package com.bes.enterprise.appserver.common.ssl;

import com.bes.enterprise.appserver.common.util.SystemPropertyConstants;
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/bes/enterprise/appserver/common/ssl/SecuritySupport.class */
public class SecuritySupport {
    private static final String DEFAULT_KEYSTORE_PASS = "changeit";
    private static final String DEFAULT_TRUSTSTORE_PASS = "changeit";
    private final String keystoreType;
    private final String keystoreFilePath;
    private final char[] keystorePass;
    private final String truststoreType;
    private final String truststoreFilePath;
    private final char[] truststorePass;
    private KeyStore keystore = null;
    private KeyStore truststore = null;
    private Date initDate = new Date();
    private static final Logger _logger = Logger.getLogger(SecuritySupport.class.getName());
    private static SecuritySupport defaultSecuritySupport = null;

    public SecuritySupport(String str, String str2, char[] cArr, String str3, String str4, char[] cArr2) {
        this.keystoreType = str;
        this.keystoreFilePath = str2;
        this.keystorePass = cArr;
        this.truststoreType = str3;
        this.truststoreFilePath = str4;
        this.truststorePass = cArr2;
    }

    public static SecuritySupport getDefaultSecuritySupport() throws GeneralSecurityException {
        if (defaultSecuritySupport != null) {
            return defaultSecuritySupport;
        }
        String property = System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType());
        String property2 = System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType());
        String property3 = System.getProperty(SystemPropertyConstants.KEYSTORE_PROPERTY);
        String property4 = System.getProperty(SystemPropertyConstants.TRUSTSTORE_PROPERTY);
        String property5 = System.getProperty(SystemPropertyConstants.KEYSTORE_PASSWORD_PROPERTY);
        String property6 = System.getProperty(SystemPropertyConstants.TRUSTSTORE_PASSWORD_PROPERTY);
        defaultSecuritySupport = new SecuritySupport(property, property3, isEmpty(property5) ? "changeit".toCharArray() : property5.toCharArray(), property2, property4, isEmpty(property6) ? "changeit".toCharArray() : property6.toCharArray());
        defaultSecuritySupport.init();
        return defaultSecuritySupport;
    }

    public void init() throws GeneralSecurityException {
        try {
            this.keystore = loadKeyStore(this.keystoreType, null, this.keystoreFilePath, this.keystorePass);
            this.truststore = loadKeyStore(this.truststoreType, null, this.truststoreFilePath, this.truststorePass);
        } catch (Exception e) {
            throw new GeneralSecurityException("Failed to load the keystore manger and trust store manager!", e);
        }
    }

    public KeyManager[] getKeyManagers(String str) throws IOException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        ArrayList arrayList = new ArrayList();
        checkCertificateDates(this.keystore);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str != null ? str : KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(this.keystore, this.keystorePass);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (keyManagers != null) {
            arrayList.addAll(Arrays.asList(keyManagers));
        }
        return new KeyManager[]{new UnifiedX509KeyManager((X509KeyManager[]) arrayList.toArray(new X509KeyManager[arrayList.size()]), new String[]{null})};
    }

    public TrustManager[] getTrustManagers(String str) throws IOException, KeyStoreException, NoSuchAlgorithmException {
        ArrayList arrayList = new ArrayList();
        checkCertificateDates(this.truststore);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str != null ? str : TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(this.truststore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers != null) {
            arrayList.addAll(Arrays.asList(trustManagers));
        }
        return new TrustManager[]{arrayList.size() == 1 ? (TrustManager) arrayList.get(0) : new UnifiedX509TrustManager((X509TrustManager[]) arrayList.toArray(new X509TrustManager[arrayList.size()]))};
    }

    public KeyStore getKeystore() {
        return this.keystore;
    }

    private static KeyStore loadKeyStore(String str, Provider provider, String str2, char[] cArr) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = provider != null ? KeyStore.getInstance(str, provider) : KeyStore.getInstance(str);
        FileInputStream fileInputStream = null;
        BufferedInputStream bufferedInputStream = null;
        if (str2 != null) {
            try {
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.log(Level.FINE, "Loading keystoreFile = {0}, keystorePass = {1}", new Object[]{str2, cArr});
                }
                fileInputStream = new FileInputStream(str2);
                bufferedInputStream = new BufferedInputStream(fileInputStream);
            } catch (Throwable th) {
                if (bufferedInputStream != null) {
                    bufferedInputStream.close();
                }
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        }
        keyStore.load(bufferedInputStream, cArr);
        if (bufferedInputStream != null) {
            bufferedInputStream.close();
        }
        if (fileInputStream != null) {
            fileInputStream.close();
        }
        return keyStore;
    }

    private void checkCertificateDates(KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            Certificate certificate = keyStore.getCertificate(nextElement);
            if ((certificate instanceof X509Certificate) && ((X509Certificate) certificate).getNotAfter().before(this.initDate)) {
                _logger.log(Level.FINEST, "The certificate with alias {0} has expired!", nextElement);
                _logger.log(Level.FINEST, "java_security.expired_certificate", certificate);
            }
        }
    }

    private static boolean isEmpty(String str) {
        boolean z = false;
        if (str == null || "".equals(str.trim())) {
            z = true;
        }
        return z;
    }
}
