package com.sap.conn.rfc.driver.security;

import com.sap.conn.jco.JCoException;
import com.sap.conn.jco.ext.DataProviderException;
import com.sap.conn.jco.rt.Obfuscator;
import com.sap.conn.jco.rt.Trace;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;

/* loaded from: input_file:com/sap/conn/rfc/driver/security/P12FileSSLContextProvider.class */
public class P12FileSSLContextProvider implements SSLContextProvider {
    private final File p12File;
    private final String p12FilePath;
    private byte[] p12FilePwd;
    private long p12FileLastLoaded;
    private X509Certificate clientCert;
    private boolean checkClientCertForLogon;
    protected SSLContext sslContext;

    /* JADX INFO: Access modifiers changed from: protected */
    public P12FileSSLContextProvider() {
        this.p12FileLastLoaded = Long.MIN_VALUE;
        this.clientCert = null;
        this.checkClientCertForLogon = false;
        this.p12File = null;
        this.p12FilePath = null;
    }

    public P12FileSSLContextProvider(String str, byte[] bArr, boolean z) {
        this.p12FileLastLoaded = Long.MIN_VALUE;
        this.clientCert = null;
        this.checkClientCertForLogon = false;
        this.checkClientCertForLogon = z;
        this.p12File = new File(str);
        if (!this.p12File.exists()) {
            String absolutePath = this.p12File.getAbsolutePath();
            if (!str.equals(absolutePath)) {
                throw new DataProviderException(DataProviderException.Reason.IO_ERROR, new StringBuilder(str.length() + absolutePath.length() + 52).append("Configured p12 file \"").append(str).append("\" not found at path location \"").append(absolutePath).append('\"').toString(), null);
            }
            throw new DataProviderException(DataProviderException.Reason.IO_ERROR, new StringBuilder(str.length() + 32).append("Configured p12 file \"").append(str).append("\" not found").toString(), null);
        }
        if (!this.p12File.canRead()) {
            String absolutePath2 = this.p12File.getAbsolutePath();
            throw new DataProviderException(DataProviderException.Reason.IO_ERROR, new StringBuilder(absolutePath2.length() + 33).append("Read access to p12 file \"").append(absolutePath2).append("\" denied").toString(), null);
        }
        this.p12FilePath = str;
        this.p12FilePwd = bArr;
        loadSSLContextFromFile();
    }

    private void loadSSLContextFromFile() {
        BufferedInputStream bufferedInputStream = null;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                bufferedInputStream = new BufferedInputStream(new FileInputStream(this.p12File));
                char[] charArray = Obfuscator.decode(this.p12FilePwd).toCharArray();
                keyStore.load(bufferedInputStream, charArray);
                if (keyStore.size() == 0 && Trace.isOn(2)) {
                    String absolutePath = this.p12File.getAbsolutePath();
                    Trace.fireTrace(2, new StringBuilder(absolutePath.length() + 167).append("[JCoAPI] P12 file \"").append(absolutePath).append("\" does not contain any keystore entries. Either the file is empty or ").append("the currently used JRE's KeyStore implementation does not support PKCS12 files.").toString());
                }
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, charArray);
                if (this.checkClientCertForLogon) {
                    searchForCertsWithPrivateKey(keyStore, keyManagerFactory);
                }
                Arrays.fill(charArray, (char) 0);
                TrustManager[] createTrustManagers = createTrustManagers(keyStore);
                this.sslContext = SSLContext.getInstance("TLS");
                this.sslContext.init(keyManagerFactory.getKeyManagers(), createTrustManagers, null);
                this.p12FileLastLoaded = System.currentTimeMillis();
                if (bufferedInputStream != null) {
                    try {
                        bufferedInputStream.close();
                    } catch (IOException e) {
                    }
                }
            } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e2) {
                String absolutePath2 = this.p12File.getAbsolutePath();
                throw new DataProviderException(DataProviderException.Reason.INVALID_CONFIGURATION, new StringBuilder(absolutePath2.length() + 45).append("Failed to create SSL context from p12 file \"").append(absolutePath2).append('\"').toString(), e2);
            }
        } catch (Throwable th) {
            if (bufferedInputStream != null) {
                try {
                    bufferedInputStream.close();
                } catch (IOException e3) {
                    throw th;
                }
            }
            throw th;
        }
    }

    private void searchForCertsWithPrivateKey(KeyStore keyStore, KeyManagerFactory keyManagerFactory) throws KeyStoreException {
        String str = null;
        ArrayList list = Collections.list(keyStore.aliases());
        for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
            if (keyManager instanceof X509KeyManager) {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    String str2 = (String) it.next();
                    if (((X509KeyManager) keyManager).getPrivateKey(str2) != null) {
                        if (str != null) {
                            throw new DataProviderException(DataProviderException.Reason.IO_ERROR, new StringBuilder(this.p12FilePath.length() + 116).append("Configured p12 file at path location \"").append(this.p12FilePath).append("\" contains multiple private keys. This would lead to undefined logon behavior.").toString(), null);
                        }
                        str = str2;
                    }
                }
            }
        }
        if (str == null) {
            throw new DataProviderException(DataProviderException.Reason.IO_ERROR, new StringBuilder(this.p12FilePath.length() + JCoException.JCO_ERROR_STATE_BUSY).append("Configured p12 file at path location \"").append(this.p12FilePath).append("\" contains no private keys. This would lead to undefined logon behavior.").toString(), null);
        }
        this.clientCert = (X509Certificate) keyStore.getCertificate(str);
        if (Trace.isOn(4)) {
            Trace.fireTrace(4, "[JCoAPI] Extracting client certificate:\n" + this.clientCert.toString());
        }
    }

    protected TrustManager[] createTrustManagers(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    @Override // com.sap.conn.rfc.driver.security.SSLContextProvider
    public SSLContext getSSLContext() {
        reloadP12FileIfChanged();
        return this.sslContext;
    }

    @Override // com.sap.conn.rfc.driver.security.SSLContextProvider
    public X509Certificate getClientCertificate() {
        reloadP12FileIfChanged();
        return this.clientCert;
    }

    private void reloadP12FileIfChanged() {
        if (this.p12File != null) {
            long lastModified = this.p12File.lastModified();
            if (lastModified > this.p12FileLastLoaded) {
                synchronized (this.p12File) {
                    if (lastModified > this.p12FileLastLoaded) {
                        loadSSLContextFromFile();
                    }
                }
            }
        }
    }

    public boolean update(String str, byte[] bArr) {
        if (!this.p12FilePath.equals(str)) {
            return false;
        }
        if (Arrays.equals(this.p12FilePwd, bArr)) {
            return true;
        }
        if (Obfuscator.decode(this.p12FilePwd).equals(Obfuscator.decode(bArr))) {
            this.p12FilePwd = bArr;
            return true;
        }
        synchronized (this.p12File) {
            this.p12FileLastLoaded = Long.MIN_VALUE;
            this.p12FilePwd = bArr;
            loadSSLContextFromFile();
        }
        return true;
    }
}
