package com.ibm.cics.core.comm;

import com.ibm.cics.common.util.Debug;
import com.ibm.cics.common.util.StringUtil;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.EOFException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.lang.reflect.InvocationTargetException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/ibm/cics/core/comm/ExplorerKeyStoreManager.class */
public class ExplorerKeyStoreManager {
    static final String COPYRIGHT = "Licensed Materials - Property of IBM 5655EX1 (c) Copyright IBM Corp. 2017, 2023 All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static final Debug debug = new Debug(ExplorerKeyStoreManager.class);
    private static List<Provider> addedProviders = new ArrayList();

    public static void removeAllSmartcardProviders() {
        Iterator<Provider> it = addedProviders.iterator();
        while (it.hasNext()) {
            Security.removeProvider(it.next().getName());
        }
        addedProviders.clear();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Map<String, Provider> getWindowsSmartCardProvider() throws CertificateException {
        HashMap hashMap = new HashMap();
        try {
            hashMap.put("Windows-MY", (Provider) ClassLoader.getSystemClassLoader().loadClass("com.ibm.security.capi.IBMCAC").getConstructor(new Class[0]).newInstance(new Object[0]));
        } catch (ClassNotFoundException e) {
            try {
                hashMap.put("Windows-MY", (Provider) ClassLoader.getSystemClassLoader().loadClass("sun.security.mscapi.SunMSCAPI").getConstructor(new Class[0]).newInstance(new Object[0]));
            } catch (ClassNotFoundException e2) {
                CertificateException certificateException = new CertificateException(Messages.ExplorerKeyStoreManager_couldntLoadCAC, e2);
                debug.error("getWindowsSmartCardProvider", certificateException);
                throw certificateException;
            } catch (IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | SecurityException | InvocationTargetException e3) {
                CertificateException certificateException2 = new CertificateException(Messages.ExplorerKeyStoreManager_couldntConfigureSunCAC, findRootCauseException(e3));
                debug.error("getWindowsSmartCardProvider", certificateException2);
                throw certificateException2;
            }
        } catch (IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | SecurityException | InvocationTargetException e4) {
            CertificateException certificateException3 = new CertificateException(Messages.ExplorerKeyStoreManager_couldntConfigureIBMCAC, findRootCauseException(e4));
            debug.error("getWindowsSmartCardProvider", certificateException3);
            throw certificateException3;
        }
        debug.event("getWindowsSmartCardProvider", hashMap);
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore getSmartcardKeyStore(Map<String, Provider> map, String str) throws IOException, GeneralSecurityException {
        if (map.isEmpty()) {
            return null;
        }
        Map.Entry<String, Provider> next = map.entrySet().iterator().next();
        Provider value = next.getValue();
        if (Arrays.asList(Security.getProviders()).contains(value)) {
            Provider provider = Security.getProvider(value.getName());
            if (provider != null) {
                value = provider;
            }
        } else if (Security.addProvider(next.getValue()) == -1) {
            Provider provider2 = Security.getProvider(value.getName());
            if (provider2 != null) {
                value = provider2;
            }
        } else {
            debug.event("getSmartcardKeyStore", next.getKey(), next.getValue());
            addedProviders.add(next.getValue());
        }
        KeyStore keyStore = KeyStore.getInstance(next.getKey(), value);
        keyStore.load(null, str != null ? str.toCharArray() : null);
        return keyStore;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Map<String, Provider> getPkcs11Provider(String str) throws CertificateException {
        HashMap hashMap = new HashMap();
        if (str.trim().isEmpty()) {
            CertificateException certificateException = new CertificateException(Messages.ExplorerKeyStoreManager_CouldntConfigureNoDriverPath);
            debug.error("getPkcs11Provider", certificateException);
            throw certificateException;
        }
        String str2 = "library = " + str + "\nname = Smartcard\n";
        try {
            hashMap.put("PKCS11IMPLKS", (Provider) ClassLoader.getSystemClassLoader().loadClass("com.ibm.crypto.pkcs11impl.provider.IBMPKCS11Impl").getConstructor(BufferedReader.class).newInstance(new BufferedReader(new StringReader(str2))));
        } catch (ClassNotFoundException e) {
            try {
                hashMap.put("PKCS11", (Provider) ClassLoader.getSystemClassLoader().loadClass("sun.security.pkcs11.SunPKCS11").getConstructor(InputStream.class).newInstance(new ByteArrayInputStream(str2.getBytes())));
            } catch (ClassNotFoundException e2) {
                CertificateException certificateException2 = new CertificateException(Messages.ExplorerKeyStoreManager_couldntLoadPKCS11, e2);
                debug.error("getPkcs11Provider", certificateException2);
                throw certificateException2;
            } catch (IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | SecurityException | InvocationTargetException e3) {
                CertificateException certificateException3 = new CertificateException(Messages.ExplorerKeyStoreManager_couldntConfigureSunPKCS11, findRootCauseException(e3));
                debug.error("getPkcs11Provider", certificateException3);
                throw certificateException3;
            }
        } catch (IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | SecurityException | InvocationTargetException e4) {
            CertificateException certificateException4 = new CertificateException(Messages.ExplorerKeyStoreManager_couldntConfigureIBMPKCS11, findRootCauseException(e4));
            debug.error("getPkcs11Provider", certificateException4);
            throw certificateException4;
        }
        debug.event("getPkcs11Provider", hashMap);
        return hashMap;
    }

    private static Throwable findRootCauseException(Throwable th) {
        Throwable th2 = th;
        if (th instanceof InvocationTargetException) {
            InvocationTargetException invocationTargetException = (InvocationTargetException) th;
            if (invocationTargetException.getTargetException() != null) {
                th2 = invocationTargetException.getTargetException();
            }
        } else if (th.getCause() != null) {
            th2 = th.getCause();
        }
        if (th2 != th) {
            th2 = findRootCauseException(th2);
        }
        return th2;
    }

    public static String validateCanWriteTrustStore(String str, String str2, char[] cArr) {
        debug.enter("validateTrustStoreDetail");
        String str3 = "";
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(new FileInputStream(str2), cArr);
            TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()).init(keyStore);
            File file = new File(str2);
            if (file.canWrite()) {
                keyStore.store(new FileOutputStream(str2), cArr);
            } else {
                file.setWritable(true);
                keyStore.store(new FileOutputStream(str2), cArr);
                file.setWritable(false);
            }
        } catch (FileNotFoundException e) {
            str3 = e.getMessage();
            if (str3.length() == 0) {
                str3 = e.toString();
            }
        } catch (IOException e2) {
            str3 = e2.getMessage();
            if (str3.startsWith("DerInputStream")) {
                str3 = String.valueOf(str3) + "- possible invalid DB type";
            }
        } catch (GeneralSecurityException e3) {
            str3 = e3.getMessage();
        }
        debug.exit("validateTrustStoreDetail", str3);
        return str3;
    }

    public static String validateKeyAndTrustStore(String str, String str2, String str3, String str4, String str5, String str6) {
        debug.enter("validateStoreDetail");
        String str7 = "";
        try {
            KeyStore keyStore = KeyStore.getInstance(str3);
            keyStore.load(new FileInputStream(str), str2.toCharArray());
            TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()).init(keyStore);
            if (keyStore.size() == 0) {
                throw new IOException("Invalid_store_format_message");
            }
        } catch (EOFException e) {
            str7 = e.getMessage();
            if (!StringUtil.hasContent(str7)) {
                str7 = e.toString();
            }
        } catch (FileNotFoundException e2) {
            str7 = e2.getMessage();
            if (str7.length() == 0) {
                str7 = e2.toString();
            }
        } catch (IOException e3) {
            str7 = e3.getMessage();
            if (str7.length() == 0) {
                str7 = e3.toString();
            }
        } catch (GeneralSecurityException e4) {
            str7 = e4.getMessage();
        }
        if (str7.isEmpty() && !str4.isEmpty()) {
            str7 = validateKeyStore(str4, str5, str6);
        }
        debug.exit("validateStoreDetail", str7);
        return str7;
    }

    public static String validateKeyStore(String str, String str2, String str3) {
        String str4 = "";
        try {
            KeyStore keyStore = KeyStore.getInstance(str3);
            keyStore.load(new FileInputStream(str), str2.toCharArray());
            KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()).init(keyStore, str2.toCharArray());
            if (keyStore.size() == 0) {
                throw new IOException("Invalid_store_format_message");
            }
        } catch (EOFException e) {
            str4 = e.getMessage();
            if (!StringUtil.hasContent(str4)) {
                str4 = e.toString();
            }
        } catch (FileNotFoundException e2) {
            str4 = e2.getMessage();
            if (str4.length() == 0) {
                str4 = e2.toString();
            }
        } catch (IOException e3) {
            str4 = e3.getMessage();
            if (str4.length() == 0) {
                str4 = e3.toString();
            }
        } catch (GeneralSecurityException e4) {
            str4 = e4.getMessage();
        }
        return str4;
    }

    public static X509TrustManager getTrustManager(final String str, final String str2, final ExplorerTrustStore explorerTrustStore) {
        return new X509TrustManager() { // from class: com.ibm.cics.core.comm.ExplorerKeyStoreManager.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str3) throws CertificateException {
                ExplorerKeyStoreManager.debug.enter("checkClientTrusted", x509CertificateArr, str3);
                ExplorerTrustStore.this.getTrustManager().checkClientTrusted(x509CertificateArr, str3);
                ExplorerKeyStoreManager.debug.exit("checkClientTrusted");
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str3) throws CertificateException {
                ExplorerKeyStoreManager.debug.enter("checkServerTrusted", x509CertificateArr, str3);
                try {
                    ExplorerTrustStore.this.getTrustManager().checkServerTrusted(x509CertificateArr, str3);
                    ExplorerKeyStoreManager.debug.exit("checkServerTrusted");
                } catch (CertificateException e) {
                    throw new SecureCertificateException(e, x509CertificateArr, str, str2);
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                ExplorerKeyStoreManager.debug.enter("getAcceptedIssuers");
                X509Certificate[] x509CertificateArr = new X509Certificate[0];
                X509Certificate[] acceptedIssuers = ExplorerTrustStore.this.getTrustManager().getAcceptedIssuers();
                ExplorerKeyStoreManager.debug.exit("getAcceptedIssuers", acceptedIssuers);
                return acceptedIssuers;
            }
        };
    }
}
