package net.jxta.impl.endpoint.tls;

import java.io.BufferedOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.x500.X500Principal;
import net.jxta.document.MimeMediaType;
import net.jxta.endpoint.EndpointAddress;
import net.jxta.endpoint.Message;
import net.jxta.endpoint.Messenger;
import net.jxta.endpoint.WireFormatMessageFactory;
import net.jxta.impl.membership.pse.PSECredential;
import net.jxta.impl.util.TimeUtils;
import net.jxta.logging.Logging;
import net.jxta.util.IgnoreFlushFilterOutputStream;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:net/jxta/impl/endpoint/tls/TlsConn.class */
public class TlsConn {
    private static final transient Logger LOG = Logger.getLogger(TlsConn.class.getName());
    static final int BOSIZE = 16000;
    final TlsTransport transport;
    final EndpointAddress destAddr;
    private boolean client;
    private volatile HandshakeState currentState;
    long lastAccessed;
    int retrans;
    final TlsSocket tlsSocket;
    private final SSLContext context;
    private SSLSocket ssls;
    private boolean closing = false;
    final String lastAccessedLock = new String("lastAccessedLock");
    final String closeLock = new String("closeLock");
    private OutputStream plaintext_out = null;
    private PlaintextMessageReader readerThread = null;
    private String acquireMessengerLock = new String("Messenger Acquire Lock");
    private Messenger outBoundMessenger = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:net/jxta/impl/endpoint/tls/TlsConn$HandshakeState.class */
    public enum HandshakeState {
        CLIENTSTART,
        SERVERSTART,
        HANDSHAKESTARTED,
        HANDSHAKEFAILED,
        HANDSHAKEFINISHED,
        CONNECTIONCLOSING,
        CONNECTIONDEAD
    }

    /* loaded from: input_file:net/jxta/impl/endpoint/tls/TlsConn$PSECredentialKeyManager.class */
    private static class PSECredentialKeyManager implements X509KeyManager {
        PSECredential cred;
        KeyStore trusted;

        public PSECredentialKeyManager(PSECredential pSECredential, KeyStore keyStore) {
            this.cred = pSECredential;
            this.trusted = keyStore;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            Iterator it = Arrays.asList(strArr).iterator();
            while (it.hasNext()) {
                String checkTheOne = checkTheOne((String) it.next(), Arrays.asList(principalArr));
                if (null != checkTheOne) {
                    return checkTheOne;
                }
            }
            return null;
        }

        private String checkTheOne(String str, Collection<Principal> collection) {
            for (X509Certificate x509Certificate : Arrays.asList(this.cred.getCertificateChain())) {
                if (x509Certificate.getPublicKey().getAlgorithm().equals(str)) {
                    if (Logging.SHOW_FINE && TlsConn.LOG.isLoggable(Level.FINE)) {
                        TlsConn.LOG.fine("CHECKING: " + x509Certificate.getIssuerX500Principal() + " in " + collection);
                    }
                    if (collection.contains(x509Certificate.getIssuerX500Principal())) {
                        return "theone";
                    }
                }
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            String[] serverAliases = getServerAliases(str, principalArr);
            if (null != serverAliases) {
                return serverAliases[0];
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            if (str.equals("theone")) {
                return this.cred.getCertificateChain();
            }
            try {
                return (X509Certificate[]) this.trusted.getCertificateChain(str);
            } catch (KeyStoreException e) {
                return null;
            }
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            ArrayList arrayList = new ArrayList();
            try {
                Enumeration<String> aliases = this.trusted.aliases();
                List list = null;
                if (null != principalArr) {
                    list = Arrays.asList(principalArr);
                }
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (this.trusted.isCertificateEntry(nextElement)) {
                        try {
                            X509Certificate x509Certificate = (X509Certificate) this.trusted.getCertificate(nextElement);
                            if (null != x509Certificate && x509Certificate.getPublicKey().getAlgorithm().equals(str)) {
                                if (null == list) {
                                    arrayList.add(nextElement);
                                } else if (list.contains(x509Certificate.getIssuerX500Principal())) {
                                    arrayList.add(nextElement);
                                }
                            }
                        } catch (KeyStoreException e) {
                        }
                    }
                }
            } catch (KeyStoreException e2) {
            }
            return (String[]) arrayList.toArray(new String[arrayList.size()]);
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            if (str.equals("theone")) {
                return this.cred.getPrivateKey();
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            if (!str.equals(this.cred.getCertificate().getPublicKey().getAlgorithm())) {
                return null;
            }
            if (null == principalArr) {
                return new String[]{"theone"};
            }
            List<Principal> asList = Arrays.asList(principalArr);
            if (Logging.SHOW_FINE && TlsConn.LOG.isLoggable(Level.FINE)) {
                TlsConn.LOG.fine("Looking for : " + this.cred.getCertificate().getIssuerX500Principal());
                TlsConn.LOG.fine("Issuers : " + asList);
                X500Principal issuerX500Principal = this.cred.getCertificate().getIssuerX500Principal();
                TlsConn.LOG.fine("  Principal Type :" + issuerX500Principal.getClass().getName());
                for (Principal principal : asList) {
                    TlsConn.LOG.fine("Issuer Type : " + principal.getClass().getName());
                    TlsConn.LOG.fine("Issuer value : " + principal);
                    TlsConn.LOG.fine("tmp.equals(prin) : " + principal.equals(issuerX500Principal));
                }
            }
            Iterator it = Arrays.asList(this.cred.getCertificateChain()).iterator();
            while (it.hasNext()) {
                if (asList.contains(((X509Certificate) it.next()).getIssuerX500Principal())) {
                    return new String[]{"theone"};
                }
            }
            return null;
        }
    }

    /* loaded from: input_file:net/jxta/impl/endpoint/tls/TlsConn$PlaintextMessageReader.class */
    private class PlaintextMessageReader implements Runnable {
        InputStream ptin;
        Thread workerThread;

        public PlaintextMessageReader(InputStream inputStream) {
            this.ptin = null;
            this.workerThread = null;
            this.ptin = inputStream;
            this.workerThread = new Thread(TlsConn.this.transport.myThreadGroup, this, "JXTA TLS Plaintext Reader for " + TlsConn.this.destAddr);
            this.workerThread.setDaemon(true);
            this.workerThread.start();
            if (Logging.SHOW_INFO && TlsConn.LOG.isLoggable(Level.INFO)) {
                TlsConn.LOG.info("Started ReadPlaintextMessage thread for " + TlsConn.this.destAddr);
            }
        }

        @Override // java.lang.Runnable
        public void run() {
            while (true) {
                try {
                    try {
                        try {
                            Message fromWire = WireFormatMessageFactory.fromWire(this.ptin, JTlsDefs.MTYPE, null);
                            if (null == fromWire) {
                                break;
                            }
                            if (Logging.SHOW_FINE && TlsConn.LOG.isLoggable(Level.FINE)) {
                                TlsConn.LOG.fine("Dispatching " + fromWire + " to TlsTransport");
                            }
                            TlsConn.this.transport.processReceivedMessage(fromWire);
                            synchronized (TlsConn.this.lastAccessedLock) {
                                TlsConn.this.lastAccessed = TimeUtils.timeNow();
                            }
                        } catch (Throwable th) {
                            if (Logging.SHOW_SEVERE && TlsConn.LOG.isLoggable(Level.SEVERE)) {
                                TlsConn.LOG.log(Level.SEVERE, "Uncaught Throwable in thread :" + Thread.currentThread().getName(), th);
                            }
                            this.workerThread = null;
                        }
                    } catch (Throwable th2) {
                        this.workerThread = null;
                        throw th2;
                    }
                } catch (IOException e) {
                    if (Logging.SHOW_WARNING && TlsConn.LOG.isLoggable(Level.WARNING)) {
                        TlsConn.LOG.log(Level.WARNING, "I/O error while reading decrypted Message", (Throwable) e);
                    }
                }
            }
            this.workerThread = null;
            if (Logging.SHOW_INFO && TlsConn.LOG.isLoggable(Level.INFO)) {
                TlsConn.LOG.info("Finishing ReadPlaintextMessage thread");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TlsConn(TlsTransport tlsTransport, EndpointAddress endpointAddress, boolean z) throws Exception {
        this.transport = tlsTransport;
        this.destAddr = endpointAddress;
        this.client = z;
        this.currentState = z ? HandshakeState.CLIENTSTART : HandshakeState.SERVERSTART;
        this.lastAccessed = TimeUtils.timeNow();
        if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
            LOG.info((z ? "Initiating" : "Accepting") + " new connection for : " + endpointAddress.getProtocolAddress());
        }
        boolean z2 = false;
        TrustManagerFactory trustManagerFactory = null;
        String property = System.getProperty("net.jxta.impl.endpoint.tls.TMFAlgorithm");
        if (0 == 0 && null != property) {
            trustManagerFactory = TrustManagerFactory.getInstance(property);
            z2 = true;
        }
        List asList = Arrays.asList(Security.getProviders());
        HashSet hashSet = new HashSet();
        Iterator it = asList.iterator();
        while (it.hasNext()) {
            hashSet.add(((Provider) it.next()).getName());
        }
        if (!z2 && hashSet.contains("SunJSSE")) {
            trustManagerFactory = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
            z2 = true;
        }
        if (!z2 && hashSet.contains("IBMJSSE")) {
            trustManagerFactory = TrustManagerFactory.getInstance("IbmX509", "IBMJSSE");
            z2 = true;
        }
        if (!z2) {
            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            LOG.warning("Using defeualt Trust Manager Factory algorithm. This may not work as expected.");
        }
        KeyStore keyStore = this.transport.membership.getPSEConfig().getKeyStore();
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        KeyManager[] keyManagerArr = {new PSECredentialKeyManager(this.transport.credential, keyStore)};
        this.context = SSLContext.getInstance("TLS");
        this.context.init(keyManagerArr, trustManagers, null);
        SSLSocketFactory socketFactory = this.context.getSocketFactory();
        TlsSocket tlsSocket = new TlsSocket(new JTlsInputStream(this, tlsTransport.MIN_IDLE_RECONNECT), new JTlsOutputStream(this.transport, this));
        this.ssls = (SSLSocket) socketFactory.createSocket((Socket) tlsSocket, endpointAddress.getProtocolAddress(), 1376911, true);
        this.ssls.setEnabledProtocols(new String[]{"TLSv1"});
        this.ssls.setUseClientMode(z);
        if (!z) {
            this.ssls.setNeedClientAuth(true);
        }
        this.tlsSocket = tlsSocket;
    }

    public String toString() {
        return super.toString() + "/" + getHandshakeState() + ":" + (this.client ? "Client" : "Server") + " for " + this.destAddr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HandshakeState getHandshakeState() {
        return this.currentState;
    }

    synchronized HandshakeState setHandshakeState(HandshakeState handshakeState) {
        HandshakeState handshakeState2 = this.currentState;
        this.currentState = handshakeState;
        notifyAll();
        return handshakeState2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void finishHandshake() throws IOException {
        long j = 0;
        if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
            j = TimeUtils.timeNow();
            LOG.info((this.client ? "Client:" : "Server:") + " Handshake START");
        }
        setHandshakeState(HandshakeState.HANDSHAKESTARTED);
        if ("SSL_NULL_WITH_NULL_NULL".equals(this.ssls.getSession().getCipherSuite())) {
            setHandshakeState(HandshakeState.HANDSHAKEFAILED);
            throw new IOException("Handshake failed");
        }
        setHandshakeState(HandshakeState.HANDSHAKEFINISHED);
        if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
            LOG.info((this.client ? "Client:" : "Server:") + "Handshake DONE in " + (TimeUtils.toRelativeTimeMillis(TimeUtils.timeNow(), j) / 1000) + " secs");
        }
        this.plaintext_out = new BufferedOutputStream(this.ssls.getOutputStream(), BOSIZE);
        this.readerThread = new PlaintextMessageReader(this.ssls.getInputStream());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Finally extract failed */
    public void close(HandshakeState handshakeState) throws IOException {
        synchronized (this.lastAccessedLock) {
            this.lastAccessed = Long.MIN_VALUE;
        }
        synchronized (this.closeLock) {
            this.closing = true;
            if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
                LOG.info("Shutting down " + this);
            }
            setHandshakeState(HandshakeState.CONNECTIONCLOSING);
            try {
                try {
                    if (null != this.tlsSocket) {
                        try {
                            this.tlsSocket.close();
                        } catch (IOException e) {
                        }
                    }
                    if (null != this.ssls) {
                        try {
                            this.ssls.close();
                        } catch (IOException e2) {
                        }
                        this.ssls = null;
                    }
                    if (null != this.outBoundMessenger) {
                        this.outBoundMessenger.close();
                        this.outBoundMessenger = null;
                    }
                    this.closeLock.notifyAll();
                    this.closing = false;
                    setHandshakeState(handshakeState);
                } catch (Throwable th) {
                    if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
                        LOG.log(Level.INFO, "Throwable during close " + this, th);
                    }
                    new IOException("Throwable during close()").initCause(th);
                    this.closeLock.notifyAll();
                    this.closing = false;
                    setHandshakeState(handshakeState);
                }
            } catch (Throwable th2) {
                this.closeLock.notifyAll();
                this.closing = false;
                setHandshakeState(handshakeState);
                throw th2;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean sendToRemoteTls(Message message) throws IOException {
        synchronized (this.acquireMessengerLock) {
            if (null == this.outBoundMessenger || this.outBoundMessenger.isClosed()) {
                if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) {
                    LOG.fine("Getting messenger for " + this.destAddr);
                }
                EndpointAddress endpointAddress = new EndpointAddress(this.destAddr, "TlsTransport", (String) null);
                this.outBoundMessenger = this.transport.endpoint.getMessenger(endpointAddress);
                if (this.outBoundMessenger == null) {
                    if (Logging.SHOW_SEVERE && LOG.isLoggable(Level.SEVERE)) {
                        LOG.severe("Could not get messenger for " + endpointAddress);
                    }
                    return false;
                }
            }
            if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) {
                LOG.fine("Sending " + message + " to " + this.destAddr);
            }
            return this.outBoundMessenger.sendMessage(message);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void sendMessage(Message message) throws IOException {
        try {
            WireFormatMessageFactory.toWire(message, JTlsDefs.MTYPE, (MimeMediaType[]) null).sendToStream(new IgnoreFlushFilterOutputStream(this.plaintext_out));
            this.plaintext_out.flush();
        } catch (IOException e) {
            if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
                LOG.log(Level.INFO, "Closing " + this + " due to exception ", (Throwable) e);
            }
            close(HandshakeState.CONNECTIONDEAD);
            throw e;
        }
    }
}
