package com.ibm.mq;

import com.ibm.mqservices.MQInternalException;
import com.ibm.mqservices.Trace;
import java.io.IOException;
import java.net.BindException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.Provider;
import java.security.Security;
import java.util.Collection;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.security.cert.X509Certificate;

/* JADX WARN: Classes with same name are omitted:
  input_file:MQLib/com.ibm.mq.jar:com/ibm/mq/SSLHelper.class
 */
/* loaded from: input_file:ScribbleSrc.zip:MQLib/com.ibm.mq.jar:com/ibm/mq/SSLHelper.class */
public class SSLHelper implements HandshakeCompletedListener {
    public static final String CLSNAME = "SSLHelper";
    private static final String sccsid = "@(#) javabase/com/ibm/mq/SSLHelper.java, java, j600, j600-200-060630 1.29.1.6 06/01/06 08:51:59";
    private static final String copyright_notice = "Licensed Materials - Property of IBM 5724-H72, 5655-L82, 5724-L26     (c) Copyright IBM Corp. 2002, 2005 All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    X509Certificate serverCert = null;
    boolean certSet = false;
    static X509Certificate[] certs;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Socket createSSLSocket(String str, int i, String str2, String str3, Collection collection, Object obj, MQInternalCommunications mQInternalCommunications) throws MQException {
        try {
            try {
                if (Trace.isOn()) {
                    Trace.entry(CLSNAME, "createSSLSocket");
                    Trace.trace(CLSNAME, new StringBuffer().append("peername = '").append(str3).append("'").toString());
                    Trace.trace(CLSNAME, new StringBuffer().append("certStores = ").append(collection).toString());
                    Trace.trace(CLSNAME, new StringBuffer().append("sslSocketFactory = ").append(obj).toString());
                }
                SSLSocketFactory chooseSocketFactory = chooseSocketFactory(obj);
                if (Trace.isOn()) {
                    Trace.trace(CLSNAME, "creating SSL socket");
                }
                SSLSocket createSSLSocketInstance = createSSLSocketInstance(str, i, chooseSocketFactory, false, null, 0);
                boolean booleanValue = MQInternalCommunications.inFipsMode.booleanValue();
                mQInternalCommunications.channelDefinition.sslPeerName = configureSSLSocket(createSSLSocketInstance, str2, str3, collection, booleanValue);
                if (Trace.isOn()) {
                    Trace.exit(CLSNAME, "createSSLSocket");
                }
                return createSSLSocketInstance;
            } catch (BindException e) {
                throw new MQException(2, MQException.MQRC_Q_MGR_NOT_AVAILABLE, "static method in SSL code", 54, str);
            }
        } catch (Throwable th) {
            if (Trace.isOn()) {
                Trace.exit(CLSNAME, "createSSLSocket");
            }
            throw th;
        }
    }

    public static SSLSocket createSSLSocket(String str, int i, String str2, String str3, Collection collection, Object obj, Socket socket, boolean z, boolean z2) throws MQException {
        try {
            if (Trace.isOn()) {
                Trace.entry(CLSNAME, "createSSLSocket");
                Trace.trace(CLSNAME, new StringBuffer().append("peername = '").append(str3).append("'").toString());
                Trace.trace(CLSNAME, new StringBuffer().append("certStores = ").append(collection).toString());
                Trace.trace(CLSNAME, new StringBuffer().append("sslSocketFactory = ").append(obj).toString());
                Trace.trace(CLSNAME, new StringBuffer().append("clientAuth = ").append(z).toString());
                Trace.trace(CLSNAME, new StringBuffer().append("asServer = ").append(z2).toString());
            }
            SSLSocketFactory chooseSocketFactory = chooseSocketFactory(obj);
            if (Trace.isOn()) {
                Trace.trace(CLSNAME, "creating SSL socket from non-SSL one");
            }
            try {
                SSLSocket sSLSocket = (SSLSocket) chooseSocketFactory.createSocket(socket, str, i, false);
                sSLSocket.setNeedClientAuth(z);
                sSLSocket.setUseClientMode(!z2);
                configureSSLSocket(sSLSocket, str2, str3, collection, MQInternalCommunications.inFipsMode.booleanValue());
                if (Trace.isOn()) {
                    Trace.exit(CLSNAME, "createSSLSocket");
                }
                return sSLSocket;
            } catch (IOException e) {
                MQException mQException = new MQException(2, MQException.MQRC_JSSE_ERROR, "static method in SSL code", 71);
                mQException.initCause(e);
                throw mQException;
            }
        } catch (Throwable th) {
            if (Trace.isOn()) {
                Trace.exit(CLSNAME, "createSSLSocket");
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Socket createExplicitSSLSocket(String str, int i, String str2, String str3, Collection collection, Object obj, MQInternalCommunications mQInternalCommunications, InetAddress inetAddress, int i2, int i3, int i4) throws MQException {
        if (Trace.isOn()) {
            Trace.entry(CLSNAME, "createExplicitSSLSocket");
        }
        int i5 = 0;
        SSLSocketFactory chooseSocketFactory = chooseSocketFactory(obj);
        while (i5 <= i3 - i2) {
            try {
                if (Trace.isOn()) {
                    Trace.trace(2, CLSNAME, new StringBuffer().append("Try to create SSL socket bound locally to ").append(inetAddress).append(", port ").append(i4).toString());
                }
                FWHelper.debug(new StringBuffer().append("Try to create SSL socket bound locally to ").append(inetAddress).append(", port ").append(i4).toString());
                SSLSocket createSSLSocketInstance = createSSLSocketInstance(str, i, chooseSocketFactory, true, inetAddress, i4);
                if (createSSLSocketInstance != null) {
                    String stringBuffer = new StringBuffer().append("SSLSocket created OK: ").append(inetAddress).append(", local port ").append(createSSLSocketInstance.getLocalPort()).toString();
                    if (Trace.isOn()) {
                        Trace.trace(2, CLSNAME, stringBuffer);
                    }
                    FWHelper.debug(stringBuffer);
                    mQInternalCommunications.channelDefinition.sslPeerName = configureSSLSocket(createSSLSocketInstance, str2, str3, collection, MQInternalCommunications.inFipsMode.booleanValue());
                } else if (Trace.isOn()) {
                    Trace.trace(2, CLSNAME, "SSLSocket create failed - null returned.");
                }
                if (Trace.isOn()) {
                    Trace.exit(CLSNAME, "createExplicitSSLSocket (success)");
                }
                return createSSLSocketInstance;
            } catch (BindException e) {
                if (Trace.isOn()) {
                    Trace.trace(2, CLSNAME, new StringBuffer().append("Socket created failed due to bind exception (see below): ").append(inetAddress).append(", port ").append(i4).toString());
                }
                if (Trace.isOn()) {
                    Trace.trace(2, CLSNAME, new StringBuffer().append("BindException: ").append(e.getMessage()).toString());
                }
                FWHelper.debug(new StringBuffer().append("BindException: ").append(inetAddress).append(", port ").append(i4).toString());
                i4++;
                i5++;
                if (i4 > i3) {
                    i4 = i2;
                }
            }
        }
        FWHelper.debug("Failed to create socket matching firewall properties.");
        MQInternalException mQInternalException = new MQInternalException(2, MQException.MQRC_Q_MGR_NOT_AVAILABLE, 125);
        if (Trace.isOn()) {
            Trace.exit(CLSNAME, "createExplicitSSLSocket (failed)");
        }
        throw mQInternalException;
    }

    private static SSLSocketFactory chooseSocketFactory(Object obj) throws MQException {
        SSLSocketFactory sSLSocketFactory;
        if (MQInternalCommunications.inFipsMode.booleanValue()) {
            if (Trace.isOn) {
                Trace.trace(2, CLSNAME, "FIPS mode has been selected");
            }
            System.setProperty("com.ibm.jsse2.JSSEFIPS", "true");
            try {
                Class.forName("com.ibm.jsse2.IBMJSSEProvider2");
                String implementationVersion = Package.getPackage("com.ibm.jsse2").getImplementationVersion();
                int indexOf = implementationVersion.indexOf("_");
                String str = null;
                if (indexOf != -1) {
                    str = implementationVersion.substring(indexOf + 1);
                }
                int i = 0;
                if (str != null && !str.equals("")) {
                    i = Integer.parseInt(str);
                }
                if (Trace.isOn) {
                    Trace.trace(2, CLSNAME, new StringBuffer().append("JSSE VERSION: ").append(i).toString());
                }
                if (i >= 20041026) {
                    if (Trace.isOn) {
                        Trace.trace(2, CLSNAME, "SR1a or greater available");
                    }
                    Security.insertProviderAt((Provider) Class.forName("com.ibm.crypto.fips.provider.IBMJCEFIPS").newInstance(), 1);
                    sSLSocketFactory = (SSLSocketFactory) Class.forName("com.ibm.jsse2.SSLSocketFactoryImpl").newInstance();
                    if (Trace.isOn) {
                        Trace.trace(2, CLSNAME, "Using JSSE2 for FIPS");
                    }
                } else {
                    if (Trace.isOn) {
                        Trace.trace(2, CLSNAME, "1.4.2 or lower available");
                    }
                    try {
                        sSLSocketFactory = (SSLSocketFactory) Class.forName("com.ibm.fips.jsse.JSSESocketFactory").newInstance();
                        if (Trace.isOn) {
                            Trace.trace(2, CLSNAME, "Using old JSSE for FIPS");
                        }
                    } catch (Exception e) {
                        if (Trace.isOn) {
                            Trace.trace(2, CLSNAME, "JVM does not contain a FIPS compliant JSSE");
                        }
                        throw new MQException(2, MQException.MQRC_SSL_INITIALIZATION_ERROR, CLSNAME);
                    }
                }
            } catch (Exception e2) {
                if (Trace.isOn) {
                    Trace.trace(2, CLSNAME, "1.4.2 or lower available");
                }
                try {
                    sSLSocketFactory = (SSLSocketFactory) Class.forName("com.ibm.fips.jsse.JSSESocketFactory").newInstance();
                    if (Trace.isOn) {
                        Trace.trace(2, CLSNAME, "Using old JSSE for FIPS");
                    }
                } catch (Exception e3) {
                    if (Trace.isOn) {
                        Trace.trace(2, CLSNAME, "JVM does not contain a FIPS compliant JSSE");
                    }
                    throw new MQException(2, MQException.MQRC_SSL_INITIALIZATION_ERROR, CLSNAME);
                }
            }
        } else if (obj == null) {
            if (Trace.isOn()) {
                Trace.trace(2, CLSNAME, "using default SSLSocketFactory");
            }
            sSLSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
        } else {
            if (!(obj instanceof SSLSocketFactory)) {
                throw new MQException(2, 2046, Thread.currentThread(), 120, "sslSocketFactory");
            }
            if (Trace.isOn()) {
                Trace.trace(2, CLSNAME, "using supplied SSLSocketFactory");
            }
            sSLSocketFactory = (SSLSocketFactory) obj;
        }
        return sSLSocketFactory;
    }

    private static SSLSocket createSSLSocketInstance(String str, int i, SSLSocketFactory sSLSocketFactory, boolean z, InetAddress inetAddress, int i2) throws MQException, BindException {
        try {
            return !z ? (SSLSocket) sSLSocketFactory.createSocket(str, i) : (SSLSocket) sSLSocketFactory.createSocket(str, i, inetAddress, i2);
        } catch (BindException e) {
            if (z) {
                throw e;
            }
            throw new MQException(2, MQException.MQRC_Q_MGR_NOT_AVAILABLE, "static method in SSL code", 54, str);
        } catch (UnknownHostException e2) {
            throw new MQException(2, MQException.MQRC_Q_MGR_NOT_AVAILABLE, "static method in SSL code", 53, str);
        } catch (SSLProtocolException e3) {
            MQException mQException = new MQException(2, MQException.MQRC_JSSE_ERROR, "static method in SSL code", 52);
            mQException.initCause(e3);
            throw mQException;
        } catch (SSLException e4) {
            MQException mQException2 = new MQException(2, MQException.MQRC_JSSE_ERROR, "static method in SSL code.");
            mQException2.initCause(e4);
            throw mQException2;
        } catch (IOException e5) {
            throw new MQException(2, MQException.MQRC_Q_MGR_NOT_AVAILABLE, "static method in SSL code", 54, str);
        }
    }

    private static String configureSSLSocket(SSLSocket sSLSocket, String str, String str2, Collection collection, boolean z) throws MQException {
        if (Trace.isOn()) {
            Trace.trace(CLSNAME, new StringBuffer().append("setting enabled cipher suites to '").append(str).append("'").toString());
        }
        try {
            sSLSocket.setEnabledCipherSuites(new String[]{str});
            String substring = str.substring(0, 3);
            String[] strArr = new String[1];
            if (z || substring.equals("TLS")) {
                strArr[0] = "TLSv1";
                if (Trace.isOn) {
                    Trace.trace(CLSNAME, "Setting protocol to TLSv1");
                }
            } else {
                strArr[0] = "SSLv3";
                if (Trace.isOn) {
                    Trace.trace(CLSNAME, "Setting protocol to SSLv3");
                }
            }
            if (Trace.isOn) {
                String[] supportedProtocols = sSLSocket.getSupportedProtocols();
                String str3 = new String();
                for (String str4 : supportedProtocols) {
                    str3 = new StringBuffer().append(str3).append(str4).append(", ").toString();
                }
                Trace.trace(CLSNAME, new StringBuffer().append("Supported Protocols are ").append(str3).toString());
            }
            sSLSocket.setEnabledProtocols(strArr);
            SSLHelper sSLHelper = new SSLHelper();
            sSLSocket.addHandshakeCompletedListener(sSLHelper);
            if (Trace.isOn()) {
                Trace.trace(CLSNAME, "calling startHandshake");
            }
            try {
                sSLSocket.startHandshake();
                String name = sSLHelper.getServerCert().getSubjectDN().getName();
                if (str2 != null && !str2.equals("")) {
                    if (Trace.isOn()) {
                        Trace.trace(CLSNAME, "checking peername");
                    }
                    PeerName peerName = new PeerName(str2, true);
                    PeerName peerName2 = new PeerName(name, false);
                    if (!peerName.isMatchingPeerName(peerName2)) {
                        if (Trace.isOn()) {
                            Trace.trace(CLSNAME, new StringBuffer().append("peerName ").append(peerName.getDN()).append(" doesn't match ").append(peerName2.getDN()).toString());
                        }
                        try {
                            sSLSocket.close();
                            throw new MQException(2, MQException.MQRC_SSL_PEER_NAME_MISMATCH, "static method in SSL code", 121, peerName.getDN(), peerName2.getDN());
                        } catch (IOException e) {
                            throw new MQException(2, MQException.MQRC_Q_MGR_NOT_AVAILABLE, "static method in SSL code", 54);
                        }
                    }
                    if (Trace.isOn()) {
                        Trace.trace(CLSNAME, "peerName matches");
                    }
                }
                if (collection != null) {
                    SSLCRLHelper.check(certs[0], collection);
                }
                return name;
            } catch (SSLException e2) {
                MQException mQException = new MQException(2, MQException.MQRC_JSSE_ERROR, "static method in SSL code", 98);
                mQException.initCause(e2);
                throw mQException;
            } catch (IOException e3) {
                MQException mQException2 = new MQException(2, MQException.MQRC_JSSE_ERROR, "static method in SSL code", 71);
                mQException2.initCause(e3);
                throw mQException2;
            }
        } catch (IllegalArgumentException e4) {
            throw new MQException(2, MQException.MQRC_UNSUPPORTED_CIPHER_SUITE, "static method in SSL code", 52);
        }
    }

    @Override // javax.net.ssl.HandshakeCompletedListener
    public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
        try {
            try {
                if (Trace.isOn()) {
                    Trace.entry(this, "handshakeCompleted");
                    Trace.trace(this, new StringBuffer().append("event: ").append(handshakeCompletedEvent).toString());
                }
                certs = handshakeCompletedEvent.getPeerCertificateChain();
                if (certs == null || certs.length <= 0) {
                    if (Trace.isOn()) {
                        Trace.trace(this, "no peer certificates");
                    }
                    setServerCert(null);
                } else {
                    setServerCert(certs[0]);
                    certs[0].getIssuerDN().getName();
                    if (Trace.isOn()) {
                        Trace.trace(CLSNAME, new StringBuffer().append("Remote peer name = ").append(certs[0].getSubjectDN()).toString());
                        Trace.trace(CLSNAME, new StringBuffer().append("Remote issuer    = ").append(certs[0].getIssuerDN()).toString());
                    }
                }
                if (Trace.isOn()) {
                    Trace.exit(this, "handshakeCompleted");
                }
            } catch (Exception e) {
                if (Trace.isOn()) {
                    Trace.trace(this, new StringBuffer().append("problem: ").append(e).toString());
                }
                if (Trace.isOn()) {
                    Trace.exit(this, "handshakeCompleted");
                }
            }
        } catch (Throwable th) {
            if (Trace.isOn()) {
                Trace.exit(this, "handshakeCompleted");
            }
            throw th;
        }
    }

    private synchronized void setServerCert(X509Certificate x509Certificate) {
        this.serverCert = x509Certificate;
        this.certSet = true;
        notifyAll();
    }

    private synchronized X509Certificate getServerCert() {
        while (!this.certSet) {
            try {
                wait(5000L);
            } catch (InterruptedException e) {
            }
        }
        return this.serverCert;
    }

    public static void renegotiateKey(SSLSocket sSLSocket) throws MQException {
        try {
            sSLSocket.getSession().invalidate();
            sSLSocket.startHandshake();
        } catch (SSLException e) {
            MQException mQException = new MQException(2, MQException.MQRC_JSSE_ERROR, "static renegotiation method in SSL code", 98);
            mQException.initCause(e);
            throw mQException;
        } catch (IOException e2) {
            MQException mQException2 = new MQException(2, MQException.MQRC_JSSE_ERROR, "static renegotiation method in SSL code", 71);
            mQException2.initCause(e2);
            throw mQException2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v17 */
    /* JADX WARN: Type inference failed for: r0v19 */
    /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.String[]] */
    /* JADX WARN: Type inference failed for: r0v6 */
    /* JADX WARN: Type inference failed for: r0v8 */
    public static String translate(String str, int i) {
        String str2 = "";
        if (str != null) {
            ?? r0 = {new String[]{"SSL_RSA_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", "SSL_RSA_WITH_NULL_MD5", "SSL_RSA_WITH_NULL_SHA", "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", "SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", "SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_AES_128_CBC_SHA", "SSL_RSA_WITH_AES_256_CBC_SHA", "SSL_RSA_WITH_DES_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_FIPS_WITH_DES_CBC_SHA", "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, new String[]{"DES_SHA_EXPORT", "DES_SHA_EXPORT1024", "NULL_MD5", "NULL_SHA", "RC2_MD5_EXPORT", "RC4_56_SHA_EXPORT1024", "RC4_MD5_US", "RC4_MD5_EXPORT", "RC4_SHA_US", "TRIPLE_DES_SHA_US", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_DES_CBC_SHA", "TLS_RSA_WITH_3DES_EDE_CBC_SHA", "FIPS_WITH_DES_CBC_SHA", "FIPS_WITH_3DES_EDE_CBC_SHA"}};
            Object[] objArr = r0[1];
            String[] strArr = r0[0];
            if (i == 0) {
                objArr = r0[0];
                strArr = r0[1];
            }
            int i2 = 0;
            while (true) {
                if (i2 >= objArr.length) {
                    break;
                }
                if (str.equals(objArr[i2])) {
                    str2 = strArr[i2];
                    break;
                }
                i2++;
            }
        }
        return str2;
    }
}
