package com.ibm.ws.security.utility.tasks;

import com.ibm.ws.security.utility.IFileUtility;
import com.ibm.ws.security.utility.SecurityUtilityReturnCodes;
import com.ibm.ws.security.utility.utils.ConsoleWrapper;
import java.io.File;
import java.io.PrintStream;
import java.security.Security;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import org.apache.commons.io.FilenameUtils;

/* loaded from: input_file:com/ibm/ws/security/utility/tasks/TLSProfilerTask.class */
public class TLSProfilerTask extends BaseCommandTask {
    private static final String ARG_HOST = "--host";
    private static final String ARG_PORT = "--port";
    private static final String ARG_V = "--v";
    private static final String ARG_VERBOSE = "--verbose";
    private static final String ARG_FILE = "--file";
    private static final List<String> ARG_TABLE = Arrays.asList(ARG_HOST, ARG_PORT, ARG_V, ARG_VERBOSE, ARG_FILE);
    private static List<String> resultLabel = new ArrayList();
    private final IFileUtility fileUtility;

    /* loaded from: input_file:com/ibm/ws/security/utility/tasks/TLSProfilerTask$TlsProfilerResult.class */
    private class TlsProfilerResult {
        private String protocol;
        private String ciphersuite;
        private boolean isVulnerable;
        private boolean isSuccessful;

        public TlsProfilerResult() {
            setProtocol(new String());
            setCiphersuite(new String());
            setVulnerable(false);
            setSuccessful(false);
        }

        public String getProtocol() {
            return this.protocol;
        }

        public void setProtocol(String str) {
            this.protocol = str;
        }

        public String getCiphersuite() {
            return this.ciphersuite;
        }

        public void setCiphersuite(String str) {
            this.ciphersuite = str;
        }

        public boolean isVulnerable() {
            return this.isVulnerable;
        }

        public void setVulnerable(boolean z) {
            this.isVulnerable = z;
        }

        public boolean isSuccessful() {
            return this.isSuccessful;
        }

        public void setSuccessful(boolean z) {
            this.isSuccessful = z;
        }
    }

    public TLSProfilerTask(IFileUtility iFileUtility, String str) {
        super(str);
        this.fileUtility = iFileUtility;
    }

    @Override // com.ibm.ws.security.utility.SecurityUtilityTask
    public String getTaskName() {
        return "tlsProfiler";
    }

    @Override // com.ibm.ws.security.utility.SecurityUtilityTask
    public String getTaskHelp() {
        return getTaskHelp("tlsProfiler.desc", "tlsProfiler.usage.options", "tlsProfiler.required-key.", "tlsProfiler.required-desc.", "tlsProfiler.option-key.", "tlsProfiler.option-desc.", null, null, this.scriptName);
    }

    @Override // com.ibm.ws.security.utility.SecurityUtilityTask
    public String getTaskDescription() {
        return getOption("tlsProfiler.desc", true, new Object[0]);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v276, types: [java.util.List] */
    @Override // com.ibm.ws.security.utility.SecurityUtilityTask
    public SecurityUtilityReturnCodes handleTask(ConsoleWrapper consoleWrapper, PrintStream printStream, PrintStream printStream2, String[] strArr) throws Exception {
        validateArgumentList(strArr, Arrays.asList(ARG_V, ARG_VERBOSE));
        boolean checkVerboseArgs = checkVerboseArgs(strArr);
        String argumentValue = getArgumentValue(ARG_HOST, strArr, null);
        String argumentValue2 = getArgumentValue(ARG_FILE, strArr, null);
        int parseInt = Integer.parseInt(getArgumentValue(ARG_PORT, strArr, null));
        File generateConfigFileName = generateConfigFileName(this.fileUtility.getServersDirectory(), argumentValue2);
        ArrayList arrayList = new ArrayList();
        if (Security.getProperty("jdk.tls.disabledAlgorithms") != null) {
            arrayList = Arrays.asList(Security.getProperty("jdk.tls.disabledAlgorithms").split(","));
        }
        Security.setProperty("jdk.tls.disabledAlgorithms", "");
        Security.setProperty("jdk.certpath.disabledAlgorithms", "");
        ArrayList<TlsProfilerResult> arrayList2 = new ArrayList();
        ArrayList<String> arrayList3 = new ArrayList();
        ArrayList<String> arrayList4 = new ArrayList();
        ArrayList<String> arrayList5 = new ArrayList();
        for (String str : Arrays.asList(SSLContext.getDefault().getDefaultSSLParameters().getProtocols())) {
            if (str.contains("SSLv3") || str.contains("TLS")) {
                arrayList5.add(str);
            }
        }
        for (String str2 : arrayList5) {
            SSLContext sSLContext = SSLContext.getInstance(str2);
            sSLContext.init(null, null, null);
            for (String str3 : sSLContext.getSupportedSSLParameters().getCipherSuites()) {
                TlsProfilerResult tlsProfilerResult = new TlsProfilerResult();
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    if (str2.contains((String) it.next())) {
                        tlsProfilerResult.setVulnerable(true);
                    }
                }
                if (tlsProfilerResult.isVulnerable() && !arrayList4.contains(str2)) {
                    arrayList4.add(str2);
                } else if (!tlsProfilerResult.isVulnerable() && !arrayList3.contains(str2)) {
                    arrayList3.add(str2);
                }
                tlsProfilerResult.setProtocol(str2);
                tlsProfilerResult.setCiphersuite(str3);
                Iterator it2 = arrayList.iterator();
                while (it2.hasNext()) {
                    if (str3.contains((String) it2.next())) {
                        tlsProfilerResult.setVulnerable(true);
                    }
                }
                SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
                defaultSSLParameters.setCipherSuites(new String[]{str3});
                SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket(argumentValue, parseInt);
                sSLSocket.setSSLParameters(defaultSSLParameters);
                try {
                    sSLSocket.startHandshake();
                    if (str2.equals(sSLSocket.getSession().getProtocol()) && str3.equals(sSLSocket.getSession().getCipherSuite())) {
                        tlsProfilerResult.setSuccessful(true);
                        arrayList2.add(tlsProfilerResult);
                    } else {
                        arrayList2.add(tlsProfilerResult);
                    }
                } catch (Exception e) {
                    arrayList2.add(tlsProfilerResult);
                }
                sSLSocket.close();
            }
        }
        boolean z = false;
        for (String str4 : arrayList3) {
            String str5 = new String();
            for (TlsProfilerResult tlsProfilerResult2 : arrayList2) {
                if (tlsProfilerResult2.getProtocol().equals(str4) && tlsProfilerResult2.isSuccessful()) {
                    str5 = str5 + tlsProfilerResult2.getCiphersuite() + " ";
                }
            }
            if (!str5.isEmpty()) {
                if (!z) {
                    resultLabel.add("Successful handshakes to the target host and port were made with the following recommended protocol and cipher suites:\n");
                }
                z = true;
                resultLabel.add(str4 + ": " + str5 + "\n");
            }
        }
        if (checkVerboseArgs) {
            boolean z2 = false;
            for (String str6 : arrayList3) {
                String str7 = new String();
                for (TlsProfilerResult tlsProfilerResult3 : arrayList2) {
                    if (tlsProfilerResult3.getProtocol().equals(str6) && !tlsProfilerResult3.isSuccessful()) {
                        str7 = str7 + tlsProfilerResult3.getCiphersuite() + " ";
                    }
                }
                if (!str7.isEmpty()) {
                    if (!z2) {
                        resultLabel.add("Unsuccessful handshakes to the target host and port were made with the following protocol and cipher suites:\n");
                    }
                    z2 = true;
                    resultLabel.add(str6 + ": " + str7 + "\n");
                }
            }
            boolean z3 = false;
            for (String str8 : arrayList4) {
                String str9 = new String();
                for (TlsProfilerResult tlsProfilerResult4 : arrayList2) {
                    if (tlsProfilerResult4.getProtocol().equals(str8) && tlsProfilerResult4.isSuccessful()) {
                        str9 = str9 + tlsProfilerResult4.getCiphersuite() + " ";
                    }
                }
                if (!str9.isEmpty()) {
                    if (!z3) {
                        resultLabel.add("\nWARNING: The following output was generated using protocols and cipher suites which have known security vulnerabilities.\nThis diagnostic tool's runtime does not expose any data, and this result does not indicate a problem.\nThe target host and port supports the following protocols and cipher suites with known security vulnerabilities.\nEnabling any of the following protocols and cipher suites to connect to the target host and port can result in a breach of security.\n");
                    }
                    z3 = true;
                    resultLabel.add(str8 + ": " + str9 + "\n");
                }
            }
            boolean z4 = false;
            for (String str10 : arrayList4) {
                String str11 = new String();
                for (TlsProfilerResult tlsProfilerResult5 : arrayList2) {
                    if (tlsProfilerResult5.getProtocol().equals(str10) && !tlsProfilerResult5.isSuccessful()) {
                        str11 = str11 + tlsProfilerResult5.getCiphersuite() + " ";
                    }
                }
                if (!str11.isEmpty()) {
                    if (!z4) {
                        resultLabel.add("\nWARNING: The following output was generated using protocols and/or cipher suites which have known security vulnerabilities.\nThis diagnostic tool's runtime does not expose any data, and this result does not indicate a problem.\nHowever, it should be noted that the target host and port does not support the following protocols and cipher suites which have known security vulnerabilites.\nEnabling any of the following protocols and cipher suites in order to connect to the target host and port could result in a breach of security.\n");
                    }
                    z4 = true;
                    resultLabel.add(str10 + ": " + str11 + "\n");
                }
            }
        }
        String str12 = "";
        Iterator<String> it3 = resultLabel.iterator();
        while (it3.hasNext()) {
            str12 = str12 + it3.next() + "\n";
        }
        if (generateConfigFileName != null) {
            printStream.println("Writing file to: " + generateConfigFileName.getAbsolutePath());
            this.fileUtility.createParentDirectory(printStream, generateConfigFileName);
            this.fileUtility.writeToFile(printStream2, str12, generateConfigFileName);
        } else {
            printStream.println(str12);
        }
        return SecurityUtilityReturnCodes.OK;
    }

    protected File generateConfigFileName(String str, String str2) {
        if (str2 == null || str2.equals("")) {
            return null;
        }
        File file = new File(str2);
        if (!file.isAbsolute()) {
            file = new File(str + str2);
        }
        if (this.fileUtility.isDirectory(file)) {
            file = new File(file, "tlsProfiler-" + new SimpleDateFormat("yyyy.MM.dd.HH.mm.ss").format(new Date()) + ".txt");
        }
        if (this.fileUtility.exists(file)) {
            String removeExtension = FilenameUtils.removeExtension(file.getPath());
            String extension = FilenameUtils.getExtension(file.getPath());
            int i = 1;
            do {
                file = new File(removeExtension + i + "." + extension);
                i++;
            } while (this.fileUtility.exists(file));
        }
        return file;
    }

    private boolean checkVerboseArgs(String[] strArr) {
        for (String str : strArr) {
            if (str.equalsIgnoreCase(ARG_V) || str.equalsIgnoreCase(ARG_VERBOSE)) {
                return true;
            }
        }
        return false;
    }

    @Override // com.ibm.ws.security.utility.tasks.BaseCommandTask
    boolean isKnownArgument(String str) {
        boolean z = false;
        if (str != null) {
            z = ARG_TABLE.contains(str);
        }
        return z;
    }

    @Override // com.ibm.ws.security.utility.tasks.BaseCommandTask
    void checkRequiredArguments(String[] strArr) {
        String message = strArr.length < 2 ? getMessage("insufficientArgs", new Object[0]) : "";
        boolean z = false;
        boolean z2 = false;
        for (String str : strArr) {
            if (str.startsWith(ARG_PORT)) {
                z = true;
            }
            if (str.startsWith(ARG_HOST)) {
                z2 = true;
            }
        }
        if (!z2) {
            message = message + " " + getMessage("missingArg", ARG_HOST);
        }
        if (!z) {
            message = message + " " + getMessage("missingArg", ARG_PORT);
        }
        if (!message.isEmpty()) {
            throw new IllegalArgumentException(message);
        }
    }

    protected String getArgumentValue(String str, String[] strArr, String str2) {
        for (int i = 1; i < strArr.length; i++) {
            if (strArr[i].split("=")[0].equals(str)) {
                return getValue(strArr[i]);
            }
        }
        return str2;
    }
}
