package com.bes.enterprise.webtier.util.mbeanserver;

import com.bes.enterprise.appserver.common.ssl.J2EEKeyManager;
import com.bes.enterprise.appserver.common.ssl.SecuritySupport;
import com.bes.enterprise.logging.internal.Log;
import com.bes.enterprise.logging.internal.LogFactory;
import com.bes.enterprise.web.util.compat.JreVendor;
import com.bes.enterprise.web.util.net.Constants;
import com.bes.enterprise.web.util.net.openssl.ciphers.OpenSSLCipherConfigurationParser;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.rmi.server.RMISocketFactory;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509KeyManager;

/* loaded from: input_file:com/bes/enterprise/webtier/util/mbeanserver/JMXSslRMISocketFactory.class */
public class JMXSslRMISocketFactory extends RMISocketFactory implements Serializable {
    private static final Log log = LogFactory.getLog((Class<?>) JMXSslRMISocketFactory.class);
    private static final String TLSv13 = "TLSv1.3";
    private static final String TLSv12 = "TLSv1.2";
    private static final String TLSv11 = "TLSv1.1";
    private static final String TLS = "TLSv1";
    private static final String SSL3 = "SSLv3";
    private static final String SSL2 = "SSLv2";
    private static final String SSL = "SSL";
    private final InetAddress mAddress;
    private static final String ALLOW_ALL_SUPPORTED_CIPHERS = "ALL";
    private boolean rfc5746Supported;
    private String[] defaultServerProtocols;
    private String[] defaultServerCipherSuites;
    private transient SSLContext sslContext;
    private String alias = null;
    private String protocol;
    private String clientAuth;
    private String[] ciphers;
    private String[] enabledProtocols;
    private SecuritySupport securitySupport;

    public JMXSslRMISocketFactory(String str, boolean z, boolean z2, boolean z3, boolean z4, boolean z5, String str2, String str3, InetAddress inetAddress, SecuritySupport securitySupport) throws NoSuchAlgorithmException, GeneralSecurityException, IOException {
        this.protocol = null;
        this.clientAuth = null;
        this.ciphers = null;
        this.enabledProtocols = null;
        this.mAddress = inetAddress;
        this.protocol = z5 ? "TLSv1.3" : z4 ? "TLSv1.2" : z3 ? "TLSv1.1" : z2 ? "TLSv1" : z ? "SSLv3" : Constants.SSL_PROTO_TLS;
        this.enabledProtocols = calcEnabledProtocols(z, z2, z3, z4, z5);
        this.clientAuth = str2;
        initDefaultCipherSuite(this.protocol);
        this.securitySupport = securitySupport;
        this.sslContext = getSSLContext(str, this.protocol);
        this.ciphers = getEnableableCiphers(this.sslContext, str3);
    }

    private void initDefaultCipherSuite(String str) {
        try {
            SSLContext sSLContext = SSLContext.getInstance(str);
            sSLContext.init(null, null, null);
            SSLServerSocketFactory serverSocketFactory = sSLContext.getServerSocketFactory();
            String[] supportedCipherSuites = serverSocketFactory.getSupportedCipherSuites();
            boolean z = false;
            int length = supportedCipherSuites.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if ("TLS_EMPTY_RENEGOTIATION_INFO_SCSV".equals(supportedCipherSuites[i])) {
                    z = true;
                    break;
                }
                i++;
            }
            this.rfc5746Supported = z;
            try {
                SSLServerSocket sSLServerSocket = (SSLServerSocket) serverSocketFactory.createServerSocket();
                try {
                    this.defaultServerCipherSuites = sSLServerSocket.getEnabledCipherSuites();
                    if (this.defaultServerCipherSuites.length == 0) {
                        log.warn("Unable to determine a default for ciphers for jmx connector. Set an explicit value to ensure the connector can start.");
                    }
                    ArrayList arrayList = new ArrayList();
                    for (String str2 : sSLServerSocket.getEnabledProtocols()) {
                        if (str2.toUpperCase(Locale.ENGLISH).contains(SSL)) {
                            log.warn(String.format("The SSL protocol %s which is enabled by default in this JRE was excluded from the defaults used by BES Application Server.", str2));
                        } else {
                            arrayList.add(str2);
                        }
                    }
                    this.defaultServerProtocols = (String[]) arrayList.toArray(new String[arrayList.size()]);
                    if (this.defaultServerProtocols.length == 0) {
                        log.warn("Unable to determine a default for sslEnabledProtocols for jmx connector. Set an explicit value to ensure the connector can start.");
                    }
                } finally {
                    try {
                        sSLServerSocket.close();
                    } catch (IOException e) {
                    }
                }
            } catch (IOException e2) {
                this.defaultServerCipherSuites = new String[0];
                this.defaultServerProtocols = new String[0];
                log.warn("Unable to determine a default for ciphers for jmx connector. Set an explicit value to ensure the connector can start.");
                log.warn("Unable to determine a default for sslEnabledProtocols for jmx connector. Set an explicit value to ensure the connector can start.");
            }
        } catch (KeyManagementException | NoSuchAlgorithmException e3) {
            throw new IllegalArgumentException(e3);
        }
    }

    private SSLContext getSSLContext(String str, String str2) throws NoSuchAlgorithmException, GeneralSecurityException, IOException {
        if (str2 == null) {
            str2 = Constants.SSL_PROTO_TLS;
        }
        SecuritySupport securitySupport = getSecuritySupport();
        if (securitySupport == null) {
            securitySupport = SecuritySupport.getDefaultSecuritySupport();
        }
        SSLContext sSLContext = SSLContext.getInstance(str2);
        KeyManager[] keyManagers = securitySupport.getKeyManagers(null);
        if (str != null && str.length() > 0 && keyManagers != null) {
            for (int i = 0; i < keyManagers.length; i++) {
                keyManagers[i] = new J2EEKeyManager((X509KeyManager) keyManagers[i], str);
            }
        }
        sSLContext.init(keyManagers, securitySupport.getTrustManagers(null), null);
        return sSLContext;
    }

    private String[] calcEnabledProtocols(boolean z, boolean z2, boolean z3, boolean z4, boolean z5) {
        StringBuilder sb = new StringBuilder();
        if (z) {
            sb.append("SSLv3,");
        }
        if (z2) {
            sb.append("TLSv1,");
        }
        if (z3) {
            sb.append("TLSv1.1,");
        }
        if (z4) {
            sb.append("TLSv1.2,");
        }
        if (z5) {
            sb.append("TLSv1.3,");
        }
        if (sb.length() == 0) {
            return null;
        }
        sb.deleteCharAt(sb.length() - 1);
        return sb.toString().split(",");
    }

    /* JADX WARN: Multi-variable type inference failed */
    private String[] getEnableableCiphers(SSLContext sSLContext, String str) {
        List asList;
        if (ALLOW_ALL_SUPPORTED_CIPHERS.equals(str)) {
            return sSLContext.getSupportedSSLParameters().getCipherSuites();
        }
        if (str == null || str.trim().length() == 0) {
            return this.defaultServerCipherSuites;
        }
        List arrayList = new ArrayList();
        if (str.indexOf(58) != -1) {
            arrayList = OpenSSLCipherConfigurationParser.parseExpression(str);
        } else {
            for (String str2 : str.split(",")) {
                String trim = str2.trim();
                if (trim.length() > 0) {
                    arrayList.add(trim);
                }
            }
        }
        if (arrayList.isEmpty()) {
            return this.defaultServerCipherSuites;
        }
        ArrayList arrayList2 = new ArrayList(arrayList);
        String[] cipherSuites = sSLContext.getSupportedSSLParameters().getCipherSuites();
        if (JreVendor.IS_IBM_JVM) {
            asList = new ArrayList(cipherSuites.length * 2);
            for (String str3 : cipherSuites) {
                asList.add(str3);
                if (str3.startsWith(SSL)) {
                    asList.add(Constants.SSL_PROTO_TLS + str3.substring(3));
                }
            }
        } else {
            asList = Arrays.asList(cipherSuites);
        }
        arrayList2.retainAll(asList);
        if (arrayList2.isEmpty()) {
            log.warn(String.format("None of the ciphers specified are supported by the SSL engine : %s", str));
        }
        if (log.isTraceEnabled()) {
            log.trace(String.format("Specified SSL ciphers that are supported and enableable are : %s.", arrayList2));
            if (arrayList2.size() != arrayList.size()) {
                ArrayList arrayList3 = new ArrayList(arrayList);
                arrayList3.removeAll(arrayList2);
                log.trace(String.format("Some specified SSL ciphers are not supported by the SSL engine : %s.", arrayList3));
            }
        }
        return (String[]) arrayList2.toArray(new String[arrayList2.size()]);
    }

    public Socket createSocket(String str, int i) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) this.sslContext.getSocketFactory().createSocket(str, i);
        configureSSLSocket(sSLSocket);
        return sSLSocket;
    }

    public ServerSocket createServerSocket(int i) throws IOException {
        SSLServerSocket sSLServerSocket = (SSLServerSocket) this.sslContext.getServerSocketFactory().createServerSocket(i, i, this.mAddress);
        configureSSLServerSocket(sSLServerSocket);
        return sSLServerSocket;
    }

    private void configureSSLServerSocket(SSLServerSocket sSLServerSocket) {
        if (this.ciphers != null && this.ciphers.length > 0) {
            sSLServerSocket.setEnabledCipherSuites(this.ciphers);
        }
        if (this.enabledProtocols != null && this.enabledProtocols.length > 0) {
            sSLServerSocket.setEnabledProtocols(this.enabledProtocols);
        }
        if ("true".equalsIgnoreCase(this.clientAuth) || "yes".equalsIgnoreCase(this.clientAuth)) {
            sSLServerSocket.setNeedClientAuth(true);
        } else if ("want".equalsIgnoreCase(this.clientAuth)) {
            sSLServerSocket.setWantClientAuth(true);
        } else {
            sSLServerSocket.setNeedClientAuth(false);
        }
    }

    private void configureSSLSocket(SSLSocket sSLSocket) {
        if (this.ciphers != null && this.ciphers.length > 0) {
            sSLSocket.setEnabledCipherSuites(this.ciphers);
        }
        if (this.enabledProtocols != null && this.enabledProtocols.length > 0) {
            sSLSocket.setEnabledProtocols(this.enabledProtocols);
        }
        if ("true".equalsIgnoreCase(this.clientAuth) || "yes".equalsIgnoreCase(this.clientAuth)) {
            sSLSocket.setNeedClientAuth(true);
        } else if ("want".equalsIgnoreCase(this.clientAuth)) {
            sSLSocket.setWantClientAuth(true);
        } else {
            sSLSocket.setNeedClientAuth(false);
        }
    }

    public SecuritySupport getSecuritySupport() {
        return this.securitySupport;
    }

    public void setSecuritySupport(SecuritySupport securitySupport) {
        this.securitySupport = securitySupport;
    }

    public String getEnabledProtocolsAsString() {
        if (this.enabledProtocols == null || this.enabledProtocols.length <= 0) {
            return null;
        }
        return toCommaSeparatedString(this.enabledProtocols);
    }

    public String getCiphersAsString() {
        if (this.ciphers == null || this.ciphers.length <= 0) {
            return null;
        }
        return toCommaSeparatedString(this.ciphers);
    }

    private String toCommaSeparatedString(String[] strArr) {
        StringBuffer stringBuffer = new StringBuffer(strArr[0]);
        for (int i = 1; i < strArr.length; i++) {
            stringBuffer.append(",");
            stringBuffer.append(strArr[i]);
        }
        return stringBuffer.toString();
    }

    public void writeObject(ObjectOutputStream objectOutputStream) throws IOException {
        objectOutputStream.defaultWriteObject();
    }

    public void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException, NoSuchAlgorithmException, GeneralSecurityException {
        objectInputStream.defaultReadObject();
        this.sslContext = getSSLContext(this.alias, this.protocol);
    }
}
