package com.tibco.tibjms;

import ch.qos.logback.core.net.ssl.SSL;
import com.tibco.tibjms.naming.TibjmsNamingConstants;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintStream;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import javax.jms.JMSException;
import javax.jms.JMSSecurityException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.security.auth.x500.X500Principal;
import liquibase.sqlgenerator.core.MarkChangeSetRanGenerator;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.openssl.PEMParser;
import org.h2.engine.Constants;
import org.modelmapper.internal.bytebuddy.ClassFileVersion;

/* loaded from: input_file:BOOT-INF/lib/tibjms-10.2.jar:com/tibco/tibjms/TibjmsSSL.class */
public class TibjmsSSL {
    public static final int TLS_RSA_WITH_AES_128_CBC_SHA256 = 60;
    public static final int TLS_RSA_WITH_AES_256_CBC_SHA256 = 61;
    public static final int TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 103;
    public static final int TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 107;
    public static final int TLS_RSA_WITH_AES_128_GCM_SHA256 = 156;
    public static final int TLS_RSA_WITH_AES_256_GCM_SHA384 = 157;
    public static final int TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 158;
    public static final int TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 159;
    public static final int TLS_PSK_WITH_AES_128_GCM_SHA256 = 168;
    public static final int TLS_PSK_WITH_AES_256_GCM_SHA384 = 169;
    public static final int TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 170;
    public static final int TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 171;
    public static final int TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 172;
    public static final int TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 173;
    public static final int SSL_RSA_WITH_RC4_128_MD5 = 4;
    public static final int SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 6;
    public static final int SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 3;
    public static final int SSL_RSA_EXPORT_WITH_DES_40_CBC_SHA = 7;
    public static final int SSL_DHE_RSA_EXPORT_WITH_DES_40_CBC_SHA = 210;
    public static final int SSL_DHE_DSS_EXPORT_WITH_DES_40_CBC_SHA = 100;
    public static final int SSL_RSA_WITH_NULL_MD5 = 1;
    public static final int SSL_RSA_WITH_NULL_SHA = 2;
    public static final int SSL_RSA_WITH_DES_CBC_SHA = 8;
    public static final int SSL_DHE_DSS_WITH_DES_CBC_SHA = 101;
    public static final int SSL_DHE_RSA_WITH_DES_CBC_SHA = 211;
    public static final int SSL_RSA_WITH_RC4_128_SHA = 5;
    public static final int SSL_RSA_WITH_3DES_EDE_CBC_SHA = 9;
    public static final int SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 102;
    public static final int SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 212;
    public static final int TLS_RSA_WITH_AES_128_CBC_SHA = 20;
    public static final int TLS_RSA_WITH_AES_256_CBC_SHA = 21;
    public static final int TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 120;
    public static final int TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 121;
    public static final int TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 220;
    public static final int TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 221;
    public static final int TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 64;
    public static final int TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 106;
    public static final int TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 162;
    public static final int TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 163;
    public static final int TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 49159;
    public static final int TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 49160;
    public static final int TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 49161;
    public static final int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 49162;
    public static final int TLS_ECDHE_RSA_WITH_RC4_128_SHA = 49169;
    public static final int TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 49170;
    public static final int TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 49171;
    public static final int TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 49172;
    public static final String IBM_PROVIDER = "ibm";
    private static final String PKCS11 = "com.tibco.tibjms.ssl.PKCS11";
    private static final String PKCS11CONFIG = "com.tibco.tibjms.ssl.PKCS11Config";
    private static final String OLD_FIPS = "com.tibco.security.FIPS";
    static final int _COP_NONE = 0;
    static final int _COP_REMOVE = 1;
    static final int _COP_ADD = 2;
    static final int _COP_MOVE_END = 3;
    static final int _COP_MOVE_FRONT = 4;
    static final char _COP_REMOVE_CHAR = '-';
    static final char _COP_ADD_CHAR = '+';
    public static final String VENDOR = "com.tibco.tibjms.ssl.vendor";
    public static final String TRACE = "com.tibco.tibjms.ssl.trace";
    public static final String AUTH_ONLY = "com.tibco.tibjms.ssl.auth_only";
    public static final String DEBUG_TRACE = "com.tibco.tibjms.ssl.debug_trace";
    public static final String TRUSTED_CERTIFICATES = "com.tibco.tibjms.ssl.trusted_certs";
    public static final String ENABLE_VERIFY_HOST = "com.tibco.tibjms.ssl.enable_verify_host";
    public static final String ENABLE_VERIFY_HOST_NAME = "com.tibco.tibjms.ssl.enable_verify_hostname";
    public static final String EXPECTED_HOST_NAME = "com.tibco.tibjms.ssl.expected_hostname";
    public static final String HOST_NAME_VERIFIER = "com.tibco.tibjms.ssl.hostname_verifier";
    public static final String IDENTITY = "com.tibco.tibjms.ssl.identity";
    public static final String IDENTITY_ENCODING = "com.tibco.tibjms.ssl.identity_encoding";
    public static final String ISSUER_CERTIFICATES = "com.tibco.tibjms.ssl.issuer_certs";
    public static final String PRIVATE_KEY = "com.tibco.tibjms.ssl.private_key";
    public static final String PRIVATE_KEY_ENCODING = "com.tibco.tibjms.ssl.private_key_encoding";
    public static final String PASSWORD = "com.tibco.tibjms.ssl.password";
    public static final String CIPHER_SUITES = "com.tibco.tibjms.ssl.cipher_suites";
    public static final String CIPHERS = "com.tibco.tibjms.ssl.ciphers";
    public static final int ENCODING_AUTO = 0;
    public static final int ENCODING_PEM = 1;
    public static final int ENCODING_DER = 2;
    static final int ENCODING_BER = 4;
    public static final int ENCODING_PKCS7 = 16;
    public static final int ENCODING_PKCS8 = 32;
    public static final int ENCODING_PKCS12 = 64;
    public static final int ENCODING_KEYSTORE = 512;
    private static final String _noinit = "Security is not initialized";
    private static final String _NAMING_SSL_PREFIX = "com.tibco.tibjms.naming.ssl_";
    private static final String _TIBJMS_SSL_PREFIX = "com.tibco.tibjms.ssl.";
    public static final int TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 49187;
    public static final int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 49188;
    public static final int TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 49191;
    public static final int TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 49192;
    public static final int TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 49195;
    public static final int TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 49196;
    public static final int TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 49199;
    public static final int TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 49200;
    public static final int TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 52392;
    public static final int TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 52393;
    public static final int TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 52394;
    public static final int TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 52395;
    public static final int TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 52396;
    public static final int TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 52397;
    public static final int TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 = 52398;
    public static final int TLS_AES_128_GCM_SHA256 = 4865;
    public static final int TLS_AES_256_GCM_SHA384 = 4866;
    public static final int TLS_CHACHA20_POLY1305_SHA256 = 4867;
    public static final int TLS_AES_128_CCM_SHA256 = 4868;
    public static final int TLS_AES_128_CCM_8_SHA256 = 4869;
    static TibjmsSSLCipherInfo[] _ciphersList = {new TibjmsSSLCipherInfo("150", "TLS_RSA_WITH_AES_128_CBC_SHA256", "SSL_RSA_WITH_AES_128_CBC_SHA256", 60, "AES128-SHA256", "TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256"), new TibjmsSSLCipherInfo("151", "TLS_RSA_WITH_AES_256_CBC_SHA256", "SSL_RSA_WITH_AES_256_CBC_SHA256", 61, "AES256-SHA256", "TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256"), new TibjmsSSLCipherInfo("160", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "SSL_DHE_RSA_WITH_AES_128_CBC_SHA256", 103, "DHE-RSA-AES128-SHA256", "TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256"), new TibjmsSSLCipherInfo("162", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "SSL_DHE_RSA_WITH_AES_256_CBC_SHA256", 107, "DHE-RSA-AES256-SHA256", "TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256"), new TibjmsSSLCipherInfo("170", "TLS_RSA_WITH_AES_128_GCM_SHA256", "SSL_RSA_WITH_AES_128_GCM_SHA256", 156, "AES128-GCM-SHA256", "TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD"), new TibjmsSSLCipherInfo("171", "TLS_RSA_WITH_AES_256_GCM_SHA384", "SSL_RSA_WITH_AES_256_GCM_SHA384", 157, "AES256-GCM-SHA384", "TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD"), new TibjmsSSLCipherInfo("172", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "SSL_DHE_RSA_WITH_AES_128_GCM_SHA256", 158, "DHE-RSA-AES128-GCM-SHA256", "TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD"), new TibjmsSSLCipherInfo("173", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "SSL_DHE_RSA_WITH_AES_256_GCM_SHA384", 159, "DHE-RSA-AES256-GCM-SHA384", "TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD"), new TibjmsSSLCipherInfo("333", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "ECDHE-ECDSA-AES128-SHA256", "TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256"), new TibjmsSSLCipherInfo("334", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "ECDHE-ECDSA-AES256-SHA384", "TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384"), new TibjmsSSLCipherInfo("337", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "ECDHE-RSA-AES128-SHA256", "TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256"), new TibjmsSSLCipherInfo("338", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "ECDHE-RSA-AES256-SHA384", "TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384"), new TibjmsSSLCipherInfo("341", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "ECDHE-ECDSA-AES128-GCM-SHA256", "TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD"), new TibjmsSSLCipherInfo("342", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "ECDHE-ECDSA-AES256-GCM-SHA384", "TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD"), new TibjmsSSLCipherInfo("345", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "ECDHE-RSA-AES128-GCM-SHA256", "TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD"), new TibjmsSSLCipherInfo("346", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "ECDHE-RSA-AES256-GCM-SHA384", "TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD"), new TibjmsSSLCipherInfo("347", "TLS_PSK_WITH_AES_128_GCM_SHA256", "SSL_PSK_WITH_AES_128_GCM_SHA256", 168, "PSK-AES128-GCM-SHA256", "TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD"), new TibjmsSSLCipherInfo("348", "TLS_PSK_WITH_AES_256_GCM_SHA384", "SSL_PSK_WITH_AES_256_GCM_SHA384", 169, "PSK-AES256-GCM-SHA384", "TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD"), new TibjmsSSLCipherInfo("349", "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", "SSL_DHE_PSK_WITH_AES_128_GCM_SHA256", 170, "DHE-PSK-AES128-GCM-SHA256", "TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD"), new TibjmsSSLCipherInfo("350", "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", "SSL_DHE_PSK_WITH_AES_256_GCM_SHA384", 171, "DHE-PSK-AES256-GCM-SHA384", "TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD"), new TibjmsSSLCipherInfo("351", "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", "SSL_RSA_PSK_WITH_AES_128_GCM_SHA256", 172, "RSA-PSK-AES128-GCM-SHA256", "TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD"), new TibjmsSSLCipherInfo("352", "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", "SSL_RSA_PSK_WITH_AES_256_GCM_SHA384", 173, "RSA-PSK-AES256-GCM-SHA384", "TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD"), new TibjmsSSLCipherInfo("353", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "SSL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, "ECDHE-RSA-CHACHA20-POLY1305", "TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD"), new TibjmsSSLCipherInfo("354", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "SSL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, "ECDHE-ECDSA-CHACHA20-POLY1305", "TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD"), new TibjmsSSLCipherInfo("355", "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "SSL_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, "DHE-RSA-CHACHA20-POLY1305", "TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD"), new TibjmsSSLCipherInfo("356", "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256", "SSL_PSK_WITH_CHACHA20_POLY1305_SHA256", TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, "PSK-CHACHA20-POLY1305", "TLSv1.2 Kx=PSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD"), new TibjmsSSLCipherInfo("357", "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", "SSL_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, "ECDHE-PSK-CHACHA20-POLY1305", "TLSv1.2 Kx=ECDHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD"), new TibjmsSSLCipherInfo("358", "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256", "SSL_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256", TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, "DHE-PSK-CHACHA20-POLY1305", "TLSv1.2 Kx=DHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD"), new TibjmsSSLCipherInfo("359", "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256", "SSL_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256", TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256, "RSA-PSK-CHACHA20-POLY1305", "TLSv1.2 Kx=RSAPSK Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD"), new TibjmsSSLCipherInfo("360", "TLS_AES_128_GCM_SHA256", "SSL_AES_128_GCM_SHA256", TLS_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256", "TLSv1.3 Enc=AESGCM(128) Mac=SHA256"), new TibjmsSSLCipherInfo("361", "TLS_AES_256_GCM_SHA384", "SSL_AES_256_GCM_SHA384", TLS_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384", "TLSv1.3 Enc=AESGCM(256) Mac=SHA384"), new TibjmsSSLCipherInfo("362", "TLS_CHACHA20_POLY1305_SHA256", "SSL_CHACHA20_POLY1305_SHA256", TLS_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256", "TLSv1.3 Enc=CHACHA20/POLY1305 Mac=SHA256"), new TibjmsSSLCipherInfo("363", "TLS_AES_128_CCM_SHA256", "SSL_AES_128_CCM_SHA256", TLS_AES_128_CCM_SHA256, "TLS_AES_128_CCM_SHA256", "TLSv1.3 Enc=AESCCM(128) Mac=SHA256"), new TibjmsSSLCipherInfo("364", "TLS_AES_128_CCM_8_SHA256", "SSL_AES_128_CCM_8_SHA256", TLS_AES_128_CCM_8_SHA256, "TLS_AES_128_CCM_8_SHA256", "TLSv1.3 Enc=AESCCM8(128) Mac=SHA256")};
    static Hashtable _ciphersHash = null;
    private static int trustedCertAliasInc = 0;
    public static final String J2SE_PROVIDER = "j2se";
    public static final String J2SE_DEFAULT = "j2se-default";
    public static String[] _vendors = {J2SE_PROVIDER, J2SE_DEFAULT};
    static String[] _protocols = {"TLSv1.2", "TLSv1.3"};
    static Provider _pkcs11Provider = null;

    @Deprecated
    public static final boolean client_enableSSLv3 = Boolean.getBoolean("com.tibco.security.ssl.client.EnableSSLv3");
    private static String _DEFAULT_SSL_VENDOR = J2SE_DEFAULT;
    private static boolean _sslInitialized = false;
    private static Object _sslLock = new Object();
    static TibjmsSSLParams _default = new TibjmsSSLParams();
    private static SecureRandom secureRandom = null;

    static void _initCiphers() {
        synchronized (_sslLock) {
            if (_ciphersHash != null) {
                return;
            }
            _ciphersHash = new Hashtable();
            for (int i = 0; i < _ciphersList.length; i++) {
                TibjmsSSLCipherInfo tibjmsSSLCipherInfo = _ciphersList[i];
                _ciphersHash.put(tibjmsSSLCipherInfo.tibjmsName, tibjmsSSLCipherInfo);
                _ciphersHash.put(tibjmsSSLCipherInfo.javaName, tibjmsSSLCipherInfo);
                _ciphersHash.put(tibjmsSSLCipherInfo.javaAltName, tibjmsSSLCipherInfo);
                _ciphersHash.put(tibjmsSSLCipherInfo.opensslName, tibjmsSSLCipherInfo);
                _ciphersHash.put(Integer.valueOf(tibjmsSSLCipherInfo.javaID), tibjmsSSLCipherInfo);
            }
        }
    }

    static TibjmsSSLCipherInfo _getCipher(String str) {
        TibjmsSSLCipherInfo tibjmsSSLCipherInfo;
        if (str == null || str.length() == 0) {
            return null;
        }
        synchronized (_sslLock) {
            _initCiphers();
            tibjmsSSLCipherInfo = (TibjmsSSLCipherInfo) _ciphersHash.get(str);
        }
        return tibjmsSSLCipherInfo;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:139:0x0056 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:76:0x02e5 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    static java.lang.String[] _ciphersFromSpec(com.tibco.tibjms.TibjmsSSLParams r6, javax.net.ssl.SSLSocketFactory r7) throws javax.jms.JMSSecurityException {
        /*
            Method dump skipped, instructions count: 1089
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.tibco.tibjms.TibjmsSSL._ciphersFromSpec(com.tibco.tibjms.TibjmsSSLParams, javax.net.ssl.SSLSocketFactory):java.lang.String[]");
    }

    static String[] _ciphersFromSuites(TibjmsSSLParams tibjmsSSLParams) throws JMSSecurityException {
        String cipherSuiteName;
        if (tibjmsSSLParams.cipher_suites == null || tibjmsSSLParams.cipher_suites.length == 0) {
            return null;
        }
        PrintStream _getTracer = _getTracer(tibjmsSSLParams);
        ArrayList arrayList = new ArrayList();
        for (int i : tibjmsSSLParams.cipher_suites) {
            try {
                cipherSuiteName = getCipherSuiteName(i);
            } catch (JMSSecurityException e) {
            }
            if (cipherSuiteName != null) {
                arrayList.add(cipherSuiteName);
            }
            if (_getTracer != null) {
                _sslTrace(_getTracer, "WARNING: Ignoring invalid cipher suite number: " + i, null);
            }
        }
        String[] strArr = new String[arrayList.size()];
        for (int i2 = 0; i2 < arrayList.size(); i2++) {
            strArr[i2] = (String) arrayList.get(i2);
        }
        return strArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean _hasSSLParams(Map map) {
        if (map == null) {
            return false;
        }
        for (Object obj : map.keySet()) {
            if (obj != null && (obj instanceof String)) {
                String str = (String) obj;
                if (str.startsWith(_NAMING_SSL_PREFIX) || str.startsWith(_TIBJMS_SSL_PREFIX)) {
                    return true;
                }
            }
        }
        return false;
    }

    private static PrintStream _tracerValue(Map map, String str, PrintStream printStream) throws JMSSecurityException {
        Object _getDual = _getDual(map, str);
        if (_getDual != null) {
            if (_getDual instanceof PrintStream) {
                return (PrintStream) _getDual;
            }
            if (_getDual instanceof String) {
                String str2 = (String) _getDual;
                if (str2.equalsIgnoreCase("out")) {
                    return System.out;
                }
                if (!str2.equalsIgnoreCase(TibjmsxConst.JMS_ERROR_CODE) && !new Boolean(str2).booleanValue()) {
                    return printStream;
                }
                return System.err;
            }
            if (!(_getDual instanceof Boolean)) {
                throw new JMSSecurityException("Invalid value of " + str);
            }
            if (((Boolean) _getDual).booleanValue()) {
                return System.err;
            }
        }
        return printStream;
    }

    static Object _getDual(Map map, String str) {
        if (str == null || str.length() == 0) {
            return null;
        }
        Object obj = map.get(str);
        if (obj == null) {
            String str2 = str.startsWith(_NAMING_SSL_PREFIX) ? _TIBJMS_SSL_PREFIX + str.substring(_NAMING_SSL_PREFIX.length()) : str.startsWith(_TIBJMS_SSL_PREFIX) ? _NAMING_SSL_PREFIX + str.substring(_TIBJMS_SSL_PREFIX.length()) : null;
            if (str2 != null) {
                obj = map.get(str2);
            }
        }
        return obj;
    }

    private static boolean _getEnvBool(Map map, String str, boolean z) throws JMSException {
        boolean z2 = z;
        Object _getDual = _getDual(map, str);
        if (_getDual != null) {
            if (_getDual instanceof String) {
                return new Boolean((String) _getDual).booleanValue();
            }
            if (!(_getDual instanceof Boolean)) {
                throw new JMSException("Invalid value of '" + str + "': must be Boolean value or String representing a Boolean");
            }
            z2 = ((Boolean) _getDual).booleanValue();
        }
        return z2;
    }

    private static String _getEnvString(Map map, String str, String str2) throws JMSException {
        String str3 = str2;
        Object _getDual = _getDual(map, str);
        if (_getDual != null) {
            if (!(_getDual instanceof String)) {
                throw new JMSException("Invalid value of '" + str + "': must be String value");
            }
            str3 = (String) _getDual;
        }
        return str3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Integer _getEnvEncoding(Map map, String str) throws JMSException {
        Object _getDual = _getDual(map, str);
        if (_getDual == null) {
            return null;
        }
        if (_getDual instanceof String) {
            try {
                int encodingNameToInt = encodingNameToInt((String) _getDual);
                return encodingNameToInt != 0 ? new Integer(encodingNameToInt) : new Integer((String) _getDual);
            } catch (NumberFormatException e) {
                throw new JMSException("Invalid value of '" + str + "': must be Number value or String representing a number or encoding");
            }
        }
        if (_getDual instanceof Number) {
            return new Integer(((Number) _getDual).intValue());
        }
        throw new JMSException("Invalid value of '" + str + "': must be Number value or String representing a number or encoding");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void initFromEnvironment(Map map, TibjmsSSLParams tibjmsSSLParams) throws JMSException {
        Integer _getEnvEncoding;
        if (map == null) {
            throw new IllegalArgumentException("null parameter");
        }
        synchronized (_sslLock) {
            tibjmsSSLParams.vendor = _getEnvString(map, VENDOR, tibjmsSSLParams.vendor);
            tibjmsSSLParams.tracer = _tracerValue(map, TRACE, tibjmsSSLParams.tracer);
            tibjmsSSLParams.debug_trace = _getEnvBool(map, DEBUG_TRACE, tibjmsSSLParams.debug_trace);
            tibjmsSSLParams.expected_hostname = _getEnvString(map, EXPECTED_HOST_NAME, tibjmsSSLParams.expected_hostname);
            tibjmsSSLParams.disable_verify_host = !_getEnvBool(map, ENABLE_VERIFY_HOST, !tibjmsSSLParams.disable_verify_host);
            tibjmsSSLParams.disable_verify_hostname = !_getEnvBool(map, ENABLE_VERIFY_HOST_NAME, !tibjmsSSLParams.disable_verify_hostname);
            tibjmsSSLParams.auth_only = _getEnvBool(map, AUTH_ONLY, tibjmsSSLParams.auth_only);
            Object _getDual = _getDual(map, HOST_NAME_VERIFIER);
            if (_getDual != null) {
                if (!(_getDual instanceof TibjmsSSLHostNameVerifier)) {
                    throw new JMSSecurityException("Invalid value of 'com.tibco.tibjms.ssl.hostname_verifier': must be instance of class " + TibjmsSSLHostNameVerifier.class.getName());
                }
                tibjmsSSLParams.verifier = (TibjmsSSLHostNameVerifier) _getDual;
            }
            Object _getDual2 = _getDual(map, CIPHER_SUITES);
            if (_getDual2 != null) {
                if (_getDual2 instanceof String) {
                    if (((String) _getDual2).length() > 0) {
                        _setCipherSuites(tibjmsSSLParams, (String) _getDual2);
                    }
                } else {
                    if (!(_getDual2 instanceof int[])) {
                        throw new JMSSecurityException("Invalid value of 'com.tibco.tibjms.ssl.cipher_suites': must be a String or int[]");
                    }
                    int[] iArr = (int[]) _getDual2;
                    if (iArr.length > 0) {
                        int[] iArr2 = new int[iArr.length];
                        System.arraycopy(iArr, 0, iArr2, 0, iArr.length);
                        _setCipherSuites(tibjmsSSLParams, iArr2);
                        tibjmsSSLParams.cipher_suites = iArr2;
                    }
                }
            }
            Object _getDual3 = _getDual(map, TRUSTED_CERTIFICATES);
            if (_getDual3 != null) {
                if (_getDual3 instanceof String) {
                    _addTrustedCertsToParams(tibjmsSSLParams, (String) _getDual3, 0);
                } else {
                    if (!(_getDual3 instanceof Vector)) {
                        throw new JMSSecurityException("Invalid value of 'com.tibco.tibjms.ssl.trusted_certs': must be Vector");
                    }
                    Vector vector = (Vector) _getDual3;
                    int i = 0;
                    while (i < vector.size()) {
                        int i2 = 0;
                        Object elementAt = vector.elementAt(i);
                        i++;
                        if (elementAt == null) {
                            throw new JMSSecurityException("Invalid content of 'com.tibco.tibjms.ssl.trusted_certs'");
                        }
                        if (elementAt instanceof String) {
                            i2 = encodingNameToInt((String) elementAt);
                        }
                        if (!(elementAt instanceof Number) && i2 == 0) {
                            _addTrustedCertsToParams(tibjmsSSLParams, elementAt, 0);
                        } else {
                            if (i > vector.size() - 1) {
                                throw new JMSSecurityException("Invalid content of 'com.tibco.tibjms.ssl.trusted_certs'");
                            }
                            Object elementAt2 = vector.elementAt(i);
                            if (i2 == 0) {
                                i2 = ((Number) elementAt).intValue();
                            }
                            i++;
                            _addTrustedCertsToParams(tibjmsSSLParams, elementAt2, i2);
                        }
                    }
                }
            }
            Object _getDual4 = _getDual(map, ISSUER_CERTIFICATES);
            if (_getDual4 != null) {
                if (_getDual4 instanceof String) {
                    _addIssuerCerts(tibjmsSSLParams, (String) _getDual4, 0);
                } else {
                    if (!(_getDual4 instanceof Vector)) {
                        throw new JMSSecurityException("Invalid value of 'com.tibco.tibjms.ssl.issuer_certs': must be Vector");
                    }
                    Vector vector2 = (Vector) _getDual4;
                    int i3 = 0;
                    while (i3 < vector2.size()) {
                        int i4 = 0;
                        Object elementAt3 = vector2.elementAt(i3);
                        i3++;
                        if (elementAt3 == null) {
                            throw new JMSSecurityException("Invalid content of 'com.tibco.tibjms.ssl.issuer_certs'");
                        }
                        if (elementAt3 instanceof String) {
                            i4 = encodingNameToInt((String) elementAt3);
                        }
                        if (!(elementAt3 instanceof Number) && i4 == 0) {
                            _addIssuerCerts(tibjmsSSLParams, elementAt3, 0);
                        } else {
                            if (i3 > vector2.size() - 1) {
                                throw new JMSSecurityException("Invalid content of 'com.tibco.tibjms.ssl.issuer_certs'");
                            }
                            Object elementAt4 = vector2.elementAt(i3);
                            if (i4 == 0) {
                                i4 = ((Number) elementAt3).intValue();
                            }
                            i3++;
                            _addIssuerCerts(tibjmsSSLParams, elementAt4, i4);
                        }
                    }
                }
            }
            Object _getDual5 = _getDual(map, IDENTITY);
            if (_getDual5 != null) {
                int i5 = 0;
                int i6 = 0;
                char[] cArr = null;
                Integer _getEnvEncoding2 = _getEnvEncoding(map, IDENTITY_ENCODING);
                if (_getEnvEncoding2 != null) {
                    i5 = _getEnvEncoding2.intValue();
                }
                Object _getDual6 = _getDual(map, PRIVATE_KEY);
                if (_getDual6 != null && (_getEnvEncoding = _getEnvEncoding(map, PRIVATE_KEY_ENCODING)) != null) {
                    i6 = _getEnvEncoding.intValue();
                }
                Object _getDual7 = _getDual(map, PASSWORD);
                if (_getDual7 != null) {
                    if (!(_getDual7 instanceof String) && !(_getDual7 instanceof char[])) {
                        throw new JMSSecurityException("Invalid value of 'com.tibco.tibjms.ssl.password': must be a String or char[]");
                    }
                    cArr = _getDual7 instanceof String ? ((String) _getDual7).toCharArray() : (char[]) _getDual7;
                }
                if (_getDual6 != null) {
                    _setIdentity(tibjmsSSLParams, _getDual5, i5, _getDual6, i6, cArr);
                } else {
                    _setIdentity(tibjmsSSLParams, _getDual5, i5, null, 0, cArr);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void _enableVendorTrace(boolean z) {
        if (z) {
            try {
                if (System.getProperty("javax.net.debug") == null) {
                    System.setProperty("javax.net.debug", "ssl:handshake:trustmanager");
                }
            } catch (Throwable th) {
            }
        }
    }

    public static String getVendor() {
        String str;
        synchronized (_sslLock) {
            str = _default.vendor != null ? _default.vendor : _DEFAULT_SSL_VENDOR;
        }
        return str;
    }

    public static void setVendor(String str) throws JMSSecurityException {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("null or empty String");
        }
        synchronized (_sslLock) {
            String str2 = _default.vendor;
            if (str2 != null) {
                if (str.equalsIgnoreCase(str2)) {
                    return;
                } else {
                    return;
                }
            }
            for (int i = 0; i < _vendors.length; i++) {
                if (str.equalsIgnoreCase(_vendors[i])) {
                    _default.vendor = str;
                    return;
                }
            }
            throw new JMSSecurityException("Security vendor '" + str + "' not supported");
        }
    }

    public static void initialize() throws JMSSecurityException {
        synchronized (_sslLock) {
            initialize(null);
        }
    }

    public static void initialize(String str) throws JMSSecurityException {
        initialize(_default, str);
    }

    private static void put_if(Hashtable hashtable, String str, String str2) {
        if (str2 == null || str2.length() <= 0) {
            return;
        }
        hashtable.put(str, str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void initialize(TibjmsSSLParams tibjmsSSLParams, String str) throws JMSSecurityException {
        try {
            if (_default.tracer == null && Tibjmsx.sslTrace) {
                _default.tracer = System.out;
            }
            if (_default.debug_tracer == null && Tibjmsx.sslDebugTrace) {
                _default.debug_tracer = System.out;
            }
        } catch (Exception e) {
        }
        PrintStream _getTracer = _getTracer(tibjmsSSLParams);
        PrintStream _getDebugTracer = _getDebugTracer(tibjmsSSLParams);
        synchronized (_sslLock) {
            if (_getDebugTracer != null) {
                _sslTrace(_getDebugTracer, "TibjmsSSL.initialize() entry: params = " + Integer.toHexString(System.identityHashCode(tibjmsSSLParams)) + ", _default = " + Integer.toHexString(System.identityHashCode(_default)), null);
                if (tibjmsSSLParams != _default) {
                    _sslTrace(_getDebugTracer, " params   contains: " + tibjmsSSLParams.toString(), null);
                }
                _sslTrace(_getDebugTracer, " _default contains: " + _default.toString(), null);
            }
            if (_sslInitialized) {
                if (tibjmsSSLParams == _default) {
                    if (_getDebugTracer != null) {
                        _sslTrace(_getDebugTracer, "TLS default object already initialized, so return", null);
                    }
                    return;
                } else if (_getDebugTracer != null) {
                    _sslTrace(_getDebugTracer, "Start partial TLS reinitialization", null);
                }
            } else if (_getDebugTracer != null) {
                _sslTrace(_getDebugTracer, "Start TLS initialization", null);
            }
            Hashtable hashtable = new Hashtable();
            put_if(hashtable, VENDOR, Tibjmsx.ssl_vendor);
            put_if(hashtable, TRACE, Tibjmsx.ssl_trace);
            put_if(hashtable, DEBUG_TRACE, Tibjmsx.ssl_debug_trace);
            put_if(hashtable, ENABLE_VERIFY_HOST, Tibjmsx.ssl_verify_host);
            put_if(hashtable, ENABLE_VERIFY_HOST_NAME, Tibjmsx.ssl_verify_hostname);
            put_if(hashtable, EXPECTED_HOST_NAME, Tibjmsx.ssl_expected_hostname);
            put_if(hashtable, AUTH_ONLY, Tibjmsx.ssl_auth_only);
            put_if(hashtable, IDENTITY, Tibjmsx.ssl_identity);
            put_if(hashtable, PRIVATE_KEY, Tibjmsx.ssl_private_key);
            put_if(hashtable, PASSWORD, Tibjmsx.ssl_password);
            put_if(hashtable, CIPHER_SUITES, Tibjmsx.ssl_ciphers);
            if (Tibjmsx.ssl_trusted != null) {
                Vector vector = new Vector();
                vector.addElement(Tibjmsx.ssl_trusted);
                if (Tibjmsx.ssl_trusted1 != null) {
                    vector.addElement(Tibjmsx.ssl_trusted1);
                }
                if (Tibjmsx.ssl_trusted2 != null) {
                    vector.addElement(Tibjmsx.ssl_trusted2);
                }
                if (Tibjmsx.ssl_trusted3 != null) {
                    vector.addElement(Tibjmsx.ssl_trusted3);
                }
                hashtable.put(TRUSTED_CERTIFICATES, vector);
            }
            if (Tibjmsx.ssl_issuer != null) {
                Vector vector2 = new Vector();
                vector2.addElement(Tibjmsx.ssl_issuer);
                if (Tibjmsx.ssl_issuer1 != null) {
                    vector2.addElement(Tibjmsx.ssl_issuer1);
                }
                if (Tibjmsx.ssl_issuer2 != null) {
                    vector2.addElement(Tibjmsx.ssl_issuer2);
                }
                if (Tibjmsx.ssl_issuer3 != null) {
                    vector2.addElement(Tibjmsx.ssl_issuer3);
                }
                hashtable.put(ISSUER_CERTIFICATES, vector2);
            }
            if (hashtable.size() > 0) {
                try {
                    initFromEnvironment(hashtable, _default);
                    if (_getDebugTracer != null) {
                        _sslTrace(_getDebugTracer, "_default after initFromEnvironment: " + _default.toString(), null);
                    }
                    if (tibjmsSSLParams != _default) {
                        initFromEnvironment(hashtable, tibjmsSSLParams);
                        if (_getDebugTracer != null) {
                            _sslTrace(_getDebugTracer, "params after initFromEnvironment: " + tibjmsSSLParams.toString(), null);
                        }
                    }
                } catch (JMSException e2) {
                    throw new JMSSecurityException(e2.getMessage());
                }
            }
            String str2 = str;
            if (str2 == null) {
                str2 = _default.vendor;
            }
            if (str2 == null) {
                str2 = _DEFAULT_SSL_VENDOR;
            }
            if (_getTracer != null) {
                _sslTrace(_getTracer, "initializing security with vendor '" + str2 + TibjmsNamingConstants.SYNTAX_QUOTE, null);
            }
            setVendor(str2);
            tibjmsSSLParams.vendor = _default.vendor;
            if (_sslInitialized) {
                if (_getDebugTracer != null) {
                    _sslTrace(_getDebugTracer, "Partial TLS reinitialization is complete.", null);
                }
                return;
            }
            try {
                if (System.getProperty(OLD_FIPS) != null) {
                    throw new JMSSecurityException("Property 'com.tibco.security.FIPS' is no longer supported. See documentation for current FIPS support.");
                }
                boolean z = System.getProperty(PKCS11, "FALSE").toUpperCase().equals(Constants.CLUSTERING_ENABLED);
                String property = System.getProperty(PKCS11CONFIG);
                if (property != null && !property.isEmpty()) {
                    if (_getDebugTracer != null) {
                        _sslTrace(_getDebugTracer, "Dynamic PKCS11 Config file: " + property, null);
                    }
                    _pkcs11Provider = TibjmsSSLPlatform.getPKCS11ProviderFromConfig(property);
                    if (_pkcs11Provider != null) {
                        int i = -1;
                        int i2 = 0;
                        String str3 = null;
                        Provider[] providers = Security.getProviders();
                        int length = providers.length;
                        int i3 = 0;
                        while (true) {
                            if (i3 >= length) {
                                break;
                            }
                            Provider provider = providers[i3];
                            if (provider.getName().contains("JSSE")) {
                                i = i2 + 1;
                                str3 = provider.getName();
                                break;
                            } else {
                                i2++;
                                i3++;
                            }
                        }
                        if (_getDebugTracer != null) {
                            _sslTrace(_getDebugTracer, "JSSE position in provider list: " + i, null);
                        }
                        Provider fIPSProviderFromProvider = TibjmsSSLPlatform.getFIPSProviderFromProvider(_pkcs11Provider);
                        if (fIPSProviderFromProvider == null) {
                            throw new JMSSecurityException("FIPS provider not created.");
                        }
                        TibjmsSSLPlatform.putFIPSProviderInProviderList(fIPSProviderFromProvider, i, str3, _getDebugTracer);
                    }
                    if (_pkcs11Provider != null && _getDebugTracer != null) {
                        _sslTrace(_getDebugTracer, "Using dynamic PKCS11 provider", null);
                    }
                } else if (z) {
                    Provider[] providers2 = Security.getProviders();
                    if (providers2 != null && providers2.length > 0) {
                        int i4 = 0;
                        while (true) {
                            if (i4 >= providers2.length) {
                                break;
                            }
                            int i5 = i4 + 1;
                            providers2[i4].getName();
                            String info = providers2[i4].getInfo();
                            if (info == null || !info.toUpperCase().contains("PKCS11")) {
                                i4++;
                            } else {
                                _pkcs11Provider = providers2[i4];
                                if (_getDebugTracer != null) {
                                    _sslTrace(_getDebugTracer, "Using static PKCS11 provider", null);
                                }
                            }
                        }
                    }
                    if (_pkcs11Provider == null) {
                        throw new JMSSecurityException("No PKCS11 provider found.");
                    }
                }
                if (_getDebugTracer != null) {
                    if (_pkcs11Provider == null) {
                        _sslTrace(_getDebugTracer, "Using normal JSSE provider", null);
                    }
                    _sslTrace(_getDebugTracer, "Available providers are:", null);
                    Provider[] providers3 = Security.getProviders();
                    if (providers3 == null || providers3.length <= 0) {
                        _sslTrace(_getDebugTracer, "No providers equipped.", null);
                    } else {
                        for (Provider provider2 : providers3) {
                            _sslTrace(_getDebugTracer, "        " + provider2.getName(), null);
                        }
                        if (_pkcs11Provider != null) {
                            _sslTrace(_getDebugTracer, "PKCS11 Provider: " + _pkcs11Provider.getName() + ": " + _pkcs11Provider.getInfo(), null);
                        }
                    }
                }
                if (_getTracer != null) {
                    _sslTrace(_getTracer, "client version 10.2.1, security version " + System.getProperty(ClassFileVersion.VersionLocator.JAVA_VERSION) + ", TLS initialized with vendor '" + tibjmsSSLParams.vendor + TibjmsNamingConstants.SYNTAX_QUOTE, null);
                }
                if (_getDebugTracer != null) {
                    _sslTrace(_getDebugTracer, "TLS initialization is complete", null);
                }
                _sslInitialized = true;
            } catch (Exception e3) {
                JMSSecurityException jMSSecurityException = new JMSSecurityException("Failed to initialize security environment for vendor " + tibjmsSSLParams.vendor + ", reason: " + e3.getMessage());
                jMSSecurityException.setLinkedException(e3);
                throw jMSSecurityException;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TibjmsSSLParams getDefaultParameters() {
        return _default;
    }

    public static void setDebugTraceEnabled(boolean z) {
        _default.debug_trace = z;
    }

    public static void setAuthOnly(boolean z) {
        _default.auth_only = z;
    }

    public static boolean isAuthOnly() {
        return _default.auth_only;
    }

    public static boolean getDebugTraceEnabled() {
        return _default.debug_trace;
    }

    public static void setClientTracer(PrintStream printStream) {
        _default.tracer = printStream;
    }

    public static PrintStream getClientTracer() {
        return _default.tracer;
    }

    public static void setSecureRandom(SecureRandom secureRandom2) {
        secureRandom = secureRandom2;
    }

    public static String getCipherSuiteName(int i) throws JMSSecurityException {
        if (!_sslInitialized) {
            throw new JMSSecurityException(_noinit);
        }
        try {
            _initCiphers();
            TibjmsSSLCipherInfo tibjmsSSLCipherInfo = (TibjmsSSLCipherInfo) _ciphersHash.get(Integer.valueOf(i));
            if (tibjmsSSLCipherInfo != null) {
                return tibjmsSSLCipherInfo.javaName;
            }
            throw new JMSSecurityException("Unknown cipher suite");
        } catch (Exception e) {
            throw new JMSSecurityException("Unknown cipher suite");
        }
    }

    public static int getCipherSuiteNumber(String str) throws JMSSecurityException {
        if (!_sslInitialized) {
            throw new JMSSecurityException(_noinit);
        }
        try {
            _initCiphers();
            TibjmsSSLCipherInfo tibjmsSSLCipherInfo = (TibjmsSSLCipherInfo) _ciphersHash.get(str);
            if (tibjmsSSLCipherInfo != null) {
                return tibjmsSSLCipherInfo.javaID;
            }
            TibjmsSSLCipherInfo tibjmsSSLCipherInfo2 = (TibjmsSSLCipherInfo) _ciphersHash.get(str.startsWith("TLS") ? str.replaceFirst("TLS", "SSL") : str.replaceFirst("SSL", "TLS"));
            if (tibjmsSSLCipherInfo2 != null) {
                return tibjmsSSLCipherInfo2.javaID;
            }
            throw new JMSSecurityException("Unknown cipher suite");
        } catch (Exception e) {
            throw new JMSSecurityException("Unknown cipher suite");
        }
    }

    public static boolean isCipherSuiteSupported(int i) throws JMSSecurityException {
        return isCipherSuiteSupported(i, simulateConnection()._sslSocketFactory);
    }

    static boolean isCipherSuiteSupported(int i, SSLSocketFactory sSLSocketFactory) throws JMSSecurityException {
        String cipherSuiteName = getCipherSuiteName(i);
        if (cipherSuiteName == null) {
            return false;
        }
        if (sSLSocketFactory == null) {
            throw new JMSSecurityException(_noinit);
        }
        return isCipherSuiteSocSupported(cipherSuiteName, sSLSocketFactory.getSupportedCipherSuites());
    }

    public static boolean isCipherSuiteSupported(String str) throws JMSSecurityException {
        return isCipherSuiteSupported(str, simulateConnection()._sslSocketFactory);
    }

    static boolean isCipherSuiteSupported(String str, SSLSocketFactory sSLSocketFactory) throws JMSSecurityException {
        if (getCipherSuiteNumber(str) == 0) {
            return false;
        }
        if (sSLSocketFactory == null) {
            throw new JMSSecurityException(_noinit);
        }
        return isCipherSuiteSocSupported(str, sSLSocketFactory.getSupportedCipherSuites());
    }

    static boolean isCipherSuiteSocSupported(String str, String[] strArr) throws JMSSecurityException {
        String str2;
        String replaceFirst;
        if (str.startsWith("TLS")) {
            replaceFirst = str;
            str2 = str.replaceFirst("TLS", "SSL");
        } else {
            str2 = str;
            replaceFirst = str.replaceFirst("SSL", "TLS");
        }
        for (int i = 0; i < strArr.length; i++) {
            if (replaceFirst.equals(strArr[i]) || str2.equals(strArr[i])) {
                return true;
            }
        }
        return false;
    }

    public static int[] getSupportedCipherSuites() throws JMSSecurityException {
        if (!_sslInitialized) {
            throw new JMSSecurityException(_noinit);
        }
        String[] supportedCipherNames = getSupportedCipherNames();
        ArrayList arrayList = new ArrayList();
        for (String str : supportedCipherNames) {
            try {
                int cipherSuiteNumber = getCipherSuiteNumber(str);
                if (cipherSuiteNumber != 0) {
                    arrayList.add(Integer.valueOf(cipherSuiteNumber));
                }
            } catch (JMSSecurityException e) {
            }
        }
        int[] iArr = new int[arrayList.size()];
        for (int i = 0; i < arrayList.size(); i++) {
            iArr[i] = ((Integer) arrayList.get(i)).intValue();
        }
        return iArr;
    }

    static TibjmsxLinkSSL simulateConnection() throws JMSSecurityException {
        try {
            TibjmsxLinkSSL tibjmsxLinkSSL = new TibjmsxLinkSSL(null);
            String expectedHostName = getExpectedHostName();
            setExpectedHostName("");
            tibjmsxLinkSSL._initSSL();
            setExpectedHostName(expectedHostName);
            return tibjmsxLinkSSL;
        } catch (JMSException e) {
            JMSSecurityException jMSSecurityException = new JMSSecurityException("Failed to set up simulated connection" + (e.getMessage() != null ? ": " + e.getMessage() : ""));
            jMSSecurityException.setLinkedException(e);
            throw jMSSecurityException;
        }
    }

    public static String[] getSupportedCipherNames() throws JMSSecurityException {
        try {
            TibjmsxLinkSSL simulateConnection = simulateConnection();
            return _filterCipherSuites(simulateConnection._sslSocketFactory.getSupportedCipherSuites(), simulateConnection._sslSocketFactory, null);
        } catch (JMSException e) {
            JMSSecurityException jMSSecurityException = new JMSSecurityException("Failed to retrieve supported cipher suites" + (e.getMessage() != null ? ": " + e.getMessage() : ""));
            jMSSecurityException.setLinkedException(e);
            throw jMSSecurityException;
        }
    }

    public static void setCipherSuites(int[] iArr) throws JMSSecurityException {
        _setCipherSuites(_default, iArr);
    }

    static void _setCipherSuites(TibjmsSSLParams tibjmsSSLParams, int[] iArr) throws JMSSecurityException {
        if (iArr != null && iArr.length == 0) {
            throw new IllegalArgumentException("Parameter can not be zero-length array");
        }
        if (iArr == null) {
            tibjmsSSLParams.cipher_suites = null;
            return;
        }
        int[] iArr2 = new int[iArr.length];
        System.arraycopy(iArr, 0, iArr2, 0, iArr.length);
        tibjmsSSLParams.cipher_suites = iArr2;
    }

    public static void setCipherSuites(String str) throws JMSSecurityException {
        _setCipherSuites(_default, str);
    }

    static void _setCipherSuites(TibjmsSSLParams tibjmsSSLParams, String str) throws JMSSecurityException {
        if (str != null && str.length() == 0) {
            throw new IllegalArgumentException("Parameter can not be empty String");
        }
        tibjmsSSLParams.cipher_specs = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String[] _getCipherSuites(TibjmsSSLParams tibjmsSSLParams, SSLSocketFactory sSLSocketFactory) throws JMSSecurityException {
        int i;
        String[] strArr = null;
        if (tibjmsSSLParams == null) {
            return null;
        }
        PrintStream _getDebugTracer = _getDebugTracer(tibjmsSSLParams);
        if (tibjmsSSLParams.cipher_specs != null) {
            strArr = _ciphersFromSpec(tibjmsSSLParams, sSLSocketFactory);
            if (_getDebugTracer != null && strArr != null) {
                _sslTrace(_getDebugTracer, "cipher_specs has " + strArr.length + " user specified cipher(s)", null);
            }
        }
        if ((strArr == null || strArr.length == 0) && tibjmsSSLParams.cipher_suites != null && tibjmsSSLParams.cipher_suites.length > 0) {
            strArr = _ciphersFromSuites(tibjmsSSLParams);
            if (_getDebugTracer != null && strArr != null) {
                _sslTrace(_getDebugTracer, "cipher_suites has " + strArr.length + " user specified cipher(s)", null);
            }
        }
        PrintStream _getTracer = _getTracer(tibjmsSSLParams);
        if (_getTracer != null && strArr != null) {
            if (!_sslInitialized) {
                throw new JMSSecurityException(_noinit);
            }
            for (0; i < strArr.length; i + 1) {
                i = isCipherSuiteSupported(strArr[i], sSLSocketFactory) ? i + 1 : 0;
                _sslTrace(_getTracer, "Warning: specified cipher suite not supported: suite=" + strArr[i], null);
            }
        }
        return strArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String[] _filterCipherSuites(String[] strArr, SSLSocketFactory sSLSocketFactory, PrintStream printStream) {
        if (strArr != null) {
            ArrayList arrayList = new ArrayList();
            String[] supportedCipherSuites = sSLSocketFactory.getSupportedCipherSuites();
            for (int i = 0; i < strArr.length; i++) {
                try {
                } catch (JMSSecurityException e) {
                    if (printStream != null) {
                        _sslTrace(printStream, "Ignore disallowed cipher: " + strArr[i], null);
                    }
                }
                if (isCipherSuiteSupported(strArr[i], sSLSocketFactory)) {
                    if (isCipherSuiteSocSupported(strArr[i], supportedCipherSuites)) {
                        arrayList.add(strArr[i]);
                    } else if (printStream != null) {
                        _sslTrace(printStream, "Ignore unsupported cipher: " + strArr[i], null);
                    }
                }
            }
            strArr = new String[arrayList.size()];
            if (printStream != null) {
                _sslTrace(printStream, "Enable connection ciphers:", null);
            }
            for (int i2 = 0; i2 < arrayList.size(); i2++) {
                strArr[i2] = (String) arrayList.get(i2);
                if (printStream != null) {
                    _sslTrace(printStream, "        " + strArr[i2], null);
                }
            }
        }
        return strArr;
    }

    public static String[] getClientCipherSuites() throws JMSException {
        try {
            TibjmsxLinkSSL simulateConnection = simulateConnection();
            return _filterCipherSuites(simulateConnection._cipherSuites != null ? simulateConnection._cipherSuites : simulateConnection._sslSocketFactory.getDefaultCipherSuites(), simulateConnection._sslSocketFactory, null);
        } catch (JMSException e) {
            JMSException jMSException = new JMSException("Failed to retrieve client cipher suites" + (e.getMessage() != null ? ": " + e.getMessage() : ""));
            jMSException.setLinkedException(e);
            throw jMSException;
        }
    }

    public static void setVerifyHost(boolean z) {
        _default.disable_verify_host = !z;
    }

    public static boolean getVerifyHost() {
        return !_default.disable_verify_host;
    }

    public static void setExpectedHostName(String str) {
        _default.expected_hostname = str;
    }

    public static String getExpectedHostName() {
        return _default.expected_hostname;
    }

    public static void setVerifyHostName(boolean z) {
        _default.disable_verify_hostname = !z;
    }

    public static boolean getVerifyHostName() {
        return !_default.disable_verify_hostname;
    }

    public static void setHostNameVerifier(TibjmsSSLHostNameVerifier tibjmsSSLHostNameVerifier) {
        synchronized (_sslLock) {
            _default.verifier = tibjmsSSLHostNameVerifier;
        }
    }

    public static TibjmsSSLHostNameVerifier getHostNameVerifier() {
        return _default.verifier;
    }

    public static void clearTrustedCerts() throws JMSSecurityException {
        synchronized (_sslLock) {
            _default.trusted = null;
        }
    }

    public static void addTrustedCerts(Object obj) throws JMSSecurityException {
        addTrustedCerts(obj, 0);
    }

    public static void addTrustedCerts(Object obj, int i) throws JMSSecurityException {
        synchronized (_sslLock) {
            _addTrustedCertsToParams(_default, obj, i);
        }
    }

    static void _addTrustedCertsToParams(TibjmsSSLParams tibjmsSSLParams, Object obj, int i) throws JMSSecurityException {
        if (obj == null || tibjmsSSLParams == null) {
            throw new IllegalArgumentException("null parameter");
        }
        int encodingToPrecise = encodingToPrecise(i);
        checkValidTrustedEncoding(encodingToPrecise);
        TibjmsSSLCI tibjmsSSLCI = new TibjmsSSLCI(obj, encodingToPrecise);
        if (tibjmsSSLParams.trusted == null) {
            tibjmsSSLParams.trusted = new Vector();
        }
        tibjmsSSLParams.trusted.addElement(tibjmsSSLCI);
    }

    public static void clearIssuerCerts() throws JMSSecurityException {
        synchronized (_sslLock) {
            _default.issuers = null;
        }
    }

    public static void addIssuerCerts(Object obj) throws JMSSecurityException {
        addIssuerCerts(obj, 0);
    }

    public static void addIssuerCerts(Object obj, int i) throws JMSSecurityException {
        synchronized (_sslLock) {
            _addIssuerCerts(_default, obj, i);
        }
    }

    static void _addIssuerCerts(TibjmsSSLParams tibjmsSSLParams, Object obj, int i) throws JMSSecurityException {
        if (obj == null || tibjmsSSLParams == null) {
            throw new IllegalArgumentException("null parameter");
        }
        TibjmsSSLCI tibjmsSSLCI = new TibjmsSSLCI(obj, encodingToPrecise(i));
        if (tibjmsSSLParams.issuers == null) {
            tibjmsSSLParams.issuers = new Vector();
        }
        tibjmsSSLParams.issuers.addElement(tibjmsSSLCI);
    }

    static PrintStream _getTracer(TibjmsSSLParams tibjmsSSLParams) {
        return (tibjmsSSLParams == null || tibjmsSSLParams.tracer == null) ? _default.tracer : tibjmsSSLParams.tracer;
    }

    static PrintStream _getDebugTracer(TibjmsSSLParams tibjmsSSLParams) {
        return (tibjmsSSLParams == null || tibjmsSSLParams.debug_tracer == null) ? _default.debug_tracer : tibjmsSSLParams.debug_tracer;
    }

    public static void setIdentity(Object obj, char[] cArr) throws JMSSecurityException {
        setIdentity(obj, 0, null, 0, cArr);
    }

    public static void setIdentity(Object obj, Object obj2, char[] cArr) throws JMSSecurityException {
        setIdentity(obj, 0, obj2, 0, cArr);
    }

    public static void setIdentity(Object obj, int i, char[] cArr) throws JMSSecurityException {
        setIdentity(obj, i, null, 0, cArr);
    }

    public static void setIdentity(Object obj, int i, Object obj2, char[] cArr) throws JMSSecurityException {
        setIdentity(obj, i, obj2, 0, cArr);
    }

    public static void setIdentity(Object obj, int i, Object obj2, int i2, char[] cArr) throws JMSSecurityException {
        synchronized (_sslLock) {
            _setIdentity(_default, obj, i, obj2, i2, cArr);
        }
    }

    public static void setPassword(char[] cArr) {
        _setPassword(_default, cArr);
    }

    /* JADX WARN: Code restructure failed: missing block: B:21:0x0010, code lost:
    
        if (r5.length == 0) goto L10;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    static void _setPassword(com.tibco.tibjms.TibjmsSSLParams r4, char[] r5) {
        /*
            java.lang.Object r0 = com.tibco.tibjms.TibjmsSSL._sslLock
            r1 = r0
            r6 = r1
            monitor-enter(r0)
            r0 = r4
            if (r0 == 0) goto L13
            r0 = r5
            if (r0 == 0) goto L1e
            r0 = r5
            int r0 = r0.length     // Catch: java.lang.Throwable -> L47
            if (r0 != 0) goto L1e
        L13:
            java.lang.IllegalArgumentException r0 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L47
            r1 = r0
            java.lang.String r2 = "invalid parameters"
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L47
            throw r0     // Catch: java.lang.Throwable -> L47
        L1e:
            r0 = r4
            char[] r0 = r0.password     // Catch: java.lang.Throwable -> L47
            if (r0 == 0) goto L3d
            r0 = 0
            r7 = r0
        L27:
            r0 = r7
            r1 = r4
            char[] r1 = r1.password     // Catch: java.lang.Throwable -> L47
            int r1 = r1.length     // Catch: java.lang.Throwable -> L47
            if (r0 >= r1) goto L3d
            r0 = r4
            char[] r0 = r0.password     // Catch: java.lang.Throwable -> L47
            r1 = r7
            r2 = 0
            r0[r1] = r2     // Catch: java.lang.Throwable -> L47
            int r7 = r7 + 1
            goto L27
        L3d:
            r0 = r4
            r1 = r5
            r0.password = r1     // Catch: java.lang.Throwable -> L47
            r0 = r6
            monitor-exit(r0)     // Catch: java.lang.Throwable -> L47
            goto L4e
        L47:
            r8 = move-exception
            r0 = r6
            monitor-exit(r0)     // Catch: java.lang.Throwable -> L47
            r0 = r8
            throw r0
        L4e:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.tibco.tibjms.TibjmsSSL._setPassword(com.tibco.tibjms.TibjmsSSLParams, char[]):void");
    }

    static void _setIdentity(TibjmsSSLParams tibjmsSSLParams, Object obj, int i, Object obj2, int i2, char[] cArr) throws JMSSecurityException {
        if (tibjmsSSLParams == null) {
            throw new IllegalArgumentException("null parameter");
        }
        int encodingToPrecise = encodingToPrecise(i);
        int encodingToPrecise2 = encodingToPrecise(i2);
        if (obj != null) {
            tibjmsSSLParams.identity_data = new TibjmsSSLCI(obj, encodingToPrecise);
        }
        if (obj2 != null) {
            tibjmsSSLParams.pk_key_data = new TibjmsSSLCI(obj2, encodingToPrecise2);
        }
        tibjmsSSLParams.password = cArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore _createTrustedCerts(TibjmsSSLParams tibjmsSSLParams) throws JMSSecurityException {
        synchronized (_sslLock) {
            if (!_sslInitialized) {
                throw new JMSSecurityException(_noinit);
            }
            PrintStream _getDebugTracer = _getDebugTracer(tibjmsSSLParams);
            try {
                KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
                if (_getDebugTracer != null) {
                    _sslTrace(_getDebugTracer, "Initialize empty JKS keystore for trusted certs.", null);
                }
                try {
                    keyStore.load(null, null);
                    if (tibjmsSSLParams.trusted != null) {
                        if (_getDebugTracer != null) {
                            _sslTrace(_getDebugTracer, "Add " + tibjmsSSLParams.trusted.size() + " user provided trusted certs.", null);
                        }
                        for (int i = 0; i < tibjmsSSLParams.trusted.size(); i++) {
                            try {
                                _addTrustedCertsFromParams(tibjmsSSLParams, keyStore, (TibjmsSSLCI) tibjmsSSLParams.trusted.elementAt(i));
                            } catch (JMSSecurityException e) {
                                JMSSecurityException jMSSecurityException = new JMSSecurityException("Error in params trusted certificate (" + (i + 1) + " of " + tibjmsSSLParams.trusted.size() + ") ('" + e.getMessage() + "')");
                                jMSSecurityException.setLinkedException(e);
                                throw jMSSecurityException;
                            }
                        }
                    } else if (_getDebugTracer != null) {
                        _sslTrace(_getDebugTracer, "No user provided trusted certs.", null);
                    }
                    if (_getDebugTracer != null) {
                        try {
                            _sslTrace(_getDebugTracer, "trustedCerts now contains " + keyStore.size() + " entries", null);
                        } catch (KeyStoreException e2) {
                        }
                    }
                    try {
                        if (keyStore.size() == 0) {
                            return null;
                        }
                        return keyStore;
                    } catch (KeyStoreException e3) {
                        JMSSecurityException jMSSecurityException2 = new JMSSecurityException("Detected corrupted keystore for trusted certificates, reason: " + e3.getMessage());
                        jMSSecurityException2.setLinkedException(e3);
                        throw jMSSecurityException2;
                    }
                } catch (IOException | NoSuchAlgorithmException | CertificateException e4) {
                    JMSSecurityException jMSSecurityException3 = new JMSSecurityException("Failed to initialize keystore for trusted certs, reason: " + e4.getMessage());
                    jMSSecurityException3.setLinkedException(e4);
                    throw jMSSecurityException3;
                }
            } catch (KeyStoreException e5) {
                JMSSecurityException jMSSecurityException4 = new JMSSecurityException("Failed to create keystore for trusted certs, reason: " + e5.getMessage());
                jMSSecurityException4.setLinkedException(e5);
                throw jMSSecurityException4;
            }
        }
    }

    private static void _addTrustedCertsFromParams(TibjmsSSLParams tibjmsSSLParams, KeyStore keyStore, TibjmsSSLCI tibjmsSSLCI) throws JMSSecurityException {
        synchronized (_sslLock) {
            if (tibjmsSSLCI != null) {
                if (tibjmsSSLCI.data != null) {
                    if (!_sslInitialized) {
                        throw new JMSSecurityException(_noinit);
                    }
                    checkValidTrustedEncoding(tibjmsSSLCI.encoding);
                    try {
                        X509Certificate[] _readCerts = _readCerts(tibjmsSSLParams, TibjmsXMLConst.TIBJMS_XML_TRUSTED, tibjmsSSLCI.data, tibjmsSSLCI.encoding);
                        if (_readCerts != null && _readCerts.length > 0) {
                            for (int i = 0; i < _readCerts.length; i++) {
                                X509Certificate x509Certificate = _readCerts[i];
                                trustedCertAliasInc++;
                                String str = "trustedCertAlias" + String.valueOf(trustedCertAliasInc);
                                if (str != null) {
                                    try {
                                        keyStore.setCertificateEntry(str, x509Certificate);
                                    } catch (KeyStoreException e) {
                                        String str2 = TibjmsNamingConstants.SYNTAX_QUOTE + e.getMessage();
                                        KeyStoreException keyStoreException = e;
                                        while (true) {
                                            Throwable cause = keyStoreException.getCause();
                                            if (cause == null) {
                                                break;
                                            }
                                            str2 = str2 + "' + '" + cause.getMessage();
                                            keyStoreException = cause;
                                        }
                                        JMSSecurityException jMSSecurityException = new JMSSecurityException("Error processing trusted certificates (" + (i + 1) + " of " + _readCerts.length + ", name = '" + str + "') (" + (str2 + TibjmsNamingConstants.SYNTAX_QUOTE) + MarkChangeSetRanGenerator.CLOSE_BRACKET);
                                        jMSSecurityException.setLinkedException(e);
                                        throw jMSSecurityException;
                                    }
                                }
                            }
                        }
                    } catch (JMSSecurityException e2) {
                        JMSSecurityException jMSSecurityException2 = new JMSSecurityException("No trusted certificates found");
                        jMSSecurityException2.setLinkedException(e2);
                        throw jMSSecurityException2;
                    }
                }
            }
            throw new IllegalArgumentException("null parameter");
        }
    }

    /* JADX WARN: Finally extract failed */
    static X509Certificate[] _readCerts(TibjmsSSLParams tibjmsSSLParams, String str, Object obj, int i) throws JMSSecurityException {
        X509Certificate[] x509CertificateArr;
        if (obj == null) {
            throw new IllegalArgumentException("null parameter");
        }
        InputStream inputStream = null;
        boolean z = false;
        String str2 = null;
        PrintStream _getTracer = _getTracer(tibjmsSSLParams);
        if ((i & 32) != 0) {
            throw new JMSSecurityException("PKCS8 can not be used as certificate encoding");
        }
        if (obj instanceof String) {
            str2 = (String) obj;
            if (_getTracer != null && str != null) {
                _sslTrace(_getTracer, "reading " + str + " certificate(s) from file '" + str2 + "', format=" + encodingToName(i), null);
            }
            inputStream = _fileToStream(str2);
        } else if (obj instanceof byte[]) {
            if (_getTracer != null && str != null) {
                _sslTrace(_getTracer, "reading " + str + " certificate(s) from byte array, format=" + encodingToName(i), null);
            }
            inputStream = new ByteArrayInputStream((byte[]) obj);
        } else if (obj instanceof InputStream) {
            if (_getTracer != null && str != null) {
                _sslTrace(_getTracer, "reading " + str + " certificate(s) from byte array, format=" + (i != 0 ? encodingToName(i) : "PEM or DER"), null);
            }
            inputStream = (InputStream) obj;
            z = true;
        } else if (obj instanceof X509Certificate[]) {
            if (_getTracer != null && str != null) {
                _sslTrace(_getTracer, "reading " + str + " certificate(s) from array of X509Certificate objects", null);
            }
            try {
                return (X509Certificate[]) ((X509Certificate[]) obj).clone();
            } catch (Exception e) {
                JMSSecurityException jMSSecurityException = new JMSSecurityException("Error reading certs from X509Certificate[] object");
                jMSSecurityException.setLinkedException(e);
                throw jMSSecurityException;
            }
        }
        try {
            try {
                if (inputStream != null) {
                    if (inputStream.available() == 0) {
                        throw new JMSSecurityException("No certificates in stream");
                    }
                    ArrayList arrayList = new ArrayList();
                    if ((i & 64) != 0) {
                        KeyStore keyStore = KeyStore.getInstance("pkcs12");
                        keyStore.load(inputStream, tibjmsSSLParams.password);
                        Enumeration<String> aliases = keyStore.aliases();
                        while (aliases.hasMoreElements()) {
                            arrayList.add((X509Certificate) keyStore.getCertificate(aliases.nextElement()));
                        }
                    } else {
                        Iterator<? extends Certificate> it = CertificateFactory.getInstance("X.509").generateCertificates(inputStream).iterator();
                        while (it.hasNext()) {
                            arrayList.add((X509Certificate) it.next());
                        }
                    }
                    x509CertificateArr = new X509Certificate[arrayList.size()];
                    arrayList.toArray(x509CertificateArr);
                } else if (obj instanceof X509Certificate) {
                    if (_getTracer != null && str != null) {
                        _sslTrace(_getTracer, "reading " + str + " certificate from X509Certificate object", null);
                    }
                    x509CertificateArr = new X509Certificate[]{(X509Certificate) obj};
                } else {
                    if (_getTracer != null && str != null) {
                        _sslTrace(_getTracer, "reading " + str + " certificate(s) from object of class " + obj.getClass().getName() + ", format=" + encodingToName(i), null);
                    }
                    x509CertificateArr = new X509Certificate[]{(X509Certificate) obj};
                }
                if (!z && inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e2) {
                    }
                }
                return x509CertificateArr;
            } catch (Exception e3) {
                JMSSecurityException jMSSecurityException2 = new JMSSecurityException((str2 != null ? "Error reading certs from file '" + str2 : "Error reading certs from " + obj.getClass().getName() + " object") + ": " + e3.getMessage());
                jMSSecurityException2.setLinkedException(e3);
                throw jMSSecurityException2;
            }
        } catch (Throwable th) {
            if (!z && inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e4) {
                }
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyManagerFactory createKMF(char[] cArr, KeyStore keyStore) throws JMSSecurityException {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            if (keyManagerFactory == null || keyStore == null) {
                keyManagerFactory = null;
            } else {
                try {
                    keyManagerFactory.init(keyStore, cArr);
                } catch (GeneralSecurityException e) {
                    JMSSecurityException jMSSecurityException = new JMSSecurityException("Error initializing KeyManagerFactory: " + e.getMessage());
                    jMSSecurityException.setLinkedException(e);
                    throw jMSSecurityException;
                }
            }
            return keyManagerFactory;
        } catch (GeneralSecurityException e2) {
            JMSSecurityException jMSSecurityException2 = new JMSSecurityException("Error creating KeyManagerFactory: " + e2.getMessage());
            jMSSecurityException2.setLinkedException(e2);
            throw jMSSecurityException2;
        }
    }

    static TibjmsSSLClientIdentity createIdentity() throws JMSSecurityException {
        TibjmsSSLClientIdentity createIdentity;
        synchronized (_sslLock) {
            createIdentity = createIdentity(_default);
        }
        return createIdentity;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TibjmsSSLClientIdentity createIdentity(TibjmsSSLParams tibjmsSSLParams) throws JMSSecurityException {
        TibjmsSSLClientIdentity tibjmsSSLClientIdentity = new TibjmsSSLClientIdentity();
        PrintStream _getTracer = _getTracer(tibjmsSSLParams);
        if (_pkcs11Provider != null) {
            if (_getTracer != null) {
                _sslTrace(_getTracer, "Create PKCS11 identity via provider: " + _pkcs11Provider.getName(), null);
            }
            try {
                tibjmsSSLClientIdentity.identity = KeyStore.getInstance("PKCS11", _pkcs11Provider);
                try {
                    tibjmsSSLClientIdentity.identity.load(null, tibjmsSSLParams.password);
                    tibjmsSSLClientIdentity.kmf = createKMF(tibjmsSSLParams.password, tibjmsSSLClientIdentity.identity);
                    return tibjmsSSLClientIdentity;
                } catch (Exception e) {
                    JMSSecurityException jMSSecurityException = new JMSSecurityException("Error occured creating Keystore: " + e.getMessage());
                    jMSSecurityException.setLinkedException(e);
                    throw jMSSecurityException;
                }
            } catch (Exception e2) {
                JMSSecurityException jMSSecurityException2 = new JMSSecurityException("Error occured creating Keystore: " + e2.getMessage());
                jMSSecurityException2.setLinkedException(e2);
                throw jMSSecurityException2;
            }
        }
        if (tibjmsSSLParams.identity_data == null) {
            if (_getTracer != null) {
                _sslTrace(_getTracer, "client identity not set, using empty identity.", null);
            }
            try {
                tibjmsSSLClientIdentity.identity = KeyStore.getInstance("pkcs12");
                tibjmsSSLClientIdentity.identity.load(null, null);
                tibjmsSSLClientIdentity.kmf = null;
                return tibjmsSSLClientIdentity;
            } catch (IOException | GeneralSecurityException e3) {
                JMSSecurityException jMSSecurityException3 = new JMSSecurityException("Error occured creating Keystore: " + e3.getMessage());
                jMSSecurityException3.setLinkedException(e3);
                throw jMSSecurityException3;
            }
        }
        InputStream inputStream = null;
        boolean z = false;
        tibjmsSSLParams.identity_data.encoding = encodingToPrecise(tibjmsSSLParams.identity_data.encoding);
        if (tibjmsSSLParams.pk_key_data != null) {
            tibjmsSSLParams.pk_key_data.encoding = encodingToPrecise(tibjmsSSLParams.pk_key_data.encoding);
        }
        try {
            try {
                Object obj = tibjmsSSLParams.identity_data.data;
                if (tibjmsSSLParams.identity_data.data instanceof String) {
                    String str = (String) tibjmsSSLParams.identity_data.data;
                    if (_getTracer != null) {
                        _sslTrace(_getTracer, "reading client identity from file '" + str + "', format=" + encodingToName(tibjmsSSLParams.identity_data.encoding), null);
                    }
                    inputStream = _fileToStream(str);
                } else if (tibjmsSSLParams.identity_data.data instanceof byte[]) {
                    if (_getTracer != null) {
                        _sslTrace(_getTracer, "reading client identity from byte array, format=" + encodingToName(tibjmsSSLParams.identity_data.encoding), null);
                    }
                    inputStream = new ByteArrayInputStream((byte[]) tibjmsSSLParams.identity_data.data);
                } else if (tibjmsSSLParams.identity_data.data instanceof InputStream) {
                    z = true;
                    inputStream = (InputStream) tibjmsSSLParams.identity_data.data;
                    if (_getTracer != null) {
                        _sslTrace(_getTracer, "reading client identity from input stream, format=" + encodingToName(tibjmsSSLParams.identity_data.encoding), null);
                    }
                }
                if (inputStream != null) {
                    obj = inputStream;
                }
                if (tibjmsSSLParams.pk_key_data != null && (tibjmsSSLParams.identity_data.encoding == 512 || tibjmsSSLParams.identity_data.encoding == 64)) {
                    throw new JMSSecurityException("Conflicting parameters: private key should not be specified when identity is a store");
                }
                if (tibjmsSSLParams.pk_key_data == null) {
                    tibjmsSSLClientIdentity.identity = _identityFromStore(tibjmsSSLParams, obj, tibjmsSSLParams.identity_data.encoding, tibjmsSSLParams.password);
                } else {
                    tibjmsSSLClientIdentity.identity = _identityFromCertAndKey(tibjmsSSLParams, obj, tibjmsSSLParams.identity_data.encoding, tibjmsSSLParams.pk_key_data.data, tibjmsSSLParams.pk_key_data.encoding, tibjmsSSLParams.password);
                }
                if (!z && inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e4) {
                    }
                }
                tibjmsSSLClientIdentity.kmf = createKMF(tibjmsSSLParams.password, tibjmsSSLClientIdentity.identity);
                return tibjmsSSLClientIdentity;
            } catch (JMSSecurityException e5) {
                throw e5;
            }
        } catch (Throwable th) {
            if (0 == 0 && 0 != 0) {
                try {
                    inputStream.close();
                } catch (IOException e6) {
                }
            }
            throw th;
        }
    }

    static KeyStore _identityFromStore(TibjmsSSLParams tibjmsSSLParams, Object obj, int i, char[] cArr) throws JMSSecurityException {
        KeyStore keyStore;
        PrintStream _getTracer = _getTracer(tibjmsSSLParams);
        if (i == 512) {
            try {
                if (obj instanceof InputStream) {
                    if (_getTracer != null) {
                        _sslTrace(_getTracer, "creating KeyStore from input stream", null);
                    }
                    keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
                    try {
                        keyStore.load((InputStream) obj, cArr);
                        return keyStore;
                    } catch (Exception e) {
                        JMSSecurityException jMSSecurityException = new JMSSecurityException("Failed to read KeyStore object: " + e.getMessage());
                        jMSSecurityException.setLinkedException(e);
                        throw jMSSecurityException;
                    }
                }
            } catch (Exception e2) {
                JMSSecurityException jMSSecurityException2 = new JMSSecurityException("Error occured while reading identity data: " + e2.getMessage());
                jMSSecurityException2.setLinkedException(e2);
                throw jMSSecurityException2;
            }
        }
        if (obj instanceof KeyStore) {
            if (_getTracer != null) {
                _sslTrace(_getTracer, "reading client identity from KeyStore object", null);
            }
            keyStore = (KeyStore) obj;
        } else if ((obj instanceof InputStream) && i == 64) {
            if (_getTracer != null) {
                _sslTrace(_getTracer, "reading client identity from PKCS12 input stream", null);
            }
            try {
                keyStore = KeyStore.getInstance("pkcs12");
                try {
                    keyStore.load((InputStream) obj, tibjmsSSLParams.password);
                } catch (Exception e3) {
                    JMSSecurityException jMSSecurityException3 = new JMSSecurityException("Error occured while reading identity data: " + e3.getMessage());
                    jMSSecurityException3.setLinkedException(e3);
                    throw jMSSecurityException3;
                }
            } catch (GeneralSecurityException e4) {
                JMSSecurityException jMSSecurityException4 = new JMSSecurityException("Error creating identity data: " + e4.getMessage());
                jMSSecurityException4.setLinkedException(e4);
                throw jMSSecurityException4;
            }
        } else {
            if (!(obj instanceof InputStream) || i != 1) {
                throw new JMSSecurityException("Invalid or not supported identity data");
            }
            if (_getTracer != null) {
                _sslTrace(_getTracer, "reading client identity from PEM input stream", null);
            }
            try {
                keyStore = KeyStore.getInstance("pkcs12");
                try {
                    keyStore.load((InputStream) obj, tibjmsSSLParams.password);
                } catch (Exception e5) {
                    JMSSecurityException jMSSecurityException5 = new JMSSecurityException("Error occured while reading identity data: " + e5.getMessage());
                    jMSSecurityException5.setLinkedException(e5);
                    throw jMSSecurityException5;
                }
            } catch (GeneralSecurityException e6) {
                JMSSecurityException jMSSecurityException6 = new JMSSecurityException("Error creating identity data: " + e6.getMessage());
                jMSSecurityException6.setLinkedException(e6);
                throw jMSSecurityException6;
            }
        }
        return keyStore;
    }

    static KeyStore _identityFromCertAndKey(TibjmsSSLParams tibjmsSSLParams, Object obj, int i, Object obj2, int i2, char[] cArr) throws JMSSecurityException {
        throw new JMSSecurityException("PKCS#8 private key not supported - use PKCS#12 or JKS");
    }

    static String getDNField(String str, String str2) {
        if (str == null) {
            return null;
        }
        int indexOf = str.toLowerCase().indexOf(str2.toLowerCase() + "=");
        if (indexOf < 0) {
            return null;
        }
        int length = indexOf + str2.length() + 1;
        if (length >= str.length()) {
            return "";
        }
        int indexOf2 = str.indexOf(",", length);
        return indexOf2 < 0 ? str.substring(length, str.length()) : str.substring(length, indexOf2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getCertCN(X509Certificate x509Certificate) {
        X500Principal subjectX500Principal;
        if (x509Certificate == null || (subjectX500Principal = x509Certificate.getSubjectX500Principal()) == null) {
            return null;
        }
        return getDNField(subjectX500Principal.getName(), "CN");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<String> getCertSAN(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                return arrayList;
            }
            for (List<?> list : subjectAlternativeNames) {
                switch (((Integer) list.get(0)).intValue()) {
                    case 2:
                        arrayList.add((String) list.get(1));
                        break;
                    case 7:
                        Object obj = list.get(1);
                        if (obj instanceof String) {
                            arrayList.add((String) obj);
                            break;
                        } else if (obj instanceof byte[]) {
                            try {
                                arrayList.add(InetAddress.getByAddress((byte[]) list.get(1)).getHostAddress());
                                break;
                            } catch (UnknownHostException e) {
                                break;
                            }
                        } else {
                            break;
                        }
                }
            }
            return arrayList;
        } catch (CertificateParsingException e2) {
            return arrayList;
        }
    }

    static String getCertDescription(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return "null";
        }
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        String str = (subjectX500Principal == null ? "CertCN=[no subject]" : "CertCN=" + getDNField(subjectX500Principal.getName(), "CN")) + ", IssuerCN=";
        return issuerX500Principal == null ? str + "[no issuer]" : str + getDNField(issuerX500Principal.getName(), "CN");
    }

    static void checkValidTrustedEncoding(int i) throws JMSSecurityException {
        int encodingToPrecise = encodingToPrecise(i);
        switch (encodingToPrecise) {
            case 0:
            case 1:
            case 2:
            case 17:
            case 20:
            case 64:
            case 512:
                return;
            default:
                throw new JMSSecurityException("Invalid encoding of trusted certificates: " + encodingToName(encodingToPrecise));
        }
    }

    static String encodingToName(int i) {
        switch (i) {
            case 0:
                return "AUTO";
            case 1:
                return "PEM";
            case 2:
                return ASN1Encoding.DER;
            case 4:
                return ASN1Encoding.BER;
            case 16:
                return PEMParser.TYPE_PKCS7;
            case 17:
                return "PKCS7(PEM)";
            case 20:
                return "PKCS7(BER)";
            case 32:
                return "PKCS8";
            case 33:
                return "PKCS8(PEM)";
            case 36:
                return "PKCS8(BER)";
            case 64:
                return "PKCS12";
            case 512:
                return "KEYSTORE";
            default:
                return "UNKNOWN";
        }
    }

    static void isValidEncoding(int i) throws JMSSecurityException {
        switch (i) {
            case 0:
            case 1:
            case 2:
            case 17:
            case 20:
            case 33:
            case 36:
            case 64:
            case 512:
                return;
            default:
                throw new JMSSecurityException("Invalid encoding");
        }
    }

    static int encodingToPrecise(int i) {
        if (i == 16) {
            return 20;
        }
        if (i == 32) {
            return 33;
        }
        return i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int encodingNameToInt(String str) {
        if (str == null) {
            return 0;
        }
        if (str.equalsIgnoreCase("pem")) {
            return 1;
        }
        if (str.equalsIgnoreCase("der")) {
            return 2;
        }
        if (str.equalsIgnoreCase("p7") || str.equalsIgnoreCase("pkcs7") || str.equalsIgnoreCase("pkcs#7")) {
            return 17;
        }
        if (str.equalsIgnoreCase("p7b") || str.equalsIgnoreCase("pkcs7b") || str.equalsIgnoreCase("pkcs#7b")) {
            return 20;
        }
        if (str.equalsIgnoreCase("p8") || str.equalsIgnoreCase("pkcs8") || str.equalsIgnoreCase("pkcs#8")) {
            return 33;
        }
        if (str.equalsIgnoreCase("p8b") || str.equalsIgnoreCase("pkcs8b") || str.equalsIgnoreCase("pkcs#8b")) {
            return 36;
        }
        if (str.equalsIgnoreCase("p12") || str.equalsIgnoreCase("pkcs12") || str.equalsIgnoreCase("pkcs#12")) {
            return 64;
        }
        return str.equalsIgnoreCase("jks") ? 512 : 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String removeEncoding(String str) {
        if (str == null) {
            return null;
        }
        int indexOf = str.indexOf(58);
        return (indexOf <= 0 || encodingNameToInt(str.substring(0, indexOf)) == 0) ? str : str.substring(indexOf + 1, str.length());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int encodingFromFilename(String str) {
        int encodingNameToInt;
        if (str == null) {
            return 0;
        }
        int indexOf = str.indexOf(58);
        if (indexOf > 0 && (encodingNameToInt = encodingNameToInt(str.substring(0, indexOf))) != 0) {
            return encodingNameToInt;
        }
        int lastIndexOf = str.lastIndexOf(46);
        if (lastIndexOf >= 0) {
            return encodingNameToInt(str.substring(lastIndexOf + 1, str.length()));
        }
        return 0;
    }

    static InputStream _fileToStream(String str) throws JMSSecurityException {
        if (str == null || str.length() == 0) {
            throw new JMSSecurityException("empty file name");
        }
        try {
            return new FileInputStream(str);
        } catch (IOException e) {
            JMSSecurityException jMSSecurityException = new JMSSecurityException("File not found or access denied: '" + str + TibjmsNamingConstants.SYNTAX_QUOTE);
            jMSSecurityException.setLinkedException(e);
            throw jMSSecurityException;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void _erasePass(char[] cArr) {
        if (cArr != null) {
            for (int i = 0; i < cArr.length; i++) {
                cArr[i] = 0;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void _erasePass() {
        _erasePass(_default.password);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void _sslTrace(PrintStream printStream, String str, Object[] objArr) {
        TibjmsxTrace.write(printStream, "[TLS] " + str, objArr);
    }
}
