package weblogic.security.utils;

import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.KeyManagementException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import weblogic.kernel.Kernel;
import weblogic.management.configuration.SSLMBean;
import weblogic.management.configuration.TLSMBean;
import weblogic.protocol.ServerChannel;
import weblogic.security.SSL.WeblogicSSLEngine;
import weblogic.security.SecurityLogger;

/* loaded from: input_file:weblogic/security/utils/SSLContextWrapper.class */
public class SSLContextWrapper {
    private static final String GET_ENABLENULLCIPHER_METHOD = "enableUnencryptedNullCipher";
    private static final String GET_ISNULLCIPHER_METHOD = "isUnencryptedNullCipherEnabled";
    private static final String GET_SSL_NIO_SSF_METHOD = "getSSLNioServerSocketFactory";
    private static final String GET_SSL_NIO_SOCK_METHOD = "getSSLNioSocketFactory";
    private boolean b1stCall_EnableNullCipher = true;
    private Method mtd_EnableNullCipher = null;
    private boolean b1stCall_isEnableNullCipher = true;
    private Method mtd_isEnableNullCipher = null;
    private boolean b1stCall_getNioServerFact = true;
    private Method mtd_getNioServerFact = null;
    private boolean b1stCall_getNioSockFact = true;
    private Method mtd_getNioSockFact = null;
    private final SSLContextDelegate sslContext = SSLSetup.getSSLDelegateInstance();
    private ConcurrentMap<String, Long> unsupportedCerts;
    private static final int LOG_PERIOD = 300000;

    public static final SSLContextWrapper getInstance() {
        return new SSLContextWrapper((ServerChannel) null, false);
    }

    public static final SSLContextWrapper getImportInstance() {
        return new SSLContextWrapper((ServerChannel) null, true);
    }

    public static final SSLContextWrapper getInstance(ServerChannel serverChannel) {
        return new SSLContextWrapper(serverChannel, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final SSLContextWrapper getInstance(TLSMBean tLSMBean) {
        return new SSLContextWrapper(tLSMBean);
    }

    private SSLContextWrapper(ServerChannel serverChannel, boolean z) {
        if (!SSLSetup.isJSSEContextDelegate(this.sslContext)) {
            this.sslContext.setProtocolVersion(SSLSetup.getLegacyProtocolVersion());
        } else if (this.sslContext instanceof SSLContextDelegate2) {
            if (serverChannel != null) {
                ((SSLContextDelegate2) this.sslContext).setMinimumTLSProtocolVersion(serverChannel.getMinimumTLSProtocolVersion());
                ((SSLContextDelegate2) this.sslContext).setSSLv2HelloEnabled(serverChannel.isSSLv2HelloEnabled());
            } else if (!Kernel.isServer() && !z) {
                SSLMBean ssl = Kernel.getConfig().getSSL();
                ((SSLContextDelegate2) this.sslContext).setMinimumTLSProtocolVersion(ssl.getMinimumTLSProtocolVersion());
                ((SSLContextDelegate2) this.sslContext).setSSLv2HelloEnabled(ssl.isSSLv2HelloEnabled());
            }
        }
        if (!z) {
            this.sslContext.setTrustManager(new SSLTrustValidator(serverChannel));
            this.sslContext.setHostnameVerifier(new SSLWLSHostnameVerifier(serverChannel));
        }
        this.sslContext.enforceConstraints(SSLSetup.getEnforceConstraints());
        this.unsupportedCerts = new ConcurrentHashMap();
    }

    private SSLContextWrapper(TLSMBean tLSMBean) {
        if (!SSLSetup.isJSSEContextDelegate(this.sslContext)) {
            this.sslContext.setProtocolVersion(SSLSetup.getLegacyProtocolVersion());
        } else if (this.sslContext instanceof SSLContextDelegate2) {
            if (tLSMBean != null) {
                ((SSLContextDelegate2) this.sslContext).setMinimumTLSProtocolVersion(tLSMBean.getMinimumTLSProtocolVersion());
                ((SSLContextDelegate2) this.sslContext).setSSLv2HelloEnabled(tLSMBean.isSSLv2HelloEnabled());
            } else if (!Kernel.isServer()) {
                SSLMBean ssl = Kernel.getConfig().getSSL();
                ((SSLContextDelegate2) this.sslContext).setMinimumTLSProtocolVersion(ssl.getMinimumTLSProtocolVersion());
                ((SSLContextDelegate2) this.sslContext).setSSLv2HelloEnabled(ssl.isSSLv2HelloEnabled());
            }
        }
        this.sslContext.setTrustManager(new TLSTrustValidator(tLSMBean));
        this.sslContext.setHostnameVerifier(new SSLWLSHostnameVerifier(tLSMBean));
        this.sslContext.enforceConstraints(SSLSetup.getEnforceConstraints());
        this.unsupportedCerts = new ConcurrentHashMap();
    }

    private void logCertError(X509Certificate x509Certificate, Exception exc) {
        if (x509Certificate != null) {
            boolean z = false;
            boolean z2 = Boolean.getBoolean("weblogic.security.suppressUnsupportedCANotice");
            String str = x509Certificate.getIssuerX500Principal().getName() + x509Certificate.getSerialNumber().toString();
            long currentTimeMillis = System.currentTimeMillis();
            if (!this.unsupportedCerts.containsKey(str)) {
                z = true;
            } else if (currentTimeMillis - this.unsupportedCerts.get(str).longValue() >= 300000) {
                z = true;
            }
            if (!z || z2) {
                return;
            }
            this.unsupportedCerts.put(str, new Long(currentTimeMillis));
            SecurityLogger.logFailedToAddaCA2Server(x509Certificate.getSubjectX500Principal().getName(), exc.getMessage());
        }
    }

    public void addTrustedCA(X509Certificate x509Certificate) throws CertificateException {
        this.sslContext.addTrustedCA(x509Certificate);
    }

    public void addTrustedCA(X509Certificate[] x509CertificateArr) throws CertificateException {
        for (int i = 0; i < x509CertificateArr.length; i++) {
            try {
                this.sslContext.addTrustedCA(x509CertificateArr[i]);
            } catch (CertificateParsingException e) {
                logCertError(x509CertificateArr[i], e);
            }
        }
    }

    public X509Certificate[] getTrustedCAs() {
        return this.sslContext.getTrustedCAs();
    }

    public PrivateKey inputPrivateKey(InputStream inputStream, char[] cArr) throws KeyManagementException {
        return this.sslContext.inputPrivateKey(inputStream, cArr);
    }

    public X509Certificate[] inputCertChain(InputStream inputStream) throws KeyManagementException {
        return this.sslContext.inputCertChain(inputStream);
    }

    public void loadLocalIdentity(InputStream inputStream, char[] cArr) throws KeyManagementException {
        this.sslContext.loadLocalIdentity(inputStream, cArr);
    }

    public void loadTrustedCerts(InputStream inputStream) throws CertificateException, KeyManagementException {
        this.sslContext.loadTrustedCerts(inputStream);
    }

    public void addIdentity(X509Certificate[] x509CertificateArr, PrivateKey privateKey) {
        this.sslContext.addIdentity(x509CertificateArr, privateKey);
    }

    public void addIdentity(X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) {
        if (this.sslContext instanceof SSLContextDelegate2) {
            ((SSLContextDelegate2) this.sslContext).addIdentity(x509CertificateArr, privateKey, str);
        } else {
            this.sslContext.addIdentity(x509CertificateArr, privateKey);
        }
    }

    public boolean doKeysMatch(PublicKey publicKey, PrivateKey privateKey) throws KeyManagementException {
        return this.sslContext.doKeysMatch(publicKey, privateKey);
    }

    public void setExportRefreshCount(int i) {
        this.sslContext.setExportRefreshCount(i);
    }

    public SSLServerSocketFactory getSSLServerSocketFactory() {
        return this.sslContext.getSSLServerSocketFactory();
    }

    public SSLSocketFactory getSSLSocketFactory() {
        return this.sslContext.getSSLSocketFactory();
    }

    public void setTrustManager(SSLTrustValidator sSLTrustValidator) {
        this.sslContext.setTrustManager(sSLTrustValidator);
    }

    public SSLTrustValidator getTrustManager() {
        return (SSLTrustValidator) this.sslContext.getTrustManager();
    }

    public void setHostnameVerifier(SSLWLSHostnameVerifier sSLWLSHostnameVerifier) {
        this.sslContext.setHostnameVerifier(sSLWLSHostnameVerifier);
    }

    public SSLWLSHostnameVerifier getHostnameVerifier() {
        return (SSLWLSHostnameVerifier) this.sslContext.getHostnameVerifier();
    }

    public void enableUnencryptedNullCipher(boolean z) {
        if (this.b1stCall_EnableNullCipher) {
            Class<?> cls = this.sslContext.getClass();
            try {
                this.mtd_EnableNullCipher = cls.getMethod(GET_ENABLENULLCIPHER_METHOD, Boolean.TYPE);
            } catch (NoSuchMethodException e) {
                SSLSetup.info(e, "Method enableUnencryptedNullCipher() does not exist for class " + cls.getName());
            }
        }
        try {
            if (this.mtd_EnableNullCipher != null) {
                this.mtd_EnableNullCipher.invoke(this.sslContext, new Boolean(z));
            }
            if (this.b1stCall_EnableNullCipher) {
                this.b1stCall_EnableNullCipher = false;
            }
        } catch (IllegalAccessException e2) {
            String str = "Method enableUnencryptedNullCipher() can not be accessed; detail: " + e2.getMessage();
            if (this.b1stCall_EnableNullCipher) {
                SSLSetup.info(e2, str);
            }
            throw new RuntimeException(str, e2);
        } catch (InvocationTargetException e3) {
            String str2 = "Method enableUnencryptedNullCipher() can not be involked with object " + this.sslContext.toString() + " detail: " + e3.getMessage();
            if (this.b1stCall_EnableNullCipher) {
                SSLSetup.info(e3, str2);
            }
            throw new RuntimeException(str2, e3);
        }
    }

    public boolean isUnencryptedNullCipherEnabled() {
        Object obj = null;
        if (this.b1stCall_isEnableNullCipher) {
            Class<?> cls = this.sslContext.getClass();
            try {
                this.mtd_isEnableNullCipher = cls.getMethod(GET_ISNULLCIPHER_METHOD, new Class[0]);
            } catch (NoSuchMethodException e) {
                SSLSetup.info(e, "Method isUnencryptedNullCipher() does not exist for class " + cls.getName());
            }
        }
        try {
            if (this.mtd_isEnableNullCipher != null) {
                obj = this.mtd_isEnableNullCipher.invoke(this.sslContext, new Object[0]);
            }
            if (this.b1stCall_isEnableNullCipher) {
                this.b1stCall_isEnableNullCipher = false;
            }
            if (obj != null) {
                return ((Boolean) obj).booleanValue();
            }
            return false;
        } catch (IllegalAccessException e2) {
            String str = "Method isUnencryptedNullCipher() can not be accessed; detail: " + e2.getMessage();
            if (this.b1stCall_isEnableNullCipher) {
                SSLSetup.info(e2, str);
            }
            throw new RuntimeException(str, e2);
        } catch (InvocationTargetException e3) {
            String str2 = "Method isUnencryptedNullCipher() can not be involked with object " + this.sslContext.toString() + " detail: " + e3.getMessage();
            if (this.b1stCall_isEnableNullCipher) {
                SSLSetup.info(e3, str2);
            }
            throw new RuntimeException(str2, e3);
        }
    }

    public SSLServerSocketFactory getSSLNioServerSocketFactory() {
        Object obj = null;
        if (this.b1stCall_getNioServerFact) {
            Class<?> cls = this.sslContext.getClass();
            try {
                this.mtd_getNioServerFact = cls.getMethod(GET_SSL_NIO_SSF_METHOD, new Class[0]);
            } catch (NoSuchMethodException e) {
                SSLSetup.info(e, "Method getSSLNioServerSocketFactory() does not exist for class " + cls.getName());
            }
        }
        try {
            if (this.mtd_getNioServerFact != null) {
                obj = this.mtd_getNioServerFact.invoke(this.sslContext, new Object[0]);
            }
            if (this.b1stCall_getNioServerFact) {
                this.b1stCall_getNioServerFact = false;
            }
            if (obj == null) {
                throw new UnsupportedOperationException("Method of getSSLNioServerSocketFactory() is not supported");
            }
            if (this.b1stCall_getNioServerFact) {
                SSLSetup.info("SSL Nio version of SSLServerSocketFactory is created");
            }
            return (SSLServerSocketFactory) obj;
        } catch (IllegalAccessException e2) {
            String str = "Method getSSLNioServerSocketFactory() can not be accessed; detail: " + e2.getMessage();
            if (this.b1stCall_getNioServerFact) {
                SSLSetup.info(e2, str);
            }
            throw new RuntimeException(str, e2);
        } catch (InvocationTargetException e3) {
            String str2 = "Method getSSLNioServerSocketFactory() can not be involked with object " + this.sslContext.toString() + " detail: " + e3.getMessage();
            if (this.b1stCall_getNioServerFact) {
                SSLSetup.info(e3, str2);
            }
            throw new RuntimeException(str2, e3);
        }
    }

    public SSLSocketFactory getSSLNioSocketFactory() {
        Object obj = null;
        if (this.b1stCall_getNioSockFact) {
            Class<?> cls = this.sslContext.getClass();
            try {
                this.mtd_getNioSockFact = cls.getMethod(GET_SSL_NIO_SOCK_METHOD, new Class[0]);
            } catch (NoSuchMethodException e) {
                SSLSetup.info(e, "Method getSSLNioServerSocketFactory() does not exist for class " + cls.getName());
            }
        }
        try {
            if (this.mtd_getNioSockFact != null) {
                obj = this.mtd_getNioSockFact.invoke(this.sslContext, new Object[0]);
            }
            if (this.b1stCall_getNioSockFact) {
                this.b1stCall_getNioSockFact = false;
            }
            if (obj == null) {
                throw new UnsupportedOperationException("Method of getSSLNioSocketFactory() is not supported");
            }
            if (this.b1stCall_getNioServerFact) {
                SSLSetup.info("SSL Nio version of SSLSocketFactory is created");
            }
            return (SSLSocketFactory) obj;
        } catch (IllegalAccessException e2) {
            String str = "Method getSSLNioSocketFactory() can not be accessed; detail: " + e2.getMessage();
            if (this.b1stCall_getNioSockFact) {
                SSLSetup.info(e2, str);
            }
            throw new RuntimeException(str, e2);
        } catch (InvocationTargetException e3) {
            String str2 = "Method getSSLNioSocketFactory() can not be involked with object " + this.sslContext.toString() + " detail: " + e3.getMessage();
            if (this.b1stCall_getNioSockFact) {
                SSLSetup.info(e3, str2);
            }
            throw new RuntimeException(str2, e3);
        }
    }

    public WeblogicSSLEngine createSSLEngine() throws SSLException {
        if (this.sslContext instanceof SSLContextDelegate2) {
            return ((SSLContextDelegate2) this.sslContext).createSSLEngine();
        }
        throw new UnsupportedOperationException("createSSLEngine is not supported by selected SSL implementation.");
    }

    public WeblogicSSLEngine createSSLEngine(String str, int i) throws SSLException {
        if (this.sslContext instanceof SSLContextDelegate2) {
            return ((SSLContextDelegate2) this.sslContext).createSSLEngine(str, i);
        }
        throw new UnsupportedOperationException("createSSLEngine is not supported by selected SSL implementation.");
    }

    public String[] getDefaultCipherSuites() {
        if (this.sslContext instanceof SSLContextDelegate2) {
            return ((SSLContextDelegate2) this.sslContext).getDefaultCipherSuites();
        }
        throw new UnsupportedOperationException("getDefaultCipherSuites is not supported by selected SSL implementation.");
    }

    public String[] getSupportedCipherSuites() {
        if (this.sslContext instanceof SSLContextDelegate2) {
            return ((SSLContextDelegate2) this.sslContext).getSupportedCipherSuites();
        }
        throw new UnsupportedOperationException("getSupportedCipherSuites is not supported by selected SSL implementation.");
    }
}
