package com.ibm.eNetwork.security.ssl;

import com.ibm.eNetwork.ECL.ECLErr;
import com.ibm.eNetwork.ECL.ECLSession;
import com.ibm.eNetwork.HOD.common.BaseEnvironment;
import com.ibm.eNetwork.HOD.jni.MD5FactoryJNI;
import com.ibm.eNetwork.security.intf.HODSSLCertIntf;
import com.ibm.eNetwork.security.intf.HODSSLTokenIntf;
import com.ibm.hats.common.CommonConstants;
import com.ibm.hod5sslight.SSLCert;
import com.ibm.hod5sslight.SSLPKCS12Token;
import com.ibm.hod5sslight.SSLRuntimeException;
import com.ibm.hod5sslight.SSLToken;
import com.ms.security.PermissionID;
import com.ms.security.PolicyEngine;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.util.Properties;

/* loaded from: input_file:habeansnlv2.jar:com/ibm/eNetwork/security/ssl/HODSSLTokenImpl.class */
public class HODSSLTokenImpl implements HODSSLTokenIntf {
    private static Properties passwordCache = new Properties();
    protected boolean provided;
    protected String source;
    protected String url;
    protected String password;
    protected String certName;
    protected String promptHowOften;
    protected boolean promptBeforeConnect;
    protected String hash;
    protected boolean prompted;
    protected HODSSLCertIntf privateCert;
    protected HODSSLCertIntf[] privateCerts;
    protected byte[] bytes;
    protected SSLToken token;

    public HODSSLTokenImpl() {
        this(ECLSession.SESSION_SSL_CERTIFICATE_PROVIDED_DEFAULT == ECLSession.SESSION_ON, "SESSION_SSL_CERTIFICATE_IN_URL", "", "", "", "SESSION_SSL_CERTIFICATE_PROMPT_FIRST_CONNECT", ECLSession.SESSION_SSL_CERTIFICATE_PROMPT_BEFORE_CONNECT_DEFAULT == ECLSession.SESSION_ON, ECLSession.SESSION_SSL_CERTIFICATE_HASH);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HODSSLTokenImpl(boolean z, String str, String str2, String str3, String str4, String str5, boolean z2, String str6) {
        this.provided = ECLSession.SESSION_SSL_CERTIFICATE_PROVIDED_DEFAULT == ECLSession.SESSION_ON;
        this.source = "SESSION_SSL_CERTIFICATE_IN_URL";
        this.url = "";
        this.password = "";
        this.certName = "";
        this.promptHowOften = "SESSION_SSL_CERTIFICATE_PROMPT_FIRST_CONNECT";
        this.promptBeforeConnect = ECLSession.SESSION_SSL_CERTIFICATE_PROMPT_BEFORE_CONNECT_DEFAULT == ECLSession.SESSION_ON;
        this.hash = "";
        this.prompted = false;
        this.privateCert = null;
        this.privateCerts = null;
        this.bytes = null;
        this.token = null;
        setCertificateProvided(z);
        setCertificateSource(str);
        setCertificateURL(str2);
        setCertificatePassword(str3);
        setCertificateName(str4);
        setCertificatePromptHowOften(str5);
        setCertificatePromptBeforeConnect(z2);
        setCertificateHash(str6);
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public void setCertificateProvided(boolean z) {
        this.provided = z;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public boolean getCertificateProvided() {
        return this.provided;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public void setCertificateSource(String str) {
        if (str == null || !str.equals(this.source)) {
            setToken(null);
            setPrivateCertificate(null);
        }
        this.source = str;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public String getCertificateSource() {
        return this.source;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public void setCertificateURL(String str) {
        if (!sameFile(str)) {
            setBytes(null);
            String certificatePassword = getCertificatePassword();
            String certificatePromptHowOften = getCertificatePromptHowOften();
            if (nonNullStr(certificatePassword) && nonNullStr(certificatePromptHowOften)) {
                addToCache(str, certificatePassword, certificatePromptHowOften);
            }
        }
        if (str == "") {
            str = null;
        }
        this.url = str;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public String getCertificateURL() {
        return this.url;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public void setCertificatePassword(String str) {
        if (this.password != null && !this.password.equals(str)) {
            setToken(null);
            setPrivateCertificate(null);
            setBytes(null);
            String certificateURL = getCertificateURL();
            String certificatePromptHowOften = getCertificatePromptHowOften();
            if (nonNullStr(certificateURL) && nonNullStr(certificatePromptHowOften)) {
                addToCache(certificateURL, str, certificatePromptHowOften);
            }
        }
        if (str != null && str.equals("")) {
            str = null;
        }
        this.password = str;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public String getCertificatePassword() {
        if (!nonNullStr(this.password)) {
            String certificatePromptHowOften = getCertificatePromptHowOften();
            if (nonNullStr(certificatePromptHowOften) && nonNullStr(this.url)) {
                if (certificatePromptHowOften.equals(ECLSession.SESSION_SSL_CERTIFICATE_PROMPT_ONLY_ONCE)) {
                    String certificateHash = getCertificateHash();
                    String certificateURL = getCertificateURL();
                    if (nonNullStr(certificateHash) && !certificateHash.equals(ECLSession.SESSION_SSL_CERTIFICATE_HAS_BEEN_PROMPTED) && nonNullStr(certificateURL)) {
                        byte[] bytes = MD5FactoryJNI.makeMD5(new BufferedInputStream(new ByteArrayInputStream(new StringBuffer().append(MD5FactoryJNI.makeMD5(new BufferedInputStream(new ByteArrayInputStream(certificateURL.getBytes())))).append(certificateURL).toString().getBytes()))).getBytes();
                        byte[] bArr = new byte[certificateHash.length() / 2];
                        for (int i = 0; i < bArr.length; i++) {
                            bArr[i] = Byte.decode(new StringBuffer().append("0x").append(certificateHash.substring(i * 2, (i * 2) + 2)).toString()).byteValue();
                        }
                        byte[] bArr2 = new byte[bArr.length];
                        for (int i2 = 0; i2 < bArr.length; i2++) {
                            bArr2[i2] = (byte) (bArr[i2] ^ bytes[i2 % bytes.length]);
                        }
                        this.password = new String(bArr2);
                    }
                } else if (certificatePromptHowOften.equals("SESSION_SSL_CERTIFICATE_PROMPT_FIRST_CONNECT")) {
                    this.password = (String) passwordCache.get(this.url);
                } else if (certificatePromptHowOften.equals("SESSION_SSL_CERTIFICATE_PROMPT_FIRST_CERTIFICATE")) {
                    this.password = (String) passwordCache.get(this.url);
                }
            }
        }
        return this.password;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public void setCertificateName(String str) {
        if (str == null || !str.equals(this.certName)) {
            setToken(null);
            setPrivateCertificate(null);
        }
        this.certName = str;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public String getCertificateName() {
        return this.certName;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public void setCertificatePromptHowOften(String str) {
        this.promptHowOften = str;
        String certificateURL = getCertificateURL();
        String certificatePassword = getCertificatePassword();
        if (nonNullStr(certificateURL) && nonNullStr(certificatePassword)) {
            addToCache(certificateURL, certificatePassword, str);
        }
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public String getCertificatePromptHowOften() {
        return this.promptHowOften;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public void setCertificatePromptBeforeConnect(boolean z) {
        this.promptBeforeConnect = z;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public boolean getCertificatePromptBeforeConnect() {
        return this.promptBeforeConnect;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public void setCertificateHash(String str) {
        this.hash = str;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public String getCertificateHash() {
        return this.hash;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public void setCertificatePrompted(boolean z) {
        this.prompted = z;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public boolean getCertificatePrompted() {
        return this.prompted;
    }

    public boolean isConsistent() {
        return true;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public boolean changeCertificatePassword(String str, boolean z) throws ECLErr {
        boolean z2 = false;
        if (nonNullStr(str) && nonNullStr(getCertificateURL())) {
            try {
                SSLPKCS12Token sSLPKCS12Token = (SSLPKCS12Token) getToken();
                if (sSLPKCS12Token != null) {
                    sSLPKCS12Token.privEnc = z ? 2 : 5;
                    sSLPKCS12Token.iterCnt = z ? CommonConstants.DEFAULT_DELAY_INTERVAL + SSLToken.getRandom(1)[0] : 1;
                    byte[] encode = sSLPKCS12Token.encode(str);
                    if (encode != null) {
                        setCertificatePassword(str);
                        setBytes(encode);
                        z2 = true;
                    }
                } else {
                    setCertificatePassword(str);
                }
            } catch (ECLErr e) {
                throw e;
            } catch (Throwable th) {
                throw new ECLErr(new StringBuffer().append(getClass().getName()).append(":changeCertificatePassword():1").toString(), "ECL0036", th.toString(), ECLSession.SESSION_CICS_RETRY_INTERVAL_DEFAULT);
            }
        }
        return z2;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public boolean isCertificateStrong() {
        try {
            return ((SSLPKCS12Token) getToken()).iterCnt > 1;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public HODSSLCertIntf getPrivateCertificate() throws ECLErr {
        SSLToken token;
        if (this.privateCert == null && (token = getToken()) != null) {
            String certificateSource = getCertificateSource();
            if (certificateSource.equals("SESSION_SSL_CERTIFICATE_IN_URL")) {
                SSLCert privateCertificate = token.getPrivateCertificate(1, false, false);
                if (privateCertificate != null) {
                    this.privateCert = new HODSSLCertImpl(privateCertificate);
                }
            } else if (certificateSource.equals(ECLSession.SESSION_SSL_CERTIFICATE_IN_CSP)) {
                String certificateName = getCertificateName();
                SSLCert[] privateCertificates = token.getPrivateCertificates(null, 0, 0, 1, false);
                if (certificateName == null || certificateName.equals("")) {
                    if (privateCertificates != null && privateCertificates.length > 0) {
                        int i = 0;
                        while (true) {
                            if (i >= privateCertificates.length) {
                                break;
                            }
                            if (privateCertificates[i].valid(false)) {
                                this.privateCert = new HODSSLCertImpl(privateCertificates[i]);
                                break;
                            }
                            i++;
                        }
                    }
                } else if (privateCertificates != null && privateCertificates.length > 0) {
                    int i2 = 0;
                    while (true) {
                        if (i2 >= privateCertificates.length) {
                            break;
                        }
                        HODSSLCertImpl hODSSLCertImpl = new HODSSLCertImpl(privateCertificates[i2]);
                        if (hODSSLCertImpl.matches(certificateName)) {
                            this.privateCert = hODSSLCertImpl;
                            break;
                        }
                        i2++;
                    }
                }
            }
        }
        return this.privateCert;
    }

    private void setPrivateCertificate(HODSSLCertImpl hODSSLCertImpl) {
        this.privateCert = hODSSLCertImpl;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public HODSSLCertIntf getPrivateCertificate(String str) {
        HODSSLCertIntf hODSSLCertIntf = null;
        if (this.privateCerts == null) {
            try {
                SSLToken token = getToken();
                if (token != null) {
                    SSLCert[] privateCertificates = token.getPrivateCertificates(null, 0, 0, 1, false);
                    if (nonNullArr(privateCertificates)) {
                        this.privateCerts = new HODSSLCertIntf[privateCertificates.length];
                        for (int i = 0; i < privateCertificates.length; i++) {
                            this.privateCerts[i] = new HODSSLCertImpl(privateCertificates[i]);
                        }
                    }
                }
            } catch (Throwable th) {
                System.out.println(new StringBuffer().append("HODSSLTokenImpl::getPrivateCertificate(").append(str).append(")->Throwable=").append(th).toString());
            }
        }
        if (this.privateCerts != null) {
            for (int i2 = 0; i2 < this.privateCerts.length && hODSSLCertIntf == null; i2++) {
                if (this.privateCerts[i2].matches(str)) {
                    hODSSLCertIntf = this.privateCerts[i2];
                }
            }
        }
        return hODSSLCertIntf;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public HODSSLCertIntf[] getPrivateCertificates() {
        SSLToken token;
        try {
            if (this.privateCerts == null && (token = getToken()) != null) {
                SSLCert[] privateCertificates = token.getPrivateCertificates(null, 0, 0, 1, false);
                if (nonNullArr(privateCertificates)) {
                    this.privateCerts = new HODSSLCertIntf[privateCertificates.length];
                    for (int i = 0; i < privateCertificates.length; i++) {
                        this.privateCerts[i] = new HODSSLCertImpl(privateCertificates[i]);
                    }
                }
            }
        } catch (Throwable th) {
            System.out.println(new StringBuffer().append("HODSSLTokenImpl::getPrivateCertificates()->").append(th).toString());
        }
        return this.privateCerts;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public byte[] getBytes() throws ECLErr {
        String certificateURL;
        if (!this.source.equals("SESSION_SSL_CERTIFICATE_IN_URL")) {
            throw new ECLErr("", "");
        }
        if (this.bytes == null && (certificateURL = getCertificateURL()) != null) {
            byte[] read = HODSSLImpl.read(certificateURL);
            if (read == null) {
                throw new ECLErr(new StringBuffer().append(getClass().getName()).append(":1").toString(), "ECL0033", getCertificateURL(), (String) null, false);
            }
            setBytes(read);
        }
        return this.bytes;
    }

    @Override // com.ibm.eNetwork.security.intf.HODSSLTokenIntf
    public boolean write(String str, boolean z) throws ECLErr {
        boolean z2 = false;
        byte[] bytes = getBytes();
        if (bytes != null) {
            z2 = HODSSLImpl.write(str, bytes, z);
        }
        return z2;
    }

    protected void setCertificate(HODSSLCertIntf hODSSLCertIntf) {
        this.privateCert = hODSSLCertIntf;
    }

    protected void setBytes(byte[] bArr) {
        if (this.bytes != null && this.bytes != bArr) {
            this.bytes = bArr;
            setToken(null);
        }
        this.bytes = bArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SSLToken getToken() throws ECLErr {
        if (this.token == null) {
            if (this.source.equals("SESSION_SSL_CERTIFICATE_IN_URL")) {
                byte[] bytes = getBytes();
                if (bytes != null) {
                    String certificatePassword = getCertificatePassword();
                    if (nonNullStr(certificatePassword)) {
                        try {
                            SSLPKCS12Token sSLPKCS12Token = new SSLPKCS12Token();
                            sSLPKCS12Token.open(bytes, certificatePassword);
                            this.token = sSLPKCS12Token;
                            return this.token;
                        } catch (SSLRuntimeException e) {
                            throw new ECLErr(new StringBuffer().append(getClass().getName()).append(":getToken():1").toString(), "ECL0034", getCertificateURL());
                        }
                    }
                }
                throw new ECLErr(new StringBuffer().append(getClass().getName()).append(":getToken():2").toString(), "ECL0032", "");
            }
            if (this.source.equals(ECLSession.SESSION_SSL_CERTIFICATE_IN_CSP)) {
                if (BaseEnvironment.getUseSecurityManager().equals("IE")) {
                    this.token = getToken_createMSCAPIToken_IE();
                } else {
                    this.token = getToken_createMSCAPIToken_other();
                }
            }
        }
        return this.token;
    }

    private SSLToken getToken_createMSCAPIToken_IE() throws ECLErr {
        try {
            PolicyEngine.assertPermission(PermissionID.NETIO);
        } catch (Exception e) {
        }
        return getToken_createMSCAPIToken_work();
    }

    private SSLToken getToken_createMSCAPIToken_other() throws ECLErr {
        try {
            if (BaseEnvironment.getUseSecurityManager().equals("NS")) {
                Class<?> cls = Class.forName("netscape.security.PrivilegeManager");
                cls.getMethod("enablePrivilege", "".getClass()).invoke(cls, "UniversalLinkAccess");
            }
        } catch (Exception e) {
        }
        return getToken_createMSCAPIToken_work();
    }

    private SSLToken getToken_createMSCAPIToken_work() throws ECLErr {
        HODSSLMSCAPIToken hODSSLMSCAPIToken = new HODSSLMSCAPIToken("");
        hODSSLMSCAPIToken.open();
        return hODSSLMSCAPIToken;
    }

    protected void setToken(SSLToken sSLToken) {
        this.token = sSLToken;
    }

    private boolean sameFile(String str) {
        if (this.url == null) {
            return str == null;
        }
        if (str == null) {
            return false;
        }
        return new File(this.url).equals(new File(str));
    }

    private boolean isValidName(String str) {
        return BaseEnvironment.getUseSecurityManager().equals("IE") ? isValidName_IE(str) : isValidName_other(str);
    }

    private boolean isValidName_IE(String str) {
        try {
            PolicyEngine.assertPermission(PermissionID.NETIO);
            return isValidName_IE(str);
        } catch (Exception e) {
            return false;
        }
    }

    private boolean isValidName_other(String str) {
        try {
            if (BaseEnvironment.getUseSecurityManager().equals("NS")) {
                Class<?> cls = Class.forName("netscape.security.PrivilegeManager");
                cls.getMethod("enablePrivilege", "".getClass()).invoke(cls, "UniversalLinkAccess");
            }
            return isValidName_IE(str);
        } catch (Exception e) {
            return false;
        }
    }

    private boolean isValidName_work(String str) {
        try {
            SSLCert[] keyRing = new HODSSLMSCAPIToken("").getKeyRing(4);
            if (nonNullStr(str)) {
                return true;
            }
            return nonNullArr(keyRing);
        } catch (Exception e) {
            return false;
        }
    }

    private static boolean nonNullStr(String str) {
        return (str == null || str.equals("")) ? false : true;
    }

    private static boolean nonNullArr(Object[] objArr) {
        return objArr != null && objArr.length > 0;
    }

    private void addToCache(String str, String str2, String str3) {
        if (!nonNullStr(str) || !nonNullStr(str2) || str3 == null) {
            if (!nonNullStr(str) || nonNullStr(str2)) {
                return;
            }
            passwordCache.remove(str);
            return;
        }
        if (!str3.equals(ECLSession.SESSION_SSL_CERTIFICATE_PROMPT_ONLY_ONCE)) {
            if (str3.equals("SESSION_SSL_CERTIFICATE_PROMPT_FIRST_CONNECT")) {
                passwordCache.put(str, str2);
                return;
            } else {
                if (str3.equals("SESSION_SSL_CERTIFICATE_PROMPT_FIRST_CERTIFICATE")) {
                    passwordCache.put(str, str2);
                    return;
                }
                return;
            }
        }
        byte[] bytes = MD5FactoryJNI.makeMD5(new BufferedInputStream(new ByteArrayInputStream(new StringBuffer().append(MD5FactoryJNI.makeMD5(new BufferedInputStream(new ByteArrayInputStream(str.getBytes())))).append(str).toString().getBytes()))).getBytes();
        byte[] bytes2 = str2.getBytes();
        byte[] bArr = new byte[bytes2.length];
        for (int i = 0; i < bytes2.length; i++) {
            bArr[i] = (byte) (bytes2[i] ^ bytes[i % bytes.length]);
        }
        setCertificateHash(MD5FactoryJNI.toHexString(bArr));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isPasswordCached(String str) {
        return nonNullStr((String) passwordCache.get(str));
    }
}
