package org.ofbiz.base.util;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import javolution.util.FastList;
import org.ofbiz.base.component.ComponentConfig;
import org.ofbiz.base.config.GenericConfigException;

/* loaded from: input_file:org/ofbiz/base/util/SSLUtil.class */
public class SSLUtil {
    public static final int HOSTCERT_NO_CHECK = 0;
    public static final int HOSTCERT_MIN_CHECK = 1;
    public static final int HOSTCERT_NORMAL_CHECK = 2;
    public static final String module = SSLUtil.class.getName();
    private static boolean loadedProps = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/ofbiz/base/util/SSLUtil$TrustAnyManager.class */
    public static class TrustAnyManager implements X509TrustManager {
        TrustAnyManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            Debug.logImportant("Trusting (un-trusted) client certificate chain:", SSLUtil.module);
            for (X509Certificate x509Certificate : x509CertificateArr) {
                Debug.logImportant("---- " + x509Certificate.getSubjectX500Principal().getName() + " valid: " + x509Certificate.getNotAfter(), SSLUtil.module);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            Debug.logImportant("Trusting (un-trusted) server certificate chain:", SSLUtil.module);
            for (X509Certificate x509Certificate : x509CertificateArr) {
                Debug.logImportant("---- " + x509Certificate.getSubjectX500Principal().getName() + " valid: " + x509Certificate.getNotAfter(), SSLUtil.module);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    public static boolean isClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        TrustManager[] trustManagerArr = new TrustManager[0];
        try {
            trustManagerArr = getTrustManagers();
        } catch (IOException e) {
            Debug.logError(e, module);
        } catch (GeneralSecurityException e2) {
            Debug.logError(e2, module);
        } catch (GenericConfigException e3) {
            Debug.logError(e3, module);
        }
        if (trustManagerArr == null) {
            return false;
        }
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                try {
                    ((X509TrustManager) trustManager).checkClientTrusted(x509CertificateArr, str);
                    return true;
                } catch (CertificateException e4) {
                }
            }
        }
        return false;
    }

    public static KeyManager[] getKeyManagers(String str) throws IOException, GeneralSecurityException, GenericConfigException {
        FastList newInstance = FastList.newInstance();
        for (ComponentConfig.KeystoreInfo keystoreInfo : ComponentConfig.getAllKeystoreInfos()) {
            if (keystoreInfo.isCertStore()) {
                KeyStore keyStore = keystoreInfo.getKeyStore();
                if (keyStore == null) {
                    throw new IOException("Unable to load keystore: " + keystoreInfo.createResourceHandler().getFullLocation());
                }
                List asList = Arrays.asList(getKeyManagers(keyStore, keystoreInfo.getPassword(), str));
                newInstance.addAll(asList);
                if (Debug.verboseOn()) {
                    Debug.logVerbose("Loaded another cert store, adding [" + (asList == null ? "0" : Integer.valueOf(asList.size())) + "] KeyManagers for alias [" + str + "] and keystore: " + keystoreInfo.createResourceHandler().getFullLocation(), module);
                }
            }
        }
        return (KeyManager[]) newInstance.toArray(new KeyManager[newInstance.size()]);
    }

    public static KeyManager[] getKeyManagers() throws IOException, GeneralSecurityException, GenericConfigException {
        return getKeyManagers(null);
    }

    public static TrustManager[] getTrustManagers() throws IOException, GeneralSecurityException, GenericConfigException {
        MultiTrustManager multiTrustManager = new MultiTrustManager();
        multiTrustManager.add(KeyStoreUtil.getSystemTrustStore());
        if (multiTrustManager.getNumberOfKeyStores() < 1) {
            Debug.logWarning("System truststore not found!", module);
        }
        for (ComponentConfig.KeystoreInfo keystoreInfo : ComponentConfig.getAllKeystoreInfos()) {
            if (keystoreInfo.isTrustStore()) {
                KeyStore keyStore = keystoreInfo.getKeyStore();
                if (keyStore == null) {
                    throw new IOException("Unable to load keystore: " + keystoreInfo.createResourceHandler().getFullLocation());
                }
                multiTrustManager.add(keyStore);
            }
        }
        return new TrustManager[]{multiTrustManager};
    }

    public static TrustManager[] getTrustAnyManagers() {
        return new TrustManager[]{new TrustAnyManager()};
    }

    public static KeyManager[] getKeyManagers(KeyStore keyStore, String str, String str2) throws GeneralSecurityException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, str.toCharArray());
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (str2 != null) {
            for (int i = 0; i < keyManagers.length; i++) {
                if (keyManagers[i] instanceof X509KeyManager) {
                    keyManagers[i] = new AliasKeyManager((X509KeyManager) keyManagers[i], str2);
                }
            }
        }
        return keyManagers;
    }

    public static TrustManager[] getTrustManagers(KeyStore keyStore) throws GeneralSecurityException {
        return new TrustManager[]{new MultiTrustManager(keyStore)};
    }

    public static SSLSocketFactory getSSLSocketFactory(KeyStore keyStore, String str, String str2) throws IOException, GeneralSecurityException, GenericConfigException {
        KeyManager[] keyManagers = getKeyManagers(keyStore, str, str2);
        TrustManager[] trustManagers = getTrustManagers();
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(keyManagers, trustManagers, new SecureRandom());
        return sSLContext.getSocketFactory();
    }

    public static SSLSocketFactory getSSLSocketFactory(String str, boolean z) throws IOException, GeneralSecurityException, GenericConfigException {
        KeyManager[] keyManagers = getKeyManagers(str);
        TrustManager[] trustAnyManagers = z ? getTrustAnyManagers() : getTrustManagers();
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(keyManagers, trustAnyManagers, new SecureRandom());
        return sSLContext.getSocketFactory();
    }

    public static SSLSocketFactory getSSLSocketFactory(String str) throws IOException, GeneralSecurityException, GenericConfigException {
        return getSSLSocketFactory(str, false);
    }

    public static SSLSocketFactory getSSLSocketFactory() throws IOException, GeneralSecurityException, GenericConfigException {
        return getSSLSocketFactory(null);
    }

    public static SSLServerSocketFactory getSSLServerSocketFactory(KeyStore keyStore, String str, String str2) throws IOException, GeneralSecurityException, GenericConfigException {
        TrustManager[] trustManagers = getTrustManagers();
        KeyManager[] keyManagers = getKeyManagers(keyStore, str, str2);
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(keyManagers, trustManagers, new SecureRandom());
        return sSLContext.getServerSocketFactory();
    }

    public static SSLServerSocketFactory getSSLServerSocketFactory(String str) throws IOException, GeneralSecurityException, GenericConfigException {
        TrustManager[] trustManagers = getTrustManagers();
        KeyManager[] keyManagers = getKeyManagers(str);
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(keyManagers, trustManagers, new SecureRandom());
        return sSLContext.getServerSocketFactory();
    }

    public static HostnameVerifier getHostnameVerifier(int i) {
        switch (i) {
            case 0:
                return new HostnameVerifier() { // from class: org.ofbiz.base.util.SSLUtil.2
                    @Override // javax.net.ssl.HostnameVerifier
                    public boolean verify(String str, SSLSession sSLSession) {
                        return true;
                    }
                };
            case 1:
                return new HostnameVerifier() { // from class: org.ofbiz.base.util.SSLUtil.1
                    @Override // javax.net.ssl.HostnameVerifier
                    public boolean verify(String str, SSLSession sSLSession) {
                        try {
                            for (javax.security.cert.X509Certificate x509Certificate : sSLSession.getPeerCertificateChain()) {
                                Map<String, String> x500Map = KeyStoreUtil.getX500Map(x509Certificate.getSubjectDN());
                                if (Debug.infoOn()) {
                                    Debug.logInfo(x509Certificate.getSerialNumber().toString(16) + " :: " + ((Object) x500Map.get("CN")), SSLUtil.module);
                                }
                                try {
                                    x509Certificate.checkValidity();
                                } catch (Exception e) {
                                    Debug.logWarning("Certificate is not valid!", SSLUtil.module);
                                    return false;
                                }
                            }
                            return true;
                        } catch (SSLPeerUnverifiedException e2) {
                            Debug.logWarning(e2.getMessage(), SSLUtil.module);
                            return false;
                        }
                    }
                };
            default:
                return null;
        }
    }

    public static void loadJsseProperties() {
        loadJsseProperties(false);
    }

    public static synchronized void loadJsseProperties(boolean z) {
        if (loadedProps) {
            return;
        }
        String propertyValue = UtilProperties.getPropertyValue("jsse.properties", "java.protocol.handler.pkgs", "NONE");
        String propertyValue2 = UtilProperties.getPropertyValue("jsse.properties", "https.proxyHost", "NONE");
        String propertyValue3 = UtilProperties.getPropertyValue("jsse.properties", "https.proxyPort", "NONE");
        String propertyValue4 = UtilProperties.getPropertyValue("jsse.properties", "https.cipherSuites", "NONE");
        if (propertyValue != null && !propertyValue.equals("NONE")) {
            System.setProperty("java.protocol.handler.pkgs", propertyValue);
        }
        if (propertyValue2 != null && !propertyValue2.equals("NONE")) {
            System.setProperty("https.proxyHost", propertyValue2);
        }
        if (propertyValue3 != null && !propertyValue3.equals("NONE")) {
            System.setProperty("https.proxyPort", propertyValue3);
        }
        if (propertyValue4 != null && !propertyValue4.equals("NONE")) {
            System.setProperty("https.cipherSuites", propertyValue4);
        }
        if (z) {
            System.setProperty("javax.net.debug", "ssl:handshake");
        }
        loadedProps = true;
    }

    static {
        loadJsseProperties();
    }
}
