package org.apache.geronimo.javamail.util;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.lang.reflect.InvocationTargetException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.mail.MessagingException;
import javax.mail.Session;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.geronimo.javamail.authentication.ClientAuthenticator;
import org.apache.geronimo.javamail.authentication.CramMD5Authenticator;
import org.apache.geronimo.javamail.authentication.DigestMD5Authenticator;
import org.apache.geronimo.javamail.authentication.LoginAuthenticator;
import org.apache.geronimo.javamail.authentication.PlainAuthenticator;
import org.apache.geronimo.javamail.authentication.SASLAuthenticator;
import org.apache.tomcat.util.net.Constants;

/* loaded from: input_file:org/apache/geronimo/javamail/util/MailConnection.class */
public class MailConnection {
    protected static final char CR = '\r';
    protected static final char LF = '\n';
    protected static final String MAIL_PORT = "port";
    protected static final String MAIL_LOCALHOST = "localhost";
    protected static final String MAIL_STARTTLS_ENABLE = "starttls.enable";
    protected static final String MAIL_STARTTLS_REQUIRED = "starttls.required";
    protected static final String MAIL_SSL_ENABLE = "ssl.enable";
    protected static final String MAIL_TIMEOUT = "timeout";
    protected static final String MAIL_SASL_ENABLE = "sasl.enable";
    protected static final String MAIL_SASL_REALM = "sasl.realm";
    protected static final String MAIL_AUTHORIZATIONID = "sasl.authorizationid";
    protected static final String MAIL_SASL_MECHANISMS = "sasl.mechanisms";
    protected static final String MAIL_PLAIN_DISABLE = "auth.plain.disable";
    protected static final String MAIL_LOGIN_DISABLE = "auth.login.disable";
    protected static final String MAIL_FACTORY = "socketFactory";
    protected static final String MAIL_FACTORY_CLASS = "socketFactory.class";
    protected static final String MAIL_FACTORY_FALLBACK = "socketFactory.fallback";
    protected static final String MAIL_FACTORY_PORT = "socketFactory.port";
    protected static final String MAIL_SSL_FACTORY = "ssl.socketFactory";
    protected static final String MAIL_SSL_FACTORY_CLASS = "ssl.socketFactory.class";
    protected static final String MAIL_SSL_FACTORY_PORT = "ssl.socketFactory.port";
    protected static final String MAIL_SSL_PROTOCOLS = "ssl.protocols";
    protected static final String MAIL_SSL_CIPHERSUITES = "ssl.ciphersuites";
    protected static final String MAIL_SSL_TRUST = "ssl.trust";
    protected static final String MAIL_LOCALADDRESS = "localaddress";
    protected static final String MAIL_LOCALPORT = "localport";
    protected static final String MAIL_ENCODE_TRACE = "encodetrace";
    protected static final int MIN_MILLIS = 60000;
    protected static final int TIMEOUT = 300000;
    protected static final String DEFAULT_MAIL_HOST = "localhost";
    protected static final String CAPABILITY_STARTTLS = "STARTTLS";
    protected static final String AUTHENTICATION_PLAIN = "PLAIN";
    protected static final String AUTHENTICATION_LOGIN = "LOGIN";
    protected static final String AUTHENTICATION_CRAMMD5 = "CRAM-MD5";
    protected static final String AUTHENTICATION_DIGESTMD5 = "DIGEST-MD5";
    protected Session session;
    protected String protocol;
    protected boolean sslConnection;
    protected int defaultPort;
    protected ProtocolProperties props;
    protected String serverHost;
    protected int serverPort;
    protected Socket socket;
    protected InetAddress localAddress;
    protected int localPort;
    protected String localHost;
    protected int timeout;
    protected String username;
    protected String password;
    protected String realm;
    protected String authid;
    protected InputStream inputStream;
    protected OutputStream outputStream;
    protected PrintStream debugStream;
    protected boolean debug;
    protected List authentications;
    protected Map capabilities;
    protected List mechanisms;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/geronimo/javamail/util/MailConnection$SSLTrustManager.class */
    public class SSLTrustManager implements X509TrustManager {
        private final X509TrustManager defaultTrustManager;
        private final boolean trustAll;
        private final String[] trustedHosts;

        SSLTrustManager(String[] strArr, boolean z) throws IOException {
            this.trustAll = z;
            this.trustedHosts = strArr;
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
                trustManagerFactory.init((KeyStore) null);
                this.defaultTrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
            } catch (KeyStoreException e) {
                throw new IOException(e);
            } catch (NoSuchAlgorithmException e2) {
                throw new IOException(e2);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (this.trustAll && this.trustedHosts == null) {
                return;
            }
            this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.defaultTrustManager.getAcceptedIssuers();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MailConnection(ProtocolProperties protocolProperties) {
        this.props = protocolProperties;
        this.protocol = protocolProperties.getProtocol();
        this.session = protocolProperties.getSession();
        this.sslConnection = protocolProperties.getSSLConnection();
        this.defaultPort = protocolProperties.getDefaultPort();
        this.debug = this.session.getDebug();
        this.debugStream = this.session.getDebugOut();
        String property = protocolProperties.getProperty(MAIL_SSL_ENABLE);
        if (property != null) {
            this.sslConnection = Boolean.valueOf(property).booleanValue();
        }
    }

    public boolean protocolConnect(String str, int i, String str2, String str3) throws MessagingException {
        if (i == -1) {
            i = this.props.getIntProperty("port", this.props.getDefaultPort());
            if (i == -1) {
                i = this.props.getDefaultPort();
            }
        }
        if (str == null) {
            str = "localhost";
        }
        this.serverHost = str;
        this.serverPort = i;
        this.username = str2;
        this.password = str3;
        this.realm = this.props.getProperty(MAIL_SASL_REALM);
        this.authid = this.props.getProperty(MAIL_AUTHORIZATIONID, str2);
        return true;
    }

    public void connect(Socket socket) {
        this.socket = socket;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void getConnection() throws IOException, MessagingException {
        if (this.socket == null) {
            getConnectionProperties();
            if (this.sslConnection) {
                getConnectedSSLSocket();
            } else {
                getConnectedSocket();
            }
        } else {
            this.localPort = this.socket.getPort();
            this.localAddress = this.socket.getInetAddress();
        }
        getConnectionStreams();
    }

    protected void getConnectionProperties() {
        this.timeout = this.props.getIntProperty(MAIL_TIMEOUT, -1);
        this.localAddress = null;
        String property = this.props.getProperty(MAIL_LOCALADDRESS);
        if (property != null) {
            try {
                this.localAddress = InetAddress.getByName(property);
            } catch (UnknownHostException e) {
            }
        }
        this.localPort = this.props.getIntProperty(MAIL_LOCALPORT, 0);
    }

    protected void getConnectedSocket() throws IOException {
        debugOut("Attempting plain socket connection to server " + this.serverHost + ":" + this.serverPort);
        this.socket = null;
        createSocket(false);
        if (this.timeout >= 0) {
            this.socket.setSoTimeout(this.timeout);
        }
    }

    private boolean createSocketFromFactory(boolean z, boolean z2) throws IOException {
        String property = this.props.getProperty(z ? MAIL_SSL_FACTORY_CLASS : MAIL_FACTORY_CLASS);
        if (property == null) {
            return false;
        }
        boolean booleanProperty = this.props.getBooleanProperty(MAIL_FACTORY_FALLBACK, false);
        int intProperty = this.props.getIntProperty(z ? MAIL_SSL_FACTORY_PORT : MAIL_FACTORY_PORT, -1);
        Integer num = new Integer(intProperty == -1 ? this.serverPort : intProperty);
        debugOut("Creating " + (z ? "" : "non-") + "SSL socket using factory " + property + " listening on port " + num);
        while (true) {
            try {
                Class<?> loadClass = Thread.currentThread().getContextClassLoader().loadClass(property);
                Object newInstance = loadClass.newInstance();
                if (this.localAddress != null && !z2) {
                    this.socket = (Socket) loadClass.getMethod("createSocket", String.class, Integer.TYPE, InetAddress.class, Integer.TYPE).invoke(newInstance, this.serverHost, num, this.localAddress, new Integer(this.localPort));
                    return true;
                }
                if (z2) {
                    this.socket = (Socket) loadClass.getMethod("createSocket", Socket.class, String.class, Integer.TYPE, Boolean.TYPE).invoke(newInstance, this.socket, this.serverHost, new Integer(this.serverPort), Boolean.TRUE);
                    return true;
                }
                this.socket = (Socket) loadClass.getMethod("createSocket", String.class, Integer.TYPE).invoke(newInstance, this.serverHost, num);
                return true;
            } catch (Throwable th) {
                th = th;
                if (!booleanProperty) {
                    if (th instanceof InvocationTargetException) {
                        th = ((InvocationTargetException) th).getTargetException();
                    }
                    debugOut("Failure creating " + (z ? "" : "non-") + "SSL socket", th);
                    IOException iOException = new IOException("Error connecting to " + this.serverHost + ", " + this.serverPort);
                    iOException.initCause(th);
                    throw iOException;
                }
                debugOut("First attempt at creating " + (z ? "" : "non-") + "SSL socket failed, falling back to default factory");
                property = z ? "javax.net.ssl.SSLSocketFactory" : "javax.net.SocketFactory";
                booleanProperty = false;
            }
        }
    }

    private void createSocketFromFactory(SocketFactory socketFactory, boolean z) throws IOException {
        if ((socketFactory instanceof SSLSocketFactory) && z) {
            this.socket = ((SSLSocketFactory) socketFactory).createSocket(this.socket, this.serverHost, this.serverPort, true);
        } else if (this.localAddress != null) {
            this.socket = socketFactory.createSocket(this.serverHost, this.serverPort, this.localAddress, this.localPort);
        } else {
            this.socket = socketFactory.createSocket(this.serverHost, this.serverPort);
        }
    }

    private boolean createSocketFromConfiguredFactoryInstance(boolean z, boolean z2) throws IOException {
        if (z) {
            Object propertyAsObject = this.props.getPropertyAsObject(MAIL_SSL_FACTORY);
            if (propertyAsObject == null || !(propertyAsObject instanceof SSLSocketFactory)) {
                return false;
            }
            createSocketFromFactory((SSLSocketFactory) propertyAsObject, z2);
            debugOut("Creating " + (z ? "" : "non-") + "SSL " + (z2 ? "layered" : "non-layered") + " socket using a instance of factory " + propertyAsObject.getClass() + " listening");
            return true;
        }
        Object propertyAsObject2 = this.props.getPropertyAsObject(MAIL_FACTORY);
        if (propertyAsObject2 == null || !(propertyAsObject2 instanceof SocketFactory)) {
            return false;
        }
        createSocketFromFactory((SocketFactory) propertyAsObject2, z2);
        debugOut("Creating " + (z ? "" : "non-") + "SSL " + (z2 ? "layered" : "non-layered") + " socket using a instance of factory " + propertyAsObject2.getClass() + " listening");
        return true;
    }

    private void createSSLSocketFromSSLContext(boolean z) throws IOException {
        SSLTrustManager sSLTrustManager;
        debugOut("Creating " + (z ? "layered " : "non-layered ") + "SSL socket using SSL Context");
        try {
            SSLContext sSLContext = SSLContext.getInstance(Constants.SSL_PROTO_TLS);
            String property = this.props.getProperty(MAIL_SSL_TRUST);
            if (property == null) {
                sSLTrustManager = new SSLTrustManager(null, false);
            } else if (property.equals("*")) {
                sSLTrustManager = new SSLTrustManager(null, true);
            } else {
                String[] split = property.split("\\s+");
                sSLTrustManager = new SSLTrustManager(split, false);
                if (this.serverHost == null || this.serverHost.isEmpty() || !Arrays.asList(split).contains(this.serverHost)) {
                    throw new IOException("Server is not trusted: " + this.serverHost);
                }
            }
            sSLContext.init(null, new TrustManager[]{sSLTrustManager}, null);
            createSocketFromFactory(sSLContext.getSocketFactory(), z);
        } catch (KeyManagementException e) {
            throw new IOException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new IOException(e2);
        }
    }

    private void createSocket(boolean z) throws IOException {
        if (createSocketFromConfiguredFactoryInstance(z, false) || createSocketFromFactory(z, false)) {
            return;
        }
        if (z) {
            createSSLSocketFromSSLContext(false);
        } else {
            createSocketFromFactory(SocketFactory.getDefault(), false);
        }
    }

    protected void getConnectedSSLSocket() throws IOException {
        debugOut("Attempting SSL socket connection to server " + this.serverHost + ":" + this.serverPort);
        this.socket = null;
        createSocket(true);
        if (this.timeout >= 0) {
            this.socket.setSoTimeout(this.timeout);
        }
        String property = this.props.getProperty(MAIL_SSL_PROTOCOLS);
        if (property != null) {
            ArrayList arrayList = new ArrayList();
            StringTokenizer stringTokenizer = new StringTokenizer(property);
            while (stringTokenizer.hasMoreTokens()) {
                arrayList.add(stringTokenizer.nextToken());
            }
            ((SSLSocket) this.socket).setEnabledProtocols((String[]) arrayList.toArray(new String[arrayList.size()]));
        }
        String property2 = this.props.getProperty(MAIL_SSL_CIPHERSUITES);
        if (property2 != null) {
            ArrayList arrayList2 = new ArrayList();
            StringTokenizer stringTokenizer2 = new StringTokenizer(property2);
            while (stringTokenizer2.hasMoreTokens()) {
                arrayList2.add(stringTokenizer2.nextToken());
            }
            ((SSLSocket) this.socket).setEnabledCipherSuites((String[]) arrayList2.toArray(new String[arrayList2.size()]));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void getConnectedTLSSocket() throws MessagingException {
        try {
            this.serverHost = this.socket.getInetAddress().getHostName();
            this.serverPort = this.socket.getPort();
            if (createSocketFromConfiguredFactoryInstance(true, true)) {
                debugOut("TLS socket factory configured as instance");
            } else if (createSocketFromFactory(true, true)) {
                debugOut("TLS socket factory configured as class");
            } else {
                debugOut("TLS socket factory from SSLContext");
                createSSLSocketFromSSLContext(true);
            }
            if (!(this.socket instanceof SSLSocket)) {
                throw new IOException("Socket is not an instance of SSLSocket, maybe wrong configured ssl factory?");
            }
            ((SSLSocket) this.socket).setEnabledCipherSuites(((SSLSocket) this.socket).getSupportedCipherSuites());
            ((SSLSocket) this.socket).setEnabledProtocols(new String[]{Constants.SSL_PROTO_TLSv1});
            ((SSLSocket) this.socket).setUseClientMode(true);
            debugOut("Initiating STARTTLS handshake");
            ((SSLSocket) this.socket).startHandshake();
            getConnectionStreams();
            debugOut("TLS connection established");
        } catch (Exception e) {
            debugOut("Failure attempting to convert connection to TLS", e);
            throw new MessagingException("Unable to convert connection to SSL", e);
        }
    }

    protected void getConnectionStreams() throws MessagingException, IOException {
        this.inputStream = new TraceInputStream(this.socket.getInputStream(), this.debugStream, this.debug, this.props.getBooleanProperty(MAIL_ENCODE_TRACE, false));
        this.outputStream = new TraceOutputStream(this.socket.getOutputStream(), this.debugStream, this.debug, this.props.getBooleanProperty(MAIL_ENCODE_TRACE, false));
    }

    public void closeServerConnection() {
        try {
            this.socket.close();
        } catch (IOException e) {
        }
        this.socket = null;
        this.inputStream = null;
        this.outputStream = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkConnected() throws MessagingException {
        if (this.socket == null || !this.socket.isConnected()) {
            throw new MessagingException("no connection");
        }
    }

    public String getSASLRealm() {
        if (this.realm == null) {
            this.realm = this.props.getProperty(MAIL_SASL_REALM);
        }
        return this.realm;
    }

    public void setSASLRealm(String str) {
        this.realm = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List getSaslMechanisms() {
        if (this.mechanisms == null) {
            this.mechanisms = new ArrayList();
            String property = this.props.getProperty(MAIL_SASL_MECHANISMS);
            if (property != null) {
                StringTokenizer stringTokenizer = new StringTokenizer(property, " ,");
                while (stringTokenizer.hasMoreTokens()) {
                    this.mechanisms.add(stringTokenizer.nextToken().toUpperCase());
                }
            }
        }
        return this.mechanisms;
    }

    protected List getServerMechanisms() {
        return this.authentications;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List selectSaslMechanisms() {
        List saslMechanisms = getSaslMechanisms();
        List serverMechanisms = getServerMechanisms();
        if (saslMechanisms.isEmpty()) {
            return serverMechanisms;
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < saslMechanisms.size(); i++) {
            String str = (String) saslMechanisms.get(i);
            if (serverMechanisms.contains(str)) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    protected ClientAuthenticator getLoginAuthenticator() throws MessagingException {
        List selectSaslMechanisms = selectSaslMechanisms();
        try {
            return new SASLAuthenticator((String[]) selectSaslMechanisms.toArray(new String[0]), this.session.getProperties(), this.protocol, this.serverHost, getSASLRealm(), this.authid, this.username, this.password);
        } catch (Throwable th) {
            if (selectSaslMechanisms.contains("DIGEST-MD5")) {
                return new DigestMD5Authenticator(this.serverHost, this.username, this.password, getSASLRealm());
            }
            if (selectSaslMechanisms.contains("CRAM-MD5")) {
                return new CramMD5Authenticator(this.username, this.password);
            }
            if (selectSaslMechanisms.contains("LOGIN")) {
                return new LoginAuthenticator(this.username, this.password);
            }
            if (selectSaslMechanisms.contains("PLAIN")) {
                return new PlainAuthenticator(this.authid, this.username, this.password);
            }
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void debugOut(String str) {
        if (this.debug) {
            this.debugStream.println(this.protocol + " DEBUG: " + str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void debugOut(String str, Throwable th) {
        if (this.debug) {
            debugOut("Received exception -> " + str);
            debugOut("Exception message -> " + th.getMessage());
            th.printStackTrace(this.debugStream);
        }
    }

    public boolean hasCapability(String str) {
        return this.capabilities.containsKey(str);
    }

    public Map getCapabilities() {
        return this.capabilities;
    }

    public boolean supportsMechanism(String str) {
        return this.authentications.contains(str);
    }

    public String getHost() {
        return this.serverHost;
    }

    public String getLocalHost() throws MessagingException {
        if (this.localHost == null) {
            if (this.localHost == null) {
                this.localHost = this.props.getProperty("localhost");
            }
            if (this.localHost == null) {
                this.localHost = this.props.getSessionProperty("localhost");
            }
            if (this.localHost == null) {
                try {
                    this.localHost = InetAddress.getLocalHost().getHostName();
                } catch (UnknownHostException e) {
                }
            }
            if (this.localHost == null) {
                throw new MessagingException("Can't get local hostname.  Please correctly configure JDK/DNS or set mail.smtp.localhost");
            }
        }
        return this.localHost;
    }

    public void setLocalHost(String str) {
        this.localHost = str;
    }
}
