket) socket).getPeerCertificateChain());
            if (convertCertificateChain == null || convertCertificateChain.length == 0) {
                return null;
            }
            X509CertIf[] newInstanceArray = CertManager.newInstanceArray(convertCertificateChain.length);
            for (int i = 0; i < newInstanceArray.length; i++) {
                newInstanceArray[i].setCertificate(convertCertificateChain[i]);
            }
            return newInstanceArray;
        } catch (Exception e) {
            return null;
        }
    }

    @Override // com.wm.net.socket.ISocketFactory
    public ServerSocket createServerSocket(int i, int i2, InetAddress inetAddress, Values values) throws IOException {
        if (this._context == null) {
            this._context = values;
            initProperties(this._context);
        }
        try {
            setupServer();
            setupClientCert();
            return inetAddress != null ? new SSLServerSocket(i, i2, inetAddress, this.gServerContext) : new SSLServerSocket(i, i2, this.gServerContext);
        } catch (Exception e) {
            throw new IOException(e.getMessage());
        }
    }

    @Override // com.wm.net.socket.ISocketFactory
    public ServerSocket createServerSocket(int i, int i2, Values values) throws IOException {
        if (this._context == null) {
            this._context = values;
            initProperties(values);
        }
        try {
            setupServer();
            setupClientCert();
            return new SSLServerSocket(i, i2, this.gServerContext);
        } catch (Exception e) {
            throw new IOException(e.getMessage());
        }
    }

    @Override // com.wm.net.socket.ISocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2, Values values) throws IOException {
        return newSocket(inetAddress2.getHostAddress(), i2);
    }

    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2, Values values) throws IOException {
        wmTrustDecider wmtrustdecider;
        TrustDeciderManager manager = TrustManager.getManager();
        if (manager != null && (wmtrustdecider = (wmTrustDecider) manager.createTrustDecider()) != null) {
            wmtrustdecider.init();
            this.gClientContext.setTrustDecider(wmtrustdecider);
        }
        this.gSocket = new SSLSocket(str, i, inetAddress, i2, this.gClientContext);
        this.gSocket.setAutoHandshake(this.gAutoHandshake);
        return this.gSocket;
    }

    @Override // com.wm.net.socket.ISocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, Values values) throws IOException {
        if (!"regularinternal".equals(values.getString("listenerType"))) {
            return newSocket(inetAddress.getHostAddress(), i);
        }
        try {
            return newSocket(inetAddress.getHostAddress(), i, getKeyAndCert());
        } catch (Exception e) {
            if (e instanceof IOException) {
                throw ((IOException) e);
            }
            IOException iOException = new IOException(e.getLocalizedMessage());
            iOException.setStackTrace(e.getStackTrace());
            throw iOException;
        }
    }

    @Override // com.wm.net.socket.ISocketFactory
    public Socket createSocket(String str, int i, Values values) throws IOException {
        if (this._context == null) {
            this._context = values;
            initProperties(this._context);
        }
        return newSocket(str, i);
    }

    @Override // com.wm.net.socket.ISocketFactory
    public Socket createSocket(String str, int i) throws IOException {
        return newSocket(str, i);
    }

    @Override // com.wm.net.socket.ISocketFactory
    public Values getProperties(Values values) {
        Object obj = "none";
        if (this._requireCerts) {
            obj = "require";
        } else if (this._requestCerts) {
            obj = ServerIf.SOAP_REQUEST;
        }
        values.put(ServerIf.KEY_SSL, "true");
        values.put("clientAuth", obj);
        values.put(ServerIf.HTTPACTION_CERT_CHAIN, this._certChain);
        values.put("privKey", this._key);
        values.put("caDir", this._caDir);
        values.put("keyStoreProvider", this._keyStoreProvider);
        values.put("keyStoreProviderClass", this._keyStoreProviderClass);
        values.put("keyStoreType", this._keyStoreType);
        values.put("useHSM", this._useHSM ? "true" : "false");
        values.put("password", this._keyStorePassword);
        values.put("keyStoreLocation", this._keyStoreLocation);
        values.put(ServerIf.KEY_ENDPOINT_ALIAS, this._alias);
        values.put("keyStoreCADir", this._keyStoreCADir);
        return values;
    }

    @Override // com.wm.net.socket.ISocketFactory
    public String getProtocol() {
        return ServerIf.KEY_SSL;
    }

    private void initProperties(Values values) {
        String string = values.getString("clientAuth");
        if (string != null && string.length() > 0) {
            if (string.equalsIgnoreCase(ServerIf.SOAP_REQUEST)) {
                this._requestCerts = true;
            }
            if (string.equalsIgnoreCase("require")) {
                this._requestCerts = true;
                this._requireCerts = true;
            }
        }
        String string2 = values.getString("privKey");
        String string3 = values.getString("caDir");
        String[] stringArray = values.getStringArray(ServerIf.HTTPACTION_CERT_CHAIN);
        IDataCursor cursor = values.getIData().getCursor();
        if (cursor.first("signedCert")) {
            stringArray = new String[2];
            stringArray[0] = (String) cursor.getValue();
            if (cursor.first("caCert")) {
                stringArray[1] = (String) cursor.getValue();
            }
        }
        this._keyStoreProvider = values.getString("keyStoreProvider");
        this._keyStoreProviderClass = values.getString("keyStoreProviderClass");
        this._keyStoreType = values.getString("keyStoreType");
        if (this._keyStoreProvider == null || this._keyStoreProvider.trim().equals("")) {
            this._keyStoreProvider = getProviderForKeyStores(this._keyStoreType);
        }
        this._useHSM = values.getBoolean("useHSM");
        this._keyStoreLocation = values.getString("keyStoreLocation");
        this._keyStorePassword = values.getString("password");
        this._alias = values.getString(ServerIf.KEY_ENDPOINT_ALIAS);
        if (this._keyStoreLocation != null && this._keyStoreLocation.length() > 0) {
            this._provider = getJavaSecurityProvider(this._keyStoreProvider);
            if (this._provider != null) {
                this._keyStoreProviderClass = this._provider.getClass().getName();
                if (sslDebug) {
                    debug("IaikHTTPSListener---> the Java provider`s class = " + this._keyStoreProviderClass);
                }
            }
        }
        this._keyStoreCADir = values.getString("keyStoreCADir");
        cursor.destroy();
        String trim = string2 == null ? "" : string2.trim();
        this._certChain = stringArray;
        this._key = trim;
        this._caDir = string3;
    }

    private void setupServer() throws ServerException {
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        try {
            try {
                java.security.cert.X509Certificate[] x509CertificateArr = null;
                java.security.cert.X509Certificate[] x509CertificateArr2 = null;
                if (this._provider != null) {
                    if (this._keyStoreLocation == null) {
                        throw new IOException(new ServerException(ServerListenerExceptionBundle.class, ServerListenerExceptionBundle.KEYSTORE_LOC_NOT_SPECIFIED, "").getMessage());
                    }
                    try {
                        KeyStore keyStore = KeyStore.getInstance((this._keyStoreType == null || this._keyStoreType.length() < 1) ? KeyStore.getDefaultType() : this._keyStoreType, this._provider.getName());
                        File file = new File(this._keyStoreLocation);
                        if (!file.exists()) {
                            throw new IOException(new ServerException(ServerListenerExceptionBundle.class, ServerListenerExceptionBundle.KEYSTORE_FILE_NOT_EXIST, "", this._keyStoreLocation).getMessage());
                        }
                        if (this._keyStorePassword == null || this._keyStorePassword.length() < 1) {
                            this._keyStorePassword = Config.getProperty((String) null, "server.listeners.keystorePassword");
                        }
                        if (this._keyStorePassword == null || this._keyStorePassword.length() < 1) {
                            JournalLogger.logCritical(20, 47, this._keyStoreLocation);
                            throw new IOException(new ServerException(ServerListenerExceptionBundle.class, ServerListenerExceptionBundle.PASSWORD_NOT_SPECIFIED, "", this._keyStoreLocation).getMessage());
                        }
                        try {
                            keyStore.load(new FileInputStream(file), this._keyStorePassword.toCharArray());
                            if (!keyStore.containsAlias(this._alias)) {
                                throw new IOException(new ServerException(ServerListenerExceptionBundle.class, ServerListenerExceptionBundle.ALIAS_NOT_EXIST, "", this._alias).getMessage());
                            }
                            try {
                                Certificate[] certificateChain = keyStore.getCertificateChain(this._alias);
                                x509CertificateArr2 = new java.security.cert.X509Certificate[certificateChain.length];
                                for (int i = 0; i < x509CertificateArr2.length; i++) {
                                    x509CertificateArr2[i] = (java.security.cert.X509Certificate) certificateChain[i];
                                }
                                Key key = keyStore.getKey(this._alias, this._keyStorePassword.toCharArray());
                                r16 = key instanceof PrivateKey ? (RSAPrivateKey) key : null;
                                if (r16 == null) {
                                    throw new IOException(new ServerException(ServerListenerExceptionBundle.class, ServerListenerExceptionBundle.PRIVATE_KEY_NOT_EXIST, "", this._alias).getMessage());
                                }
                                if (x509CertificateArr2 != null && x509CertificateArr2.length > 0) {
                                    x509CertificateArr = new java.security.cert.X509Certificate[x509CertificateArr2.length];
                                    for (int i2 = 0; i2 < x509CertificateArr2.length; i2++) {
                                        x509CertificateArr[i2] = x509CertificateArr2[i2];
                                    }
                                }
                                if (this._useHSM) {
                                    String name = this._provider != null ? this._provider.getName() : this._keyStoreProvider;
                                    WmSecurityProvider.getInstance(name);
                                    WmSecurityProvider.setDebug(sslDebug);
                                    WmSecurityProvider.registerProviderForKey(r16.getClass().getName(), name);
                                }
                            } catch (Exception e) {
                                throw new IOException(e.getMessage());
                            }
                        } catch (Exception e2) {
                            throw new IOException(e2.getMessage());
                        }
                    } catch (Exception e3) {
                        throw new IOException(new ServerException(ServerListenerExceptionBundle.class, ServerListenerExceptionBundle.KEYSTORE_NOT_INSTANTIATED, "", new Object[]{this._provider.getName(), e3.getLocalizedMessage()}).getMessage());
                    }
                }
                this.gServerContext = new SSLServerContext();
                if (sslDebug) {
                    this.gServerContext.setDebugStream(System.err);
                }
                this.gServerContext.setAllowedProtocolVersions(768, MAX_VERSION_DEFAULT);
                CipherSuiteList cipherSuiteList = new CipherSuiteList();
                cipherSuiteList.add(CipherSuite.CS_RSA_EXPORT);
                cipherSuiteList.add(CipherSuite.CS_RSA_EXPORT1024);
                cipherSuiteList.add(CipherSuite.CS_RSA);
                if (Config.getProperty("false", "watt.net.ssl.server.strongcipheronly").equals("true")) {
                    CipherSuiteList cipherSuiteList2 = new CipherSuiteList(CipherSuite.CS_RSA);
                    cipherSuiteList = new CipherSuiteList();
                    for (int i3 = 0; i3 < cipherSuiteList2.size(); i3++) {
                        if (cipherSuiteList2.elementAt(i3).getKeyLength() >= 16) {
                            cipherSuiteList.add(cipherSuiteList2.elementAt(i3));
                        }
                    }
                    JournalLogger.logCritical(6, 6);
                    for (int i4 = 0; i4 < cipherSuiteList.size(); i4++) {
                        JournalLogger.logCritical(7, 6, new Object[]{String.valueOf(i4), cipherSuiteList.elementAt(i4).toString(), String.valueOf(8 * cipherSuiteList.elementAt(i4).getKeyLength())});
                    }
                }
                cipherSuiteList.remove(CipherSuite.SSL_RSA_WITH_IDEA_CBC_SHA);
                cipherSuiteList.ensureAvailable();
                this.gServerContext.setEnabledCipherSuiteList(cipherSuiteList);
                this._key = this._key == null ? "" : this._key.trim();
                if (this._key.length() == 0) {
                    this._key = Config.getProperty(wmTrustDecider.PRIV_KEY_PROP);
                    z = true;
                }
                if (this._certChain == null || this._certChain.length == 0) {
                    this._certChain = new String[2];
                    this._certChain[0] = Config.getProperty(wmTrustDecider.SIGNED_CERT_PROP);
                    this._certChain[1] = Config.getProperty(wmTrustDecider.CA_CERT_PROP);
                    z2 = true;
                } else if (this._certChain.length == 2 && (this._certChain[0] == null || this._certChain[0].trim().length() == 0)) {
                    this._certChain[0] = Config.getProperty(wmTrustDecider.SIGNED_CERT_PROP);
                    this._certChain[1] = Config.getProperty(wmTrustDecider.CA_CERT_PROP);
                    z2 = true;
                }
                if (x509CertificateArr == null) {
                    this._caDir = this._caDir == null ? "" : this._caDir.trim();
                    if (this._caDir.length() == 0) {
                        this._caDir = Config.getProperty("watt.security.CADir");
                        z3 = true;
                    }
                    if (this._key == null) {
                        throw new ServerException(ServerListenerExceptionBundle.class, ServerListenerExceptionBundle.PRIVKEY_NOT_SPECIFIED, "");
                    }
                    File file2 = new File(this._key);
                    if (!file2.exists()) {
                        throw new ServerException(ServerListenerExceptionBundle.class, ServerListenerExceptionBundle.PRIVKEY_FILE_NOT_EXIST, "");
                    }
                    try {
                        x509CertificateArr2 = Util.loadX509Chain(this._certChain);
                        r16 = (RSAPrivateKey) Util.loadRSAPrivateKey(file2);
                        if (r16 == null) {
                            throw new Exception("Private key not either not in the correct format (PKCS#1 or PKCS#8) or is protected");
                        }
                    } catch (CertificateException e4) {
                        throw new ServerException(ServerListenerExceptionBundle.class, ServerListenerExceptionBundle.BAD_CERTIFICATE, "", this._key);
                    } catch (Exception e5) {
                        throw new ServerException(e5.getMessage());
                    }
                } else {
                    this._keyStoreCADir = this._keyStoreCADir == null ? "" : this._keyStoreCADir.trim();
                    if (this._keyStoreCADir.length() == 0) {
                        this._keyStoreCADir = Config.getProperty("watt.security.CADir");
                        z3 = true;
                    }
                }
                this.gServerContext.addServerCredentials(x509CertificateArr2, r16);
                r16.getModulus();
                if (this._provider != null || r16.getModulus().bitLength() > 512) {
                    try {
                        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", SecurityUtil.getFipsProvider());
                        keyPairGenerator.initialize(512, SecRandom.getDefault());
                        this.gServerContext.addTemporaryParameter(keyPairGenerator.generateKeyPair());
                    } catch (Exception e6) {
                        JournalLogger.logDebug(4, 6, e6);
                    }
                }
                this.gServerContext.updateCipherSuites();
                if (z) {
                    this._key = null;
                }
                if (z2) {
                    this._certChain = null;
                }
                if (z3) {
                    this._caDir = null;
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    this._key = null;
                }
                if (0 != 0) {
                    this._certChain = null;
                }
                if (0 != 0) {
                    this._caDir = null;
                }
                throw th;
            }
        } catch (Exception e7) {
            JournalLogger.logCritical(9998, 6, e7);
            throw new ServerException(e7.getMessage());
        } catch (Throwable th2) {
            JournalLogger.logCritical(9998, 6, th2);
            throw new ServerException(th2.getMessage());
        }
    }

    public void setupClientCert() throws ServerException {
        try {
            String str = null;
            boolean z = false;
            if (this._keyStoreCADir != null && this._keyStoreCADir.length() != 0) {
                str = this._keyStoreCADir.trim();
            } else if (this._caDir == null || this._caDir.length() == 0) {
                z = true;
            } else {
                str = this._caDir.trim();
            }
            if (z) {
                this._verifier = wmChainVerifier.getDefaultVerifier();
                this._verifier.loadDefaultAuthorities();
            } else {
                this._verifier = new wmChainVerifier();
                java.security.cert.X509Certificate[] loadCertificatesFromDir = Util.loadCertificatesFromDir(str);
                if (loadCertificatesFromDir != null) {
                    JournalLogger.logDebug(8, 6, str, "");
                } else {
                    JournalLogger.logDebug(9, 6, str, "");
                }
                if (loadCertificatesFromDir != null && loadCertificatesFromDir.length > 0) {
                    for (java.security.cert.X509Certificate x509Certificate : loadCertificatesFromDir) {
                        this._verifier.addTrustedCertificate(x509Certificate);
                    }
                }
            }
            if (this._requestCerts || this._requireCerts) {
                this.gServerContext.setRequestClientCertificate(true);
                JournalLogger.logDebugPlus(5, 10, 6, "");
            } else {
                this.gServerContext.setRequestClientCertificate(false);
            }
            if (!this._requireCerts) {
                this._verifier.addTrustedCertificate(null);
            }
            this.gServerContext.setChainVerifier(this._verifier);
        } catch (Exception e) {
            JournalLogger.logCritical(9998, 6, e);
            throw new ServerException(e.getMessage());
        } catch (Throwable th) {
            JournalLogger.logCritical(9998, 6, th);
            throw new ServerException(th.getMessage());
        }
    }

    public String checkClientCert(Socket socket) throws IOException, ServerException {
        SSLSocket sSLSocket = (SSLSocket) socket;
        java.security.cert.X509Certificate[] peerCertificateChain = sSLSocket.getPeerCertificateChain();
        if (this._requireCerts && peerCertificateChain == null) {
            JournalLogger.logError(13, 6);
            sSLSocket.close();
            throw new ServerException(ServerListenerExceptionBundle_en.class, ServerListenerExceptionBundle.NO_PEER_CERT_CHAIN, "");
        }
        if (peerCertificateChain == null || this._verifier.isTrustedChain(peerCertificateChain)) {
            return null;
        }
        JournalLogger.logError(15, 6);
        sSLSocket.close();
        throw new ServerException(ServerListenerExceptionBundle_en.class, ServerListenerExceptionBundle.PEER_CERT_CHAIN_NOT_TRUSTED, "");
    }

    Provider getJavaSecurityProvider(String str) {
        Provider[] providers;
        boolean z = false;
        if (str != null && str.length() > 0 && (providers = Security.getProviders()) != null && providers.length > 0) {
            for (int i = 0; i < providers.length; i++) {
                if (providers[i].getName().equals(str)) {
                    this._provider = providers[i];
                    z = true;
                }
            }
        }
        if (!z) {
            try {
                if (this._keyStoreProviderClass != null && this._keyStoreProviderClass.length() > 0) {
                    this._provider = (Provider) Class.forName(this._keyStoreProviderClass).newInstance();
                    Security.addProvider(this._provider);
                }
            } catch (Exception e) {
                JournalLogger.logError(18, 47, this._keyStoreProviderClass, e);
            }
            if (this._provider == null) {
                String property = Config.getProperty(DEFAULT_JAVA_SECURITY_PROVIDER, "watt.server.java.security.provider");
                if (property != null) {
                    try {
                        if (property.length() > 0) {
                            this._provider = (Provider) Class.forName(property).newInstance();
                            Security.addProvider(this._provider);
                        }
                    } catch (Exception e2) {
                        JournalLogger.logError(18, 47, property, e2);
                    }
                }
            }
        }
        return this._provider;
    }

    private String getProviderForKeyStores(String str) {
        if (keyStoreTypes.size() == 0) {
            Provider[] providers = Security.getProviders();
            for (int i = 0; i < providers.length; i++) {
                Iterator<Object> it = providers[i].keySet().iterator();
                while (it.hasNext()) {
                    String trim = ((String) it.next()).trim();
                    int indexOf = trim.indexOf(ListenerBundle.ALIAS_KEYSTORE);
                    if (indexOf > -1) {
                        keyStoreTypeAliases.put(providers[i].getProperty(trim), trim.substring(indexOf + ListenerBundle.ALIAS_KEYSTORE.length()));
                    } else {
                        int indexOf2 = trim.indexOf(ListenerBundle.KEYSTORE);
                        if (indexOf2 > -1) {
                            keyStoreTypes.put(trim.substring(indexOf2 + ListenerBundle.KEYSTORE.length()), providers[i].getName());
                        }
                    }
                }
            }
        }
        String str2 = keyStoreTypes.containsKey(str) ? (String) keyStoreTypes.get(str) : null;
        if (keyStoreTypeAliases.containsKey(str2)) {
            str2 = (String) keyStoreTypeAliases.get(str2);
        }
        return str2;
    }

    static void debug(String str) {
        System.err.println("<HTTPSListener>: " + str);
    }

    static {
        clientTimeout = 20000;
        reallyStrongCiphers = null;
        useReallyStrongCiphers = false;
        sslDebug = false;
        try {
            clientTimeout = Integer.parseInt(System.getProperty(CLIENT_TIMEOUT_PROPERTY, "20000"));
        } catch (Throwable th) {
            clientTimeout = 20000;
        }
        try {
            iaik.utils.Util.setEncoding("ISO8859_1");
            new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption", "SHA/RSA");
            wmSessionManager.init();
            TrustManager.init();
            sslDebug = Boolean.getBoolean("watt.ssl.iaik.debug");
            iaik.utils.Util.setEncoding("ISO8859_1");
            if (Config.getProperty(MIN_VERSION_PROP) == null) {
                MinVersion = 2;
            } else {
                String property = Config.getProperty(MIN_VERSION_PROP);
                if (property.equals("sslv3")) {
                    MinVersion = 768;
                } else if (property.equals("tls")) {
                    MinVersion = MAX_VERSION_DEFAULT;
                } else {
                    MinVersion = 2;
                }
            }
            if (Config.getProperty(MAX_VERSION_PROP) == null) {
                MaxVersion = MAX_VERSION_DEFAULT;
            } else {
                String property2 = Config.getProperty(MAX_VERSION_PROP);
                if (property2.equals("sslv3")) {
                    MaxVersion = 768;
                } else if (property2.equals("tls")) {
                    MaxVersion = MAX_VERSION_DEFAULT;
                } else {
                    MaxVersion = MAX_VERSION_DEFAULT;
                }
            }
            if (MinVersion > MaxVersion) {
                MaxVersion = MinVersion;
            }
            if (Config.getProperty("false", "watt.net.ssl.client.strongcipheronly").equals("true")) {
                CipherSuiteList cipherSuiteList = new CipherSuiteList(4);
                CipherSuiteList cipherSuiteList2 = new CipherSuiteList();
                for (int i = 0; i < cipherSuiteList.size(); i++) {
                    if (cipherSuiteList.elementAt(i).getKeyLength() >= 16) {
                        cipherSuiteList2.add(cipherSuiteList.elementAt(i));
                    }
                }
                cipherSuiteList2.remove(CipherSuite.SSL_RSA_WITH_IDEA_CBC_SHA);
                useReallyStrongCiphers = true;
                reallyStrongCiphers = cipherSuiteList2.toArray();
                JournalLogger.logDebugPlus(1, 9999, 46, "Outbound SSL restricted to 128 bit or better encryption: ");
                for (int i2 = 0; i2 < cipherSuiteList2.size(); i2++) {
                    JournalLogger.logDebugPlus(2, 9999, 46, " cipher " + i2 + " = " + cipherSuiteList2.elementAt(i2).toString() + " (" + (8 * cipherSuiteList2.elementAt(i2).getKeyLength()) + " bit)");
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}
