package weblogic.security.SSL.jsseadapter;

import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import javax.net.ssl.SSLContext;
import utils.der2pem;
import weblogic.management.provider.CommandLine;
import weblogic.security.SSL.SSLEnabledProtocolVersions;
import weblogic.security.SSL.SSLEnabledProtocolVersionsLogging;
import weblogic.security.SSL.jsseadapter.JaLogger;
import weblogic.security.utils.SSLSetup;
import weblogic.security.utils.SSLSetupLogging;
import weblogic.utils.encoders.BASE64Decoder;

/* loaded from: input_file:weblogic/security/SSL/jsseadapter/JaSSLSupport.class */
public final class JaSSLSupport {
    private static final String TLS_ONLY = "TLS";
    private static final String ALL_KEY = "ALL";
    private static final String SSL3_TLS = "SSL3_TLS";
    private static final String SSLv2Hello = "SSLv2Hello";
    public static final String DEFAULT_MIN_PROTOCOL = "TLSv1.1";
    public static final String JDK_TLS_CLIENT_PROTOCOLS = "jdk.tls.client.protocols";
    public static final boolean IS_JDK_TLS_CLIENT_PROTOCOLS_CONFIGURED;
    private static final String SSL3 = "SSLv3";
    private static final String[] SSL3_ONLY = {SSL3};
    private static final String[] PROVIDER_TLS_SUPPORTED_PROTOCOLS = getSupportedTLSProtocolsFromProvider();
    private static final Map<String, String[]> SUPPORTED_PROTOCOLS = initSupportedProtocols(PROVIDER_TLS_SUPPORTED_PROTOCOLS);
    private static final boolean disableNullCipher = Boolean.getBoolean("weblogic.security.disableNullCipher");
    private static boolean allowUnencryptedNullCipher = Boolean.getBoolean("weblogic.ssl.AllowUnencryptedNullCipher");
    private static boolean sendEmptyCAList = false;
    private static volatile boolean x509BasicConstraintsStrict = false;
    private static volatile boolean noV1CAs = false;
    private static boolean anonymousCipherAllowed = Boolean.getBoolean("weblogic.security.SSL.AllowAnonymousCipher");

    private static Map<String, String[]> initSupportedProtocols(String[] strArr) {
        HashMap hashMap = new HashMap(4);
        hashMap.put(SSL3, SSL3_ONLY);
        String[] grabTLSProtocols = grabTLSProtocols(strArr);
        String[] strArr2 = new String[grabTLSProtocols.length + 1];
        System.arraycopy(SSL3_ONLY, 0, strArr2, 0, SSL3_ONLY.length);
        System.arraycopy(grabTLSProtocols, 0, strArr2, 1, grabTLSProtocols.length);
        hashMap.put("TLS", grabTLSProtocols);
        hashMap.put(SSL3_TLS, strArr2);
        hashMap.put("ALL", strArr);
        return hashMap;
    }

    private static String[] getSupportedTLSProtocolsFromProvider() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLSv1");
            sSLContext.init(null, null, null);
            return sSLContext.getSupportedSSLParameters().getProtocols();
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new IllegalStateException("Failed to get the supported SSL/TLS protocols from the TLSv1 SSLContext: " + e.getMessage());
        }
    }

    public static String[] getEnabledProtocols(String[] strArr, String str, boolean z) {
        String[] strArr2 = null;
        String[] strArr3 = null;
        String str2 = null;
        if (null == str || str.trim().length() <= 0 || strArr == null || strArr.length <= 0) {
            String minimumProtocolVersion = SSLSetup.getMinimumProtocolVersion();
            if (minimumProtocolVersion == null || minimumProtocolVersion.trim().length() <= 0) {
                Object obj = null;
                switch (SSLSetup.getLegacyProtocolVersion()) {
                    case 0:
                        obj = "TLS";
                        break;
                    case 1:
                        obj = SSL3;
                        break;
                    case 2:
                        obj = SSL3_TLS;
                        break;
                    case 3:
                        obj = "ALL";
                        break;
                }
                String sSLVersion = CommandLine.getCommandLine().getSSLVersion();
                if (obj != null) {
                    strArr2 = SUPPORTED_PROTOCOLS.get(obj);
                    SSLSetupLogging.info("Using SSL/TLS protocol version: " + sSLVersion + " from -Dweblogic.security.SSL.protocolVersion.");
                } else {
                    str2 = "TLSv1.1";
                    if (sSLVersion != null) {
                        SSLSetupLogging.info("Invalid SSL/TLS protocol version for -Dweblogic.security.SSL.protocolVersion: " + sSLVersion);
                    }
                    if (str != null) {
                        SSLSetupLogging.info("Invalid minimum SSL/TLS parameter: " + str);
                    }
                    SSLSetupLogging.info("Using TLSv1.1 as the default minimum TLS protocol.");
                }
            } else {
                strArr2 = SSLEnabledProtocolVersions.getJSSEProtocolVersions(minimumProtocolVersion, strArr, new SSLEnabledProtocolVersionsLogging());
                SSLSetupLogging.info("Using the minimum SSL/TLS version: " + minimumProtocolVersion + " from -Dweblogic.security.SSL.minimumProtocolVersion.");
            }
        } else {
            strArr2 = SSLEnabledProtocolVersions.getJSSEProtocolVersions(str, strArr, new SSLEnabledProtocolVersionsLogging());
            SSLSetupLogging.info("Using the MBean minimum SSL/TLS version: " + str);
        }
        if (strArr2 == null && str2 != null) {
            strArr2 = SSLEnabledProtocolVersions.getJSSEProtocolVersions(str2, strArr, new SSLEnabledProtocolVersionsLogging());
        }
        if (strArr2 != null) {
            strArr3 = strArr2;
            if (z && containsSSLv2Hello(strArr) && !containsSSLv2Hello(strArr2)) {
                strArr3 = new String[strArr2.length + 1];
                System.arraycopy(strArr2, 0, strArr3, 0, strArr2.length);
                strArr3[strArr2.length] = SSLv2Hello;
            }
        }
        return strArr3;
    }

    public static String[] getEnabledProtocols(String[] strArr, String str) {
        return getEnabledProtocols(strArr, str, false);
    }

    private static boolean containsSSLv2Hello(String[] strArr) {
        return containsElement(strArr, SSLv2Hello);
    }

    private static boolean containsElement(String[] strArr, String str) {
        boolean z = false;
        if (strArr != null && strArr.length > 0) {
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i < length) {
                    String str2 = strArr[i];
                    if (str2 != null && str2.equalsIgnoreCase(str)) {
                        z = true;
                        break;
                    }
                    i++;
                } else {
                    break;
                }
            }
        }
        return z;
    }

    public static String[] combineCiphers(String[] strArr, String[] strArr2) {
        int length = strArr != null ? 0 + strArr.length : 0;
        if (strArr2 != null) {
            length += strArr2.length;
        }
        ArrayList arrayList = new ArrayList(length);
        if (strArr != null && strArr.length > 0) {
            for (String str : strArr) {
                arrayList.add(str);
            }
        }
        if (strArr2 != null && strArr2.length > 0) {
            for (String str2 : strArr2) {
                arrayList.add(str2);
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public static synchronized boolean isUnEncrytedNullCipherAllowed() {
        if (!disableNullCipher) {
            return allowUnencryptedNullCipher;
        }
        if (allowUnencryptedNullCipher) {
            throw new IllegalArgumentException("Can not start SSL due to conflicting configuration - System configure parameter of weblogic.security.disableNullCipher = true, and configure parameter weblogic.security.ssl.allowUnencryptedNullCipher = true");
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isAnonymousCipherAllowed() {
        return anonymousCipherAllowed;
    }

    public static synchronized void setSendEmptyCAList(boolean z) {
        sendEmptyCAList = z;
    }

    public static synchronized boolean isSendEmptyCAListEnabled() {
        return sendEmptyCAList;
    }

    public static PrivateKey getLocalIdentityPrivateKey(InputStream inputStream, char[] cArr) throws KeyManagementException {
        return RSAPKFactory.getPrivateKey(inputStream, cArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] readFully(InputStream inputStream) throws IOException {
        DataInputStream dataInputStream = new DataInputStream(inputStream);
        byte[] bArr = new byte[dataInputStream.available()];
        dataInputStream.readFully(bArr);
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] decodeData(String str) throws IOException {
        return new BASE64Decoder().decodeBuffer(str);
    }

    static void loadCerts(KeyStore keyStore, Certificate[] certificateArr) {
        for (Certificate certificate : certificateArr) {
            try {
                keyStore.setCertificateEntry(certificate.toString(), certificate);
            } catch (KeyStoreException e) {
                if (JaLogger.isLoggable(Level.SEVERE)) {
                    JaLogger.log(Level.SEVERE, JaLogger.Component.TRUSTSTORE_MANAGER, e, "Error loading CAs into trust KeyStore.", new Object[0]);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setX509BasicConstraintsStrict(boolean z) {
        x509BasicConstraintsStrict = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isX509BasicConstraintsStrict() {
        return x509BasicConstraintsStrict;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setNoV1CAs(boolean z) {
        noV1CAs = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isNoV1CAs() {
        return noV1CAs;
    }

    private static String[] grabTLSProtocols(String[] strArr) {
        String[] strArr2 = new String[0];
        if (strArr != null && strArr.length > 0) {
            ArrayList arrayList = new ArrayList();
            for (String str : strArr) {
                if (str.startsWith("TLS")) {
                    arrayList.add(str);
                }
            }
            if (arrayList.size() > 0) {
                strArr2 = (String[]) arrayList.toArray(strArr2);
            }
        }
        return strArr2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ByteArrayOutputStream convertDER2PEM(InputStream inputStream) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            der2pem.convertEncryptedKey(inputStream, byteArrayOutputStream);
        } catch (IOException e) {
            if (JaLogger.isLoggable(Level.SEVERE)) {
                JaLogger.log(Level.SEVERE, JaLogger.Component.SSLCONTEXT, e, "Error converting a DER inputstream to PEM.", new Object[0]);
            }
        }
        return byteArrayOutputStream;
    }

    static {
        IS_JDK_TLS_CLIENT_PROTOCOLS_CONFIGURED = System.getProperty(JDK_TLS_CLIENT_PROTOCOLS) != null;
    }
}
