package com.ibm.eNetwork.security.ssl;

import com.ibm.eNetwork.ECL.ECLErr;
import com.ibm.eNetwork.ECL.ECLSession;
import com.ibm.eNetwork.ECL.Transport;
import com.ibm.eNetwork.HOD.HODJVMProperties;
import com.ibm.eNetwork.HOD.common.Environment;
import com.ibm.eNetwork.security.intf.HODSSLCertIntf;
import com.ibm.eNetwork.security.intf.HODSSLSessionIntf;
import com.ibm.eNetwork.security.intf.HODSSLTokenIntf;
import com.ibm.hod5sslight.CL3;
import com.ibm.hod5sslight.SSLCert;
import com.ibm.hod5sslight.SSLContext;
import com.ibm.hod5sslight.SSLException;
import com.ibm.hod5sslight.SSLRuntimeException;
import com.ibm.hod5sslight.SSLSocket;
import com.ibm.iaccess.baselite.AcsConstants;
import com.ms.security.PermissionID;
import com.ms.security.PolicyEngine;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URL;
import java.net.URLConnection;
import java.net.UnknownHostException;
import java.util.StringTokenizer;
import java.util.Vector;

/* loaded from: input_file:plugins/emulator/acshod2.jar:com/ibm/eNetwork/security/ssl/HODSSLiteImpl.class */
public class HODSSLiteImpl implements HODSSLProvider {
    protected SSLSocket sslSock = null;
    protected HODSSLCertIntf srvCert = null;
    protected HODSSLContext sslContext = null;
    protected boolean sslContextDebug = false;
    protected int traceLevel = 0;
    protected HODSSLSessionIntf sessionSrc = null;
    protected boolean restartable = false;
    protected HODSSLTokenIntf hodSSLTokenIntf = null;
    protected boolean noValidCertificate = false;
    protected boolean certificateFound = false;
    protected boolean serverNotTrusted = true;
    protected SSLCert clientCert = null;
    protected HODSSLContext certList = null;
    protected String cryptoModule = "";
    protected String cryptoLabel = "";
    protected String cryptoPwd = "";
    public final int OS_WINDOWS = 0;
    public final int OS_LINUX = 1;
    public int osname = 0;
    protected boolean isfips = true;
    private final String[] CL_RELEASE = {"SSL_RSA_WITH_AES_128_CBC_SHA", "SSL_RSA_WITH_AES_256_CBC_SHA", "SSL_RSA_WITH_DES_CBC_SHA", "SSL_RSA_FIPS_WITH_DES_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_RSA_WITH_AES_128_CBC_SHA", "SSL_DHE_RSA_WITH_AES_256_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_DSS_WITH_AES_128_CBC_SHA", "SSL_DHE_DSS_WITH_AES_256_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", "SSL_DH_anon_WITH_AES_128_CBC_SHA", "SSL_DH_anon_WITH_AES_256_CBC_SHA", "SSL_DH_anon_WITH_DES_CBC_SHA", "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"};

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void setSessionIntf(HODSSLSessionIntf hODSSLSessionIntf) {
        this.sessionSrc = hODSSLSessionIntf;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public HODSSLSessionIntf getSessionIntf() {
        return this.sessionSrc;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void setDebug(int i) {
        if (i <= 0) {
            this.sslContextDebug = false;
            return;
        }
        this.sslContextDebug = true;
        if (Transport.getTraceLevel() > 1) {
            this.traceLevel = 1;
        } else {
            this.traceLevel = 0;
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public Socket createSocket() throws ECLErr, UnknownHostException, IOException {
        return createSocket(null, false, (short) 1);
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public Socket createSocket(short s) throws ECLErr, UnknownHostException, IOException {
        return createSocket(null, false, s);
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public Socket createSocket(Socket socket) throws ECLErr, UnknownHostException, IOException {
        return createSocket(socket, false, (short) 1);
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public Socket createSocket(Socket socket, short s) throws ECLErr, UnknownHostException, IOException {
        return createSocket(socket, false, s);
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public Socket createSocket(Socket socket, boolean z) throws ECLErr, UnknownHostException, IOException {
        return createSocket(socket, z, (short) 1);
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public Socket createSocket(Socket socket, boolean z, short s) throws ECLErr, UnknownHostException, IOException {
        String str = null;
        String host = this.sessionSrc.getHost();
        boolean z2 = false;
        this.restartable = false;
        this.certificateFound = false;
        this.noValidCertificate = false;
        this.clientCert = null;
        getCertificatePromptBeforeConnect(s);
        getHODSSLTokenIntf();
        if (this.hodSSLTokenIntf != null) {
            try {
                this.hodSSLTokenIntf.getPrivateCertificate();
            } catch (ECLErr e) {
            }
        }
        while (!z2) {
            z2 = true;
            if (socket == null) {
                try {
                    str = this.sessionSrc.getRandomizeHost();
                    this.sslSock = new SSLSocket(str, this.sessionSrc.getPort(), this.sslContext, false, this);
                } catch (HODSSLException e2) {
                    throw e2.getECLErr();
                } catch (SSLException e3) {
                    if (e3.exception instanceof HODSSLRuntimeException) {
                        throw ((HODSSLRuntimeException) e3.exception).getECLErr();
                    }
                    if (e3.reason == 1) {
                        if (e3.alert == 45) {
                            throw new ECLErr("HODSSLImpl::createSocket():1", "ECL0031", host + ":" + this.sessionSrc.getPort());
                        }
                        if (e3.alert == 46 || e3.alert == 48) {
                            throw new ECLErr("HODSSLImpl::createSocket():2", "ECL0009", host + ":" + this.sessionSrc.getPort());
                        }
                        if (e3.alert == 40) {
                            SSLCert lastCertificateSent = this.sslContext.getLastCertificateSent();
                            if (lastCertificateSent == null) {
                                throw new ECLErr("HODSSLImpl::createSocket():5", "ECL0046", e3.toString());
                            }
                            String message = e3.getMessage();
                            if (message == null) {
                                continue;
                            } else if (message.indexOf("SSLRuntimeException") == -1) {
                                continue;
                            } else if (message.indexOf("reason=15") == -1) {
                                continue;
                            } else {
                                if (getConfiguredCertificateSource().equals("SESSION_SSL_CERTIFICATE_IN_URL")) {
                                    throw new ECLErr("HODSSLImpl::createSocket():4", "ECL0048", getConfiguredCertificateURL());
                                }
                                if (getConfiguredCertificateSource().equals(ECLSession.SESSION_SSL_CERTIFICATE_IN_CSP)) {
                                    throw new ECLErr("HODSSLImpl::createSocket():5", "ECL0049", new HODSSLCertImpl(lastCertificateSent).getFullName());
                                }
                            }
                        } else {
                            continue;
                        }
                    } else if (e3.reason != 2) {
                        continue;
                    } else if (e3.alert == 42 || e3.alert == 48) {
                        SSLCert lastCertificateSent2 = this.sslContext.getLastCertificateSent();
                        if (lastCertificateSent2 == null) {
                            throw new ECLErr("HODSSLImpl::createSocket():5", "ECL0046", e3.toString());
                        }
                        if (getConfiguredCertificateSource().equals("SESSION_SSL_CERTIFICATE_IN_URL")) {
                            throw new ECLErr("HODSSLImpl::createSocket():4", "ECL0035", host + ":" + this.sessionSrc.getPort(), getConfiguredCertificateURL());
                        }
                        if (getConfiguredCertificateSource().equals(ECLSession.SESSION_SSL_CERTIFICATE_IN_CSP)) {
                            throw new ECLErr("HODSSLImpl::createSocket():5", "ECL0047", host + ":" + this.sessionSrc.getPort(), new HODSSLCertImpl(lastCertificateSent2).getFullName());
                        }
                    } else {
                        continue;
                    }
                } catch (HODSSLRuntimeException e4) {
                    throw e4.getECLErr();
                } catch (SSLRuntimeException e5) {
                    throw new ECLErr(getClass().getName() + ":createSocket():8", "ECL0046", e5.toString(), "-1");
                }
            } else {
                str = this.sessionSrc.getHost();
                this.sslSock = new SSLSocket(socket, false, this.sslContext, false, this);
            }
            if (getConfiguredCertificateProvided() && getConfiguredCertificatePromptHowOften().equals(ECLSession.SESSION_SSL_CERTIFICATE_PROMPT_EACH_CONNECT)) {
                if (!z) {
                    this.clientCert = null;
                    if (this.hodSSLTokenIntf != null) {
                        this.hodSSLTokenIntf.setCertificatePassword(null);
                    }
                }
                setConfiguredCertificatePassword(null);
                setConfiguredCertificatePrompted(false);
            }
        }
        if (this.sessionSrc.getServerAuth()) {
            if (this.srvCert == null) {
                this.sslSock.close();
                throw new ECLErr("HODSSLImpl::createSocket():9", "ECL0007", "null");
            }
            String name = this.srvCert.getName();
            if (null == name) {
                this.sslSock.close();
                throw new ECLErr("HODSSLImpl::createSocket():6", "ECL0007", "null");
            }
            if (Environment.getUseSecurityManager().equals("IE")) {
                CL_RELEASE(name, null, null, str);
            } else {
                FILEIO(name, null, null, str);
            }
        }
        return this.sslSock;
    }

    private void CL_RELEASE(String str, InetAddress[] inetAddressArr, InetAddress[] inetAddressArr2, String str2) throws ECLErr, UnknownHostException, IOException {
        try {
            PolicyEngine.assertPermission(PermissionID.NETIO);
        } catch (Exception e) {
        }
        NETIO(str, inetAddressArr, inetAddressArr2, str2);
    }

    private void FILEIO(String str, InetAddress[] inetAddressArr, InetAddress[] inetAddressArr2, String str2) throws ECLErr, UnknownHostException, IOException {
        NETIO(str, inetAddressArr, inetAddressArr2, str2);
    }

    private void NETIO(String str, InetAddress[] inetAddressArr, InetAddress[] inetAddressArr2, String str2) throws ECLErr, UnknownHostException, IOException {
        boolean z = false;
        try {
            InetAddress[] allByName = InetAddress.getAllByName(str);
            InetAddress[] allByName2 = InetAddress.getAllByName(str2);
            for (int i = 0; i < allByName.length && !z; i++) {
                for (int i2 = 0; i2 < allByName2.length && !z; i2++) {
                    if (allByName2[i2].equals(allByName[i])) {
                        z = true;
                    }
                }
            }
            if (z) {
                return;
            }
            this.sslSock.close();
            throw new ECLErr("HODSSLImpl::createSocket():8", "ECL0007", str);
        } catch (UnknownHostException e) {
            this.sslSock.close();
            throw new ECLErr("HODSSLImpl::createSocket():7", "ECL0007", str);
        } catch (Exception e2) {
            this.sslSock.close();
            throw new ECLErr("HODSSLImpl::createSocket():111", "ECL0007", str);
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getCipherSuite() {
        if (this.sslSock != null) {
            return this.sslSock.getCipherSuite();
        }
        return null;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public int getSecurityProtocolUsed() {
        if (this.sslSock != null) {
            return this.sslSock.getSession().getProtocolVersion();
        }
        return 0;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getInetName() {
        String str = null;
        if (this.sslSock != null) {
            str = this.sslSock.getInetAddress().toString().toLowerCase();
        }
        return str;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String[] getClientTrust() {
        String[] strArr = null;
        try {
            getCertificatePassword();
            strArr = this.sslContext.getClientTrust();
        } catch (ECLErr e) {
        }
        return strArr;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public HODSSLCertIntf getServerCertificate() {
        return this.srvCert;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setServerCertificate(HODSSLCertIntf hODSSLCertIntf) {
        this.srvCert = hODSSLCertIntf;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean getConfiguredCertificateProvided() {
        if (this.sessionSrc != null) {
            return this.sessionSrc.getCertificateProvided();
        }
        return false;
    }

    public void setConfiguredCertificateProvided(boolean z) {
        if (this.sessionSrc != null) {
            this.sessionSrc.setCertificateProvided(z);
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getConfiguredCertificateSource() {
        return this.sessionSrc != null ? this.sessionSrc.getCertificateSource() : "SESSION_SSL_CERTIFICATE_IN_URL";
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void setConfiguredCertificateSource(String str) {
        if (this.sessionSrc != null) {
            this.sessionSrc.setCertificateSource(str);
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getConfiguredCertificateURL() {
        return this.sessionSrc != null ? this.sessionSrc.getCertificateURL() : "";
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void setConfiguredCertificateURL(String str) {
        if (this.sessionSrc != null) {
            this.sessionSrc.setCertificateURL(str);
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getConfiguredCertificatePassword() {
        return this.sessionSrc != null ? this.sessionSrc.getCertificatePassword() : "";
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void setConfiguredCertificatePassword(String str) {
        if (this.sessionSrc != null) {
            this.sessionSrc.setCertificatePassword(str);
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getConfiguredCertificateName() {
        return this.sessionSrc != null ? this.sessionSrc.getCertificateName() : "";
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void setConfiguredCertificateName(String str) {
        if (this.sessionSrc != null) {
            this.sessionSrc.setCertificateName(str);
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getConfiguredCertificatePromptHowOften() {
        return this.sessionSrc != null ? this.sessionSrc.getCertificatePromptHowOften() : "SESSION_SSL_CERTIFICATE_PROMPT_FIRST_CONNECT";
    }

    public void setConfiguredCertificatePromptHowOften(String str) {
        if (this.sessionSrc != null) {
            this.sessionSrc.setCertificatePromptHowOften(str);
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean getConfiguredCertificatePromptBeforeConnect() {
        if (this.sessionSrc != null) {
            return this.sessionSrc.getCertificatePromptBeforeConnect();
        }
        return false;
    }

    public void setConfiguredCertificatePromptBeforeConnect(boolean z) {
        this.sessionSrc.setCertificatePromptBeforeConnect(z);
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getConfiguredCertificateHash() {
        return this.sessionSrc != null ? this.sessionSrc.getCertificateHash() : "";
    }

    public void setConfiguredCertificateHash(String str) {
        if (this.sessionSrc != null) {
            this.sessionSrc.setCertificateHash(str);
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getConfiguredCryptoModule() {
        return this.sessionSrc != null ? this.sessionSrc.getCryptoModule() : this.cryptoModule;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void setConfiguredCryptoModule(String str) {
        this.cryptoModule = str;
        if (this.sessionSrc != null) {
            this.sessionSrc.setCryptoModule(str);
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getConfiguredCryptoLabel() {
        return this.sessionSrc != null ? this.sessionSrc.getCryptoLabel() : this.cryptoLabel;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void setConfiguredCryptoLabel(String str) {
        this.cryptoLabel = str;
        if (this.sessionSrc != null) {
            this.sessionSrc.setCryptoLabel(str);
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getConfiguredCryptoPwd() {
        return this.sessionSrc != null ? this.sessionSrc.getCryptoPwd() : this.cryptoPwd;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void setConfiguredCryptoPwd(String str) {
        this.cryptoPwd = str;
        if (this.sessionSrc != null) {
            this.sessionSrc.setCryptoPwd(str);
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void updateConfiguration(boolean z) throws ECLErr {
        getHODSSLTokenIntf();
        if (this.hodSSLTokenIntf != null) {
            setConfiguredCertificateProvided(this.hodSSLTokenIntf.getCertificateProvided());
            setConfiguredCertificateSource(this.hodSSLTokenIntf.getCertificateSource());
            setConfiguredCertificateURL(this.hodSSLTokenIntf.getCertificateURL());
            setConfiguredCertificatePassword(this.hodSSLTokenIntf.getCertificatePassword());
            setConfiguredCertificateName(this.hodSSLTokenIntf.getCertificateName());
            setConfiguredCertificatePromptHowOften(this.hodSSLTokenIntf.getCertificatePromptHowOften());
            setConfiguredCertificatePromptBeforeConnect(this.hodSSLTokenIntf.getCertificatePromptBeforeConnect());
            setConfiguredCertificateHash(this.hodSSLTokenIntf.getCertificateHash());
            setConfiguredCertificatePrompted(z);
            setConfiguredCryptoModule(this.hodSSLTokenIntf.getCryptoModule());
            setConfiguredCryptoLabel(this.hodSSLTokenIntf.getCryptoLabel());
            setConfiguredCryptoPwd(this.hodSSLTokenIntf.getCryptoPwd());
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String getConfiguredHost() {
        return this.sessionSrc.getHost();
    }

    public String getConfiguredLabel() {
        return this.sessionSrc.getLabel();
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean getAllowCertificateProvidedModify() {
        return this.sessionSrc == null || !this.sessionSrc.getCertificateProvidedAdmin();
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean getAllowCertificateSourceModify() {
        return this.sessionSrc == null || !this.sessionSrc.getCertificateSourceAdmin();
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean getAllowCertificateURLModify() {
        return this.sessionSrc == null || !this.sessionSrc.getCertificateURLAdmin();
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean getAllowCertificateNameModify() {
        return this.sessionSrc == null || !this.sessionSrc.getCertificateNameAdmin();
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean getAllowCertificatePromptHowOftenModify() {
        return this.sessionSrc == null || !this.sessionSrc.getCertificatePromptHowOftenAdmin();
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean getAllowCertificatePromptBeforeConnectModify() {
        return this.sessionSrc == null || !this.sessionSrc.getCertificatePromptBeforeConnectAdmin();
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean isRestartable() {
        return this.restartable;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public HODSSLTokenIntf getHODSSLTokenIntf() {
        if (this.hodSSLTokenIntf == null) {
            HODSSLTokenImpl hODSSLTokenImpl = new HODSSLTokenImpl(getConfiguredCertificateProvided(), getConfiguredCertificateSource(), getConfiguredCertificateURL(), getConfiguredCertificatePassword(), getConfiguredCertificateName(), getConfiguredCertificatePromptHowOften(), getConfiguredCertificatePromptBeforeConnect(), getConfiguredCertificateHash());
            hODSSLTokenImpl.setCryptoLabel(getConfiguredCryptoLabel());
            hODSSLTokenImpl.setCryptoModule(getConfiguredCryptoModule());
            hODSSLTokenImpl.setCryptoPwd(getConfiguredCryptoPwd());
            this.hodSSLTokenIntf = hODSSLTokenImpl;
        }
        return this.hodSSLTokenIntf;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public HODSSLTokenIntf getHODSSLTokenIntf(boolean z, String str, String str2, String str3, String str4, String str5, boolean z2, String str6) {
        if (this.hodSSLTokenIntf == null) {
            this.hodSSLTokenIntf = new HODSSLTokenImpl(z, str, str2, str3, str4, str5, z2, str6);
        } else {
            this.hodSSLTokenIntf.setCertificateProvided(z);
            this.hodSSLTokenIntf.setCertificateSource(str);
            this.hodSSLTokenIntf.setCertificateURL(str2);
            this.hodSSLTokenIntf.setCertificatePassword(str3);
            this.hodSSLTokenIntf.setCertificateName(str4);
            this.hodSSLTokenIntf.setCertificatePromptHowOften(str5);
            this.hodSSLTokenIntf.setCertificatePromptBeforeConnect(z2);
            this.hodSSLTokenIntf.setCertificateHash(str6);
        }
        return this.hodSSLTokenIntf;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean getConfiguredCertificatePrompted() {
        if (this.sessionSrc != null) {
            return this.sessionSrc.getCertificatePrompted();
        }
        return false;
    }

    public void setConfiguredCertificatePrompted(boolean z) {
        this.sessionSrc.setCertificatePrompted(z);
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public void setSessionPrompted(String str, boolean z) {
        HODSSLContext.setSessionPrompted(str, z);
    }

    protected void setNoValidCertificate(boolean z) {
        this.noValidCertificate = z;
    }

    protected boolean getNoValidCertificate() {
        return this.noValidCertificate;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean getSSL() {
        if (this.sessionSrc != null) {
            return this.sessionSrc.getSSL();
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getTrustedSignerPath() {
        return this.sessionSrc != null ? this.sessionSrc.getTrustedSignerPath() : "";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ClassLoader getCustomizedCAsClassLoader() {
        if (this.sessionSrc != null) {
            return this.sessionSrc.getCustomizedCAsClassLoader();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean getignoreWellKnownTrustedCAsOption() {
        if (this.sessionSrc != null) {
            return this.sessionSrc.getignoreWellKnownTrustedCAsOption();
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getSSLP12Password() {
        return this.sessionSrc != null ? this.sessionSrc.getSSLP12Password() : "";
    }

    protected String getSecurityProtocol() {
        return this.sessionSrc != null ? this.sessionSrc.getSecurityProtocol() : "SESSION_PROTOCOL_TLS";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean getBrowserKeyringAdded() {
        if (this.sessionSrc != null) {
            return this.sessionSrc.getBrowserKeyringAdded();
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setServerNotTrusted(boolean z) {
        this.serverNotTrusted = z;
    }

    public static boolean write(String str, byte[] bArr, boolean z) throws ECLErr {
        String arraycopy;
        if (str == null) {
            return false;
        }
        String trim = str.trim();
        String str2 = trim;
        if (trim == null || str2.equals("")) {
            return false;
        }
        try {
            URL assertPermission = assertPermission(str2);
            if (assertPermission != null && !assertPermission.getProtocol().equals("file")) {
                return close(assertPermission, bArr);
            }
            if (assertPermission != null) {
                str2 = assertPermission.getFile();
            }
            if (str2 == null || (arraycopy = arraycopy(str2)) == null) {
                return false;
            }
            return Environment.getUseSecurityManager().equals("IE") ? OS_LINUX(str, bArr, z, arraycopy) : OS_WINDOWS(str, bArr, z, arraycopy);
        } catch (NullPointerException e) {
            throw new ECLErr("HODSSLImpl::write:1", "ECL0038", str, (String) null, false);
        }
    }

    private static boolean OS_LINUX(String str, byte[] bArr, boolean z, String str2) throws ECLErr {
        try {
            PolicyEngine.assertPermission(PermissionID.FILEIO);
        } catch (Exception e) {
        }
        return VERSION(str, bArr, z, str2);
    }

    private static boolean OS_WINDOWS(String str, byte[] bArr, boolean z, String str2) throws ECLErr {
        return VERSION(str, bArr, z, str2);
    }

    private static boolean VERSION(String str, byte[] bArr, boolean z, String str2) throws ECLErr {
        File file = new File(str2);
        if (file.exists() && !z) {
            throw new ECLErr("HODSSLImpl::write:1", "ECL0039", str);
        }
        if (!file.exists() || file.canWrite()) {
            return cryptoLabel(file, bArr);
        }
        throw new ECLErr("HODSSLImpl::write:2", "ECL0038", str);
    }

    public static byte[] read(String str) throws ECLErr {
        if (str == null) {
            return null;
        }
        URL assertPermission = assertPermission(str);
        if (assertPermission != null && !assertPermission.getProtocol().equals("file")) {
            return canRead(assertPermission);
        }
        String arraycopy = arraycopy(assertPermission != null ? assertPermission.getFile() : str);
        if (arraycopy == null) {
            return null;
        }
        return Environment.getUseSecurityManager().equals("IE") ? addElement(str, arraycopy) : alert(str, arraycopy);
    }

    private static byte[] addElement(String str, String str2) throws ECLErr {
        try {
            PolicyEngine.assertPermission(PermissionID.FILEIO);
        } catch (Exception e) {
        }
        return append(str, str2);
    }

    private static byte[] alert(String str, String str2) throws ECLErr {
        return append(str, str2);
    }

    private static byte[] append(String str, String str2) throws ECLErr {
        File file = new File(str2);
        if (file.canRead()) {
            return checkKeyUsage(file);
        }
        throw new ECLErr("HODSSLImpl::read:1", "ECL0040", str);
    }

    private static String arraycopy(String str) {
        if (str == null) {
            return null;
        }
        String trim = str.trim();
        if (trim == null || trim.equals("")) {
            return null;
        }
        if (File.separator.equals(AcsConstants.BSLASH_STR)) {
            while (trim.startsWith("/")) {
                trim = trim.substring(1);
            }
        }
        if (trim == null || trim.equals("")) {
            return null;
        }
        return trim;
    }

    private static URL assertPermission(String str) {
        URL url = null;
        if (str != null) {
            try {
                url = new URL(str);
            } catch (MalformedURLException e) {
                url = null;
            }
        }
        return url;
    }

    private static byte[] canRead(URL url) {
        if (url == null) {
            return null;
        }
        return Environment.getUseSecurityManager().equals("IE") ? canWrite(url) : certList(url);
    }

    private static byte[] canWrite(URL url) {
        try {
            PolicyEngine.assertPermission(PermissionID.NETIO);
        } catch (Exception e) {
        }
        return certificateFound(url);
    }

    private static byte[] certList(URL url) {
        return certificateFound(url);
    }

    private static byte[] certificateFound(URL url) {
        int read;
        byte[] bArr = null;
        InputStream inputStream = null;
        if (url == null) {
            return null;
        }
        try {
            URLConnection openConnection = url.openConnection();
            if (openConnection != null) {
                int contentLength = openConnection.getContentLength();
                byte[] bArr2 = contentLength != -1 ? new byte[contentLength] : new byte[65535];
                int i = 0;
                inputStream = (InputStream) openConnection.getContent();
                if (inputStream != null) {
                    while (i < bArr2.length && (read = inputStream.read(bArr2, i, bArr2.length - i)) != -1) {
                        i += read;
                    }
                    inputStream.close();
                    if (contentLength != -1 || 0 >= i || i >= bArr2.length) {
                        bArr = bArr2;
                    } else {
                        byte[] bArr3 = new byte[i];
                        System.arraycopy(bArr2, 0, bArr3, 0, i);
                        bArr = bArr3;
                    }
                }
            }
            return bArr;
        } catch (IOException e) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e2) {
                    return null;
                }
            }
            return null;
        }
    }

    private static byte[] checkKeyUsage(File file) {
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(file);
            byte[] clientCert = clientCert(fileInputStream);
            fileInputStream.close();
            return clientCert;
        } catch (IOException e) {
            try {
                fileInputStream.close();
                return null;
            } catch (IOException e2) {
                return null;
            }
        }
    }

    private static byte[] clientCert(InputStream inputStream) {
        int read;
        byte[] bArr = new byte[40960];
        int i = 0;
        while (i < bArr.length && (read = inputStream.read(bArr, i, bArr.length - i)) != -1) {
            try {
                i += read;
            } catch (IOException e) {
                i = 0;
            }
        }
        if (i == 0) {
            return null;
        }
        byte[] bArr2 = new byte[i];
        for (int i2 = 0; i2 < bArr2.length; i2++) {
            bArr2[i2] = bArr[i2];
        }
        return bArr2;
    }

    private static boolean close(URL url, byte[] bArr) {
        return Environment.getUseSecurityManager().equals("IE") ? copyInto(url, bArr) : createEnvironment(url, bArr);
    }

    private static boolean copyInto(URL url, byte[] bArr) {
        try {
            PolicyEngine.assertPermission(PermissionID.NETIO);
        } catch (Exception e) {
        }
        return createSocket(url, bArr);
    }

    private static boolean createEnvironment(URL url, byte[] bArr) {
        return createSocket(url, bArr);
    }

    private static boolean createSocket(URL url, byte[] bArr) {
        boolean z = false;
        try {
            URLConnection openConnection = url.openConnection();
            if (openConnection != null) {
                openConnection.setDoOutput(true);
                openConnection.setDoInput(false);
                openConnection.getOutputStream().write(bArr);
                z = true;
            }
        } catch (IOException e) {
            z = false;
        }
        return z;
    }

    private static boolean cryptoLabel(File file, byte[] bArr) {
        return Environment.getUseSecurityManager().equals("IE") ? cryptoModule(file, bArr) : cryptoPwd(file, bArr);
    }

    private static boolean cryptoModule(File file, byte[] bArr) {
        try {
            PolicyEngine.assertPermission(PermissionID.FILEIO);
        } catch (Exception e) {
        }
        return equals(file, bArr);
    }

    private static boolean cryptoPwd(File file, byte[] bArr) {
        return equals(file, bArr);
    }

    private static boolean equals(File file, byte[] bArr) {
        FileOutputStream fileOutputStream = null;
        try {
            fileOutputStream = new FileOutputStream(file);
            fileOutputStream.write(bArr);
            fileOutputStream.close();
            return true;
        } catch (IOException e) {
            try {
                fileOutputStream.close();
                return false;
            } catch (IOException e2) {
                return false;
            }
        }
    }

    static long msbf(byte[] bArr, int i, int i2) {
        long j = 0;
        do {
            int i3 = i;
            i++;
            i2--;
            j |= (bArr[i3] & 255) << (i2 * 8);
        } while (i2 > 0);
        return j;
    }

    static byte getBits(byte[] bArr, int i, int i2) {
        int i3 = i / 7;
        int i4 = i % 7;
        byte b = (byte) (bArr[i3] & (127 >>> i4));
        int i5 = i2 - (7 - i4);
        return i5 > 0 ? (byte) ((b << i5) | ((byte) (bArr[i3 + 1] >>> (7 - i5)))) : i5 < 0 ? (byte) (b >>> (-i5)) : b;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public String[] getPrivateCertNames() {
        return Environment.getUseSecurityManager().equals("IE") ? exception() : exists();
    }

    private String[] exception() {
        String[] strArr = null;
        try {
            PolicyEngine.assertPermission(PermissionID.NETIO);
            strArr = getAllByName();
        } catch (Exception e) {
            System.out.println("HODSSLImpl::getPrivateCertNames() could not get MSCAPI private certs, exception->" + e);
        }
        return strArr;
    }

    private String[] exists() {
        String[] strArr = null;
        try {
            strArr = Environment.isLinux() ? getCertKeyUsage() : getAllByName();
        } catch (Exception e) {
            System.out.println("HODSSLImpl::getPrivateCertNames() could not get private certs, exception->" + e);
        }
        return strArr;
    }

    private String[] getAllByName() {
        String[] strArr = null;
        String certKeyUsage = Environment.createEnvironment().getCertKeyUsage();
        try {
            HODSSLMSCAPIToken hODSSLMSCAPIToken = new HODSSLMSCAPIToken("");
            if (hODSSLMSCAPIToken != null) {
                hODSSLMSCAPIToken.open();
                SSLCert[] keyRing = hODSSLMSCAPIToken.getKeyRing(4);
                if (keyRing != null) {
                    if (certKeyUsage != null) {
                        strArr = getBrowserKeyringAdded(keyRing, certKeyUsage);
                    } else {
                        strArr = new String[keyRing.length];
                        for (int i = 0; i < keyRing.length; i++) {
                            strArr[i] = HODSSLCertImpl.getFullName(keyRing[i]);
                        }
                    }
                }
            }
        } catch (Exception e) {
            System.out.println("HODSSLImpl::getPrivateCertNames() could not get MSCAPI private certs, exception->" + e);
        }
        return strArr;
    }

    private String[] getBrowserKeyringAdded(SSLCert[] sSLCertArr, String str) {
        String[] strArr = null;
        Vector vector = new Vector();
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        for (int i = 0; i < sSLCertArr.length; i++) {
            if (HODSSLImpl.checkKeyUsage(sSLCertArr[i], stringTokenizer)) {
                vector.addElement(sSLCertArr[i]);
            }
        }
        Object[] objArr = new Object[vector.size()];
        vector.copyInto(objArr);
        if (sSLCertArr != null) {
            strArr = new String[objArr.length];
            if (objArr.length == 0) {
                System.out.println("No certificate matches any of the key usages defined.");
            }
            for (int i2 = 0; i2 < objArr.length; i2++) {
                strArr[i2] = HODSSLCertImpl.getFullName((SSLCert) objArr[i2]);
            }
        }
        return strArr;
    }

    private String[] getCertKeyUsage() {
        String[] strArr = null;
        String certKeyUsage = Environment.createEnvironment().getCertKeyUsage();
        try {
            HODSSLPKCS11Token hODSSLPKCS11Token = new HODSSLPKCS11Token((this.cryptoLabel == null || this.cryptoLabel.equals("")) ? this.cryptoModule : this.cryptoModule + ":" + this.cryptoLabel);
            if (hODSSLPKCS11Token != null) {
                hODSSLPKCS11Token.open(this.cryptoPwd);
                SSLCert[] keyRing = hODSSLPKCS11Token.getKeyRing(4);
                if (keyRing != null) {
                    if (certKeyUsage != null) {
                        strArr = getBrowserKeyringAdded(keyRing, certKeyUsage);
                    } else {
                        strArr = new String[keyRing.length];
                        for (int i = 0; i < keyRing.length; i++) {
                            strArr[i] = HODSSLCertImpl.getFullName(keyRing[i]);
                        }
                    }
                }
            }
        } catch (Exception e) {
            System.out.println("HODSSLImpl::getPrivateCertNames_linuxwork() could not get private certs, exception->" + e);
        }
        return strArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HODSSLCertIntf getPrivateCertificate() throws ECLErr {
        if (this.hodSSLTokenIntf == null) {
            this.hodSSLTokenIntf = getHODSSLTokenIntf();
        }
        if (this.hodSSLTokenIntf != null) {
            return this.hodSSLTokenIntf.getPrivateCertificate();
        }
        return null;
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public HODSSLCertIntf getNamedCertificate(String str) throws ECLErr {
        return Environment.getUseSecurityManager().equals("IE") ? getCertificateHash(str) : getCertificateName(str);
    }

    private HODSSLCertIntf getCertificateHash(String str) throws ECLErr {
        try {
            PolicyEngine.assertPermission(PermissionID.NETIO);
            return getCertificateNameAdmin(str);
        } catch (Exception e) {
            throw new ECLErr(getClass().getName() + ":getNamedCertificate():1", "ECL0036", e.toString(), "-1");
        }
    }

    private HODSSLCertIntf getCertificateName(String str) throws ECLErr {
        try {
            return getCertificateNameAdmin(str);
        } catch (Exception e) {
            throw new ECLErr(getClass().getName() + ":getNamedCertificate():1", "ECL0036", e.toString(), "-1");
        }
    }

    private HODSSLCertIntf getCertificateNameAdmin(String str) throws ECLErr {
        SSLCert[] privateCertificates;
        HODSSLCertImpl hODSSLCertImpl = null;
        try {
            HODSSLMSCAPIToken hODSSLMSCAPIToken = new HODSSLMSCAPIToken("");
            hODSSLMSCAPIToken.open();
            try {
                privateCertificates = hODSSLMSCAPIToken.getPrivateCertificates(null, 0, 0, 1, false);
            } catch (ECLErr e) {
                throw e;
            } catch (Exception e2) {
                System.out.println("HODSSLImpl::getNamedCertificate() failed, exception->" + e2);
            }
            if (privateCertificates == null || privateCertificates.length <= 0) {
                throw new ECLErr(getClass().getName() + ":getNamedCertificate():2", "ECL0044");
            }
            int i = 0;
            while (true) {
                if (i < privateCertificates.length) {
                    HODSSLCertImpl hODSSLCertImpl2 = new HODSSLCertImpl(privateCertificates[i]);
                    if (hODSSLCertImpl2 != null && hODSSLCertImpl2.matches(str)) {
                        hODSSLCertImpl = hODSSLCertImpl2;
                        break;
                    }
                    i++;
                } else {
                    break;
                }
            }
            if (i == privateCertificates.length) {
                throw new ECLErr(getClass().getName() + ":getNamedCertificate():2", "ECL0045", str);
            }
            return hODSSLCertImpl;
        } catch (Exception e3) {
            throw new ECLErr(getClass().getName() + ":getNamedCertificate():1", "ECL0036", e3.toString(), "-1");
        }
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean isSessionPrompted(String str) {
        return HODSSLContext.isSessionPrompted(str);
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public boolean isPasswordCached(String str) {
        return HODSSLTokenImpl.isPasswordCached(str);
    }

    @Override // com.ibm.eNetwork.security.ssl.HODSSLProvider
    public HODSSLCertIntf getLastCertificateSent() {
        SSLCert lastCertificateSent;
        try {
            getCertificatePassword();
        } catch (ECLErr e) {
        }
        if (this.sslContext == null || (lastCertificateSent = this.sslContext.getLastCertificateSent()) == null) {
            return null;
        }
        return new HODSSLCertImpl(lastCertificateSent);
    }

    private HODSSLContext getCertificatePassword() throws ECLErr {
        return getCertificatePromptBeforeConnect((short) 1);
    }

    private HODSSLContext getCertificatePromptBeforeConnect(short s) throws ECLErr {
        if (this.sslContext == null) {
            try {
                this.sslContext = new HODSSLContext(this, s);
                this.sslContext.debug = this.sslContextDebug;
                this.sslContext.trace = this.traceLevel;
                if (getSecurityProtocol().equals("SESSION_PROTOCOL_TLS")) {
                    if (this.sslContextDebug) {
                        System.out.println("protocol is TLS");
                    }
                    this.sslContext.SSLv31 = true;
                    if (this.isfips) {
                        if (this.sslContextDebug) {
                            System.out.println("FIPS mode on");
                        }
                        String str = "";
                        for (int i = 0; i < this.CL_RELEASE.length; i++) {
                            str = str + this.CL_RELEASE[i] + " ";
                        }
                        this.sslContext.setEnabledCipherSuites(str);
                    }
                } else {
                    if (this.sslContextDebug) {
                        System.out.println("protocol is SSLv3.0");
                    }
                    this.sslContext.SSLv31 = false;
                }
                if (this.sslContextDebug) {
                    System.out.println("******enabled ciphers:***** ");
                    String[] enabledCipherSuites = this.sslContext.getEnabledCipherSuites();
                    for (int i2 = 0; i2 < enabledCipherSuites.length; i2++) {
                        System.out.println(i2 + "):   " + enabledCipherSuites[i2]);
                    }
                }
                String parameter = Environment.createEnvironment().getParameter(Environment.SSL_HANDSHAKE_TIMEOUT_SECS);
                if (parameter != null && !parameter.equals("")) {
                    int intValue = Integer.valueOf(parameter).intValue();
                    this.sslContext.setTimeout(2, intValue);
                    if (this.sslContextDebug) {
                        System.out.println("set connection timeout: " + intValue);
                    }
                }
            } catch (ECLErr e) {
                throw e;
            } catch (Exception e2) {
                throw new ECLErr(getClass().getName() + ":createSocket():1", "ECL0036", e2.toString(), "-1");
            }
        }
        return this.sslContext;
    }

    static {
        if (HODJVMProperties.getMajorVersion() > 11) {
            try {
                String str = SSLContext.CL_RELEASE;
                int i = CL3.VERSION;
            } catch (Throwable th) {
                th.printStackTrace();
            }
        }
    }
}
