package org.beepcore.beep.profile.tls.ptls;

import COM.claymoresystems.cert.X509Cert;
import COM.claymoresystems.ptls.PureTLSPackageBridge;
import COM.claymoresystems.ptls.SSLContext;
import COM.claymoresystems.ptls.SSLSocket;
import COM.claymoresystems.ptls.SSLThrewAlertException;
import COM.claymoresystems.sslg.SSLPolicyInt;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.Socket;
import java.security.PrivateKey;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.beepcore.beep.core.BEEPError;
import org.beepcore.beep.core.BEEPException;
import org.beepcore.beep.core.Channel;
import org.beepcore.beep.core.CloseChannelException;
import org.beepcore.beep.core.MessageMSG;
import org.beepcore.beep.core.ProfileRegistry;
import org.beepcore.beep.core.RequestHandler;
import org.beepcore.beep.core.Session;
import org.beepcore.beep.core.SessionCredential;
import org.beepcore.beep.core.SessionTuningProperties;
import org.beepcore.beep.core.StartChannelException;
import org.beepcore.beep.core.StartChannelListener;
import org.beepcore.beep.core.StringOutputDataStream;
import org.beepcore.beep.core.TuningProfile;
import org.beepcore.beep.transport.tcp.TCPSession;

/* loaded from: input_file:lib/beepcore.jar:org/beepcore/beep/profile/tls/ptls/TLSProfilePureTLS.class */
public class TLSProfilePureTLS extends TuningProfile implements StartChannelListener, RequestHandler {
    public static final String PROCEED1 = "<proceed/>";
    public static final String PROCEED2 = "<proceed />";
    public static final String READY1 = "<ready/>";
    public static final String READY2 = "<ready />";
    public static final String URI = "http://iana.org/beep/TLS";
    static final int MAX_CIPHERS = 103;
    static final String ERR_SERVER_MUST_HAVE_KEY = "Listener must be anonymous if no keys are specified.";
    static final String ERR_EXPECTED_PROCEED = "Error receiving <proceed />";
    static final String ERR_ILLEGAL_KEY_STORE = "Illegal Key Store Type property value";
    static final String ERR_ILLEGAL_TRUST_STORE = "Illegal Trust Store Type property value";
    static final String ERR_TLS_NOT_SUPPORTED_BY_SESSION = "TLS not supported by this session";
    static final String ERR_TLS_SOCKET = "TLS not supported by this session";
    static final String ERR_TLS_HANDSHAKE_WAIT = "Error waiting for TLS handshake to complete";
    static final String ERR_TLS_NO_AUTHENTICATION = "Authentication failed for this TLS negotiation";
    public static final String PROPERTY_CLIENT_AUTH_REQUIRED = "Client Authenticaton Required";
    public static final String PROPERTY_CIPHER_SUITE = "Cipher Suite";
    public static final String PROPERTY_CERTIFICATES = "Certificates";
    public static final String PROPERTY_PRIVATE_KEY = "Private Key";
    public static final String PROPERTY_TRUSTED_CERTS = "Trusted Certificates";
    public static final String PROPERTY_PRIVATE_KEY_ALGORITHM = "Private Key Type";
    SSLPolicyInt policy;
    SSLContext context;
    private static String defaultPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,376827D42B068D3C\n\nFAyWxidmVeHJBv9IWjp3NLtmnsLML92XJfVOT134C5IFez/PxHrkieuzHYv79m0u\nQAuySeIccNgdSQA/zcHLFUJjzxx7NjFtj3+80zredcXW5SyGd8F8Y9EpWV6rd6sa\nh3BJ2BnYNr3hTBoIlj/xnaSvfW0LrjcI6vaPw4sZ1gcNjfNzOVTUCgqNf6O+AIlI\nuMXNF+Lurp/aK6CV1LABhbsc5/CqmfOlWRvydiQiUFyGhJ5ub3yjgH0EejTUQpjC\nt2dPyKS97+2RJZE650VZDP37DVKOEdnf4OF1jmsoGQzxv33J8DoSGqNb1u4z4uXn\nicbhDI6ZxM53xUW6Oseu290+rKPUUIeZrWYWk8+SrMeV3KZq01K+paKAjA7CqfmW\nB7sO1mhiwRefIyj89NbXFZKMxMl95Th8A3aiONP0NtY=\n-----END RSA PRIVATE KEY-----\n";
    private static String defaultPassphrase = "stupid";
    private static String defaultCertificate = "-----BEGIN CERTIFICATE-----\nMIIDJDCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBkzELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgTAlVUMRYwFAYDVQQHEw1BbWVyaWNhbiBGb3JrMRkwFwYDVQQKExBJ\nbnZpc2libGUgV29ybGRzMQ0wCwYDVQQLEwRVdGFoMREwDwYDVQQDEwhKYXkgS2lu\ndDEiMCAGCSqGSIb3DQEJARYTamtpbnRAaW52aXNpYmxlLm5ldDAeFw0wMTA1MjIy\nMjI2MzBaFw0wMjA1MjIyMjI2MzBaMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJV\nVDEZMBcGA1UEChMQSW52aXNpYmxlIFdvcmxkczENMAsGA1UECxMEVXRhaDETMBEG\nA1UEAxMKRXJpYyBEaXhvbjEjMCEGCSqGSIb3DQEJARYUZWRpeG9uQGludmlzaWJs\nZS5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAvlFYMlFSrVwYtQqClXow5Fln\nywGiddbtuKDmOYXVmkhMijiz5FJEE9Og+4hMHqkpY7ls2pgHAp2ojVk2mUc4MQID\nAQABo4IBHzCCARswCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH\nZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFAsXsSPS9ygE+KOzXcDJhWWq\nl+Q1MIHABgNVHSMEgbgwgbWAFDpO2dz71wbN86ypUTtDVJ16LvXooYGZpIGWMIGT\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFjAUBgNVBAcTDUFtZXJpY2FuIEZv\ncmsxGTAXBgNVBAoTEEludmlzaWJsZSBXb3JsZHMxDTALBgNVBAsTBFV0YWgxETAP\nBgNVBAMTCEpheSBLaW50MSIwIAYJKoZIhvcNAQkBFhNqa2ludEBpbnZpc2libGUu\nbmV0ggEAMA0GCSqGSIb3DQEBBAUAA0EAWysxYjfYZK3QMTAaI/sKIZaPtwUaWhHp\nKoWUMF6WZxe2iFwts0AoyLo6F7oMjvxNc2yNn4gi/WrPfZWkHncU3g==\n-----END CERTIFICATE-----\n";
    private static String defaultRootCertificate = "-----BEGIN CERTIFICATE-----\nMIIDDTCCAregAwIBAgIBADANBgkqhkiG9w0BAQQFADCBkzELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgTAlVUMRYwFAYDVQQHEw1BbWVyaWNhbiBGb3JrMRkwFwYDVQQKExBJ\nbnZpc2libGUgV29ybGRzMQ0wCwYDVQQLEwRVdGFoMREwDwYDVQQDEwhKYXkgS2lu\ndDEiMCAGCSqGSIb3DQEJARYTamtpbnRAaW52aXNpYmxlLm5ldDAeFw0wMTA1MjIy\nMjIzMTZaFw0wMTA2MjEyMjIzMTZaMIGTMQswCQYDVQQGEwJVUzELMAkGA1UECBMC\nVVQxFjAUBgNVBAcTDUFtZXJpY2FuIEZvcmsxGTAXBgNVBAoTEEludmlzaWJsZSBX\nb3JsZHMxDTALBgNVBAsTBFV0YWgxETAPBgNVBAMTCEpheSBLaW50MSIwIAYJKoZI\nhvcNAQkBFhNqa2ludEBpbnZpc2libGUubmV0MFwwDQYJKoZIhvcNAQEBBQADSwAw\nSAJBANvFvkyq94iwrEvA4AprtJyfpznGfE2ibG5OrzeGWgZ1FqPsfhkU4qt0xbRL\nFdgb438SZCJ0bFWdK//P7Z1flI8CAwEAAaOB8zCB8DAdBgNVHQ4EFgQUOk7Z3PvX\nBs3zrKlRO0NUnXou9egwgcAGA1UdIwSBuDCBtYAUOk7Z3PvXBs3zrKlRO0NUnXou\n9eihgZmkgZYwgZMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEWMBQGA1UEBxMN\nQW1lcmljYW4gRm9yazEZMBcGA1UEChMQSW52aXNpYmxlIFdvcmxkczENMAsGA1UE\nCxMEVXRhaDERMA8GA1UEAxMISmF5IEtpbnQxIjAgBgkqhkiG9w0BCQEWE2praW50\nQGludmlzaWJsZS5uZXSCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAANB\nAMmJY0I24Qx9RNi6GdF75hblGsmt+W4oBnlWv4WI7qDcSzeSO8M2xGom95mE1+Hu\nczaRiitRTKis54e1d3h2HVs=\n-----END CERTIFICATE-----\n";
    private Log log = LogFactory.getLog(getClass());
    boolean needPeerAuth = true;
    short[] cipherSuite = new short[103];
    String uri = "http://iana.org/beep/TLS";
    boolean abortSession = false;
    private TLSProfilePureTLSHandshakeCompletedListener handshakeListener = null;

    public TLSProfilePureTLS() {
        this.policy = null;
        this.context = null;
        this.context = new SSLContext();
        this.policy = new SSLPolicyInt();
    }

    public boolean advertiseProfile(Session session, SessionTuningProperties sessionTuningProperties) throws BEEPException {
        return true;
    }

    public StartChannelListener init(String str, Hashtable hashtable) throws BEEPException {
        this.uri = str;
        this.policy = new SSLPolicyInt();
        this.context = new SSLContext();
        this.policy.negotiateTLS(true);
        if (!(hashtable.get("Client Authenticaton Required") instanceof String) || Boolean.valueOf((String) hashtable.get("Client Authenticaton Required")).booleanValue()) {
            this.policy.acceptUnverifiableCertificates(false);
            this.policy.checkCertificateDates(true);
            this.policy.requireClientAuth(true);
            this.needPeerAuth = true;
        } else {
            this.policy.acceptUnverifiableCertificates(true);
            this.policy.checkCertificateDates(false);
            this.policy.requireClientAuth(false);
            this.needPeerAuth = false;
        }
        this.context.setPolicy(this.policy);
        if (hashtable.get("Cipher Suite") != null) {
            try {
                this.policy.setCipherSuites((short[]) hashtable.get("Cipher Suite"));
            } catch (Exception e) {
                throw new BEEPException(e);
            }
        }
        if (hashtable.get("Private Key") == null || hashtable.get("Private Key Type") == null || hashtable.get("Certificates") == null || hashtable.get("Trusted Certificates") == null) {
            throw new BEEPException("Must have a private key and certificates with root certificates that match the key's algorithm");
        }
        PureTLSPackageBridge.setPrivateKey(this.context, (PrivateKey) hashtable.get("Private Key"));
        if (!(hashtable.get("Certificates") instanceof List)) {
            throw new BEEPException("X.509 Certificates should be in a List or subclass");
        }
        PureTLSPackageBridge.initCertificates(this.context);
        for (byte[] bArr : (List) hashtable.get("Certificates")) {
            try {
                if (bArr != null) {
                    PureTLSPackageBridge.addCertificate(this.context, bArr);
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                throw new BEEPException(e2.getMessage());
            }
        }
        if (!(hashtable.get("Trusted Certificates") instanceof List)) {
            throw new BEEPException("Must have trusted root certificates.");
        }
        Iterator it = ((List) hashtable.get("Trusted Certificates")).iterator();
        PureTLSPackageBridge.initRootCertificates(this.context);
        while (it.hasNext()) {
            try {
                PureTLSPackageBridge.addRootCertificate(this.context, (byte[]) it.next());
            } catch (Exception e3) {
                throw new BEEPException("Trusted (root) certificates must be in DRE format contained in byte[]");
            }
        }
        return this;
    }

    @Override // org.beepcore.beep.core.StartChannelListener
    public void startChannel(Channel channel, String str, String str2) throws StartChannelException {
        channel.setRequestHandler(this, true);
    }

    @Override // org.beepcore.beep.core.RequestHandler
    public void receiveMSG(MessageMSG messageMSG) {
        Channel channel = messageMSG.getChannel();
        try {
            try {
                String readLine = new BufferedReader(new InputStreamReader(messageMSG.getDataStream().getInputStream())).readLine();
                if (!readLine.equals("<ready/>") && !readLine.equals("<ready />")) {
                    messageMSG.sendERR(BEEPError.CODE_PARAMETER_INVALID, "Expected READY element");
                }
                begin(channel);
                messageMSG.sendRPY(new StringOutputDataStream("<proceed />"));
                TCPSession tCPSession = (TCPSession) channel.getSession();
                try {
                    this.context.setPolicy(this.policy);
                    Socket socket = tCPSession.getSocket();
                    SSLSocket sSLSocket = new SSLSocket(this.context, socket.getInputStream(), socket.getOutputStream(), socket.getInetAddress().getHostName(), socket.getPort(), 2);
                    Vector vector = null;
                    try {
                        if (this.needPeerAuth) {
                            vector = sSLSocket.getCertificateChain();
                            if (vector == null) {
                                this.log.trace("No certificate chain when there should be one.");
                                messageMSG.sendERR(BEEPError.CODE_REQUESTED_ACTION_NOT_TAKEN2, "No certificate chain when there should be one. ");
                                return;
                            }
                            Enumeration elements = vector.elements();
                            while (elements.hasMoreElements()) {
                                X509Cert x509Cert = (X509Cert) elements.nextElement();
                                String nameString = x509Cert.getSubjectName().getNameString();
                                String nameString2 = x509Cert.getIssuerName().getNameString();
                                if (this.log.isTraceEnabled()) {
                                    this.log.trace(new StringBuffer("Name = ").append(nameString).append(" issued by ").append(nameString2).toString());
                                }
                            }
                        } else {
                            this.log.trace("No peer authentication needed");
                        }
                        int cipherSuite = sSLSocket.getCipherSuite();
                        try {
                            if (this.handshakeListener != null) {
                                this.handshakeListener.handshakeCompleted(tCPSession, vector, cipherSuite);
                            }
                            Hashtable hashtable = new Hashtable();
                            hashtable.put(SessionCredential.AUTHENTICATOR, "http://iana.org/beep/TLS");
                            hashtable.put(SessionCredential.ALGORITHM, SSLPolicyInt.getCipherSuiteName(cipherSuite));
                            hashtable.put(SessionCredential.AUTHENTICATOR_TYPE, "TLS");
                            if (vector != null) {
                                hashtable.put(SessionCredential.REMOTE_CERTIFICATE, vector.elementAt(0));
                            }
                            SessionCredential sessionCredential = new SessionCredential(hashtable);
                            Hashtable hashtable2 = new Hashtable();
                            hashtable2.put(SessionTuningProperties.ENCRYPTION, "true");
                            SessionTuningProperties sessionTuningProperties = new SessionTuningProperties(hashtable2);
                            ProfileRegistry profileRegistry = tCPSession.getProfileRegistry();
                            profileRegistry.removeStartChannelListener("http://iana.org/beep/TLS");
                            try {
                                complete(channel, generateCredential(), sessionCredential, sessionTuningProperties, profileRegistry, sSLSocket);
                            } catch (BEEPException e) {
                                abort(new BEEPError(BEEPError.CODE_REQUESTED_ACTION_ABORTED, ERR_TLS_NO_AUTHENTICATION), channel);
                            }
                        } catch (BEEPException e2) {
                            this.log.error("BEEP Handshake error", e2);
                            channel.getSession().terminate("BEEP Handshake error");
                        }
                    } catch (IOException e3) {
                        this.log.error("TLS Error", e3);
                        channel.getSession().terminate(e3.getMessage());
                    } catch (BEEPException e4) {
                        this.log.error("TLS Error", e4);
                        channel.getSession().terminate("unable to send ERR");
                    }
                } catch (SSLThrewAlertException e5) {
                    this.log.error("TLS Error", e5);
                    channel.getSession().terminate(e5.getMessage());
                } catch (IOException e6) {
                    this.log.error("TLS Error", e6);
                    channel.getSession().terminate(e6.getMessage());
                }
            } catch (BEEPException e7) {
                this.log.error("TLS Error", e7);
                channel.getSession().terminate("unable to send ERR");
            }
        } catch (IOException e8) {
            messageMSG.sendERR(BEEPError.CODE_PARAMETER_ERROR, "Error reading data");
        }
    }

    @Override // org.beepcore.beep.core.StartChannelListener
    public void closeChannel(Channel channel) throws CloseChannelException {
        this.log.debug("Closing TLS channel.");
    }

    @Override // org.beepcore.beep.core.StartChannelListener
    public boolean advertiseProfile(Session session) throws BEEPException {
        return true;
    }

    public TCPSession startTLS(TCPSession tCPSession) throws BEEPException {
        String startData = startChannel(tCPSession, "http://iana.org/beep/TLS", false, "<ready />", null).getStartData();
        if (startData == null || !(startData.equals("<proceed/>") || startData.equals("<proceed />"))) {
            throw new BEEPException(ERR_EXPECTED_PROCEED);
        }
        this.log.debug("Staring TLS channel.");
        Socket socket = tCPSession.getSocket();
        try {
            this.context.setPolicy(this.policy);
            SSLSocket sSLSocket = new SSLSocket(this.context, socket.getInputStream(), socket.getOutputStream(), socket.getInetAddress().getHostName(), socket.getPort(), 1);
            try {
                Vector vector = null;
                if (this.needPeerAuth) {
                    vector = sSLSocket.getCertificateChain();
                    if (vector == null) {
                        this.log.trace("No certificate chain when there should be one.");
                        throw new BEEPException("No certificate chain when there should be one. ");
                    }
                    Enumeration elements = vector.elements();
                    while (elements.hasMoreElements()) {
                        X509Cert x509Cert = (X509Cert) elements.nextElement();
                        String nameString = x509Cert.getSubjectName().getNameString();
                        String nameString2 = x509Cert.getIssuerName().getNameString();
                        if (this.log.isTraceEnabled()) {
                            this.log.trace(new StringBuffer("Name = ").append(nameString).append(" issued by ").append(nameString2).toString());
                        }
                    }
                } else {
                    this.log.trace("No peer authentication needed");
                }
                int cipherSuite = sSLSocket.getCipherSuite();
                if (this.handshakeListener != null) {
                    this.handshakeListener.handshakeCompleted(tCPSession, vector, cipherSuite);
                }
                Hashtable hashtable = new Hashtable();
                hashtable.put(SessionCredential.AUTHENTICATOR, "http://iana.org/beep/TLS");
                hashtable.put(SessionCredential.ALGORITHM, SSLPolicyInt.getCipherSuiteName(cipherSuite));
                hashtable.put(SessionCredential.AUTHENTICATOR_TYPE, "TLS");
                if (vector != null) {
                    hashtable.put(SessionCredential.REMOTE_CERTIFICATE, vector.elementAt(0));
                }
                SessionCredential sessionCredential = new SessionCredential(hashtable);
                if (this.abortSession) {
                    tCPSession.close();
                    throw new BEEPException(ERR_TLS_NO_AUTHENTICATION);
                }
                Hashtable hashtable2 = new Hashtable();
                hashtable2.put(SessionTuningProperties.ENCRYPTION, "true");
                return (TCPSession) reset(tCPSession, generateCredential(), sessionCredential, new SessionTuningProperties(hashtable2), tCPSession.getProfileRegistry(), sSLSocket);
            } catch (Exception e) {
                throw new BEEPException(e);
            }
        } catch (SSLThrewAlertException e2) {
            tCPSession.terminate(e2.getMessage());
            throw new BEEPException(e2);
        } catch (IOException e3) {
            tCPSession.terminate(e3.getMessage());
            throw new BEEPException(e3);
        }
    }

    public static SessionCredential generateCredential() {
        Hashtable hashtable = new Hashtable(4);
        hashtable.put(SessionCredential.AUTHENTICATOR, "http://iana.org/beep/TLS");
        return new SessionCredential(hashtable);
    }

    public void setHandshakeCompletedListener(TLSProfilePureTLSHandshakeCompletedListener tLSProfilePureTLSHandshakeCompletedListener) {
        this.handshakeListener = tLSProfilePureTLSHandshakeCompletedListener;
    }

    public int getMaxCiphersKnown() {
        return 103;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPrivateKey(PrivateKey privateKey) throws BEEPException {
        try {
            PureTLSPackageBridge.setPrivateKey(this.context, privateKey);
        } catch (Exception e) {
            throw new BEEPException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCertChain(List list) throws BEEPException {
        if (list != null) {
            Iterator it = list.iterator();
            PureTLSPackageBridge.initCertificates(this.context);
            while (it.hasNext()) {
                try {
                    byte[] bArr = (byte[]) it.next();
                    if (bArr != null) {
                        PureTLSPackageBridge.addCertificate(this.context, bArr);
                    }
                } catch (Exception e) {
                    e.printStackTrace();
                    throw new BEEPException(e);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRootCerts(List list) throws BEEPException {
        if (list != null) {
            Iterator it = list.iterator();
            PureTLSPackageBridge.initRootCertificates(this.context);
            while (it.hasNext()) {
                try {
                    byte[] bArr = (byte[]) it.next();
                    if (bArr != null) {
                        PureTLSPackageBridge.addRootCertificate(this.context, bArr);
                    }
                } catch (Exception e) {
                    e.printStackTrace();
                    throw new BEEPException(e);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCipherSuite(short[] sArr) throws BEEPException {
        for (int i = 0; i < sArr.length; i++) {
            try {
                if (sArr[i] > 103 || sArr[i] < 0) {
                    throw new BEEPException(new StringBuffer("Invalid cipher at ").append(i).toString());
                }
            } catch (Exception e) {
                throw new BEEPException(e);
            }
        }
        this.policy.setCipherSuites(sArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setNeedPeerAuthentication(boolean z) {
        if (z) {
            this.policy.acceptUnverifiableCertificates(false);
            this.policy.checkCertificateDates(true);
            this.policy.requireClientAuth(true);
            this.needPeerAuth = true;
            return;
        }
        this.policy.acceptUnverifiableCertificates(true);
        this.policy.checkCertificateDates(false);
        this.policy.requireClientAuth(false);
        this.needPeerAuth = false;
    }
}
