package com.lotus.sametime.core.util.connection;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Security;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;

/* loaded from: input_file:META-INF/lib/STComm-8.5.2.jar:com/lotus/sametime/core/util/connection/JSSEManager.class */
public class JSSEManager {
    public static final String DEFAULT_KEYSTORE_FILE = new StringBuffer().append(System.getProperty("user.home")).append(File.separator).append(SSLContextMgr.DEFAULT_KEYSTORE_NAME).toString();
    private static final String DEFAULT_KEYSTORE_PASSWORD = "sametime";
    private static Logger _logger;
    private static final String PROVIDER_IBMJSSE2 = "IBMJSSE2";
    private static final String PROVIDER_IBMJCEFIPS = "IBMJCEFIPS";
    private static final String PROVIDER_SUNJSSE = "SunJSSE";
    private static final String ALGORITHM_IBMKEYMANAGER = "IbmX509";
    private static final String ALGORITHM_IBMTRUSTMANAGER = "IbmX509";
    private static final String ALGORITHM_SUNKEYMANAGER = "SunX509";
    private static final String ALGORITHM_SUNTRUSTMANAGER = "SunX509";
    private static final String CLASS_IBMJSSE2 = "com.ibm.jsse2.IBMJSSEProvider2";
    private static final String CLASS_IBMJCEFIPS = "com.ibm.crypto.fips.provider.IBMJCEFIPS";
    private static final String PROTOCOL_TLS = "TLS";
    private static final String KEYSTORE_FORMAT = "PKCS12";
    private static final String lineSeparator;
    private static JSSEManager _instance;
    private boolean _initialized = false;
    private boolean _allowPeerCerts = false;
    private String _keyStore;
    private char[] _password;
    private String _provider;
    private String _keyManagerAlgorithm;
    private String _trustManagerAlgorithm;
    static Class class$com$lotus$sametime$core$util$connection$JSSEManager;

    private JSSEManager() {
    }

    public static JSSEManager getInstance() {
        return _instance;
    }

    public boolean isJSSEInitialized() {
        return this._initialized;
    }

    public void initJSSE(String str, char[] cArr, boolean z) {
        if (this._initialized) {
            return;
        }
        if (str == null || str.equalsIgnoreCase("")) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine(new StringBuffer().append("No explicit keystore file provided. Use the default: ").append(DEFAULT_KEYSTORE_FILE).toString());
            }
            this._keyStore = DEFAULT_KEYSTORE_FILE;
        } else {
            this._keyStore = str;
        }
        if (cArr == null) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("No explicit keystore password provided. Use the default.");
            }
            this._password = "sametime".toCharArray();
        } else {
            this._password = cArr;
        }
        this._allowPeerCerts = z;
        this._initialized = true;
        initSecuritySetting();
    }

    public void initJSSE(String str, char[] cArr, boolean z, String str2, String str3, String str4) {
        this._provider = str2;
        this._keyManagerAlgorithm = str3;
        this._trustManagerAlgorithm = str4;
        initJSSE(str, cArr, z);
    }

    public String getKeyStore() {
        return this._keyStore;
    }

    public char[] getPassword() {
        return this._password;
    }

    public boolean isAllowPeerCerts() {
        return this._allowPeerCerts;
    }

    private boolean isIbmJvm() {
        boolean z = false;
        if (System.getProperty("java.vm.vendor").toLowerCase().startsWith("ibm")) {
            z = true;
        }
        return z;
    }

    private void initSecuritySetting() {
        String property = System.getProperty("com.ibm.jsse2.JSSEFIPS");
        if (null == property || !"true".equalsIgnoreCase(property)) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("FIPS flag not set, enabling FIPS mode now...");
            }
            System.setProperty("com.ibm.jsse2.JSSEFIPS", "true");
        }
        if (isIbmJvm()) {
            if (null == this._provider || "".equalsIgnoreCase(this._provider)) {
                this._provider = PROVIDER_IBMJSSE2;
            }
            if (null == this._keyManagerAlgorithm || "".equalsIgnoreCase(this._keyManagerAlgorithm)) {
                this._keyManagerAlgorithm = "IbmX509";
            }
            if (null == this._trustManagerAlgorithm || "".equalsIgnoreCase(this._trustManagerAlgorithm)) {
                this._trustManagerAlgorithm = "IbmX509";
            }
            enableFipsIbm();
        } else {
            if (null == this._provider || "".equalsIgnoreCase(this._provider)) {
                this._provider = PROVIDER_SUNJSSE;
            }
            if (null == this._keyManagerAlgorithm || "".equalsIgnoreCase(this._keyManagerAlgorithm)) {
                this._keyManagerAlgorithm = "SunX509";
            }
            if (null == this._trustManagerAlgorithm || "".equalsIgnoreCase(this._trustManagerAlgorithm)) {
                this._trustManagerAlgorithm = "SunX509";
            }
            enableFipsSun();
        }
        debugSecurityInfo();
    }

    private void enableFipsSun() {
    }

    private void enableFipsIbm() {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine("Setting up FIPS mode for IBM JVM");
        }
        if (Security.getProvider(PROVIDER_IBMJSSE2) != null) {
            Security.removeProvider(PROVIDER_IBMJSSE2);
        }
        insertProvider(CLASS_IBMJSSE2, 1);
        if (Security.getProvider(PROVIDER_IBMJCEFIPS) != null) {
            Security.removeProvider(PROVIDER_IBMJCEFIPS);
        }
        insertProvider(CLASS_IBMJCEFIPS, 2);
    }

    private void insertProvider(String str, int i) {
        try {
            Class<?> cls = Class.forName(str);
            if (cls != null) {
                int insertProviderAt = Security.insertProviderAt((Provider) cls.newInstance(), i);
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.fine(new StringBuffer().append("inserting provider ").append(str).append(" at position ").append(insertProviderAt).toString());
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
            if (_logger.isLoggable(Level.WARNING)) {
                _logger.logp(Level.WARNING, "JSSEManager", "insertProvider", new StringBuffer().append("Exception inserting security provider ").append(str).toString(), (Throwable) e);
            }
        }
    }

    public SSLContext getSSLContext() throws GeneralSecurityException, IOException, InstantiationException {
        SSLContext sSLContext = null;
        BufferedInputStream bufferedInputStream = null;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(KEYSTORE_FORMAT);
                bufferedInputStream = new BufferedInputStream(new FileInputStream(this._keyStore));
                keyStore.load(bufferedInputStream, this._password);
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this._keyManagerAlgorithm, this._provider);
                keyManagerFactory.init(keyStore, this._password);
                TrustManager[] trustManagerArr = {new STTrustManager(keyStore, this._trustManagerAlgorithm, this._provider)};
                sSLContext = SSLContext.getInstance(PROTOCOL_TLS);
                sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerArr, null);
                debugSSLContext(sSLContext);
                try {
                    bufferedInputStream.close();
                } catch (Exception e) {
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                if (_logger.isLoggable(Level.SEVERE)) {
                    _logger.logp(Level.SEVERE, "JSSEManager", "getSSLContext", "Exception getting ssl context ", (Throwable) e2);
                }
                try {
                    bufferedInputStream.close();
                } catch (Exception e3) {
                }
            }
            return sSLContext;
        } catch (Throwable th) {
            try {
                bufferedInputStream.close();
            } catch (Exception e4) {
            }
            throw th;
        }
    }

    private void debugSSLContext(SSLContext sSLContext) {
        if (_logger.isLoggable(Level.FINE)) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("/////////////////////////////////////////////////////////////");
            stringBuffer.append(lineSeparator);
            stringBuffer.append(new StringBuffer().append("// Debugging SSLContext ").append(sSLContext).toString());
            stringBuffer.append(lineSeparator);
            stringBuffer.append("//");
            stringBuffer.append(lineSeparator);
            stringBuffer.append(new StringBuffer().append("// SSLContext provider: ").append(sSLContext.getProvider().getName()).toString());
            stringBuffer.append(lineSeparator);
            stringBuffer.append(new StringBuffer().append("// SSLContext protocol: ").append(sSLContext.getProtocol()).toString());
            stringBuffer.append(lineSeparator);
            stringBuffer.append(new StringBuffer().append("// SSLContext socketFactory: ").append(sSLContext.getSocketFactory()).toString());
            stringBuffer.append(lineSeparator);
            stringBuffer.append(new StringBuffer().append("// SSLContext serverSocketFactory: ").append(sSLContext.getServerSocketFactory()).toString());
            stringBuffer.append(lineSeparator);
            stringBuffer.append("//");
            stringBuffer.append(lineSeparator);
            stringBuffer.append("// Enabled cipher suites");
            stringBuffer.append(lineSeparator);
            for (String str : sSLContext.getSocketFactory().getDefaultCipherSuites()) {
                stringBuffer.append(new StringBuffer().append("// ").append(str).toString());
                stringBuffer.append(lineSeparator);
            }
            stringBuffer.append("/////////////////////////////////////////////////////////////");
            stringBuffer.append(lineSeparator);
            _logger.fine(stringBuffer.toString());
        }
    }

    private void debugSecurityInfo() {
        if (_logger.isLoggable(Level.FINE)) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("/////////////////////////////////////////////////////////////");
            stringBuffer.append(lineSeparator);
            stringBuffer.append("// Java Security Settings");
            stringBuffer.append(lineSeparator);
            stringBuffer.append(new StringBuffer().append("// FIPS enabled? ").append(System.getProperty("com.ibm.jsse2.JSSEFIPS")).toString());
            stringBuffer.append(lineSeparator);
            stringBuffer.append(new StringBuffer().append("// Allow peer certs? ").append(getInstance()._allowPeerCerts).toString());
            stringBuffer.append(lineSeparator);
            stringBuffer.append(new StringBuffer().append("// java.security.provider=").append(getInstance()._provider).toString());
            stringBuffer.append(lineSeparator);
            stringBuffer.append(new StringBuffer().append("// ssl.SocketFactory.provider=").append(Security.getProperty("ssl.SocketFactory.provider")).toString());
            stringBuffer.append(lineSeparator);
            stringBuffer.append(new StringBuffer().append("// ssl.ServerSocketFactory.provider=").append(Security.getProperty("ssl.ServerSocketFactory.provider")).toString());
            stringBuffer.append(lineSeparator);
            stringBuffer.append(new StringBuffer().append("// key manager=").append(getInstance()._keyManagerAlgorithm).toString());
            stringBuffer.append(lineSeparator);
            stringBuffer.append(new StringBuffer().append("// trust manager=").append(getInstance()._trustManagerAlgorithm).toString());
            stringBuffer.append(lineSeparator);
            Provider[] providers = Security.getProviders();
            for (int i = 0; i < providers.length; i++) {
                stringBuffer.append(new StringBuffer().append("// security.provider.").append(i + 1).append("=").append(providers[i].getName()).toString());
                stringBuffer.append(lineSeparator);
            }
            stringBuffer.append("/////////////////////////////////////////////////////////////");
            stringBuffer.append(lineSeparator);
            _logger.fine(stringBuffer.toString());
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$lotus$sametime$core$util$connection$JSSEManager == null) {
            cls = class$("com.lotus.sametime.core.util.connection.JSSEManager");
            class$com$lotus$sametime$core$util$connection$JSSEManager = cls;
        } else {
            cls = class$com$lotus$sametime$core$util$connection$JSSEManager;
        }
        _logger = Logger.getLogger(cls.getPackage().getName());
        lineSeparator = System.getProperty("line.separator");
        _instance = new JSSEManager();
    }
}
