package com.sun.enterprise.security.ssl.impl;

import com.sun.enterprise.security.ssl.manager.UnifiedX509KeyManager;
import com.sun.enterprise.security.ssl.manager.UnifiedX509TrustManager;
import com.sun.enterprise.server.pluggable.SecuritySupport;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;
import java.util.PropertyPermission;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.glassfish.api.admin.ProcessEnvironment;
import org.glassfish.api.admin.ServerEnvironment;
import org.glassfish.hk2.api.ServiceLocator;
import org.glassfish.internal.api.Globals;
import org.glassfish.internal.embedded.Server;
import org.glassfish.logging.annotation.LogMessageInfo;
import org.glassfish.logging.annotation.LogMessagesResourceBundle;
import org.glassfish.logging.annotation.LoggerInfo;
import org.jvnet.hk2.annotations.Optional;
import org.jvnet.hk2.annotations.Service;

@Singleton
@Service
/* loaded from: input_file:com/sun/enterprise/security/ssl/impl/SecuritySupportImpl.class */
public class SecuritySupportImpl extends SecuritySupport {

    @LogMessageInfo(message = "The SSL certificate has expired: {0}", level = "WARNING", cause = "Certificate expired.", action = "Check the expiration date of the certificate.")
    private static final String SSL_CERT_EXPIRED = "NCLS-SECURITY-05054";
    private static final String DEFAULT_KEYSTORE_PASS = "changeit";
    private static final String DEFAULT_TRUSTSTORE_PASS = "changeit";
    private static final String DEFAULT_MAP_KEY = "key";
    private static boolean instantiated;
    private static boolean initialized;
    private Date initDate;

    @Inject
    private ServiceLocator serviceLocator;

    @Inject
    private ProcessEnvironment processEnvironment;

    @Inject
    @Optional
    private ServerEnvironment serverEnvironment;
    private MasterPasswordImpl masterPasswordHelper;

    @LoggerInfo(subsystem = "SECURITY - SSL", description = "Security - SSL", publish = true)
    public static final String SEC_SSL_LOGGER = "javax.enterprise.system.security.ssl";

    @LogMessagesResourceBundle
    public static final String SHARED_LOGMESSAGE_RESOURCE = "com.sun.enterprise.security.ssl.LogMessages";
    protected static final Logger _logger = Logger.getLogger(SEC_SSL_LOGGER, SHARED_LOGMESSAGE_RESOURCE);
    private static final Map<String, List<KeyStore>> keyStores = new ConcurrentHashMap();
    private static final Map<String, List<KeyStore>> trustStores = new ConcurrentHashMap();
    private static final Map<String, List<char[]>> keyStorePasswords = new ConcurrentHashMap();
    private static final Map<String, List<String>> tokenNames = new ConcurrentHashMap();

    public SecuritySupportImpl() {
        this(true);
    }

    protected SecuritySupportImpl(boolean z) {
        this.initDate = new Date();
        if (z) {
            initJKS();
        }
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public KeyStore[] getKeyStores() {
        List<KeyStore> list = keyStores.get("key");
        return (KeyStore[]) list.toArray(new KeyStore[list.size()]);
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public KeyStore[] getTrustStores() {
        List<KeyStore> list = trustStores.get("key");
        return (KeyStore[]) list.toArray(new KeyStore[list.size()]);
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public String[] getTokenNames() {
        return (String[]) tokenNames.get("key").toArray(new String[keyStores.get("key").size()]);
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public KeyStore getKeyStore(String str) {
        int tokenIndex = getTokenIndex(str);
        if (tokenIndex < 0) {
            return null;
        }
        return keyStores.get("key").get(tokenIndex);
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public KeyStore getTrustStore(String str) {
        int tokenIndex = getTokenIndex(str);
        if (tokenIndex < 0) {
            return null;
        }
        return trustStores.get("key").get(tokenIndex);
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public void reset() {
        char[] masterPassword = this.masterPasswordHelper.getMasterPassword();
        initStores(masterPassword, masterPassword);
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public KeyStore loadNullStore(String str, int i) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(null, keyStorePasswords.get("key").get(i));
        return keyStore;
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public KeyManager[] getKeyManagers(String str) throws IOException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        KeyStore[] keyStores2 = getKeyStores();
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < keyStores2.length; i++) {
            checkCertificateDates(keyStores2[i]);
            KeyManager[] keyManagers = getKeyManagerFactory(keyStores2[i], keyStorePasswords.get("key").get(0), str).getKeyManagers();
            if (keyManagers != null) {
                arrayList.addAll(Arrays.asList(keyManagers));
            }
        }
        return new KeyManager[]{new UnifiedX509KeyManager((X509KeyManager[]) arrayList.toArray(new X509KeyManager[arrayList.size()]), getTokenNames())};
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public TrustManager[] getTrustManagers(String str) throws IOException, KeyStoreException, NoSuchAlgorithmException {
        ArrayList arrayList = new ArrayList();
        for (KeyStore keyStore : getTrustStores()) {
            checkCertificateDates(keyStore);
            TrustManager[] trustManagers = getTrustManagerFactory(keyStore, str).getTrustManagers();
            if (trustManagers != null) {
                arrayList.addAll(Arrays.asList(trustManagers));
            }
        }
        return new TrustManager[]{arrayList.size() == 1 ? (TrustManager) arrayList.get(0) : new UnifiedX509TrustManager((X509TrustManager[]) arrayList.toArray(new X509TrustManager[arrayList.size()]))};
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public boolean verifyMasterPassword(char[] cArr) {
        return Arrays.equals(cArr, keyStorePasswords.get("key").get(0));
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public void synchronizeKeyFile(Object obj, String str) throws Exception {
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public PrivateKey getPrivateKeyForAlias(String str, int i) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        checkPermission("javax.net.ssl.keyStorePassword");
        Key key = keyStores.get("key").get(i).getKey(str, keyStorePasswords.get("key").get(i));
        if (key instanceof PrivateKey) {
            return (PrivateKey) key;
        }
        return null;
    }

    @Override // com.sun.enterprise.server.pluggable.SecuritySupport
    public void checkPermission(String str) {
        try {
            if (isEmbeddedServer() || this.serviceLocator == null || isACC() || isNotServerORACC()) {
                return;
            }
            AccessController.checkPermission(new RuntimePermission("SSLPassword"));
        } catch (AccessControlException e) {
            PropertyPermission propertyPermission = new PropertyPermission(str, "read");
            String message = e.getMessage();
            if (message != null) {
                message = message.replace(e.getPermission().toString(), propertyPermission.toString());
            }
            throw new AccessControlException(message, propertyPermission);
        }
    }

    private int getTokenIndex(String str) {
        int i = -1;
        if (str != null) {
            i = tokenNames.get("key").indexOf(str);
            if (i < 0 && _logger.isLoggable(Level.FINEST)) {
                _logger.log(Level.FINEST, "token {0} is not found", str);
            }
        }
        return i;
    }

    public boolean isACC() {
        if (this.processEnvironment == null) {
            return false;
        }
        return this.processEnvironment.getProcessType().equals(ProcessEnvironment.ProcessType.ACC);
    }

    public boolean isNotServerORACC() {
        return this.processEnvironment.getProcessType().equals(ProcessEnvironment.ProcessType.Other);
    }

    private void initJKS() {
        char[] cArr = null;
        char[] cArr2 = null;
        if (!isInstantiated()) {
            if (this.serviceLocator == null) {
                this.serviceLocator = Globals.getDefaultHabitat();
            }
            if (this.masterPasswordHelper == null && this.serviceLocator != null) {
                this.masterPasswordHelper = (MasterPasswordImpl) this.serviceLocator.getService(MasterPasswordImpl.class, new Annotation[0]);
            }
            if (this.masterPasswordHelper != null) {
                cArr = this.masterPasswordHelper.getMasterPassword();
                cArr2 = cArr;
            }
        }
        if (this.processEnvironment == null && this.serviceLocator != null) {
            this.processEnvironment = (ProcessEnvironment) this.serviceLocator.getService(ProcessEnvironment.class, new Annotation[0]);
        }
        if (this.serverEnvironment == null && this.serviceLocator != null) {
            this.serverEnvironment = (ServerEnvironment) this.serviceLocator.getService(ServerEnvironment.class, new Annotation[0]);
        }
        if (initialized) {
            return;
        }
        initStores(cArr, cArr2);
        initialized = true;
    }

    private void initStores(char[] cArr, char[] cArr2) {
        String property = System.getProperty("javax.net.ssl.keyStore");
        String property2 = System.getProperty("fish.payara.ssl.additionalKeyStores");
        String property3 = System.getProperty("javax.net.ssl.trustStore");
        String property4 = System.getProperty("fish.payara.ssl.additionalTrustStores");
        char[] cArr3 = cArr;
        char[] cArr4 = cArr2;
        if (shouldGetPassFromProperty(cArr3)) {
            cArr3 = getKeyStorePass(cArr3);
            cArr4 = getTrustStorePass(cArr4);
        }
        String[] strArr = null;
        String[] strArr2 = null;
        if (property2 != null) {
            strArr = property2.split(File.pathSeparator);
        }
        if (property4 != null) {
            strArr2 = property4.split(File.pathSeparator);
        }
        initStores(property, cArr3, property3, cArr4, strArr, strArr2);
    }

    private static void initStores(String str, char[] cArr, String str2, char[] cArr2, String[] strArr, String[] strArr2) {
        try {
            try {
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                ArrayList arrayList3 = new ArrayList();
                ArrayList arrayList4 = new ArrayList();
                arrayList.add(loadStore(System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType()), null, str, cArr));
                arrayList2.add(loadStore(System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType()), null, str2, cArr2));
                arrayList3.add(Arrays.copyOf(cArr, cArr.length));
                arrayList4.add(null);
                try {
                    if (strArr != null) {
                        for (String str3 : strArr) {
                            arrayList.add(loadStore(System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType()), null, str3, cArr));
                        }
                    } else {
                        _logger.fine("No additional keystores set");
                    }
                    if (strArr2 != null) {
                        for (String str4 : strArr2) {
                            arrayList2.add(loadStore(System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType()), null, str4, cArr));
                        }
                    } else {
                        _logger.fine("No additional truststores set");
                    }
                } catch (FileNotFoundException e) {
                    _logger.warning("Additional keystore or truststore file not found " + e.getMessage());
                }
                keyStores.put("key", arrayList);
                trustStores.put("key", arrayList2);
                keyStorePasswords.put("key", arrayList3);
                tokenNames.put("key", arrayList4);
                Arrays.fill(cArr, ' ');
                Arrays.fill(cArr2, ' ');
            } catch (Exception e2) {
                _logger.severe("Failed to load key stores " + e2.getMessage());
                throw new IllegalStateException(e2);
            }
        } catch (Throwable th) {
            Arrays.fill(cArr, ' ');
            Arrays.fill(cArr2, ' ');
            throw th;
        }
    }

    protected static synchronized void loadStores(String str, Provider provider, String str2, char[] cArr, String str3, String str4, char[] cArr2, String str5) {
        try {
            keyStores.get("key").add(loadStore(str3, provider, str2, cArr));
            trustStores.get("key").add(loadStore(str5, provider, str4, cArr2));
            keyStorePasswords.get("key").add(Arrays.copyOf(cArr, cArr.length));
            tokenNames.get("key").add(str);
        } catch (Exception e) {
            _logger.severe("Failed to load key stores " + e.getMessage());
            throw new IllegalStateException(e);
        }
    }

    private static KeyStore loadStore(String str, Provider provider, String str2, char[] cArr) throws Exception {
        KeyStore keyStore = provider != null ? KeyStore.getInstance(str, provider) : KeyStore.getInstance(str);
        if (str2 != null) {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str2));
            Throwable th = null;
            try {
                try {
                    if (_logger.isLoggable(Level.FINE)) {
                        _logger.log(Level.FINE, "Loading keystoreFile = {0}, keystorePass = {1}", new Object[]{str2, cArr});
                    }
                    keyStore.load(bufferedInputStream, cArr);
                    if (bufferedInputStream != null) {
                        if (0 != 0) {
                            try {
                                bufferedInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            bufferedInputStream.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (bufferedInputStream != null) {
                    if (th != null) {
                        try {
                            bufferedInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        bufferedInputStream.close();
                    }
                }
                throw th3;
            }
        } else {
            keyStore.load(null, cArr);
        }
        return keyStore;
    }

    private boolean isEmbeddedServer() {
        return !Server.getServerNames().isEmpty();
    }

    private boolean shouldGetPassFromProperty(char[] cArr) {
        return cArr == null || isACC() || (this.serverEnvironment != null && this.serverEnvironment.isMicro());
    }

    private char[] getKeyStorePass(char[] cArr) {
        String property = System.getProperty("javax.net.ssl.keyStorePassword", "changeit");
        return property == null ? cArr : property.toCharArray();
    }

    private char[] getTrustStorePass(char[] cArr) {
        String property = System.getProperty("javax.net.ssl.trustStorePassword", "changeit");
        return property == null ? cArr : property.toCharArray();
    }

    private static synchronized boolean isInstantiated() {
        if (instantiated) {
            return true;
        }
        instantiated = true;
        return false;
    }

    private void checkCertificateDates(KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            Certificate certificate = keyStore.getCertificate(aliases.nextElement());
            if ((certificate instanceof X509Certificate) && ((X509Certificate) certificate).getNotAfter().before(this.initDate)) {
                _logger.log(Level.WARNING, SSL_CERT_EXPIRED, certificate);
            }
        }
    }

    private TrustManagerFactory getTrustManagerFactory(KeyStore keyStore, String str) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str != null ? str : TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    private KeyManagerFactory getKeyManagerFactory(KeyStore keyStore, char[] cArr, String str) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str != null ? str : KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, cArr);
        return keyManagerFactory;
    }
}
