package org.teiid.net.socket;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.Locale;
import java.util.Properties;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.teiid.core.util.PropertiesUtils;
import org.teiid.jdbc.JDBCPlugin;

/* loaded from: input_file:BOOT-INF/lib/teiid-client-12.2.2.fuse-740008-redhat-00001.jar:org/teiid/net/socket/SocketUtil.class */
public class SocketUtil {
    static final String TRUSTSTORE_PASSWORD = "org.teiid.ssl.trustStorePassword";
    public static final String TRUSTSTORE_FILENAME = "org.teiid.ssl.trustStore";
    static final String KEYSTORE_ALGORITHM = "org.teiid.ssl.algorithm";
    static final String PROTOCOL = "org.teiid.ssl.protocol";
    static final String KEYSTORE_TYPE = "org.teiid.ssl.keyStoreType";
    static final String KEYSTORE_PASSWORD = "org.teiid.ssl.keyStorePassword";
    static final String KEYSTORE_FILENAME = "org.teiid.ssl.keyStore";
    public static final String ALLOW_ANON = "org.teiid.ssl.allowAnon";
    static final String KEYSTORE_ALIAS = "org.teiid.ssl.keyAlias";
    static final String KEY_PASSWORD = "org.teiid.ssl.keyPassword";
    static final String TRUST_ALL = "org.teiid.ssl.trustAll";
    static final String CHECK_EXPIRED = "org.teiid.ssl.checkExpired";
    public static final String DEFAULT_KEYSTORE_TYPE = "JKS";
    public static final String ANON_CIPHER_SUITE = "TLS_DH_anon_WITH_AES_128_CBC_SHA";
    public static final String DEFAULT_PROTOCOL = "TLSv1.2";
    private static Logger logger = Logger.getLogger(SocketUtil.class.getName());
    private static final X509TrustManager[] TRUST_ALL_MANAGER = {new X509TrustManager() { // from class: org.teiid.net.socket.SocketUtil.1
        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }
    }};

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/teiid-client-12.2.2.fuse-740008-redhat-00001.jar:org/teiid/net/socket/SocketUtil$AliasAwareKeyManager.class */
    public static class AliasAwareKeyManager extends X509ExtendedKeyManager {
        private X509KeyManager delegate;
        private String keyAlias;

        public AliasAwareKeyManager(X509KeyManager x509KeyManager, String str) {
            this.delegate = x509KeyManager;
            this.keyAlias = str;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return this.keyAlias;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return this.keyAlias;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.delegate.getCertificateChain(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return this.delegate.getClientAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.delegate.getPrivateKey(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return this.delegate.getServerAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
            return this.keyAlias;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
            return this.keyAlias;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/teiid-client-12.2.2.fuse-740008-redhat-00001.jar:org/teiid/net/socket/SocketUtil$SSLSocketFactory.class */
    public static class SSLSocketFactory {
        private boolean isAnon;
        private boolean warned;
        private javax.net.ssl.SSLSocketFactory factory;

        public SSLSocketFactory(SSLContext sSLContext, boolean z) {
            this.factory = sSLContext.getSocketFactory();
            this.isAnon = z;
        }

        public synchronized Socket getSocket(String str, int i) throws IOException {
            SSLSocket sSLSocket = (SSLSocket) this.factory.createSocket(str, i);
            sSLSocket.setUseClientMode(true);
            if (this.isAnon && !SocketUtil.addCipherSuite(sSLSocket, SocketUtil.ANON_CIPHER_SUITE) && !this.warned) {
                this.warned = true;
                SocketUtil.logger.warning(JDBCPlugin.Util.getString("SocketUtil.anon_not_available"));
            }
            return sSLSocket;
        }
    }

    public static SSLSocketFactory getSSLSocketFactory(Properties properties) throws IOException, GeneralSecurityException {
        String property = properties.getProperty(KEYSTORE_FILENAME);
        String property2 = properties.getProperty(KEYSTORE_PASSWORD);
        String property3 = properties.getProperty(KEYSTORE_TYPE, "JKS");
        String property4 = properties.getProperty(PROTOCOL, DEFAULT_PROTOCOL);
        String property5 = properties.getProperty(KEYSTORE_ALGORITHM);
        String property6 = properties.getProperty(TRUSTSTORE_FILENAME, property);
        String property7 = properties.getProperty(TRUSTSTORE_PASSWORD, property2);
        String property8 = properties.getProperty(KEYSTORE_ALIAS);
        String property9 = properties.getProperty(KEY_PASSWORD);
        boolean booleanProperty = PropertiesUtils.getBooleanProperty(properties, ALLOW_ANON, true);
        boolean booleanProperty2 = PropertiesUtils.getBooleanProperty(properties, TRUST_ALL, false);
        boolean booleanProperty3 = PropertiesUtils.getBooleanProperty(properties, CHECK_EXPIRED, false);
        return new SSLSocketFactory((property != null || property6 != null || booleanProperty2 || booleanProperty3) ? getSSLContext(property, property2, property6, property7, property5, property3, property4, property8, property9, booleanProperty2, booleanProperty3) : SSLContext.getDefault(), booleanProperty);
    }

    public static boolean addCipherSuite(SSLSocket sSLSocket, String str) {
        if (!Arrays.asList(sSLSocket.getSupportedCipherSuites()).contains(str)) {
            return false;
        }
        String[] enabledCipherSuites = sSLSocket.getEnabledCipherSuites();
        String[] strArr = new String[enabledCipherSuites.length + 1];
        System.arraycopy(enabledCipherSuites, 0, strArr, 0, enabledCipherSuites.length);
        strArr[enabledCipherSuites.length] = str;
        sSLSocket.setEnabledCipherSuites(strArr);
        return true;
    }

    public static SSLContext getAnonSSLContext() throws IOException, GeneralSecurityException {
        return getSSLContext(null, null, null, null, null, null, DEFAULT_PROTOCOL, null, null, false, false);
    }

    public static SSLContext getSSLContext(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9, boolean z, boolean z2) throws IOException, GeneralSecurityException {
        KeyStore loadKeyStore;
        KeyStore loadKeyStore2;
        if (str5 == null) {
            str5 = KeyManagerFactory.getDefaultAlgorithm();
        }
        KeyManager[] keyManagerArr = null;
        if (str != null && (loadKeyStore2 = loadKeyStore(str, str2, str6)) != null) {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str5);
            if (str9 == null) {
                str9 = str2;
            }
            keyManagerFactory.init(loadKeyStore2, str9 != null ? str9.toCharArray() : null);
            keyManagerArr = keyManagerFactory.getKeyManagers();
            if (str8 != null) {
                if (!loadKeyStore2.isKeyEntry(str8)) {
                    throw new GeneralSecurityException(JDBCPlugin.Util.getString("alias_no_key_entry", str8));
                }
                if ("JKS".equals(str6)) {
                    str8 = str8.toLowerCase(Locale.ENGLISH);
                }
                for (int i = 0; i < keyManagerArr.length; i++) {
                    if (keyManagerArr[i] instanceof X509KeyManager) {
                        keyManagerArr[i] = new AliasAwareKeyManager((X509KeyManager) keyManagerArr[i], str8);
                    }
                }
            }
        }
        TrustManager[] trustManagerArr = null;
        if (z) {
            trustManagerArr = TRUST_ALL_MANAGER;
        } else {
            if (str3 != null && (loadKeyStore = loadKeyStore(str3, str4, str6)) != null) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str5);
                trustManagerFactory.init(loadKeyStore);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            }
            if (z2) {
                trustManagerArr = getCheckExpiredTrustManager(str5, trustManagerArr);
            }
        }
        SSLContext sSLContext = SSLContext.getInstance(str7);
        sSLContext.init(keyManagerArr, trustManagerArr, null);
        return sSLContext;
    }

    private static TrustManager[] getCheckExpiredTrustManager(String str, TrustManager[] trustManagerArr) throws NoSuchAlgorithmException, KeyStoreException {
        if (trustManagerArr == null) {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
            trustManagerFactory.init((KeyStore) null);
            trustManagerArr = trustManagerFactory.getTrustManagers();
        }
        if (trustManagerArr.length > 0 && (trustManagerArr[0] instanceof X509TrustManager)) {
            final X509TrustManager x509TrustManager = (X509TrustManager) trustManagerArr[0];
            trustManagerArr[0] = new X509TrustManager() { // from class: org.teiid.net.socket.SocketUtil.2
                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return x509TrustManager.getAcceptedIssuers();
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                    x509TrustManager.checkServerTrusted(x509CertificateArr, str2);
                    Date date = new Date();
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        if (x509Certificate.getNotBefore().after(date) || x509Certificate.getNotAfter().before(date)) {
                            throw new CertificateException(JDBCPlugin.Util.gs(JDBCPlugin.Event.TEIID20038, new Object[0]));
                        }
                    }
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                    x509TrustManager.checkClientTrusted(x509CertificateArr, str2);
                    Date date = new Date();
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        if (x509Certificate.getNotBefore().after(date) || x509Certificate.getNotAfter().before(date)) {
                            throw new CertificateException(JDBCPlugin.Util.gs(JDBCPlugin.Event.TEIID20038, new Object[0]));
                        }
                    }
                }
            };
        }
        return trustManagerArr;
    }

    public static KeyStore loadKeyStore(String str, String str2, String str3) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException {
        char[] charArray;
        InputStream resourceAsStream = SocketUtil.class.getClassLoader().getResourceAsStream(str);
        if (resourceAsStream == null) {
            try {
                resourceAsStream = new FileInputStream(str);
            } catch (FileNotFoundException e) {
                IOException iOException = new IOException(JDBCPlugin.Util.getString("SocketHelper.keystore_not_found", str));
                iOException.initCause(e);
                throw iOException;
            }
        }
        KeyStore keyStore = KeyStore.getInstance(str3);
        InputStream inputStream = resourceAsStream;
        if (str2 != null) {
            try {
                charArray = str2.toCharArray();
            } catch (Throwable th) {
                resourceAsStream.close();
                throw th;
            }
        } else {
            charArray = null;
        }
        keyStore.load(inputStream, charArray);
        resourceAsStream.close();
        return keyStore;
    }
}
