package org.openhealthtools.ihe.atna.nodeauth;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import java.util.Properties;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import org.apache.log4j.Logger;
import org.apache.ws.java2wsdl.Java2WSDLCodegenEngine;
import org.openhealthtools.ihe.atna.nodeauth.utils.AliasSensitiveX509KeyManager;

/* loaded from: input_file:lib/ehealth_connector-fatjar-ch-1.4.0-201704.jar:org/openhealthtools/ihe/atna/nodeauth/SecurityDomain.class */
public class SecurityDomain implements Cloneable {
    private String name;
    KeyManagerFactory keyManagerFactory;
    KeyStore keyStore;
    TrustManagerFactory trustManagerFactory;
    KeyStore trustStore;
    private KeyManager[] keyManagers;
    String debug;
    String systemDebug;
    Properties domainProperties;
    Properties systemProperties;
    private boolean domainSpoofCheck;
    private String preferredKeyAlias;
    protected boolean keystoreInitialized;
    protected boolean truststoreInitialized;
    private static final Logger logger = Logger.getLogger(SecurityDomain.class);
    public static final String JAVAX_NET_DEBUG = "javax.net.debug";
    public static final String JAVAX_NET_SSL_KEYSTORE = "javax.net.ssl.keyStore";
    public static final String JAVAX_NET_SSL_KEYSTORE_PASSWORD = "javax.net.ssl.keyStorePassword";
    public static final String JAVAX_NET_SSL_TRUSTSTORE = "javax.net.ssl.trustStore";
    public static final String JAVAX_NET_SSL_TRUSTSTORE_PASSWORD = "javax.net.ssl.trustStorePassword";
    public static final String HTTPS_CIPHERSUITES = "https.ciphersuites";
    public static final String HTTPS_PROTOCOLS = "https.protocols";
    private static final String[] ENVNAMES = {JAVAX_NET_DEBUG, JAVAX_NET_SSL_KEYSTORE, JAVAX_NET_SSL_KEYSTORE_PASSWORD, JAVAX_NET_SSL_TRUSTSTORE, JAVAX_NET_SSL_TRUSTSTORE_PASSWORD, HTTPS_CIPHERSUITES, HTTPS_PROTOCOLS};
    private static final String[] SECURITY_STORE_FORMATS = {KeyStore.getDefaultType(), "jks", "pkcs12"};
    public static String TLS_RSA_WITH_AES_128_CBC_SHA = "TLS_RSA_WITH_AES_128_CBC_SHA";
    public static String TLS_RSA_WITH_NULL_SHA = "SSL_RSA_WITH_NULL_SHA";
    public static String DEFAULT_HTTPS_CIPHERSUITES = String.valueOf(TLS_RSA_WITH_NULL_SHA) + Java2WSDLCodegenEngine.COMMA + TLS_RSA_WITH_AES_128_CBC_SHA;
    public static String DEFAULT_HTTPS_PROTOCOLS = "TLSv1";
    public static String DEFAULT_SECURITY_DOMAIN = "_DEFAULT_";

    public SecurityDomain(String str, Properties properties) throws SecurityDomainException {
        this(str, null, properties);
    }

    public SecurityDomain(String str, String str2, Properties properties) throws SecurityDomainException {
        this.keyManagerFactory = null;
        this.keyStore = null;
        this.trustManagerFactory = null;
        this.trustStore = null;
        this.debug = null;
        this.systemDebug = null;
        this.domainProperties = null;
        this.systemProperties = null;
        this.domainSpoofCheck = false;
        this.keystoreInitialized = false;
        this.truststoreInitialized = false;
        if (str == null || str.trim().length() < 1) {
            throw new IllegalArgumentException("SecurityDomain(String name, Properties properties) - name cannot be null or blank");
        }
        if (properties == null) {
            throw new IllegalArgumentException("SecurityDomain(String name, Properties properties) - properties cannot be null");
        }
        this.name = str;
        this.preferredKeyAlias = str2;
        if (logger.isDebugEnabled()) {
            logger.debug("Begin: Security name " + str + " setup.");
        }
        setProperties(properties);
    }

    public void setProperties(Properties properties) throws SecurityDomainException {
        this.domainProperties = cloneProperites(properties);
        if (this.domainProperties.getProperty(HTTPS_CIPHERSUITES) == null) {
            this.domainProperties.setProperty(HTTPS_CIPHERSUITES, DEFAULT_HTTPS_CIPHERSUITES);
        }
        if (this.domainProperties.getProperty(HTTPS_PROTOCOLS) == null) {
            this.domainProperties.setProperty(HTTPS_PROTOCOLS, DEFAULT_HTTPS_PROTOCOLS);
        }
        initStores();
        if (logger.isDebugEnabled()) {
            logger.debug("Success: Security name " + this.name + " configured.");
        }
    }

    public void setDomainEnvironment() {
        if (logger.isDebugEnabled()) {
            logger.debug("Setting System environment properties to Security Domain values");
        }
        this.systemProperties = System.getProperties();
        for (int i = 0; i < ENVNAMES.length; i++) {
            setOrClearSystemProperties(ENVNAMES[i], this.domainProperties);
        }
    }

    public void restoreSystemEnvironment() {
        if (this.systemProperties == null) {
            throw new NullPointerException("Must call SecurityDomain.setDomainEnvironment() first to record existing System environment");
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Swapping back to original System environment properties values");
        }
        for (int i = 0; i < ENVNAMES.length; i++) {
            setOrClearSystemProperties(ENVNAMES[i], this.systemProperties);
        }
    }

    private Properties cloneProperites(Properties properties) {
        Properties properties2 = new Properties();
        for (int i = 0; i < ENVNAMES.length; i++) {
            String property = properties.getProperty(ENVNAMES[i]);
            if (property != null) {
                properties2.setProperty(ENVNAMES[i], property);
            }
        }
        return properties2;
    }

    private void setOrClearSystemProperties(String str, Properties properties) {
        String property = properties.getProperty(str);
        if (property == null) {
            System.setProperty(str, "");
            if (logger.isDebugEnabled()) {
                logger.debug("System property " + str + " cleared.");
                return;
            }
            return;
        }
        if (logger.isDebugEnabled()) {
            if (str.indexOf("assword") == -1) {
                logger.debug("System property " + str + " set to " + property);
            } else {
                logger.debug("System property " + str + " set to XXX (password not shown)");
            }
        }
        System.setProperty(str, property);
    }

    protected void initTrustStore(InputStream inputStream, char[] cArr) throws SecurityDomainException, NoSuchAlgorithmException, CertificateException, IOException {
        if (inputStream == null) {
            this.truststoreInitialized = true;
            logger.warn("Truststore input stream is null.  Using JVM default trust store.");
            return;
        }
        for (int i = 0; i < SECURITY_STORE_FORMATS.length; i++) {
            String str = SECURITY_STORE_FORMATS[i];
            try {
                inputStream.reset();
                this.trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
                this.trustStore.load(inputStream, cArr);
                this.trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                this.trustManagerFactory.init(this.trustStore);
                this.truststoreInitialized = true;
                if (!logger.isDebugEnabled()) {
                    break;
                }
                logger.debug("Trust store for security domain " + this.name + " initialized successfully");
                break;
            } catch (IOException e) {
                logger.warn("Error while loading truststore", e);
            } catch (KeyStoreException e2) {
                logger.warn("Unable to initialize trust store with type " + str, e2);
            }
        }
        if (this.truststoreInitialized) {
            return;
        }
        logger.error("Error initializing the trust manager. Trust store type cannot be loaded.");
        throw new SecurityDomainException("Error initializing the trust manager. Trust store type cannot be loaded.");
    }

    protected void initKeyStore(InputStream inputStream, char[] cArr) throws SecurityDomainException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, IOException {
        for (int i = 0; i < SECURITY_STORE_FORMATS.length; i++) {
            String str = SECURITY_STORE_FORMATS[i];
            try {
                inputStream.reset();
                this.keyStore = KeyStore.getInstance(str);
                this.keyStore.load(inputStream, cArr);
                this.keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                this.keyManagerFactory.init(this.keyStore, cArr);
                fixKeyManagers();
                this.keystoreInitialized = true;
                if (!logger.isDebugEnabled()) {
                    break;
                }
                logger.debug("Key store for security domain " + this.name + " initialized successfully");
                break;
            } catch (IOException e) {
                logger.warn("IO Error while loading keystore", e);
            } catch (KeyStoreException e2) {
                logger.warn("Unable to initialize key store with type " + str, e2);
            }
        }
        if (this.keystoreInitialized) {
            return;
        }
        logger.error("Error initializing the key manager. Key store type cannot be loaded.");
        throw new SecurityDomainException("Error initializing the key manager. Key store type cannot be loaded.");
    }

    protected void initStores() throws SecurityDomainException {
        setDomainEnvironment();
        char[] charArray = this.domainProperties.getProperty(JAVAX_NET_SSL_KEYSTORE_PASSWORD, "").toCharArray();
        char[] charArray2 = this.domainProperties.getProperty(JAVAX_NET_SSL_TRUSTSTORE_PASSWORD, "").toCharArray();
        String property = this.domainProperties.getProperty(JAVAX_NET_SSL_KEYSTORE, null);
        if (logger.isDebugEnabled()) {
            logger.debug("Name of key store for security domain " + this.name + " is " + property);
        }
        if (property == null) {
            restoreSystemEnvironment();
            throw new SecurityDomainException(this.name, "Key Store file is undefined");
        }
        String property2 = this.domainProperties.getProperty(JAVAX_NET_SSL_TRUSTSTORE, null);
        if (logger.isDebugEnabled()) {
            if (property2 != null) {
                logger.debug("Name of trust store for security domain " + this.name + " is " + property2);
            } else {
                logger.debug("Name of trust store for security domain " + this.name + " was not defined. Default trust store from JVM will be used");
            }
        }
        try {
            initKeyStore(preBufferInputStream(new FileInputStream(property)), charArray);
            if (logger.isDebugEnabled()) {
                logger.debug("Key store for security domain " + this.name + " initialized successfully");
            }
            if (property2 != null) {
                try {
                    initTrustStore(preBufferInputStream(new FileInputStream(property2)), charArray2);
                    if (logger.isDebugEnabled()) {
                        logger.debug("Trust store for security domain " + this.name + " initialized successfully");
                    }
                } catch (IOException e) {
                    String str = "Error loading trust store file " + property2 + ".  " + e.getLocalizedMessage();
                    logger.error(str);
                    restoreSystemEnvironment();
                    throw new SecurityDomainException(this.name, str, e);
                } catch (NoSuchAlgorithmException e2) {
                    String str2 = "Error: Key Store Manager Algorithm " + KeyManagerFactory.getDefaultAlgorithm() + " is not supported. " + e2.getLocalizedMessage();
                    logger.error(str2);
                    restoreSystemEnvironment();
                    throw new SecurityDomainException(this.name, str2, e2);
                } catch (CertificateException e3) {
                    String str3 = "Error loading trust store file " + property2 + ".  " + e3.getLocalizedMessage();
                    logger.error(str3);
                    restoreSystemEnvironment();
                    throw new SecurityDomainException(this.name, str3, e3);
                }
            }
            restoreSystemEnvironment();
        } catch (IOException e4) {
            String str4 = "Error loading key store file " + property + ".  " + e4.getLocalizedMessage();
            logger.error(str4);
            restoreSystemEnvironment();
            throw new SecurityDomainException(this.name, str4, e4);
        } catch (NoSuchAlgorithmException e5) {
            String str5 = "Error: Key Store Manager Algorithm " + KeyManagerFactory.getDefaultAlgorithm() + " is not supported. " + e5.getLocalizedMessage();
            logger.error(str5);
            restoreSystemEnvironment();
            throw new SecurityDomainException(this.name, str5, e5);
        } catch (UnrecoverableKeyException e6) {
            String str6 = "Error loading key store file " + property + ".  " + e6.getLocalizedMessage();
            logger.error(str6);
            restoreSystemEnvironment();
            throw new SecurityDomainException(this.name, str6, e6);
        } catch (CertificateException e7) {
            String str7 = "Error loading key store file " + property + ".  " + e7.getLocalizedMessage();
            logger.error(str7);
            restoreSystemEnvironment();
            throw new SecurityDomainException(this.name, str7, e7);
        }
    }

    private void fixKeyManagers() {
        if (this.keyManagerFactory == null || this.keyManagerFactory.getKeyManagers() == null) {
            return;
        }
        KeyManager[] keyManagers = this.keyManagerFactory.getKeyManagers();
        KeyManager[] keyManagerArr = new KeyManager[keyManagers.length];
        for (int i = 0; i < keyManagers.length; i++) {
            KeyManager keyManager = keyManagers[i];
            if (keyManager instanceof X509KeyManager) {
                keyManager = new AliasSensitiveX509KeyManager(this, (X509KeyManager) keyManager);
            }
            keyManagerArr[i] = keyManager;
        }
        this.keyManagers = keyManagerArr;
    }

    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    public KeyStore getTrustStore() {
        return this.trustStore;
    }

    public KeyManager[] getKeyManagers() {
        return this.keyManagers == null ? this.keyManagerFactory.getKeyManagers() : this.keyManagers;
    }

    public TrustManager[] getTrustManagers() {
        return this.trustManagerFactory.getTrustManagers();
    }

    public KeyManagerFactory getKeyManagerFactory() {
        return this.keyManagerFactory;
    }

    public TrustManagerFactory getTrustManagerFactory() {
        return this.trustManagerFactory;
    }

    public String getName() {
        return this.name;
    }

    public String[] getCipherSuites() {
        return this.domainProperties.getProperty(HTTPS_CIPHERSUITES).split(Java2WSDLCodegenEngine.COMMA);
    }

    public String getPreferredKeyAlias() {
        return this.preferredKeyAlias;
    }

    public void setPreferredKeyAlias(String str, boolean z) throws SecurityDomainException {
        if (z) {
            boolean z2 = false;
            try {
                Enumeration<String> aliases = getKeyStore().aliases();
                while (true) {
                    if (!aliases.hasMoreElements()) {
                        break;
                    } else if (str.equals(aliases.nextElement())) {
                        z2 = true;
                        break;
                    }
                }
                if (!z2) {
                    throw new SecurityDomainException(getName(), "Validation failed.  Unable to find the alias " + str + " in the Security Domain keystore.");
                }
            } catch (Exception e) {
                throw new SecurityDomainException(getName(), "Validation failed.  Unable to find the alias " + str + " in the Security Domain keystore.", e);
            }
        }
        this.preferredKeyAlias = str;
    }

    public boolean doDomainSpoofCheck() {
        return this.domainSpoofCheck;
    }

    public void setDomainSpoofCheck(boolean z) {
        this.domainSpoofCheck = z;
    }

    private static ByteArrayInputStream preBufferInputStream(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        while (true) {
            int read = inputStream.read();
            if (read == -1) {
                return new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
            }
            byteArrayOutputStream.write(read);
        }
    }

    /* renamed from: clone, reason: merged with bridge method [inline-methods] */
    public SecurityDomain m6237clone() {
        SecurityDomain securityDomain = null;
        try {
            securityDomain = (SecurityDomain) super.clone();
            securityDomain.fixKeyManagers();
        } catch (Exception unused) {
        }
        return securityDomain;
    }

    public SecurityDomain clone(String str) {
        SecurityDomain m6237clone = m6237clone();
        if (m6237clone != null) {
            m6237clone.name = str;
        }
        return m6237clone;
    }
}
