package com.metamatrix.common.net;

import com.metamatrix.api.exception.MetaMatrixRuntimeException;
import com.metamatrix.common.CommonPlugin;
import com.metamatrix.common.config.CurrentConfiguration;
import com.metamatrix.common.config.api.exceptions.ConfigurationException;
import com.metamatrix.common.util.CommonPropertyNames;
import com.metamatrix.common.util.crypto.CryptoException;
import com.metamatrix.common.util.crypto.CryptoKeyManager;
import com.metamatrix.common.util.crypto.CryptoUtil;
import com.metamatrix.common.util.crypto.PasswordCryptoFactory;
import com.metamatrix.core.util.Assertion;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Properties;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:com/metamatrix/common/net/SocketHelper.class */
public class SocketHelper {
    private static final String SSL_ENABLED = "metamatrix.encryption.secure.sockets";
    private static final String INTERNAL_SSL_ENABLED = "metamatrix.encryption.internal.secure.sockets";
    private static final String INTERNAL_ENCRYPT_ALL = "metamatrix.encryption.internal.encryptAll";
    private static final String INTERANL_AUTHENTICATION_MODE = "metamatrix.encryption.internal.authenticationMode";
    private static final String KEYSTORE_FILENAME = "com.metamatrix.ssl.keystore.filename";
    private static final String KEYSTORE_PASSWORD = "com.metamatrix.ssl.keystore.Password";
    private static final String KEYSTORE_TYPE = "com.metamatrix.ssl.keystoretype";
    private static final String SSL_PROTOCOL = "com.metamatrix.ssl.protocol";
    private static final String KEY_MANAGER_ALGORITHM = "com.metamatrix.ssl.keymanagementalgorithm";
    private static final String TRUSTSTORE_FILENAME = "com.metamatrix.ssl.truststore.filename";
    private static final String TRUSTSTORE_PASSWORD = "com.metamatrix.ssl.truststore.Password";
    private static final String AUTHENTICATION_MODE = "com.metamatrix.ssl.authenticationMode";
    public static final String ONEWAY = "1-way";
    public static final String TWOWAY = "2-way";
    public static final String ANONYMOUS = "anonymous";
    private static final String DEFAULT_SSL_PROTOCOL = "SSLv3";
    private static final String DEFAULT_KEY_MANAGER_ALGORITHM = "SunX509";
    private static final String DEFAULT_KEYSTORE_TYPE = "JKS";
    public static final String ANON_CIPHER_SUITE = "TLS_DH_anon_WITH_AES_128_CBC_SHA";
    public static final String ANON_PROTOCOL = "TLS";
    public static final String UNENCRYPTED_CIPHER_SUITE = "SSL_RSA_WITH_NULL_SHA";
    static String sslProtocol;
    static String keyManagerFactoryAlgorithm;
    static String keyStoreType;
    static String keyStoreFileName;
    static String keyStorePassword;
    static String trustStoreFileName;
    static String trustStorePassword;
    static String authenticationMode;
    static boolean internal_ssl_enabled;
    static boolean internal_encrypt_all;
    static String internal_authenticationMode;
    static boolean initialized = false;
    static boolean ssl_enabled = false;
    static boolean client_encryption_enabled = false;

    static synchronized void initProperties() {
        if (initialized) {
            return;
        }
        ssl_enabled = Boolean.valueOf(CurrentConfiguration.getProperty(SSL_ENABLED)).booleanValue();
        internal_ssl_enabled = Boolean.valueOf(CurrentConfiguration.getProperty(INTERNAL_SSL_ENABLED, Boolean.TRUE.toString())).booleanValue();
        internal_encrypt_all = Boolean.valueOf(CurrentConfiguration.getProperty(INTERNAL_ENCRYPT_ALL, Boolean.FALSE.toString())).booleanValue();
        internal_authenticationMode = CurrentConfiguration.getProperty(INTERANL_AUTHENTICATION_MODE, TWOWAY);
        client_encryption_enabled = Boolean.valueOf(CurrentConfiguration.getProperty(CommonPropertyNames.CLIENT_ENCRYPTION_ENABLED, Boolean.TRUE.toString())).booleanValue();
        try {
            try {
                Properties resourceProperties = CurrentConfiguration.getResourceProperties("SSL");
                keyStoreFileName = resourceProperties.getProperty(KEYSTORE_FILENAME);
                try {
                    keyStorePassword = new String(CryptoUtil.stringDecrypt(resourceProperties.getProperty(KEYSTORE_PASSWORD, "").toCharArray()));
                    keyStoreType = resourceProperties.getProperty(KEYSTORE_TYPE, DEFAULT_KEYSTORE_TYPE);
                    keyManagerFactoryAlgorithm = resourceProperties.getProperty(KEY_MANAGER_ALGORITHM, KeyManagerFactory.getDefaultAlgorithm());
                    authenticationMode = resourceProperties.getProperty(AUTHENTICATION_MODE);
                    trustStoreFileName = resourceProperties.getProperty(TRUSTSTORE_FILENAME);
                    try {
                        trustStorePassword = new String(CryptoUtil.stringDecrypt(resourceProperties.getProperty(TRUSTSTORE_PASSWORD, "").toCharArray()));
                        sslProtocol = resourceProperties.getProperty(SSL_PROTOCOL, DEFAULT_SSL_PROTOCOL);
                        initialized = true;
                    } catch (CryptoException e) {
                        throw new MetaMatrixRuntimeException(e);
                    }
                } catch (CryptoException e2) {
                    throw new MetaMatrixRuntimeException(e2);
                }
            } catch (ConfigurationException e3) {
                keyStoreType = DEFAULT_KEYSTORE_TYPE;
                sslProtocol = DEFAULT_SSL_PROTOCOL;
                keyManagerFactoryAlgorithm = DEFAULT_KEY_MANAGER_ALGORITHM;
                keyStoreFileName = null;
                trustStoreFileName = null;
                authenticationMode = ONEWAY;
                initialized = true;
            }
        } catch (Throwable th) {
            initialized = true;
            throw th;
        }
    }

    public static Socket getClientSocket(InetAddress inetAddress, int i) throws Exception {
        initProperties();
        if (!ssl_enabled || !CryptoUtil.isEncryptionEnabled()) {
            return new Socket(inetAddress, i);
        }
        SSLSocket sSLSocket = (SSLSocket) (ANONYMOUS.equals(authenticationMode) ? getAnonSSLContext() : getSSLContext(keyStoreFileName, keyStorePassword, trustStoreFileName, trustStorePassword, keyManagerFactoryAlgorithm, keyStoreType, sslProtocol)).getSocketFactory().createSocket(inetAddress, i);
        if (ANONYMOUS.equals(authenticationMode)) {
            addCipherSuite(sSLSocket, ANON_CIPHER_SUITE);
        }
        return sSLSocket;
    }

    public static Socket getInternalClientSocket(InetAddress inetAddress, int i, boolean z) throws IOException {
        initProperties();
        boolean z2 = z | internal_encrypt_all;
        if (!internal_ssl_enabled || !CryptoUtil.isEncryptionEnabled() || (!z2 && ANONYMOUS.equals(internal_authenticationMode))) {
            return new Socket(inetAddress, i);
        }
        SSLSocket sSLSocket = (SSLSocket) (ANONYMOUS.equals(internal_authenticationMode) ? getAnonSSLContext() : getInternalSSLContext(keyManagerFactoryAlgorithm, DEFAULT_SSL_PROTOCOL)).getSocketFactory().createSocket(inetAddress, i);
        if (!z2) {
            addCipherSuite(sSLSocket, UNENCRYPTED_CIPHER_SUITE);
        } else if (ANONYMOUS.equals(internal_authenticationMode)) {
            addCipherSuite(sSLSocket, ANON_CIPHER_SUITE);
        }
        return sSLSocket;
    }

    public static ServerSocket getServerSocket(int i, int i2, InetAddress inetAddress) throws IOException {
        initProperties();
        if (!ssl_enabled || !CryptoUtil.isEncryptionEnabled()) {
            return new ServerSocket(i, i2, inetAddress);
        }
        SSLServerSocketFactory serverSocketFactory = (ANONYMOUS.equals(authenticationMode) ? getAnonSSLContext() : getSSLContext(keyStoreFileName, keyStorePassword, trustStoreFileName, trustStorePassword, keyManagerFactoryAlgorithm, keyStoreType, sslProtocol)).getServerSocketFactory();
        SSLServerSocket sSLServerSocket = inetAddress != null ? (SSLServerSocket) serverSocketFactory.createServerSocket(i, i2, inetAddress) : (SSLServerSocket) serverSocketFactory.createServerSocket(i, i2);
        if (ANONYMOUS.equals(authenticationMode)) {
            Assertion.assertTrue(Arrays.asList(serverSocketFactory.getSupportedCipherSuites()).contains(ANON_CIPHER_SUITE));
            sSLServerSocket.setEnabledCipherSuites(new String[]{ANON_CIPHER_SUITE});
        }
        sSLServerSocket.setNeedClientAuth(TWOWAY.equals(authenticationMode));
        return sSLServerSocket;
    }

    public static ServerSocket getInternalServerSocket(int i, int i2, InetAddress inetAddress, boolean z) throws IOException {
        initProperties();
        boolean z2 = z | internal_encrypt_all;
        if (!internal_ssl_enabled || !CryptoUtil.isEncryptionEnabled() || (!z2 && ANONYMOUS.equals(internal_authenticationMode))) {
            return new ServerSocket(i, i2, inetAddress);
        }
        SSLServerSocketFactory serverSocketFactory = (ANONYMOUS.equals(internal_authenticationMode) ? getAnonSSLContext() : getInternalSSLContext(keyManagerFactoryAlgorithm, DEFAULT_SSL_PROTOCOL)).getServerSocketFactory();
        SSLServerSocket sSLServerSocket = inetAddress != null ? (SSLServerSocket) serverSocketFactory.createServerSocket(i, i2, inetAddress) : (SSLServerSocket) serverSocketFactory.createServerSocket(i, i2);
        if (!z2) {
            Assertion.assertTrue(Arrays.asList(serverSocketFactory.getSupportedCipherSuites()).contains(UNENCRYPTED_CIPHER_SUITE));
            sSLServerSocket.setEnabledCipherSuites(new String[]{UNENCRYPTED_CIPHER_SUITE});
        } else if (ANONYMOUS.equals(internal_authenticationMode)) {
            Assertion.assertTrue(Arrays.asList(serverSocketFactory.getSupportedCipherSuites()).contains(ANON_CIPHER_SUITE));
            sSLServerSocket.setEnabledCipherSuites(new String[]{ANON_CIPHER_SUITE});
        }
        sSLServerSocket.setNeedClientAuth(TWOWAY.equals(internal_authenticationMode));
        return sSLServerSocket;
    }

    public static SSLContext getInternalSSLContext(String str, String str2) throws IOException {
        try {
            CryptoKeyManager cryptoKeyManager = PasswordCryptoFactory.getCryptoKeyManager();
            KeyStore keyStore = cryptoKeyManager.getKeyStore();
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
            keyManagerFactory.init(keyStore, cryptoKeyManager.getStorePassword());
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            SSLContext sSLContext = SSLContext.getInstance(str2);
            sSLContext.init(keyManagers, trustManagers, null);
            return sSLContext;
        } catch (CryptoException e) {
            IOException iOException = new IOException(e.getMessage());
            iOException.initCause(e);
            throw iOException;
        } catch (GeneralSecurityException e2) {
            IOException iOException2 = new IOException(e2.getMessage());
            iOException2.initCause(e2);
            throw iOException2;
        }
    }

    public static SSLContext getAnonSSLContext() throws IOException {
        return getSSLContext(null, null, null, null, null, null, ANON_PROTOCOL);
    }

    public static SSLContext getSSLContext(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws IOException {
        KeyStore loadKeyStore;
        KeyManager[] keyManagerArr = null;
        if (str != null) {
            try {
                KeyStore loadKeyStore2 = loadKeyStore(str, str2, str6);
                if (loadKeyStore2 != null) {
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str5);
                    keyManagerFactory.init(loadKeyStore2, str2.toCharArray());
                    keyManagerArr = keyManagerFactory.getKeyManagers();
                }
            } catch (GeneralSecurityException e) {
                IOException iOException = new IOException(e.getMessage());
                iOException.initCause(e);
                throw iOException;
            }
        }
        TrustManager[] trustManagerArr = null;
        if (str3 != null && (loadKeyStore = loadKeyStore(str3, str4, str6)) != null) {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str5);
            trustManagerFactory.init(loadKeyStore);
            trustManagerArr = trustManagerFactory.getTrustManagers();
        }
        SSLContext sSLContext = SSLContext.getInstance(str7);
        sSLContext.init(keyManagerArr, trustManagerArr, null);
        return sSLContext;
    }

    static KeyStore loadKeyStore(String str, String str2, String str3) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException {
        InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(str);
        if (resourceAsStream == null) {
            try {
                resourceAsStream = new FileInputStream(str);
            } catch (FileNotFoundException e) {
                IOException iOException = new IOException(CommonPlugin.Util.getString("SocketHelper.keystore_not_found", str));
                iOException.initCause(e);
                throw iOException;
            }
        }
        KeyStore keyStore = KeyStore.getInstance(str3);
        keyStore.load(resourceAsStream, str2 != null ? str2.toCharArray() : null);
        return keyStore;
    }

    public static boolean isServerSSLEnabled() {
        initProperties();
        return ssl_enabled;
    }

    public static boolean isClientEncryptionEnabled() {
        initProperties();
        return CryptoUtil.isEncryptionEnabled() && client_encryption_enabled;
    }

    public static void addCipherSuite(SSLSocket sSLSocket, String str) {
        Assertion.assertTrue(Arrays.asList(sSLSocket.getSupportedCipherSuites()).contains(str));
        String[] enabledCipherSuites = sSLSocket.getEnabledCipherSuites();
        String[] strArr = new String[enabledCipherSuites.length + 1];
        System.arraycopy(enabledCipherSuites, 0, strArr, 0, enabledCipherSuites.length);
        strArr[enabledCipherSuites.length] = str;
        sSLSocket.setEnabledCipherSuites(strArr);
    }

    public static void setClientEncryptionEnabled(boolean z) {
        client_encryption_enabled = z;
    }
}
