package com.sun.deploy.security;

import com.sun.deploy.config.Config;
import com.sun.deploy.resources.ResourceManager;
import com.sun.deploy.services.ServiceManager;
import com.sun.deploy.ui.UIFactory;
import com.sun.deploy.util.DeploySysAction;
import com.sun.deploy.util.DeploySysRun;
import com.sun.deploy.util.Trace;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.Socket;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509KeyManager;

/* loaded from: input_file:lib/deploy.jar:com/sun/deploy/security/X509DeployKeyManager.class */
public final class X509DeployKeyManager implements X509KeyManager {
    private X509KeyManager myKeyManager = null;
    private X509KeyManager browserKeyManager = null;
    private String userKeyStore;
    private String systemKeyStore;
    private KeyStore browserKeyStore;
    private boolean isWindows;
    private static ThreadLocal clientCertDialogCancelled = new ThreadLocal() { // from class: com.sun.deploy.security.X509DeployKeyManager.1
        @Override // java.lang.ThreadLocal
        protected synchronized Object initialValue() {
            return Boolean.FALSE;
        }
    };
    private static ThreadLocal passwdDialogCancelled = new ThreadLocal() { // from class: com.sun.deploy.security.X509DeployKeyManager.2
        @Override // java.lang.ThreadLocal
        protected synchronized Object initialValue() {
            return Boolean.FALSE;
        }
    };

    public X509DeployKeyManager() {
        this.userKeyStore = null;
        this.systemKeyStore = null;
        this.browserKeyStore = null;
        this.isWindows = Config.getOSName().indexOf("Windows") != -1;
        this.userKeyStore = Config.getUserClientAuthCertFile();
        this.systemKeyStore = Config.getSystemClientAuthCertFile();
        if (Config.getBooleanProperty(Config.SEC_USE_BROWSER_KEYSTORE_KEY)) {
            this.browserKeyStore = ServiceManager.getService().getBrowserClientAuthKeyStore();
        }
    }

    private void init() throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, FileNotFoundException, IOException, UnrecoverableKeyException, CertificateException {
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: com.sun.deploy.security.X509DeployKeyManager.3
                private final X509DeployKeyManager this$0;

                {
                    this.this$0 = this;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, FileNotFoundException, IOException, UnrecoverableKeyException, CertificateException {
                    this.this$0.do_init();
                    return null;
                }
            });
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            if (exception instanceof KeyStoreException) {
                throw ((KeyStoreException) exception);
            }
            if (exception instanceof NoSuchAlgorithmException) {
                throw ((NoSuchAlgorithmException) exception);
            }
            if (exception instanceof NoSuchProviderException) {
                throw ((NoSuchProviderException) exception);
            }
            if (exception instanceof FileNotFoundException) {
                throw ((FileNotFoundException) exception);
            }
            if (exception instanceof IOException) {
                throw ((IOException) exception);
            }
            if (exception instanceof UnrecoverableKeyException) {
                throw ((UnrecoverableKeyException) exception);
            }
            if (exception instanceof CertificateException) {
                throw ((CertificateException) exception);
            }
            Trace.securityPrintException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void do_init() throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, FileNotFoundException, IOException, UnrecoverableKeyException, CertificateException {
        this.browserKeyManager = getBrowserKeyManager(this.browserKeyStore);
        if (Config.isJavaVersionAtLeast16()) {
            this.myKeyManager = getNewMyKeyManager(this.userKeyStore, this.systemKeyStore);
        } else {
            this.myKeyManager = getLegacyMyKeyManager(this.userKeyStore);
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public synchronized String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        if (!clientCertDialogCancelled.get().equals(Boolean.FALSE)) {
            return null;
        }
        for (String str : strArr) {
            String[] clientAliases = getClientAliases(str, principalArr);
            if (clientAliases != null && clientAliases.length > 0) {
                for (int i = 0; i < clientAliases.length; i++) {
                    String substring = clientAliases[i].substring(CertType.PLUGIN.getType().length());
                    X509Certificate[] certificateChain = getCertificateChain(substring);
                    try {
                        if (CertUtils.checkTLSClient(certificateChain[0])) {
                            hashMap.put(substring, certificateChain);
                            if (clientAliases[i].startsWith(CertType.PLUGIN.getType())) {
                                hashMap2.put(substring, CertType.PLUGIN);
                            }
                            if (clientAliases[i].startsWith(CertType.BROWSER.getType())) {
                                hashMap2.put(substring, CertType.BROWSER);
                            }
                        }
                    } catch (CertificateException e) {
                        Trace.msgSecurityPrintln("clientauth.checkTLSClient.failed", new Object[]{substring});
                    }
                }
            }
        }
        String str2 = passwdDialogCancelled.get().equals(Boolean.FALSE) ? (Config.getBooleanProperty(Config.SEC_USE_CLIENTAUTH_AUTO_KEY) && hashMap.size() == 1) ? (String) hashMap.keySet().toArray()[0] : (String) DeploySysRun.executePrivileged(new DeploySysAction(this, hashMap, hashMap2) { // from class: com.sun.deploy.security.X509DeployKeyManager.4
            private final HashMap val$theClientAuthCertsMap;
            private final HashMap val$theClientAuthTypeMap;
            private final X509DeployKeyManager this$0;

            {
                this.this$0 = this;
                this.val$theClientAuthCertsMap = hashMap;
                this.val$theClientAuthTypeMap = hashMap2;
            }

            @Override // com.sun.deploy.util.DeploySysAction
            public Object execute() {
                return ClientCertDialog.showDialog(this.val$theClientAuthCertsMap, this.val$theClientAuthTypeMap);
            }
        }, null) : null;
        if (str2 == null) {
            clientCertDialogCancelled.set(Boolean.TRUE);
        }
        return str2;
    }

    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseClientAlias(strArr, principalArr, null);
    }

    @Override // javax.net.ssl.X509KeyManager
    public synchronized String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        try {
            if (this.myKeyManager == null && this.browserKeyManager == null && passwdDialogCancelled.get().equals(Boolean.FALSE)) {
                init();
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        String str2 = null;
        if (this.myKeyManager != null) {
            str2 = this.myKeyManager.chooseServerAlias(str, principalArr, socket);
        }
        if (str2 == null && this.browserKeyManager != null) {
            str2 = this.browserKeyManager.chooseServerAlias(str, principalArr, socket);
        }
        return str2;
    }

    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseServerAlias(str, principalArr, null);
    }

    @Override // javax.net.ssl.X509KeyManager
    public synchronized X509Certificate[] getCertificateChain(String str) {
        try {
            if (this.myKeyManager == null && this.browserKeyManager == null && passwdDialogCancelled.get().equals(Boolean.FALSE)) {
                init();
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        X509Certificate[] x509CertificateArr = null;
        if (this.myKeyManager != null && !str.contains("Mozilla") && !str.contains("MSCrypto")) {
            x509CertificateArr = this.myKeyManager.getCertificateChain(str);
        }
        if (x509CertificateArr == null && this.browserKeyManager != null) {
            x509CertificateArr = this.browserKeyManager.getCertificateChain(str);
        }
        return x509CertificateArr;
    }

    @Override // javax.net.ssl.X509KeyManager
    public synchronized String[] getClientAliases(String str, Principal[] principalArr) {
        try {
            if (this.myKeyManager == null && this.browserKeyManager == null && passwdDialogCancelled.get().equals(Boolean.FALSE)) {
                init();
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        String[] clientAliases = this.myKeyManager != null ? this.myKeyManager.getClientAliases(str, principalArr) : null;
        String[] clientAliases2 = this.browserKeyManager != null ? this.browserKeyManager.getClientAliases(str, principalArr) : null;
        if (clientAliases == null) {
            if (clientAliases2 != null) {
                for (int i = 0; i < clientAliases2.length; i++) {
                    clientAliases2[i] = new StringBuffer().append(CertType.BROWSER.getType()).append(clientAliases2[i]).toString();
                }
            }
            return clientAliases2;
        }
        if (clientAliases2 == null) {
            if (clientAliases != null) {
                for (int i2 = 0; i2 < clientAliases.length; i2++) {
                    clientAliases[i2] = new StringBuffer().append(CertType.PLUGIN.getType()).append(clientAliases[i2]).toString();
                }
            }
            return clientAliases;
        }
        for (int i3 = 0; i3 < clientAliases.length; i3++) {
            clientAliases[i3] = new StringBuffer().append(CertType.PLUGIN.getType()).append(clientAliases[i3]).toString();
        }
        for (int i4 = 0; i4 < clientAliases2.length; i4++) {
            clientAliases2[i4] = new StringBuffer().append(CertType.BROWSER.getType()).append(clientAliases2[i4]).toString();
        }
        String[] strArr = new String[clientAliases.length + clientAliases2.length];
        System.arraycopy(clientAliases, 0, strArr, 0, clientAliases.length);
        System.arraycopy(clientAliases2, 0, strArr, clientAliases.length, clientAliases2.length);
        return strArr;
    }

    @Override // javax.net.ssl.X509KeyManager
    public synchronized String[] getServerAliases(String str, Principal[] principalArr) {
        try {
            if (this.myKeyManager == null && this.browserKeyManager == null && passwdDialogCancelled.get().equals(Boolean.FALSE)) {
                init();
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        String[] strArr = null;
        String[] strArr2 = null;
        if (this.myKeyManager != null) {
            strArr = this.myKeyManager.getServerAliases(str, principalArr);
        }
        if (this.browserKeyManager != null) {
            strArr2 = this.browserKeyManager.getServerAliases(str, principalArr);
        }
        if (strArr == null) {
            return strArr2;
        }
        if (strArr2 == null) {
            return strArr;
        }
        String[] strArr3 = new String[strArr.length + strArr2.length];
        System.arraycopy(strArr, 0, strArr3, 0, strArr.length);
        System.arraycopy(strArr2, 0, strArr3, strArr.length, strArr2.length);
        return strArr3;
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        try {
            if (this.myKeyManager == null && this.browserKeyManager == null && passwdDialogCancelled.get().equals(Boolean.FALSE)) {
                init();
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        PrivateKey privateKey = null;
        if (this.myKeyManager != null && !str.contains("Mozilla") && !str.contains("MSCrypto")) {
            privateKey = this.myKeyManager.getPrivateKey(str);
        }
        if (privateKey == null && this.browserKeyManager != null) {
            privateKey = this.browserKeyManager.getPrivateKey(str);
        }
        return privateKey;
    }

    private X509KeyManager getBrowserKeyManager(KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, FileNotFoundException, IOException, UnrecoverableKeyException, CertificateException {
        X509KeyManager x509KeyManager = null;
        if (keyStore != null) {
            keyStore.load(null, new char[0]);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509", "SunJSSE");
            keyManagerFactory.init(keyStore, new char[0]);
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            int i = 0;
            while (true) {
                if (i >= keyManagers.length) {
                    break;
                }
                if (keyManagers[i] instanceof X509KeyManager) {
                    x509KeyManager = (X509KeyManager) keyManagers[i];
                    break;
                }
                i++;
            }
        }
        return x509KeyManager;
    }

    /* JADX WARN: Code restructure failed: missing block: B:22:0x00bd, code lost:
    
        r10 = (javax.net.ssl.X509KeyManager) r0[r20];
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private javax.net.ssl.X509KeyManager getNewMyKeyManager(java.lang.String r8, java.lang.String r9) throws java.security.KeyStoreException, java.security.NoSuchAlgorithmException, java.security.NoSuchProviderException, java.io.FileNotFoundException, java.io.IOException, java.security.UnrecoverableKeyException, java.security.cert.CertificateException {
        /*
            Method dump skipped, instructions count: 249
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.deploy.security.X509DeployKeyManager.getNewMyKeyManager(java.lang.String, java.lang.String):javax.net.ssl.X509KeyManager");
    }

    private X509KeyManager getLegacyMyKeyManager(String str) throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, FileNotFoundException, IOException, UnrecoverableKeyException, CertificateException {
        char[] passwordDialog;
        X509KeyManager x509KeyManager = null;
        if (new File(str).exists()) {
            boolean z = true;
            while (z) {
                try {
                    passwordDialog = getPasswordDialog("clientauth.user.password.dialog.text");
                } catch (IOException e) {
                    e.printStackTrace();
                    if (!Trace.isAutomationEnabled()) {
                        UIFactory.showExceptionDialog(null, e, getMessage("clientauth.password.dialog.error.text"), getMessage("clientauth.password.dialog.error.caption"));
                    }
                }
                if (passwdDialogCancelled.get().equals(Boolean.TRUE)) {
                    break;
                }
                String property = System.getProperty("javax.net.ssl.keyStoreType");
                if (property == null) {
                    property = "JKS";
                }
                KeyStore keyStore = KeyStore.getInstance(property);
                keyStore.load(new BufferedInputStream(new FileInputStream(str)), passwordDialog);
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509", "SunJSSE");
                keyManagerFactory.init(keyStore, passwordDialog);
                KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
                int i = 0;
                while (true) {
                    if (i >= keyManagers.length) {
                        break;
                    }
                    if (keyManagers[i] instanceof X509KeyManager) {
                        x509KeyManager = (X509KeyManager) keyManagers[i];
                        break;
                    }
                    i++;
                }
                z = false;
            }
        }
        return x509KeyManager;
    }

    private char[] getPasswordDialog(String str) {
        CredentialInfo showPasswordDialog = UIFactory.showPasswordDialog(null, getMessage("password.dialog.title"), getMessage(str), false, false, null, false);
        if (showPasswordDialog != null) {
            return showPasswordDialog.getPassword();
        }
        passwdDialogCancelled.set(Boolean.TRUE);
        return null;
    }

    private static String getMessage(String str) {
        return ResourceManager.getMessage(str);
    }

    private static int getAcceleratorKey(String str) {
        return ResourceManager.getAcceleratorKey(str);
    }
}
