package com.ibm.eNetwork.security.ssl;

import com.ibm.eNetwork.ECL.ECLErr;
import com.ibm.eNetwork.ECL.ECLSession;
import com.ibm.eNetwork.HOD.common.BaseEnvironment;
import com.ibm.eNetwork.HOD.common.CachedClassLoader;
import com.ibm.eNetwork.HOD.common.Environment;
import com.ibm.eNetwork.HOD.common.HODConstants;
import com.ibm.eNetwork.security.intf.HODSSLIntf;
import com.ibm.hats.hatsle.GenCert;
import com.ibm.hats.util.Ras;
import com.ibm.hod5sslight.SSLCert;
import com.ibm.hod5sslight.SSLContext;
import com.ibm.hod5sslight.SSLPKCS12Token;
import com.ibm.hod5sslight.SSLRuntimeException;
import com.ibm.hod5sslight.SSLSession;
import com.ibm.hod5sslight.SSLToken;
import com.ibm.sslight.SSLightKeyRing;
import com.ms.security.PermissionID;
import com.ms.security.PolicyEngine;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.net.URL;
import java.util.Vector;

/* JADX WARN: Classes with same name are omitted:
  input_file:habeansnlv2.jar:com/ibm/eNetwork/security/ssl/HODSSLContext.class
 */
/* loaded from: input_file:hatscommon.jar:com/ibm/eNetwork/security/ssl/HODSSLContext.class */
class HODSSLContext extends SSLContext {
    private static final String Copyright = "(C) Copyright IBM Corp. 2003.";
    private static final String CLASSNAME = "com.ibm.eNetwork.security.ssl.HODSSLContext";
    public static final short SYNC = 0;
    public static final short ASYNC = 1;
    protected HODSSLImpl impl;
    protected SSLCert lastCertSent;
    private Vector clientTrust;
    static final long[] ClassHeader = {-3819410108756852691L, 7608620649218062L, 504428477099346432L, 288238111387942920L, 864705422274854938L, 5630599384017228L, 7665538200540832110L, 7435253269412802151L, 4251679536773158401L};
    private static Vector promptCache = new Vector();

    protected HODSSLContext(HODSSLIntf hODSSLIntf) throws ECLErr, Exception {
        this(hODSSLIntf, (short) 1);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HODSSLContext(HODSSLIntf hODSSLIntf, short s) throws ECLErr, Exception {
        this.impl = null;
        this.lastCertSent = null;
        this.clientTrust = new Vector(100);
        this.impl = (HODSSLImpl) hODSSLIntf;
        SSLPKCS12Token sSLPKCS12Token = new SSLPKCS12Token();
        Class<?> cls = null;
        try {
            try {
                if (!this.impl.getignoreWellKnownTrustedCAsOption()) {
                    cls = Class.forName("WellKnownTrustedCAs");
                }
            } catch (Throwable th) {
                if (!this.impl.getignoreWellKnownTrustedCAsOption()) {
                    cls = CachedClassLoader.newForName(Environment.createEnvironment().getApplet(), "WellKnownTrustedCAs");
                }
            }
            if (cls != null) {
                sSLPKCS12Token.open(getBytes(((SSLightKeyRing) cls.newInstance()).getKeyRingData()), "");
                importToken(sSLPKCS12Token);
                addCerts(sSLPKCS12Token);
            }
        } catch (Exception e) {
            System.out.println(new StringBuffer().append("HODSSLContext() error on key ring WellKnownTrustedCAs: ").append(e).toString());
        }
        String useCustomizedCAsClassOption = Environment.createEnvironment().getUseCustomizedCAsClassOption();
        if (useCustomizedCAsClassOption != null && useCustomizedCAsClassOption.equalsIgnoreCase("Yes")) {
            getCustomizedCAsClass(sSLPKCS12Token, s);
            return;
        }
        SSLPKCS12Token sSLPKCS12Token2 = new SSLPKCS12Token();
        try {
            if (Environment.createEnvironment().getApplet() != null) {
                URL url = new URL(Environment.createEnvironment().getApplet().getCodeBase(), "CustomizedCAs.p12");
                byte[] bArr = new byte[url.openConnection().getContentLength()];
                new DataInputStream(url.openConnection().getInputStream()).readFully(bArr);
                sSLPKCS12Token2.open(bArr, HODConstants.HOD_MSG_FILE);
                importToken(sSLPKCS12Token2);
                addCerts(sSLPKCS12Token2);
            } else {
                File file = new File("CustomizedCAs.p12");
                byte[] bArr2 = new byte[(int) file.length()];
                new FileInputStream(file).read(bArr2);
                sSLPKCS12Token2.open(bArr2, HODConstants.HOD_MSG_FILE);
                importToken(sSLPKCS12Token2);
                addCerts(sSLPKCS12Token2);
            }
            if (this.impl.getSSL() && this.impl.getBrowserKeyringAdded()) {
                addBrowserKeyring();
            }
            if (s == 1) {
                this.asyncConnections = true;
            } else {
                this.asyncConnections = false;
            }
        } catch (Exception e2) {
            getCustomizedCAsClass(sSLPKCS12Token2, s);
        }
    }

    private void getCustomizedCAsClass(SSLPKCS12Token sSLPKCS12Token, short s) {
        if (Ras.anyTracing) {
            Ras.traceEntry(CLASSNAME, "getCustomizedCAsClass");
        }
        Class<?> cls = null;
        try {
            ClassLoader classLoader = getClass().getClassLoader();
            ClassLoader classLoader2 = classLoader;
            try {
                try {
                    classLoader2 = (ClassLoader) Class.forName("com.ibm.hats.studio.StudioFunctions").getMethod("getSSLClassLoader", this.impl.getClass(), Class.forName("java.lang.ClassLoader")).invoke(null, this.impl, classLoader);
                } catch (SecurityException e) {
                    System.out.println(e);
                    e.printStackTrace();
                }
            } catch (ClassNotFoundException e2) {
            } catch (NoSuchMethodException e3) {
                System.out.println(e3);
                e3.printStackTrace();
            }
            try {
                if (Ras.anyTracing) {
                    Ras.trace(1048576L, CLASSNAME, "getCustomizedCAsClass", new StringBuffer().append("Looking for CustomizedCAs.class on ").append(classLoader2).toString());
                }
                cls = Class.forName(GenCert.HODSSL_REQUIRED_CERT_CLASSNAME, true, classLoader2);
            } catch (Throwable th) {
                cls = CachedClassLoader.newForName(Environment.createEnvironment().getApplet(), GenCert.HODSSL_REQUIRED_CERT_CLASSNAME);
            }
            if (cls != null) {
                sSLPKCS12Token.open(getBytes(((SSLightKeyRing) cls.newInstance()).getKeyRingData()), "");
                importToken(sSLPKCS12Token);
                addCerts(sSLPKCS12Token);
            }
        } catch (Throwable th2) {
            if (Ras.anyTracing) {
                Ras.traceException(CLASSNAME, "getCustomizedCAsClass", th2);
            }
        }
        if (this.impl.getSSL() && this.impl.getBrowserKeyringAdded()) {
            addBrowserKeyring();
        }
        if (s == 1) {
            this.asyncConnections = true;
        } else {
            this.asyncConnections = false;
        }
        if (Ras.anyTracing) {
            Ras.traceExit(CLASSNAME, "getCustomizedCAsClass", cls != null);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.hod5sslight.SSLContext
    public boolean handleConnection(Object obj, SSLSession sSLSession, byte[] bArr) {
        return true;
    }

    @Override // com.ibm.hod5sslight.SSLContext
    protected boolean handlePeerCertificate(Object obj, SSLCert sSLCert) {
        HODSSLImpl hODSSLImpl = (HODSSLImpl) obj;
        hODSSLImpl.setServerNotTrusted(true);
        hODSSLImpl.setServerCertificate(new HODSSLCertImpl(sSLCert));
        return false;
    }

    @Override // com.ibm.hod5sslight.SSLContext
    protected synchronized boolean confirmPeerCertificate(Object obj, SSLCert sSLCert) {
        HODSSLImpl hODSSLImpl = (HODSSLImpl) obj;
        hODSSLImpl.setServerNotTrusted(false);
        hODSSLImpl.setServerCertificate(new HODSSLCertImpl(sSLCert));
        return true;
    }

    static final byte[] getBytes(String str) {
        int i = 0;
        int length = (str.length() * 7) / 8;
        byte[] bArr = new byte[length];
        do {
            bArr[i] = getBits(str, i * 8, 8);
            i++;
        } while (i < length);
        return bArr;
    }

    static final byte getBits(String str, int i, int i2) {
        int i3 = i / 7;
        int i4 = i % 7;
        byte charAt = (byte) (((byte) str.charAt(i3)) & (127 >>> i4));
        int i5 = i2 - (7 - i4);
        return i5 > 0 ? (byte) ((charAt << i5) | (((byte) str.charAt(i3 + 1)) >>> (7 - i5))) : i5 < 0 ? (byte) (charAt >>> (-i5)) : charAt;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.hod5sslight.SSLContext
    public synchronized SSLCert getPrivateCertificate(Object obj, byte[] bArr, int i, int i2, int i3, boolean z) {
        HODSSLImpl hODSSLImpl = (HODSSLImpl) obj;
        if (!hODSSLImpl.getConfiguredCertificateProvided()) {
            throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":getPrivateCertificate():1").toString(), "ECL0043", hODSSLImpl.getConfiguredHost()));
        }
        if (hODSSLImpl.getConfiguredCertificatePromptHowOften().equals(ECLSession.SESSION_SSL_CERTIFICATE_PROMPT_EACH_CONNECT)) {
            if (!hODSSLImpl.getConfiguredCertificatePrompted()) {
                throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":getPrivateCertificate():1").toString(), "ECL0032", hODSSLImpl.getConfiguredHost()));
            }
            this.lastCertSent = findCertificate(hODSSLImpl, bArr, i, i2, i3);
            return this.lastCertSent;
        }
        if (hODSSLImpl.getConfiguredCertificatePromptHowOften().equals("SESSION_SSL_CERTIFICATE_PROMPT_FIRST_CONNECT")) {
            String configuredLabel = hODSSLImpl.getConfiguredLabel();
            if (promptCache.indexOf(configuredLabel) != -1) {
                this.lastCertSent = findCertificate(hODSSLImpl, bArr, i, i2, i3);
                return this.lastCertSent;
            }
            String configuredCertificatePassword = hODSSLImpl.getConfiguredCertificatePassword();
            if (hODSSLImpl.getConfiguredCertificateSource().equals("SESSION_SSL_CERTIFICATE_IN_URL") && configuredCertificatePassword != null && !configuredCertificatePassword.equals("")) {
                this.lastCertSent = findCertificate(hODSSLImpl, bArr, i, i2, i3);
                promptCache.addElement(configuredLabel);
                return this.lastCertSent;
            }
            if (!hODSSLImpl.getConfiguredCertificateSource().equals(ECLSession.SESSION_SSL_CERTIFICATE_IN_CSP)) {
                throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":getPrivateCertificate():2").toString(), "ECL0032", hODSSLImpl.getConfiguredHost()));
            }
            if (!hODSSLImpl.getConfiguredCertificatePrompted()) {
                throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":getPrivateCertificate():1").toString(), "ECL0032", hODSSLImpl.getConfiguredHost()));
            }
            this.lastCertSent = findCertificate(hODSSLImpl, bArr, i, i2, i3);
            promptCache.addElement(configuredLabel);
            return this.lastCertSent;
        }
        if (hODSSLImpl.getConfiguredCertificatePromptHowOften().equals("SESSION_SSL_CERTIFICATE_PROMPT_FIRST_CERTIFICATE")) {
            String configuredLabel2 = hODSSLImpl.getConfiguredLabel();
            if (hODSSLImpl.isPasswordCached(hODSSLImpl.getConfiguredCertificateURL())) {
                this.lastCertSent = findCertificate(hODSSLImpl, bArr, i, i2, i3);
                return this.lastCertSent;
            }
            String configuredCertificatePassword2 = hODSSLImpl.getConfiguredCertificatePassword();
            if (hODSSLImpl.getConfiguredCertificateSource().equals("SESSION_SSL_CERTIFICATE_IN_URL") && configuredCertificatePassword2 != null && !configuredCertificatePassword2.equals("")) {
                this.lastCertSent = findCertificate(hODSSLImpl, bArr, i, i2, i3);
                promptCache.addElement(configuredLabel2);
                return this.lastCertSent;
            }
            if (!hODSSLImpl.getConfiguredCertificateSource().equals(ECLSession.SESSION_SSL_CERTIFICATE_IN_CSP)) {
                throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":getPrivateCertificate():2").toString(), "ECL0032", hODSSLImpl.getConfiguredHost()));
            }
            if (!hODSSLImpl.getConfiguredCertificatePrompted()) {
                throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":getPrivateCertificate():1").toString(), "ECL0032", hODSSLImpl.getConfiguredHost()));
            }
            this.lastCertSent = findCertificate(hODSSLImpl, bArr, i, i2, i3);
            promptCache.addElement(configuredLabel2);
            return this.lastCertSent;
        }
        if (!hODSSLImpl.getConfiguredCertificatePromptHowOften().equals(ECLSession.SESSION_SSL_CERTIFICATE_PROMPT_ONLY_ONCE)) {
            if (!hODSSLImpl.getConfiguredCertificatePromptHowOften().equals(ECLSession.SESSION_SSL_CERTIFICATE_DO_NOT_PROMPT)) {
                return null;
            }
            this.lastCertSent = findCertificate(hODSSLImpl, bArr, i, i2, i3);
            return this.lastCertSent;
        }
        if (!hODSSLImpl.getConfiguredCertificateSource().equals(ECLSession.SESSION_SSL_CERTIFICATE_IN_CSP)) {
            this.lastCertSent = findCertificate(hODSSLImpl, bArr, i, i2, i3);
            return this.lastCertSent;
        }
        String configuredCertificateHash = hODSSLImpl.getConfiguredCertificateHash();
        if (configuredCertificateHash != null && !configuredCertificateHash.equals("")) {
            this.lastCertSent = findCertificate(hODSSLImpl, bArr, i, i2, i3);
            return this.lastCertSent;
        }
        HODSSLTokenImpl hODSSLTokenImpl = (HODSSLTokenImpl) hODSSLImpl.getHODSSLTokenIntf();
        if (hODSSLTokenImpl == null) {
            return null;
        }
        hODSSLTokenImpl.setCertificateHash(ECLSession.SESSION_SSL_CERTIFICATE_HAS_BEEN_PROMPTED);
        throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":getPrivateCertificate():1").toString(), "ECL0032", hODSSLImpl.getConfiguredHost()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setSessionPrompted(String str, boolean z) {
        if (z) {
            promptCache.addElement(str);
        }
    }

    private SSLCert findCertificate(HODSSLImpl hODSSLImpl, byte[] bArr, int i, int i2, int i3) throws HODSSLRuntimeException {
        return BaseEnvironment.getUseSecurityManager().equals("IE") ? findCertificate_IE(hODSSLImpl, bArr, i, i2, i3) : findCertificate_other(hODSSLImpl, bArr, i, i2, i3);
    }

    private SSLCert findCertificate_IE(HODSSLImpl hODSSLImpl, byte[] bArr, int i, int i2, int i3) throws HODSSLRuntimeException {
        try {
            PolicyEngine.assertPermission(PermissionID.NETIO);
        } catch (Exception e) {
            System.out.println("HODSSLContext::findCertificate() could not get privilege");
        }
        return findCertificate_tail(hODSSLImpl, bArr, i, i2, i3);
    }

    private SSLCert findCertificate_other(HODSSLImpl hODSSLImpl, byte[] bArr, int i, int i2, int i3) throws HODSSLRuntimeException {
        try {
            if (BaseEnvironment.getUseSecurityManager().equals("NS")) {
                Class<?> cls = Class.forName("netscape.security.PrivilegeManager");
                cls.getMethod("enablePrivilege", "".getClass()).invoke(cls, "UniversalLinkAccess");
            }
        } catch (Exception e) {
            System.out.println("HODSSLContext::findCertificate() could not get privilege");
        }
        return findCertificate_tail(hODSSLImpl, bArr, i, i2, i3);
    }

    private SSLCert findCertificate_tail(HODSSLImpl hODSSLImpl, byte[] bArr, int i, int i2, int i3) throws HODSSLRuntimeException {
        String configuredCertificateSource = hODSSLImpl.getConfiguredCertificateSource();
        try {
            SSLToken token = ((HODSSLTokenImpl) hODSSLImpl.getHODSSLTokenIntf()).getToken();
            if (!configuredCertificateSource.equals(ECLSession.SESSION_SSL_CERTIFICATE_IN_CSP)) {
                if (!configuredCertificateSource.equals("SESSION_SSL_CERTIFICATE_IN_URL")) {
                    throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":findCertificate():6").toString(), "ECL0048", configuredCertificateSource));
                }
                try {
                    HODSSLCertImpl hODSSLCertImpl = (HODSSLCertImpl) hODSSLImpl.getPrivateCertificate();
                    if (hODSSLCertImpl == null) {
                        throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":findCertificate():5").toString(), "ECL0033", hODSSLImpl.getConfiguredCertificateURL()));
                    }
                    importToken(token);
                    return hODSSLCertImpl.getSSLCert();
                } catch (ECLErr e) {
                    throw new HODSSLRuntimeException(e);
                }
            }
            String configuredCertificateName = hODSSLImpl.getConfiguredCertificateName();
            if (configuredCertificateName == null || configuredCertificateName.equals("")) {
                SSLCert[] privateCertificates = token.getPrivateCertificates(bArr, i, i2, i3, false);
                if (privateCertificates == null || privateCertificates.length <= 0) {
                    throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":findCertificate():3").toString(), "ECL0044"));
                }
                for (int i4 = 0; i4 < privateCertificates.length; i4++) {
                    if (privateCertificates[i4].valid(false)) {
                        importToken(token);
                        return privateCertificates[i4];
                    }
                }
                throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":findCertificate():3").toString(), "ECL0044"));
            }
            SSLCert[] privateCertificates2 = token.getPrivateCertificates(null, 0, 0, i3, false);
            if (privateCertificates2 == null || privateCertificates2.length <= 0) {
                throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":findCertificate():3").toString(), "ECL0044"));
            }
            for (int i5 = 0; i5 < privateCertificates2.length; i5++) {
                HODSSLCertImpl hODSSLCertImpl2 = new HODSSLCertImpl(privateCertificates2[i5]);
                if (hODSSLCertImpl2 != null && hODSSLCertImpl2.matches(configuredCertificateName)) {
                    this.lastCertSent = privateCertificates2[i5];
                    importToken(token);
                    return this.lastCertSent;
                }
            }
            throw new HODSSLRuntimeException(new ECLErr(new StringBuffer().append(getClass().getName()).append(":findCertificate():2").toString(), "ECL0045", configuredCertificateName));
        } catch (ECLErr e2) {
            throw new HODSSLRuntimeException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLCert getLastCertificateSent() {
        return this.lastCertSent;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] getClientTrust() {
        String[] strArr = null;
        int size = this.clientTrust.size();
        if (size > 0) {
            strArr = new String[size];
            this.clientTrust.copyInto(strArr);
        }
        return strArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isSessionPrompted(String str) {
        return promptCache.indexOf(str) != -1;
    }

    private void addBrowserKeyring() {
        if (BaseEnvironment.getUseSecurityManager().equals("IE")) {
            addBrowserKeyring_IE();
        } else {
            addBrowserKeyring_other();
        }
    }

    private void addBrowserKeyring_IE() {
        try {
            PolicyEngine.assertPermission(PermissionID.NETIO);
        } catch (Exception e) {
            System.out.println("HODSSLContext::addBrowserKeyring_IE() could not get privilege");
        }
        addBrowserKeyring_tail();
    }

    private void addBrowserKeyring_other() {
        try {
            if (BaseEnvironment.getUseSecurityManager().equals("NS")) {
                Class<?> cls = Class.forName("netscape.security.PrivilegeManager");
                cls.getMethod("enablePrivilege", "".getClass()).invoke(cls, "UniversalLinkAccess");
            }
        } catch (Exception e) {
            System.out.println("HODSSLContext::addBrowserKeyring_other() could not get privilege");
        }
        addBrowserKeyring_tail();
    }

    private void addBrowserKeyring_tail() {
        try {
            HODSSLMSCAPIToken hODSSLMSCAPIToken = new HODSSLMSCAPIToken("");
            SSLToken sSLToken = new SSLToken();
            hODSSLMSCAPIToken.open();
            SSLCert[] keyRing = hODSSLMSCAPIToken.getKeyRing(1);
            if (keyRing != null) {
                for (SSLCert sSLCert : keyRing) {
                    sSLToken.setFlags(sSLToken.add(new SSLCert(sSLCert.encode(), null), null), 1);
                }
            }
            SSLCert[] keyRing2 = hODSSLMSCAPIToken.getKeyRing(2);
            if (keyRing2 != null) {
                for (int i = 0; i < keyRing2.length; i++) {
                    sSLToken.add(new SSLCert(keyRing2[i].encode(), null), null);
                    sSLToken.setFlags(keyRing2[i], 2);
                }
            }
            importToken(sSLToken);
            addCerts(sSLToken);
        } catch (SSLRuntimeException e) {
            System.out.println(new StringBuffer().append("HODSSLContext() could not load MSCAPI Token, SSLRuntimeException->").append(e).append(", message-> ").append(e.getMessage()).toString());
        } catch (Exception e2) {
            System.out.println(new StringBuffer().append("HODSSLContext() could not load MSCAPI Token, exception->").append(e2).toString());
        } catch (NoClassDefFoundError e3) {
            System.out.println(new StringBuffer().append("HODSSLContext() No Class Definition found error->").append(e3).toString());
        }
    }

    private void addCerts(SSLToken sSLToken) {
        SSLCert[] keyRing = sSLToken.getKeyRing(1);
        if (keyRing != null) {
            for (SSLCert sSLCert : keyRing) {
                this.clientTrust.addElement(new HODSSLCertImpl(sSLCert).getFullName());
            }
        }
        SSLCert[] keyRing2 = sSLToken.getKeyRing(2);
        if (keyRing2 != null) {
            for (SSLCert sSLCert2 : keyRing2) {
                this.clientTrust.addElement(new HODSSLCertImpl(sSLCert2).getFullName());
            }
        }
    }
}
