package com.ibm.eNetwork.security.sso.cms;

import com.ibm.eNetwork.security.sso.Ras;
import com.ibm.hats.runtime.ApplicationSpecificInfo;
import com.ms.win32.winv;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.security.cert.X509Certificate;

/* loaded from: input_file:lib/hodwel.jar:com/ibm/eNetwork/security/sso/cms/DCASConnection.class */
public class DCASConnection implements DCASConstants, TimerEventListener, Runnable {
    private static final String Copyright = "(C) Copyright IBM Corp. 2003.";
    private static final String className = "com.ibm.eNetwork.security.sso.cms.DCASConnection";
    private static final int USE_DEFAULT_PORT = 0;
    private InetAddress serverAddress;
    private int serverPort;
    private boolean usingSSL;
    private DCASEventListener listener;
    private TimerService timer;
    private Socket socket;
    private DataOutputStream toHost;
    private DataInputStream fromHost;
    private Thread receiveThread;
    private boolean connectionActive;
    private SSLContext sslContext;
    private int correlator = 0;
    private Hashtable requests = new Hashtable();
    private int requestsReceived = 0;
    private int requestsSent = 0;
    private int responsesReceived = 0;
    private int passticketsReceived = 0;
    private int responseTimeouts = 0;
    private long timeLastUsed = System.currentTimeMillis();
    private final long INACTIVITY_TIMEOUT = 600000;
    private boolean serverTrusted = false;
    private boolean validCertificate = false;

    public void setServerAddress(InetAddress inetAddress) {
        this.serverAddress = inetAddress;
    }

    public InetAddress getServerAddress() {
        return this.serverAddress;
    }

    public void setServerPort(int i) {
        this.serverPort = i == 0 ? 8990 : i;
    }

    public int getServerPort() {
        return this.serverPort;
    }

    private String getHostAndPort() {
        return new StringBuffer().append(getServerAddress().getHostName()).append(":").append(getServerPort()).toString();
    }

    private String getHostName() {
        return getServerAddress().getHostName();
    }

    public void setUsingSSL(boolean z) {
        this.usingSSL = z;
    }

    public boolean isUsingSSL() {
        return this.usingSSL;
    }

    public void setListener(DCASEventListener dCASEventListener) {
        this.listener = dCASEventListener;
    }

    public DCASEventListener getListener() {
        return this.listener;
    }

    public DCASConnection(DCASPassticketRequest dCASPassticketRequest, boolean z, DCASEventListener dCASEventListener, ThreadGroup threadGroup) throws DCASException {
        this.connectionActive = false;
        if (DCASClient.traceLevel >= 2) {
            Ras.traceEntry(className, "<init>", dCASPassticketRequest);
        }
        this.timer = TimerService.getInstance();
        setListener(dCASEventListener);
        setServerAddress(dCASPassticketRequest.getServerAddress());
        setServerPort(dCASPassticketRequest.getServerPort());
        setUsingSSL(z);
        this.socket = getSocket();
        try {
            this.toHost = new DataOutputStream(new BufferedOutputStream(this.socket.getOutputStream()));
            this.fromHost = new DataInputStream(new BufferedInputStream(this.socket.getInputStream()));
            this.connectionActive = true;
            this.receiveThread = new Thread(threadGroup, this);
            this.receiveThread.start();
            if (DCASClient.traceLevel >= 2) {
                Ras.traceExit(className, "<init>");
            }
        } catch (IOException e) {
            close();
            Ras.logMessage(2, className, "(init)", "DCAS_IO_ERROR", getHostAndPort());
            throw new DCASException("I/O exception opening DCAS connection streams", e, "DCAS_IO_ERROR", new String[]{getHostAndPort()});
        }
    }

    public DCASConnection selfTest() {
        if (DCASClient.traceLevel >= 2) {
            Ras.traceEntry(className, "selfTest");
        }
        DCASConnection dCASConnection = this;
        try {
            this.fromHost.available();
            if (DCASClient.traceLevel >= 2) {
                Ras.logMessage(0, className, "selfTest", "Checking INACTIVITY_TIMEOUT");
            }
            if (System.currentTimeMillis() - this.timeLastUsed > 600000) {
                if (DCASClient.traceLevel >= 2) {
                    Ras.logMessage(0, className, "selfTest", "INACTIVITY_TIMEOUT, Closing this connection");
                }
                close();
                dCASConnection = null;
            }
        } catch (IOException e) {
            if (DCASClient.traceLevel >= 2) {
                Ras.traceException(e, className, "selfTest");
            }
            close();
            dCASConnection = null;
        }
        if (DCASClient.traceLevel >= 2) {
            Ras.traceExit(className, "selfTest", dCASConnection);
        }
        return dCASConnection;
    }

    public void request(DCASPassticketRequest dCASPassticketRequest) throws DCASException {
        if (DCASClient.traceLevel >= 2) {
            Ras.traceEntry(className, "request", dCASPassticketRequest);
        }
        synchronized (this) {
            this.requestsReceived++;
            dCASPassticketRequest.send(this.toHost);
            this.requestsSent++;
            dCASPassticketRequest.setTimer(this.timer.startTimer(dCASPassticketRequest.getTimeout(), new Integer(dCASPassticketRequest.getCorrelator()), this));
            this.requests.put(new Integer(dCASPassticketRequest.getCorrelator()), dCASPassticketRequest);
            notify();
        }
        if (DCASClient.traceLevel >= 2) {
            Ras.traceExit(className, "request");
        }
    }

    private Socket getSocket() throws DCASException {
        if (this.socket == null) {
            if (DCASClient.traceLevel >= 2) {
                Ras.traceEntry(className, "getSocket");
            }
            if (isUsingSSL()) {
                this.socket = createSecureSocket();
            } else {
                try {
                    this.socket = new Socket(this.serverAddress, this.serverPort);
                } catch (IOException e) {
                    Ras.logMessage(2, className, "getSocket", "DCAS_IO_ERROR", getHostAndPort());
                    throw new DCASException("Cannot get non-secure socket", e, "DCAS_IO_ERROR", new String[]{getHostAndPort()});
                }
            }
            StringBuffer stringBuffer = new StringBuffer(new StringBuffer().append("Opened ").append(this.socket).toString());
            if (isUsingSSL()) {
                stringBuffer.append(new StringBuffer().append(" \n\tusing cipher suite ").append(((SSLSocket) this.socket).getSession().getCipherSuite()).toString());
            }
            if (DCASClient.traceLevel >= 2) {
                Ras.traceExit(className, "getSocket", stringBuffer.toString());
            }
        }
        return this.socket;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // java.lang.Runnable
    public void run() {
        if (DCASClient.traceLevel >= 2) {
            Ras.traceEntry(className, "run");
        }
        while (this.connectionActive) {
            try {
                while (this.requests.size() > 0) {
                    processResponse();
                }
                synchronized (this) {
                    if (this.requests.size() == 0) {
                        if (DCASClient.traceLevel >= 2) {
                            Ras.logMessage(0, className, "run", "DCAS_RECEIVE_THREAD_WAITING");
                        }
                        try {
                            wait();
                        } catch (InterruptedException e) {
                        }
                    }
                }
            } catch (Throwable th) {
                close();
            }
        }
        if (DCASClient.traceLevel >= 2) {
            Ras.traceExit(className, "run");
        }
    }

    void processResponse() throws DCASException {
        DCASPassticketRequest dCASPassticketRequest;
        try {
            if (DCASClient.traceLevel >= 2) {
                Ras.traceEntry(className, "processResponse", new Object[]{this, new Integer(this.fromHost.available())});
            }
            DCASPassticketResponse read = DCASPassticketResponse.read(this.fromHost);
            this.timeLastUsed = System.currentTimeMillis();
            if (DCASClient.traceLevel >= 4) {
                Ras.trace(className, "processResponse", new StringBuffer().append("Response correlator [").append(read.getCorrelator()).append(ApplicationSpecificInfo.COMPOSITE_APPID_FINAL_SEPARATOR).toString());
            }
            synchronized (this) {
                dCASPassticketRequest = (DCASPassticketRequest) this.requests.remove(new Integer(read.getCorrelator()));
                if (dCASPassticketRequest != null) {
                    this.timer.stopTimer(dCASPassticketRequest.getTimer());
                }
            }
            if (dCASPassticketRequest != null) {
                if (DCASClient.traceLevel >= 4) {
                    Ras.trace(className, "processResponse", new StringBuffer().append("Request correlator [").append(dCASPassticketRequest.getCorrelator()).append("], Response correlator[").append(read.getCorrelator()).append(ApplicationSpecificInfo.COMPOSITE_APPID_FINAL_SEPARATOR).toString());
                }
                if (read.getRc() != 0) {
                    logDCASError(read);
                }
                dCASPassticketRequest.respond(read);
                this.responsesReceived++;
                if (read.getRc() == 0) {
                    this.passticketsReceived++;
                }
            }
            if (DCASClient.traceLevel >= 2) {
                Ras.traceExit(className, "processResponse");
            }
        } catch (IOException e) {
            Ras.logMessage(2, className, "processResponse", "DCAS_IO_RECEIVE_ERROR", getHostAndPort());
            throw new DCASException("I/O Error receiving data from DCAS", e, "DCAS_IO_RECEIVE_ERROR", new String[]{getHostAndPort()});
        }
    }

    void failAllRequests() {
        if (DCASClient.traceLevel >= 2) {
            Ras.traceEntry(className, "failAllRequests");
        }
        Vector vector = new Vector();
        synchronized (this) {
            Enumeration elements = this.requests.elements();
            while (elements.hasMoreElements()) {
                DCASPassticketRequest dCASPassticketRequest = (DCASPassticketRequest) elements.nextElement();
                this.timer.stopTimer(dCASPassticketRequest.getTimer());
                vector.addElement(dCASPassticketRequest);
            }
            this.requests.clear();
        }
        if (DCASClient.traceLevel >= 4) {
            Ras.trace(className, "failAllRequests", new StringBuffer().append("Alert the ").append(vector.size()).append(" failed requests.").toString());
        }
        if (!vector.isEmpty()) {
            Enumeration elements2 = vector.elements();
            while (elements2.hasMoreElements()) {
                DCASPassticketRequest dCASPassticketRequest2 = (DCASPassticketRequest) elements2.nextElement();
                if (DCASClient.traceLevel >= 4) {
                    Ras.trace(className, "failAllRequests", new StringBuffer().append("Alert failed request with correlator[").append(dCASPassticketRequest2.getCorrelator()).append(ApplicationSpecificInfo.COMPOSITE_APPID_FINAL_SEPARATOR).toString());
                }
                dCASPassticketRequest2.respond(new DCASPassticketResponse(-1, dCASPassticketRequest2.getCorrelator()));
            }
            vector.removeAllElements();
        }
        if (DCASClient.traceLevel >= 4) {
            Ras.trace(className, "failAllRequests", "All outstanding requests have been failed.");
        }
        getListener().connectionClosed(this);
        if (DCASClient.traceLevel >= 2) {
            Ras.traceExit(className, "failAllRequests");
        }
    }

    public void close() {
        if (DCASClient.traceLevel >= 1) {
            Ras.traceEntry(className, "close");
        }
        this.connectionActive = false;
        failAllRequests();
        if (this.socket != null) {
            try {
                this.socket.close();
            } catch (IOException e) {
            }
        }
        if (DCASClient.traceLevel >= 1) {
            Ras.traceExit(className, "close", new StringBuffer().append("Closed ").append(this.socket).append("\n\tStatistics: ").append(this.requestsSent).append(" of ").append(this.requestsReceived).append(" sent; got ").append(this.passticketsReceived).append(" of ").append(this.responsesReceived).append(" tickets; ").append(this.responseTimeouts).append(" timeouts.").toString());
        }
    }

    @Override // com.ibm.eNetwork.security.sso.cms.TimerEventListener
    public void timerPop(TimerElement timerElement) {
        DCASPassticketRequest dCASPassticketRequest;
        if (DCASClient.traceLevel >= 2) {
            Ras.traceEntry(className, "timerPop");
        }
        synchronized (this) {
            dCASPassticketRequest = (DCASPassticketRequest) this.requests.remove(timerElement.getObject());
        }
        if (dCASPassticketRequest != null) {
            dCASPassticketRequest.respond(new DCASPassticketResponse(-2, dCASPassticketRequest.getCorrelator()));
            this.responseTimeouts++;
        }
        if (DCASClient.traceLevel >= 2) {
            Ras.traceExit(className, "timerPop");
        }
    }

    private SSLContext getSSLContext() throws DCASException {
        if (this.sslContext == null) {
            initContext(DCASClient.traceLevel >= 1);
        }
        return this.sslContext;
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:41:0x024e
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    void initContext(boolean r7) throws com.ibm.eNetwork.security.sso.cms.DCASException {
        /*
            Method dump skipped, instructions count: 600
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.eNetwork.security.sso.cms.DCASConnection.initContext(boolean):void");
    }

    private InputStream getCustomizedCAs() throws Exception {
        DCASPassticketManager dCASPassticketManager = DCASPassticketManager.getInstance();
        if (dCASPassticketManager.getUsingDefaultTrust()) {
            return null;
        }
        if (dCASPassticketManager.isUsingDefaultKeys()) {
            dCASPassticketManager.setTrustStoreName(DCASConstants.DEFAULT_BUILTIN_KEYRING_FILE_NAME);
            dCASPassticketManager.setTrustStoreType(DCASClient.TRUSTSTORE_TYPE_PKCS12);
            String wellKnownTrustedCAsPassword = dCASPassticketManager.getWellKnownTrustedCAsPassword();
            if (wellKnownTrustedCAsPassword == null || wellKnownTrustedCAsPassword.trim().equals("")) {
                wellKnownTrustedCAsPassword = "hod";
            }
            dCASPassticketManager.setTrustStorePassword(wellKnownTrustedCAsPassword);
        }
        String trustStoreName = dCASPassticketManager.getTrustStoreName();
        if (trustStoreName == null || trustStoreName.trim().equals("") || dCASPassticketManager.getTrustStorePassword() == null || dCASPassticketManager.getTrustStorePassword().trim().equals("") || dCASPassticketManager.getTrustStoreType() == null || dCASPassticketManager.getTrustStoreType().trim().equals("")) {
            return null;
        }
        try {
            return new FileInputStream(new File(trustStoreName));
        } catch (Exception e) {
            e.printStackTrace();
            Ras.logException(e, className, "getCustomizedCAs");
            return null;
        }
    }

    public String toString() {
        return new StringBuffer().append("DCASConnection[ To(").append(this.serverAddress).append(":").append(this.serverPort).append(") Corr(").append(this.correlator).append(")]").toString();
    }

    public void setServerTrusted(boolean z) {
        this.serverTrusted = z;
    }

    public boolean isServerTrusted() {
        return this.serverTrusted;
    }

    public void setValidCertificate(boolean z) {
        this.validCertificate = z;
    }

    public boolean hasValidCertificate() {
        return this.validCertificate;
    }

    public Socket createSecureSocket() throws DCASException {
        SSLSocket sSLSocket;
        if (DCASClient.traceLevel >= 2) {
            Ras.traceEntry(className, "createSecureSocket");
        }
        try {
            getSSLContext();
            Socket socket = new Socket(getServerAddress(), getServerPort());
            if (this.sslContext != null) {
                sSLSocket = (SSLSocket) this.sslContext.getSocketFactory().createSocket(socket, getServerAddress().toString(), getServerPort(), true);
                sSLSocket.startHandshake();
            } else {
                sSLSocket = (SSLSocket) ((SSLSocketFactory) SSLSocketFactory.getDefault()).createSocket(socket, getServerAddress().toString(), getServerPort(), true);
                sSLSocket.startHandshake();
            }
            if (DCASPassticketManager.getInstance().doServerAuthentication()) {
                boolean z = false;
                X509Certificate[] x509CertificateArr = null;
                try {
                    x509CertificateArr = sSLSocket.getSession().getPeerCertificateChain();
                } catch (SSLPeerUnverifiedException e) {
                    Ras.logException(e, className, "createSecureSocket");
                }
                if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                    try {
                        sSLSocket.close();
                    } catch (IOException e2) {
                    }
                    Ras.logMessage(2, className, "createSecureSocket", "DCAS_PEER_MISSING_CERT_CHAIN", getHostAndPort());
                    throw new DCASException("Missing server certificate chain", "DCAS_PEER_MISSING_CERT_CHAIN", new String[]{getHostAndPort()});
                }
                String name = x509CertificateArr[0].getSubjectDN().getName();
                String str = null;
                int indexOf = name.indexOf("CN=");
                if (indexOf != -1) {
                    int indexOf2 = name.indexOf(",", indexOf);
                    str = indexOf2 == -1 ? name.substring(indexOf + 3).trim() : name.substring(indexOf + 3, indexOf2).trim();
                }
                if (null == str) {
                    try {
                        sSLSocket.close();
                    } catch (IOException e3) {
                    }
                    Ras.logMessage(2, className, "createSecureSocket", "DCAS_PEER_COMMON_NAME_NULL", getHostAndPort());
                    throw new DCASException("Server common name is null", "DCAS_PEER_COMMON_NAME_NULL", new String[]{getHostAndPort()});
                }
                try {
                    InetAddress[] allByName = InetAddress.getAllByName(str);
                    try {
                        InetAddress[] allByName2 = InetAddress.getAllByName(getHostName());
                        for (int i = 0; i < allByName.length && !z; i++) {
                            for (int i2 = 0; i2 < allByName2.length && !z; i2++) {
                                if (allByName2[i2].equals(allByName[i])) {
                                    z = true;
                                }
                            }
                        }
                        if (!z) {
                            try {
                                sSLSocket.close();
                            } catch (IOException e4) {
                            }
                            Ras.logMessage(2, className, "createSecureSocket", "DCAS_PEER_SOCKET_MISMATCH", getHostAndPort());
                            throw new DCASException("Server socket address does not match peer common name", "DCAS_PEER_SOCKET_MISMATCH", new String[]{getHostAndPort()});
                        }
                    } catch (UnknownHostException e5) {
                        try {
                            sSLSocket.close();
                        } catch (IOException e6) {
                        }
                        Ras.logMessage(2, className, "createSecureSocket", "DCAS_PEER_SOCKET_NO_ADDRESS", getHostAndPort());
                        throw new DCASException("Server socket has no address", e5, "DCAS_PEER_SOCKET_NO_ADDRESS", new String[]{getHostAndPort()});
                    }
                } catch (UnknownHostException e7) {
                    try {
                        sSLSocket.close();
                    } catch (IOException e8) {
                    }
                    Ras.logMessage(2, className, "createSecureSocket", "DCAS_PEER_NO_ADDRESS", getHostAndPort());
                    throw new DCASException("Server common name has no address", e7, "DCAS_PEER_NO_ADDRESS", new String[]{getHostAndPort()});
                }
            }
            if (DCASClient.traceLevel >= 2) {
                Ras.traceExit(className, "createSecureSocket");
            }
            return sSLSocket;
        } catch (UnknownHostException e9) {
            Ras.logMessage(2, className, "createSecureSocket", "DCAS_UNKNOWN_DCAS_SERVER", getHostAndPort());
            throw new DCASException("Passticket server host is unknown", e9, "DCAS_UNKNOWN_DCAS_SERVER", new String[]{getHostAndPort()});
        } catch (SSLException e10) {
            Ras.logMessage(2, className, "createSecureSocket", "DCAS_CANNOT_TALK_TO_DCAS", getHostAndPort());
            throw new DCASException("Cannot create socket to the passticket server", e10, "DCAS_CANNOT_TALK_TO_DCAS", new String[]{getHostAndPort()}).log(className, "createSecureSocket");
        } catch (IOException e11) {
            Ras.logMessage(2, className, "createSecureSocket", "DCAS_IO_ERROR", getHostAndPort());
            throw new DCASException("I/O error opening socket to passticket server", e11, "DCAS_IO_ERROR", new String[]{getHostAndPort()});
        }
    }

    public void logDCASError(DCASPassticketResponse dCASPassticketResponse) {
        String str = null;
        switch (dCASPassticketResponse.getDcasRC()) {
            case 250:
                str = "DCAS_FA_INTERNAL_ERROR";
                break;
            case winv.VK_ZOOM /* 251 */:
                str = "DCAS_FB_PASSTICKET_GEN_FAILED";
                break;
            case 252:
            case 254:
            case 255:
                if (dCASPassticketResponse.getDcasRC1() == 8 && dCASPassticketResponse.getDcasRC2() == 8) {
                    switch (dCASPassticketResponse.getDcasRC3()) {
                        case 4:
                            str = "DCAS_PARAMETER_LIST_ERROR";
                            break;
                        case 8:
                            str = "DCAS_INTERNAL_RACF_ERROR";
                            break;
                        case 16:
                            str = "DCAS_USERID_NOT_DEFINED";
                            break;
                        case 20:
                            str = "DCAS_PASSTICKET_NOT_VALID";
                            break;
                        case 24:
                            str = "DCAS_PASSWORD_EXPIRED";
                            break;
                        case 28:
                            str = "DCAS_USERID_REVOKED";
                            break;
                        case 32:
                            str = "DCAS_USER_UNAUTHORIZED";
                            break;
                        case 36:
                            str = "DCAS_CERTIFICATE_NOT_VALID";
                            break;
                        case 40:
                            str = "DCAS_NOTRUST_USERID";
                            break;
                    }
                }
                if (str == null) {
                    switch (dCASPassticketResponse.getDcasRC()) {
                        case 252:
                            str = "DCAS_FC_CERTIFICATE_CHECK";
                            break;
                        case 254:
                            str = "DCAS_FE_CLIENT_AUTH2_FAILED";
                            break;
                        case 255:
                            str = "DCAS_FF_CLIENT_AUTH1_FAILED";
                            break;
                    }
                }
                break;
            case winv.VK_PA1 /* 253 */:
                str = "DCAS_FD_INVALID_INPUT";
                break;
        }
        if (str == null) {
            str = "DCAS_PASSTICKET_REQUEST_ERROR";
        }
        String[] strArr = {String.valueOf((int) dCASPassticketResponse.getDcasRC()), String.valueOf(dCASPassticketResponse.getDcasRC1()), String.valueOf(dCASPassticketResponse.getDcasRC2()), String.valueOf(dCASPassticketResponse.getDcasRC3())};
        if (DCASClient.traceLevel >= 1) {
            Ras.logMessage(2, className, "logDCASError", str, strArr);
        }
    }
}
