package weblogic.security.SSL;

import com.bea.utils.misc.ProcessBase;
import com.bea.utils.misc.ProcessException;
import com.bea.utils.misc.ProcessManager;
import com.rsa.jsafe.JSAFE_InvalidParameterException;
import com.rsa.jsafe.JSAFE_InvalidUseException;
import com.rsa.jsafe.JSAFE_KeyPair;
import com.rsa.jsafe.JSAFE_SecureRandom;
import com.rsa.jsafe.JSAFE_UnimplementedException;
import java.io.IOException;
import java.io.InputStream;
import java.security.NoSuchAlgorithmException;
import java.util.Hashtable;
import java.util.Properties;
import weblogic.kernel.Kernel;
import weblogic.logging.LogOutputStream;
import weblogic.management.Admin;
import weblogic.management.ManagementError;
import weblogic.management.configuration.KernelDebugMBean;
import weblogic.management.configuration.ServerDebugMBean;
import weblogic.management.configuration.ServerMBean;
import weblogic.math.Bignum;
import weblogic.rjvm.LocalRJVM;
import weblogic.security.AuthenticationException;
import weblogic.security.KeyManagementException;
import weblogic.security.RSAKey;
import weblogic.security.RSAPrivateKey;
import weblogic.security.RSAPrivateKeyPKCS8;
import weblogic.security.RandomBitsSource;
import weblogic.security.X500Name;
import weblogic.security.X509;
import weblogic.security.acl.TTLCache;
import weblogic.security.acl.internal.Security;
import weblogic.security.utils.SSLSetup;
import weblogic.t3.srvr.SSLListenThread;
import weblogic.t3.srvr.T3Srvr;
import weblogic.utils.AssertionError;
import weblogic.utils.NestedError;
import weblogic.version;

/* loaded from: input_file:weblogic.jar:weblogic/security/SSL/SSLParams.class */
public final class SSLParams {
    static final boolean haveRSALicense = true;
    static final boolean forExport = false;
    public static final short SSL_NULL_WITH_NULL_NULL = 0;
    public static final short SSL_RSA_WITH_NULL_MD5 = 1;
    public static final short SSL_RSA_WITH_NULL_SHA = 2;
    public static final short SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 3;
    public static final short SSL_RSA_WITH_RC4_128_MD5 = 4;
    public static final short SSL_RSA_WITH_RC4_128_SHA = 5;
    public static final short SSL_RSA_EXPORT_WITH_DES_40_CBC_SHA = 8;
    public static final short SSL_RSA_WITH_DES_CBC_SHA = 9;
    public static final short SSL_RSA_WITH_3DES_EDE_CBC_SHA = 10;
    protected boolean debug;
    protected boolean useV2Hello;
    protected boolean requestClientCert;
    protected boolean enforceClientCert;
    protected short[] clientCipherSuites;
    protected short[] serverCipherSuites;
    protected SSLCertificate serverCert;
    protected RSAKey exportableKey;
    protected int exportableKeyUsage;
    public int exportableKeyUsageMaximum;
    private LogOutputStream log;
    protected SSLCertificate clientCert;
    protected byte[][] rootCAfingerprints;
    private X500Name[] clientRootCANames;
    private X509[] clientRootCAs;
    protected String expectedName;
    private HostnameVerifier hostnameVerifier;
    private TrustManager trustManager;
    private String enforceCertificateConstraints;
    protected String privateKeyPassword;
    private TTLCache resumableSessionsCache;
    private boolean useResumableSessionsTTLCache;
    private SessionID clientResumableSessionID;
    private SessionParams clientResumableSessionParams;
    public static final int DEFAULT_CACHE_SIZE = 211;
    public static final int DEFAULT_MIN_CACHE_SIZE = 17;
    public static final int DEFAULT_MAX_CACHE_SIZE = 65537;
    public static final int DEFAULT_POSITIVE_TTL = 600;
    public static final int DEFAULT_MIN_TTL = 1;
    public static final int DEFAULT_MAX_TTL = Integer.MAX_VALUE;
    protected SessionParams sessionParams;
    protected RandomBitsSource rng;
    protected String proxyHost;
    protected int proxyPort;
    protected KernelDebugMBean configSSLDebug;
    private boolean l_did;
    private boolean l_fullStrengthLicense;
    private static final short[] minimalCipherSuites = {3, 0};
    private static final short[] exportCipherSuites = {3, 9, 8, 0};
    private static final short[] normalCipherSuites = {4, 5, 3, 9, 8, 2, 1};
    private static String ENFORCE_CONSTRAINTS_PROP = Admin.ADMIN_SSLENFORCECONSTRAINT_PROP;

    public static final boolean isExportableCipherSuite(short s) {
        for (int i = 0; i < exportCipherSuites.length; i++) {
            if (exportCipherSuites[i] == s) {
                return true;
            }
        }
        return false;
    }

    public RSAKey getExportableKey() throws IOException {
        if (this.exportableKey == null || this.exportableKeyUsage == 0 || this.exportableKeyUsage > this.exportableKeyUsageMaximum) {
            try {
                JSAFE_KeyPair jSAFE_KeyPair = JSAFE_KeyPair.getInstance("RSA", "Native/Java");
                JSAFE_SecureRandom jSAFE_SecureRandom = (JSAFE_SecureRandom) JSAFE_SecureRandom.getInstance("MD5Random", "Intel/Native/Java");
                jSAFE_SecureRandom.seed(Bignum.randomBignum(4096, LocalRJVM.getLocalRJVM().getSecureRandom()).toBytes());
                jSAFE_KeyPair.generateInit(null, new int[]{512, 65537}, jSAFE_SecureRandom);
                jSAFE_KeyPair.generate();
                byte[][] keyData = jSAFE_KeyPair.getPrivateKey().getKeyData("RSAPrivateKeyCRT");
                this.exportableKey = new RSAPrivateKey(new Bignum(keyData[0]), new Bignum(keyData[1]), new Bignum(keyData[2]), new Bignum(keyData[3]), new Bignum(keyData[4]), new Bignum(keyData[5]), new Bignum(keyData[6]), new Bignum(keyData[7]));
                this.exportableKeyUsage = 0;
            } catch (JSAFE_InvalidParameterException e) {
                throw new IOException("Unable to create low-strength keypair");
            } catch (JSAFE_InvalidUseException e2) {
                throw new IOException("Unable to create low-strength keypair");
            } catch (JSAFE_UnimplementedException e3) {
                throw new IOException("Unable to create low-strength keypair");
            } catch (NoSuchAlgorithmException e4) {
                throw new IOException("Unable to create low-strength keypair");
            }
        }
        this.exportableKeyUsage++;
        return this.exportableKey;
    }

    public SSLParams() {
        this.debug = false;
        this.useV2Hello = true;
        this.requestClientCert = false;
        this.enforceClientCert = false;
        this.clientCipherSuites = exportCipherSuites;
        this.serverCipherSuites = exportCipherSuites;
        this.exportableKey = null;
        this.exportableKeyUsage = 0;
        this.exportableKeyUsageMaximum = 500;
        this.rootCAfingerprints = null;
        this.proxyHost = null;
        this.proxyPort = -1;
        this.l_did = false;
        this.l_fullStrengthLicense = false;
        init();
        setDebugFromProperties();
        checkLicenseAndSetCipherSuite();
        this.rootCAfingerprints = Security.getSSLRootCAFingerprints();
        this.expectedName = Security.getSSLServerName();
        this.privateKeyPassword = Security.getSSLClientKeyPassword();
        try {
            this.clientCert = objectToCertificate(Security.getSSLClientCertificate(), this.privateKeyPassword);
            if (this.clientCert == null && Kernel.isServer()) {
                useServerCertificate();
            }
        } catch (IOException e) {
            throw new NestedError("Unexpected problem setting SSL params: ", e);
        }
    }

    public SSLParams(SSLClientInfo sSLClientInfo) {
        this.debug = false;
        this.useV2Hello = true;
        this.requestClientCert = false;
        this.enforceClientCert = false;
        this.clientCipherSuites = exportCipherSuites;
        this.serverCipherSuites = exportCipherSuites;
        this.exportableKey = null;
        this.exportableKeyUsage = 0;
        this.exportableKeyUsageMaximum = 500;
        this.rootCAfingerprints = null;
        this.proxyHost = null;
        this.proxyPort = -1;
        this.l_did = false;
        this.l_fullStrengthLicense = false;
        init();
        checkLicenseAndSetCipherSuite();
        String sSLClientKeyPassword = sSLClientInfo.getSSLClientKeyPassword();
        if (sSLClientKeyPassword != null) {
            this.privateKeyPassword = sSLClientKeyPassword;
        }
        try {
            InputStream[] sSLClientCertificate = sSLClientInfo.getSSLClientCertificate();
            if (sSLClientCertificate != null) {
                setClientCert(sSLClientCertificate);
            } else {
                Object sSLClientCertificate2 = Security.getSSLClientCertificate();
                if (sSLClientCertificate2 instanceof InputStream[]) {
                    setClientCert((InputStream[]) sSLClientCertificate2);
                }
            }
            if (this.clientCert == null && Kernel.isServer()) {
                useServerCertificate();
            }
            String expectedName = sSLClientInfo.getExpectedName();
            if (expectedName != null) {
                setExpectedName(expectedName);
            }
            byte[][] rootCAfingerprints = sSLClientInfo.getRootCAfingerprints();
            if (rootCAfingerprints != null) {
                setRootCAFingerprints(rootCAfingerprints);
            }
            HostnameVerifier hostnameVerifier = sSLClientInfo.getHostnameVerifier();
            if (hostnameVerifier != null) {
                setHostnameVerifier(hostnameVerifier);
            }
            TrustManager trustManager = sSLClientInfo.getTrustManager();
            if (trustManager != null) {
                setTrustManager(trustManager);
            }
            SessionParams sessionParams = sSLClientInfo.getSessionParams();
            if (sessionParams != null) {
                this.clientResumableSessionParams = sessionParams;
            }
            SessionID sessionID = sSLClientInfo.getSessionID();
            if (sessionID != null) {
                this.clientResumableSessionID = sessionID;
            }
        } catch (IOException e) {
            throw new NestedError("Unexpected problem setting SSL params: ", e);
        }
    }

    private void init() {
        setDebugFromProperties();
        try {
            this.proxyHost = System.getProperty("ssl.proxyHost", null);
            if (this.proxyHost == null) {
                this.proxyHost = System.getProperty("https.proxyHost", null);
            }
            this.proxyPort = Integer.getInteger("ssl.proxyPort", -1).intValue();
            if (this.proxyPort == -1) {
                this.proxyPort = Integer.getInteger("https.proxyPort", -1).intValue();
            }
            this.enforceCertificateConstraints = System.getProperty(ENFORCE_CONSTRAINTS_PROP, "strong");
        } catch (SecurityException e) {
            if (this.debug) {
                this.log.debug(new StringBuffer().append("Exception while loading SSL configuration, using defaults: ").append(e.getMessage()).toString());
            }
        }
        this.useResumableSessionsTTLCache = false;
    }

    private void useServerCertificate() {
        if (Kernel.isServer()) {
            try {
                if (T3Srvr.getT3Srvr().getSSLListener() != null) {
                    setClientCert(SSLListenThread.getServerCert());
                }
            } catch (NullPointerException e) {
                e.printStackTrace();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initSessionTTLCache() {
        this.useResumableSessionsTTLCache = true;
        int sizeFromProp = getSizeFromProp();
        if (sizeFromProp != 0) {
            this.resumableSessionsCache = new TTLCache(sizeFromProp, getTTLFromProp());
        } else {
            this.useResumableSessionsTTLCache = false;
        }
    }

    private int getSizeFromProp() {
        int intValue;
        String str = null;
        int i = 211;
        try {
            str = System.getProperty("weblogic.security.SSL.sessionCache.size");
        } catch (SecurityException e) {
        }
        if (str != null && (intValue = new Integer(str).intValue()) >= 0) {
            i = intValue;
        }
        if (this.debug) {
            this.log.debug(new StringBuffer().append("SSL Session TTLCache: size ").append(i).toString());
        }
        return i;
    }

    private int getTTLFromProp() {
        int intValue;
        int intValue2;
        String str = null;
        int i = 600;
        try {
            str = System.getProperty("weblogic.security.SSL.sessionCache.ttl");
        } catch (SecurityException e) {
        }
        if (str != null && (intValue2 = new Integer(str).intValue()) > 0) {
            return intValue2;
        }
        try {
            str = System.getProperty("weblogic.security.SSL.sessionCache.ttl.positive");
        } catch (SecurityException e2) {
        }
        if (str != null && (intValue = new Integer(str).intValue()) > 0) {
            i = intValue;
        }
        if (this.debug) {
            this.log.debug(new StringBuffer().append("SSL Session TTLCache: time to live ").append(i).toString());
        }
        return i;
    }

    private SSLCertificate objectToCertificate(Object obj, String str) throws IOException {
        if (obj == null) {
            return null;
        }
        if ("SERVER".equals(obj)) {
            return SSLListenThread.getServerCert();
        }
        if (!(obj instanceof InputStream[])) {
            throw new IOException("SSL_CLIENT_CERTIFICATE is neither SERVER nor an array of InputStreams containing DER encoded X.509 certificates");
        }
        InputStream[] inputStreamArr = (InputStream[]) obj;
        if (inputStreamArr.length < 2) {
            throw new IOException("SSL_CLIENT_CERTIFICATE does not contain key and at least one certificate");
        }
        SSLCertificate sSLCertificate = new SSLCertificate();
        if (str != null) {
            sSLCertificate.privateKey = new RSAPrivateKeyPKCS8(str, inputStreamArr[0]).getKey();
        } else {
            sSLCertificate.privateKey = new RSAPrivateKey(inputStreamArr[0]);
        }
        X509 x509 = new X509();
        x509.input(inputStreamArr[1]);
        if (!x509.verifyDate()) {
            throw new IOException(new StringBuffer().append("Certificate expired or not yet valid: ").append(x509).toString());
        }
        sSLCertificate.certificateList.addElement(x509);
        for (int i = 2; i < inputStreamArr.length; i++) {
            X509 x5092 = new X509();
            x5092.input(inputStreamArr[i]);
            if (!x5092.verifyDate()) {
                throw new IOException(new StringBuffer().append("Issuer certificate expired or not yet valid: ").append(x5092).toString());
            }
            x509.setIssuerCertificate(x5092);
            try {
                if (!x509.verifySignature()) {
                    throw new IOException(new StringBuffer().append("Failed to verify signature for certificate ").append(x509).toString());
                }
                x509 = x5092;
                sSLCertificate.certificateList.addElement(x509);
            } catch (AuthenticationException e) {
                throw new IOException(new StringBuffer().append("Failed to verify signature for certificate ").append(x509).append(": ").append(e).toString());
            } catch (KeyManagementException e2) {
                throw new IOException(new StringBuffer().append("Failed to verify signature for certificate ").append(x509).append(": ").append(e2).toString());
            }
        }
        return sSLCertificate;
    }

    public static boolean getForExport() {
        return false;
    }

    public void setDebugFromProperties() {
        ServerDebugMBean serverDebug;
        if (Kernel.isServer()) {
            try {
                ServerMBean localServer = Admin.getInstance().getLocalServer();
                if (localServer != null && (serverDebug = localServer.getServerDebug()) != null) {
                    this.debug = serverDebug.getDebugSSL();
                }
            } catch (ManagementError e) {
            }
        }
        if (!this.debug) {
            try {
                this.debug = Boolean.getBoolean("ssl.debug") || Boolean.getBoolean("weblogic.security.SSL.verbose") || Boolean.getBoolean("weblogic.security.ssl.verbose");
            } catch (SecurityException e2) {
            }
        }
        this.log = new LogOutputStream("SSL");
        SSLSetup.setDebugEaten();
    }

    public boolean getDebug() {
        return this.debug;
    }

    public void setDebug(boolean z) {
        this.debug = z;
    }

    public String getEnforceCertificateConstraints() {
        return this.enforceCertificateConstraints;
    }

    public void setServerCert(SSLCertificate sSLCertificate) {
        this.serverCert = sSLCertificate;
    }

    public SSLCertificate getServerCert() {
        return this.serverCert;
    }

    public void setClientCert(SSLCertificate sSLCertificate) {
        this.clientCert = sSLCertificate;
    }

    public void setClientCert(InputStream[] inputStreamArr) throws IOException {
        this.clientCert = objectToCertificate(inputStreamArr, this.privateKeyPassword);
    }

    public SSLCertificate getClientCert() {
        return this.clientCert;
    }

    public void setClientCipherSuites(short[] sArr) {
        this.clientCipherSuites = sArr;
    }

    public short[] getClientCipherSuites() {
        return this.clientCipherSuites;
    }

    public void setServerCipherSuites(short[] sArr) {
        this.serverCipherSuites = sArr;
    }

    private Hashtable getPossibleCiphersGetHashtable() {
        Hashtable hashtable = new Hashtable();
        hashtable.put(new Short((short) 0), "SSL_NULL_WITH_NULL_NULL");
        hashtable.put(new Short((short) 1), "SSL_RSA_WITH_NULL_MD5");
        hashtable.put(new Short((short) 2), "SSL_RSA_WITH_NULL_SHA");
        hashtable.put(new Short((short) 3), "SSL_RSA_EXPORT_WITH_RC4_40_MD5");
        hashtable.put(new Short((short) 4), "SSL_RSA_WITH_RC4_128_MD5");
        hashtable.put(new Short((short) 5), "SSL_RSA_WITH_RC4_128_SHA");
        hashtable.put(new Short((short) 8), "SSL_RSA_EXPORT_WITH_DES_40_CBC_SHA");
        hashtable.put(new Short((short) 9), "SSL_RSA_WITH_DES_CBC_SHA");
        hashtable.put(new Short((short) 10), "SSL_RSA_WITH_3DES_EDE_CBC_SHA");
        return hashtable;
    }

    private Hashtable getPossibleCiphersSetHashtable() {
        Hashtable hashtable = new Hashtable();
        hashtable.put("SSL_NULL_WITH_NULL_NULL", new Short((short) 0));
        hashtable.put("SSL_RSA_WITH_NULL_MD5", new Short((short) 1));
        hashtable.put("SSL_RSA_WITH_NULL_SHA", new Short((short) 2));
        hashtable.put("SSL_RSA_EXPORT_WITH_RC4_40_MD5", new Short((short) 3));
        hashtable.put("SSL_RSA_WITH_RC4_128_MD5", new Short((short) 4));
        hashtable.put("SSL_RSA_WITH_RC4_128_SHA", new Short((short) 5));
        hashtable.put("SSL_RSA_EXPORT_WITH_DES_40_CBC_SHA", new Short((short) 8));
        hashtable.put("SSL_RSA_WITH_DES_CBC_SHA", new Short((short) 9));
        hashtable.put("SSL_RSA_WITH_3DES_EDE_CBC_SHA", new Short((short) 10));
        return hashtable;
    }

    public void setServerCipherSuites(String[] strArr) {
        if (strArr == null || strArr.length <= 0) {
            return;
        }
        Hashtable possibleCiphersSetHashtable = getPossibleCiphersSetHashtable();
        short[] sArr = new short[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            Short sh = (Short) possibleCiphersSetHashtable.get(strArr[i].trim());
            if (sh != null) {
                sArr[i] = sh.shortValue();
            } else {
                this.log.debug(new StringBuffer().append("Could not find: ").append(strArr[i]).append(", ignoring.").toString());
            }
        }
        setServerCipherSuites(sArr);
    }

    public short[] getServerCipherSuites() {
        return this.serverCipherSuites;
    }

    public String[] getServerCipherSuitesStrings() {
        String[] strArr = new String[this.serverCipherSuites.length];
        Hashtable possibleCiphersGetHashtable = getPossibleCiphersGetHashtable();
        for (int i = 0; i < this.serverCipherSuites.length; i++) {
            strArr[i] = (String) possibleCiphersGetHashtable.get(new Short(this.serverCipherSuites[i]));
        }
        return strArr;
    }

    public String[] getSupportedCipherSuitesStrings() {
        String[] strArr = new String[normalCipherSuites.length + 1];
        Hashtable possibleCiphersGetHashtable = getPossibleCiphersGetHashtable();
        for (int i = 0; i < normalCipherSuites.length; i++) {
            strArr[i] = (String) possibleCiphersGetHashtable.get(new Short(this.serverCipherSuites[i]));
        }
        strArr[normalCipherSuites.length + 1] = (String) possibleCiphersGetHashtable.get(new Short((short) 0));
        return strArr;
    }

    public void setUseV2Hello(boolean z) {
        this.useV2Hello = z;
    }

    public boolean getUseV2Hello() {
        return this.useV2Hello;
    }

    public void setRequestClientCert(boolean z) {
        this.requestClientCert = z;
    }

    public boolean getRequestClientCert() {
        return this.requestClientCert;
    }

    public void setEnforceClientCert(boolean z) {
        this.enforceClientCert = z;
    }

    public boolean getEnforceClientCert() {
        return this.enforceClientCert;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean needClientCert() {
        return this.requestClientCert || this.enforceClientCert;
    }

    public void setExpectedName(String str) {
        this.expectedName = str;
    }

    public void setHostnameVerifier(HostnameVerifier hostnameVerifier) {
        this.hostnameVerifier = hostnameVerifier;
    }

    public HostnameVerifier getHostnameVerifier() {
        return this.hostnameVerifier;
    }

    public void setTrustManager(TrustManager trustManager) {
        this.trustManager = trustManager;
    }

    public TrustManager getTrustManager() {
        return this.trustManager;
    }

    public void setRootCAFingerprints(byte[][] bArr) {
        this.rootCAfingerprints = bArr;
    }

    public byte[][] getRootCAFingerprints() {
        return this.rootCAfingerprints;
    }

    public void setClientRootCAs(X509[] x509Arr) {
        this.clientRootCAs = x509Arr;
        this.clientRootCANames = new X500Name[x509Arr.length];
        for (int i = 0; i < x509Arr.length; i++) {
            this.clientRootCANames[i] = (X500Name) x509Arr[i].getHolder();
        }
    }

    public X500Name[] getClientRootCAs() {
        return this.clientRootCANames;
    }

    public boolean getUseResumableSessionsTTLCache() {
        return this.useResumableSessionsTTLCache;
    }

    public SessionID getClientResumableSessionID() {
        return this.clientResumableSessionID;
    }

    public SessionParams getClientResumableSessionParams() {
        return this.clientResumableSessionParams;
    }

    public void setClientResumableSession(SessionID sessionID, SessionParams sessionParams) {
        this.clientResumableSessionID = sessionID;
        this.clientResumableSessionParams = sessionParams;
        SSLClientInfo threadSSLClientInfo = Security.getThreadSSLClientInfo();
        threadSSLClientInfo.setSessionID(sessionID);
        threadSSLClientInfo.setSessionParams(sessionParams);
    }

    public TTLCache getResumableSessionTTLCache() {
        if (this.resumableSessionsCache == null) {
            this.resumableSessionsCache = new TTLCache(65537, 600000L);
        }
        return this.resumableSessionsCache;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setResumableSessionCache(TTLCache tTLCache) {
        this.resumableSessionsCache = tTLCache;
    }

    public void setResumableSessionParams(int i, int i2) {
        this.resumableSessionsCache = new TTLCache(i, i2 * 1000);
    }

    public void setSessionParams(SessionParams sessionParams) {
        this.sessionParams = sessionParams;
        this.clientCipherSuites = new short[1];
        this.clientCipherSuites[0] = sessionParams.cipherSuite;
    }

    public SessionParams getSessionParams() {
        return this.sessionParams;
    }

    public void setRNG(RandomBitsSource randomBitsSource) {
        this.rng = randomBitsSource;
    }

    public RandomBitsSource getRNG() {
        return this.rng;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkServerCert(SSLCertificate sSLCertificate) throws IOException {
        if (this.rootCAfingerprints != null && !sSLCertificate.rootCAvalid(this.rootCAfingerprints)) {
            X509 rootCA = sSLCertificate.rootCA();
            throw new IOException(new StringBuffer().append("Untrusted Root CA '").append(rootCA.getHolder().getName()).append("' with ").append(rootCA).toString());
        }
        if (this.expectedName != null) {
            String name = sSLCertificate.leafCert().getHolder().getName();
            if (this.expectedName.equals(name)) {
                return;
            }
            if (this.debug) {
                this.log.debug(new StringBuffer().append("Certificate holder's name '").append(name).append("' does not match the expected name: ").append(this.expectedName).toString());
            }
            throw new IOException(new StringBuffer().append("Certificate holder's name '").append(name).append("' does not match the expected name: ").append(this.expectedName).toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLCertificate patchChain(SSLCertificate sSLCertificate) throws IOException {
        X509 rootCA = sSLCertificate.rootCA();
        X500Name issuer = rootCA.getIssuer();
        if (issuer.equals(rootCA.getHolder())) {
            return sSLCertificate;
        }
        X509[] x509Arr = this.clientRootCAs;
        for (int i = 0; i < x509Arr.length; i++) {
            if (issuer.equals(x509Arr[i].getHolder())) {
                rootCA.setIssuerCertificate(x509Arr[i]);
                try {
                    if (rootCA.verifySignature()) {
                        sSLCertificate.certificateList.addElement(x509Arr[i]);
                        return sSLCertificate;
                    }
                    rootCA.setIssuerCertificate(null);
                } catch (AuthenticationException e) {
                    throw new AssertionError(e);
                } catch (KeyManagementException e2) {
                    throw new AssertionError(e2);
                }
            }
        }
        throw new IOException(new StringBuffer().append("Certificate ").append(rootCA).append(" not issued from configured client root CAs").toString());
    }

    protected synchronized void checkLicenseAndSetCipherSuite() {
        if (this.l_did) {
            return;
        }
        this.l_did = true;
        if (Kernel.isServer()) {
        }
        if (this.debug) {
            this.log.debug(new StringBuffer().append("Before license check - client CipherSuites: ").append(dumpCipherSuites(this.clientCipherSuites)).append(" server CipherSuites: ").append(dumpCipherSuites(this.serverCipherSuites)).toString());
        }
        Properties properties = new Properties();
        properties.put("product", version.getPLInfo()[0]);
        properties.put(ProcessBase.PROP_RELEASE, version.getPLInfo()[1]);
        if (Kernel.isServer()) {
            properties.put(ProcessBase.PROP_IP, "");
        }
        properties.put("component", "SSL/Domestic");
        try {
            ProcessManager.memCheck(properties);
            this.l_fullStrengthLicense = true;
            this.clientCipherSuites = normalCipherSuites;
            this.serverCipherSuites = normalCipherSuites;
            if (this.debug) {
                this.log.debug("SSL/Domestic License found - setting domestic strength ciphersuites");
            }
        } catch (ProcessException e) {
            if (this.debug) {
                this.log.debug("No SSL/Domestic License found");
            }
        }
        if (this.debug) {
            this.log.debug(new StringBuffer().append("After license check - client CipherSuites: ").append(dumpCipherSuites(this.clientCipherSuites)).append(" server CipherSuites: ").append(dumpCipherSuites(this.serverCipherSuites)).toString());
        }
    }

    protected String dumpCipherSuites(short[] sArr) {
        String str = "[";
        for (int i = 0; i < sArr.length; i++) {
            if (i != 0) {
                str = new StringBuffer().append(str).append(",").toString();
            }
            str = new StringBuffer().append(str).append((int) sArr[i]).toString();
        }
        return new StringBuffer().append(str).append("]").toString();
    }
}
