package org.beepcore.beep.profile.tls.jsse;

import com.sun.net.ssl.KeyManager;
import com.sun.net.ssl.KeyManagerFactory;
import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManager;
import com.sun.net.ssl.TrustManagerFactory;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.beepcore.beep.core.BEEPError;
import org.beepcore.beep.core.BEEPException;
import org.beepcore.beep.core.Channel;
import org.beepcore.beep.core.CloseChannelException;
import org.beepcore.beep.core.MessageMSG;
import org.beepcore.beep.core.ProfileRegistry;
import org.beepcore.beep.core.RequestHandler;
import org.beepcore.beep.core.Session;
import org.beepcore.beep.core.SessionCredential;
import org.beepcore.beep.core.SessionTuningProperties;
import org.beepcore.beep.core.StartChannelException;
import org.beepcore.beep.core.StartChannelListener;
import org.beepcore.beep.core.StringOutputDataStream;
import org.beepcore.beep.profile.Profile;
import org.beepcore.beep.profile.ProfileConfiguration;
import org.beepcore.beep.profile.tls.TLSProfile;
import org.beepcore.beep.transport.tcp.TCPSession;

/* loaded from: input_file:lib/beepcore.jar:org/beepcore/beep/profile/tls/jsse/TLSProfileJSSE.class */
public class TLSProfileJSSE extends TLSProfile implements Profile, StartChannelListener, RequestHandler {
    public static final String PROCEED1 = "<proceed/>";
    public static final String PROCEED2 = "<proceed />";
    public static final String READY1 = "<ready/>";
    public static final String READY2 = "<ready />";
    static final String ERR_SERVER_MUST_HAVE_KEY = "Listener must be anonymous if no keys are specified.";
    static final String ERR_EXPECTED_PROCEED = "Error receiving <proceed />";
    static final String ERR_ILLEGAL_KEY_STORE = "Illegal Key Store Type property value";
    static final String ERR_ILLEGAL_TRUST_STORE = "Illegal Trust Store Type property value";
    static final String ERR_TLS_NOT_SUPPORTED_BY_SESSION = "TLS not supported by this session";
    static final String ERR_TLS_SOCKET = "TLS not supported by this session";
    static final String ERR_TLS_HANDSHAKE_WAIT = "Error waiting for TLS handshake to complete";
    static final String ERR_TLS_NO_AUTHENTICATION = "Authentication failed for this TLS negotiation";
    static final String PROPERTY_KEY_MANAGER_ALGORITHM = "Key Algorithm";
    static final String PROPERTY_KEY_MANAGER_PROVIDER = "Key Provider";
    static final String PROPERTY_TRUST_MANAGER_ALGORITHM = "Trust Algorithm";
    static final String PROPERTY_TRUST_MANAGER_PROVIDER = "Trust Provider";
    static final String PROPERTY_KEYSTORE_PASSPHRASE = "Key Store Passphrase";
    static final String PROPERTY_KEYSTORE_TYPE = "Key Store Data Type";
    static final String PROPERTY_KEYSTORE_NAME = "Key Store";
    static final String PROPERTY_KEYSTORE_FORMAT = "Key Store Format";
    static final String PROPERTY_KEYSTORE_PROVIDER = "Key Store Provider";
    static final String PROPERTY_TRUSTSTORE_PASSPHRASE = "Trust Store Passphrase";
    static final String PROPERTY_TRUSTSTORE_TYPE = "Trust Store Data Type";
    static final String PROPERTY_TRUSTSTORE_NAME = "Trust Store";
    static final String PROPERTY_TRUSTSTORE_FORMAT = "Trust Store Format";
    static final String PROPERTY_TRUSTSTORE_PROVIDER = "Trust Store Provider";
    static final String PROPERTY_CIPHER_SUITE = "Cipher Suite";
    static final String PROPERTY_CLIENT_AUTHENTICATION = "Initiator Authentication Required";
    static final String PROPERTY_SERVER_ANONYMOUS = "Listener Anonymous";
    private Log log = LogFactory.getLog(getClass());
    boolean notifiedHandshake = false;
    boolean waitingForHandshake = false;
    boolean abortSession = false;
    String uri = "http://iana.org/beep/TLS";
    static boolean needClientAuth = false;
    static boolean serverAnonymous = true;
    static String keyAlgorithm = null;
    static String keyProvider = null;
    static String trustAlgorithm = null;
    static String trustProvider = null;
    static String keyPassphrase = null;
    static String keyStoreType = null;
    static String keyStoreName = null;
    static String keyStoreFormat = null;
    static String keyStoreProvider = null;
    static String trustPassphrase = null;
    static String trustStoreType = null;
    static String trustStoreName = null;
    static String trustStoreFormat = null;
    static String trustStoreProvider = null;
    static SSLSocketFactory socketFactory = null;
    static List handshakeListeners = null;

    /* loaded from: input_file:lib/beepcore.jar:org/beepcore/beep/profile/tls/jsse/TLSProfileJSSE$BeepListenerHCL.class */
    class BeepListenerHCL implements HandshakeCompletedListener {
        Channel channel;
        boolean notifiedHandshake = false;
        boolean waitingForHandshake = false;
        final TLSProfileJSSE this$0;

        BeepListenerHCL(TLSProfileJSSE tLSProfileJSSE, Channel channel) {
            this.this$0 = tLSProfileJSSE;
            this.channel = channel;
        }

        /* JADX WARN: Type inference failed for: r0v6, types: [java.lang.Throwable, java.util.List] */
        @Override // javax.net.ssl.HandshakeCompletedListener
        public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
            Session session = this.channel.getSession();
            this.this$0.log.debug("HandshakeCompleted");
            synchronized (TLSProfileJSSE.handshakeListeners) {
                Iterator it = TLSProfileJSSE.handshakeListeners.iterator();
                while (it.hasNext()) {
                    if (!((TLSProfileJSSEHandshakeCompletedListener) it.next()).handshakeCompleted(session, handshakeCompletedEvent)) {
                        this.this$0.abort(new BEEPError(BEEPError.CODE_REQUESTED_ACTION_ABORTED, TLSProfileJSSE.ERR_TLS_NO_AUTHENTICATION), this.channel);
                        return;
                    }
                }
                Hashtable hashtable = new Hashtable();
                try {
                    hashtable.put(SessionCredential.AUTHENTICATOR, handshakeCompletedEvent.getPeerCertificateChain()[0].getSubjectDN().getName());
                    hashtable.put(SessionCredential.REMOTE_CERTIFICATE, handshakeCompletedEvent.getPeerCertificateChain());
                } catch (SSLPeerUnverifiedException e) {
                    hashtable.put(SessionCredential.AUTHENTICATOR, "");
                    hashtable.put(SessionCredential.REMOTE_CERTIFICATE, "");
                }
                ProfileRegistry profileRegistry = session.getProfileRegistry();
                profileRegistry.removeStartChannelListener(this.this$0.uri);
                Hashtable hashtable2 = new Hashtable();
                hashtable2.put(SessionTuningProperties.ENCRYPTION, "true");
                try {
                    this.this$0.complete(this.channel, TLSProfileJSSE.generateCredential(), new SessionCredential(hashtable), new SessionTuningProperties(hashtable2), profileRegistry, handshakeCompletedEvent.getSocket());
                } catch (BEEPException e2) {
                    this.this$0.abort(new BEEPError(BEEPError.CODE_REQUESTED_ACTION_ABORTED, TLSProfileJSSE.ERR_TLS_NO_AUTHENTICATION), this.channel);
                }
            }
        }
    }

    /* loaded from: input_file:lib/beepcore.jar:org/beepcore/beep/profile/tls/jsse/TLSProfileJSSE$TLSHandshake.class */
    class TLSHandshake implements HandshakeCompletedListener {
        Session session;
        SessionCredential cred;
        boolean notifiedHandshake = false;
        boolean waitingForHandshake = false;
        final TLSProfileJSSE this$0;

        TLSHandshake(TLSProfileJSSE tLSProfileJSSE) {
            this.this$0 = tLSProfileJSSE;
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v16 */
        /* JADX WARN: Type inference failed for: r0v17, types: [java.lang.Throwable] */
        /* JADX WARN: Type inference failed for: r0v21 */
        /* JADX WARN: Type inference failed for: r0v3, types: [java.util.List] */
        /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Throwable] */
        /* JADX WARN: Type inference failed for: r0v9 */
        @Override // javax.net.ssl.HandshakeCompletedListener
        public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
            this.this$0.log.debug("HandshakeCompleted");
            ?? r0 = TLSProfileJSSE.handshakeListeners;
            synchronized (r0) {
                Iterator it = TLSProfileJSSE.handshakeListeners.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    } else if (!((TLSProfileJSSEHandshakeCompletedListener) it.next()).handshakeCompleted(this.session, handshakeCompletedEvent)) {
                        this.this$0.abortSession = true;
                        break;
                    }
                }
                r0 = r0;
                Hashtable hashtable = new Hashtable();
                try {
                    hashtable.put(SessionCredential.AUTHENTICATOR, handshakeCompletedEvent.getPeerCertificateChain()[0].getSubjectDN().getName());
                    hashtable.put(SessionCredential.REMOTE_CERTIFICATE, handshakeCompletedEvent.getPeerCertificateChain());
                } catch (SSLPeerUnverifiedException e) {
                    hashtable.put(SessionCredential.AUTHENTICATOR, "");
                    hashtable.put(SessionCredential.REMOTE_CERTIFICATE, "");
                }
                this.cred = new SessionCredential(hashtable);
                ?? r02 = this;
                synchronized (r02) {
                    if (this.waitingForHandshake) {
                        notify();
                    }
                    this.notifiedHandshake = true;
                    r02 = r02;
                }
            }
        }
    }

    public TLSProfileJSSE() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init((KeyManager[]) null, (TrustManager[]) null, (SecureRandom) null);
            socketFactory = sSLContext.getSocketFactory();
        } catch (KeyManagementException e) {
            this.log.error(e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            this.log.error(e2.getMessage());
        }
        if (handshakeListeners == null) {
            handshakeListeners = Collections.synchronizedList(new LinkedList());
        }
    }

    @Override // org.beepcore.beep.profile.tls.TLSProfile, org.beepcore.beep.profile.Profile
    public StartChannelListener init(String str, ProfileConfiguration profileConfiguration) throws BEEPException {
        KeyManager[] keyManagerArr;
        TrustManager[] trustManagerArr;
        this.uri = str;
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            try {
                keyAlgorithm = profileConfiguration.getProperty(PROPERTY_KEY_MANAGER_ALGORITHM);
                keyProvider = profileConfiguration.getProperty(PROPERTY_KEY_MANAGER_PROVIDER);
                trustAlgorithm = profileConfiguration.getProperty(PROPERTY_TRUST_MANAGER_ALGORITHM);
                trustProvider = profileConfiguration.getProperty(PROPERTY_TRUST_MANAGER_PROVIDER);
                keyPassphrase = profileConfiguration.getProperty(PROPERTY_KEYSTORE_PASSPHRASE);
                keyStoreType = profileConfiguration.getProperty(PROPERTY_KEYSTORE_TYPE);
                keyStoreName = profileConfiguration.getProperty(PROPERTY_KEYSTORE_NAME);
                keyStoreFormat = profileConfiguration.getProperty(PROPERTY_KEYSTORE_FORMAT, "JKS");
                keyStoreProvider = profileConfiguration.getProperty(PROPERTY_KEYSTORE_PROVIDER);
                trustPassphrase = profileConfiguration.getProperty(PROPERTY_TRUSTSTORE_PASSPHRASE);
                trustStoreType = profileConfiguration.getProperty(PROPERTY_TRUSTSTORE_TYPE);
                trustStoreName = profileConfiguration.getProperty(PROPERTY_TRUSTSTORE_NAME);
                trustStoreFormat = profileConfiguration.getProperty(PROPERTY_TRUSTSTORE_FORMAT, "JKS");
                trustStoreProvider = profileConfiguration.getProperty(PROPERTY_TRUSTSTORE_PROVIDER);
                needClientAuth = new Boolean(profileConfiguration.getProperty(PROPERTY_CLIENT_AUTHENTICATION, "false")).booleanValue();
                serverAnonymous = new Boolean(profileConfiguration.getProperty(PROPERTY_SERVER_ANONYMOUS, "true")).booleanValue();
                if (keyAlgorithm != null) {
                    KeyManagerFactory keyManagerFactory = keyProvider != null ? KeyManagerFactory.getInstance(keyAlgorithm, keyProvider) : KeyManagerFactory.getInstance(keyAlgorithm);
                    KeyStore keyStore = keyStoreProvider != null ? KeyStore.getInstance(keyStoreFormat, keyStoreProvider) : KeyStore.getInstance(keyStoreFormat);
                    if (!keyStoreType.equals("file")) {
                        throw new BEEPException(ERR_ILLEGAL_KEY_STORE);
                    }
                    keyStore.load(new FileInputStream(keyStoreName), keyPassphrase.toCharArray());
                    keyManagerFactory.init(keyStore, keyPassphrase.toCharArray());
                    keyManagerArr = keyManagerFactory.getKeyManagers();
                } else {
                    keyManagerArr = (KeyManager[]) null;
                }
                if (trustAlgorithm != null) {
                    TrustManagerFactory trustManagerFactory = trustProvider != null ? TrustManagerFactory.getInstance(trustAlgorithm, trustProvider) : TrustManagerFactory.getInstance(trustAlgorithm);
                    KeyStore keyStore2 = trustStoreProvider != null ? KeyStore.getInstance(trustStoreFormat, trustStoreProvider) : KeyStore.getInstance(trustStoreFormat);
                    if (!trustStoreType.equals("file")) {
                        throw new BEEPException(ERR_ILLEGAL_TRUST_STORE);
                    }
                    keyStore2.load(new FileInputStream(trustStoreName), trustPassphrase.toCharArray());
                    trustManagerFactory.init(keyStore2);
                    trustManagerArr = trustManagerFactory.getTrustManagers();
                } else {
                    trustManagerArr = (TrustManager[]) null;
                }
                sSLContext.init(keyManagerArr, trustManagerArr, (SecureRandom) null);
                socketFactory = sSLContext.getSocketFactory();
                return this;
            } catch (Exception e) {
                this.log.error(e);
                throw new BEEPException(e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new BEEPException("TLS Algorithm Not Found. Probable cause is the JSSE provider has not been added to the java.security file.");
        }
    }

    public boolean advertiseProfile(Session session, SessionTuningProperties sessionTuningProperties) throws BEEPException {
        return true;
    }

    @Override // org.beepcore.beep.core.StartChannelListener
    public void startChannel(Channel channel, String str, String str2) throws StartChannelException {
        channel.setRequestHandler(this, true);
    }

    @Override // org.beepcore.beep.core.RequestHandler
    public void receiveMSG(MessageMSG messageMSG) {
        Channel channel = messageMSG.getChannel();
        try {
            try {
                String readLine = new BufferedReader(new InputStreamReader(messageMSG.getDataStream().getInputStream())).readLine();
                if (!readLine.equals("<ready/>") && !readLine.equals("<ready />")) {
                    messageMSG.sendERR(BEEPError.CODE_PARAMETER_INVALID, "Expected READY element");
                }
                begin(channel);
                messageMSG.sendRPY(new StringOutputDataStream("<proceed />"));
                try {
                    Socket socket = ((TCPSession) channel.getSession()).getSocket();
                    SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(socket, socket.getInetAddress().getHostName(), socket.getPort(), true);
                    sSLSocket.addHandshakeCompletedListener(new BeepListenerHCL(this, channel));
                    sSLSocket.setUseClientMode(false);
                    sSLSocket.setNeedClientAuth(needClientAuth);
                    sSLSocket.setEnabledCipherSuites(sSLSocket.getSupportedCipherSuites());
                    sSLSocket.startHandshake();
                } catch (IOException e) {
                    channel.getSession().terminate(new StringBuffer("TLS error: ").append(e.getMessage()).toString());
                }
            } catch (BEEPException e2) {
                channel.getSession().terminate("unable to send ERR");
            }
        } catch (IOException e3) {
            messageMSG.sendERR(BEEPError.CODE_PARAMETER_ERROR, "Error reading data");
        }
    }

    @Override // org.beepcore.beep.core.StartChannelListener
    public void closeChannel(Channel channel) throws CloseChannelException {
        this.log.debug("Closing TLS channel.");
    }

    @Override // org.beepcore.beep.core.StartChannelListener
    public boolean advertiseProfile(Session session) throws BEEPException {
        return true;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v39 */
    /* JADX WARN: Type inference failed for: r0v40, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v43 */
    @Override // org.beepcore.beep.profile.tls.TLSProfile
    public TCPSession startTLS(TCPSession tCPSession) throws BEEPException {
        String startData = startChannel(tCPSession, this.uri, false, "<ready />", null).getStartData();
        if (this.log.isDebugEnabled()) {
            this.log.debug(new StringBuffer("Got start data of ").append(startData).toString());
        }
        if (startData == null || !(startData.equals("<proceed/>") || startData.equals("<proceed />"))) {
            this.log.error(new StringBuffer("Invalid reply: ").append(startData).toString());
            throw new BEEPException(ERR_EXPECTED_PROCEED);
        }
        Socket socket = tCPSession.getSocket();
        TLSHandshake tLSHandshake = new TLSHandshake(this);
        try {
            SSLSocket sSLSocket = (SSLSocket) socketFactory.createSocket(socket, socket.getInetAddress().getHostName(), socket.getPort(), true);
            sSLSocket.addHandshakeCompletedListener(tLSHandshake);
            sSLSocket.setUseClientMode(true);
            sSLSocket.setNeedClientAuth(needClientAuth);
            sSLSocket.setEnabledCipherSuites(sSLSocket.getSupportedCipherSuites());
            tLSHandshake.session = tCPSession;
            this.log.debug("Handshake starting");
            sSLSocket.startHandshake();
            this.log.debug("Handshake returned");
            ?? r0 = tLSHandshake;
            synchronized (r0) {
                if (!tLSHandshake.notifiedHandshake) {
                    tLSHandshake.waitingForHandshake = true;
                    tLSHandshake.wait();
                    tLSHandshake.waitingForHandshake = false;
                }
                r0 = r0;
                this.log.debug("Handshake done waiting");
                if (this.abortSession) {
                    tCPSession.close();
                    throw new BEEPException(ERR_TLS_NO_AUTHENTICATION);
                }
                Hashtable hashtable = new Hashtable();
                hashtable.put(SessionTuningProperties.ENCRYPTION, "true");
                return (TCPSession) reset(tCPSession, generateCredential(), tLSHandshake.cred, new SessionTuningProperties(hashtable), tCPSession.getProfileRegistry(), sSLSocket);
            }
        } catch (SSLException e) {
            this.log.error(e);
            throw new BEEPException(e);
        } catch (IOException e2) {
            this.log.error(e2);
            throw new BEEPException("TLS not supported by this session");
        } catch (InterruptedException e3) {
            this.log.error(e3);
            throw new BEEPException(ERR_TLS_HANDSHAKE_WAIT);
        }
    }

    public static SessionCredential generateCredential() {
        Hashtable hashtable = new Hashtable(4);
        hashtable.put(SessionCredential.AUTHENTICATOR, "http://iana.org/beep/TLS");
        return new SessionCredential(hashtable);
    }

    public void addHandshakeCompletedListener(TLSProfileJSSEHandshakeCompletedListener tLSProfileJSSEHandshakeCompletedListener) {
        removeHandshakeCompletedListener(tLSProfileJSSEHandshakeCompletedListener);
        handshakeListeners.add(tLSProfileJSSEHandshakeCompletedListener);
    }

    public void removeHandshakeCompletedListener(TLSProfileJSSEHandshakeCompletedListener tLSProfileJSSEHandshakeCompletedListener) {
        handshakeListeners.remove(tLSProfileJSSEHandshakeCompletedListener);
    }
}
