package com.datastax.dse.byos.shade.com.cryptsoft.kmip;

import com.datastax.dse.byos.shade.com.cryptsoft.codec.B64;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.Socket;
import java.net.SocketException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.fusesource.jansi.AnsiRenderer;

/* loaded from: input_file:com/datastax/dse/byos/shade/com/cryptsoft/kmip/TlsKmipConnection.class */
public class TlsKmipConnection implements KmipConnection {
    public static final int DEFAULT_TIMEOUT = 30000;
    public static final String DEFAULT_SSL_TRUST_MANAGER_ALG = "PKIX";
    public static final String DEFAULT_SSL_VERIFY = "true";
    public static final String DEFAULT_SSL_PROTOCOL = "TLSv1";
    public static final String COM_CRYPTSOFT_KMIP_HOST = "com.datastax.dse.byos.shade.com.cryptsoft.kmip.host";
    public static final String COM_CRYPTSOFT_KMIP_PORT = "com.datastax.dse.byos.shade.com.cryptsoft.kmip.port";
    public static final String COM_CRYPTSOFT_KMIP_TIMEOUT = "com.datastax.dse.byos.shade.com.cryptsoft.kmip.timeout";
    public static final String COM_CRYPTSOFT_KMIP_KEY_STORE = "com.datastax.dse.byos.shade.com.cryptsoft.kmip.keyStore";
    public static final String COM_CRYPTSOFT_KMIP_KEY_STORE_TYPE = "com.datastax.dse.byos.shade.com.cryptsoft.kmip.keyStoreType";
    public static final String COM_CRYPTSOFT_KMIP_KEY_STORE_PASSWORD = "com.datastax.dse.byos.shade.com.cryptsoft.kmip.keyStorePassword";
    public static final String COM_CRYPTSOFT_KMIP_KEY_STORE_PROVIDER = "com.datastax.dse.byos.shade.com.cryptsoft.kmip.keyStoreProvider";
    public static final String COM_CRYPTSOFT_KMIP_TRUST_STORE = "com.datastax.dse.byos.shade.com.cryptsoft.kmip.trustStore";
    public static final String COM_CRYPTSOFT_KMIP_TRUST_STORE_TYPE = "com.datastax.dse.byos.shade.com.cryptsoft.kmip.trustStoreType";
    public static final String COM_CRYPTSOFT_KMIP_TRUST_STORE_PASSWORD = "com.datastax.dse.byos.shade.com.cryptsoft.kmip.trustStorePassword";
    public static final String COM_CRYPTSOFT_KMIP_TRUST_STORE_PROVIDER = "com.datastax.dse.byos.shade.com.cryptsoft.kmip.trustStoreProvider";
    public static final String COM_CRYPTSOFT_KMIP_SSL_TRUST_MANAGER_ALG = "com.datastax.dse.byos.shade.com.cryptsoft.kmip.sslTrustManagerAlg";
    public static final String COM_CRYPTSOFT_KMIP_SSL_VERIFY = "com.datastax.dse.byos.shade.com.cryptsoft.kmip.sslVerify";
    public static final String COM_CRYPTSOFT_KMIP_SSL_PROTOCOL = "com.datastax.dse.byos.shade.com.cryptsoft.kmip.sslProtocol";
    public static final String COM_CRYPTSOFT_KMIP_SSL_CIPHER_SUITES = "com.datastax.dse.byos.shade.com.cryptsoft.kmip.sslCipherSuites";
    public static final String COM_CRYPTSOFT_KMIP_SSL_CONNECT_PROXY_HOST = "com.datastax.dse.byos.shade.com.cryptsoft.kmip.sslConnectProxy.host";
    public static final String COM_CRYPTSOFT_KMIP_SSL_CONNECT_PROXY_PORT = "com.datastax.dse.byos.shade.com.cryptsoft.kmip.sslConnectProxy.port";
    public static final String COM_CRYPTSOFT_KMIP_SSL_CONNECT_PROXY_USERNAME = "com.datastax.dse.byos.shade.com.cryptsoft.kmip.sslConnectProxy.username";
    public static final String COM_CRYPTSOFT_KMIP_SSL_CONNECT_PROXY_PASSWORD = "com.datastax.dse.byos.shade.com.cryptsoft.kmip.sslConnectProxy.password";
    private SSLSocket b;
    private InputStream c;
    private OutputStream d;
    private String e;
    private Integer f;
    protected int timeout;
    protected String sslTrustManagerAlg;
    protected String sslVerify;
    protected String sslProtocol;
    protected String[] sslCipherSuites;
    protected String sslConnectProxyHost;
    protected int sslConnectProxyPort;
    protected String sslConnectProxyUsername;
    protected String sslConnectProxyPassword;
    private String g;
    private int h;
    private SSLContext i;
    private boolean j;
    private static final Log a = LogFactory.getLog(TlsKmipConnection.class);
    public static final String[] DEFAULT_SSL_CIPHER_SUITES = {"TLS_RSA_WITH_AES_128_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA"};

    public TlsKmipConnection() throws IOException {
        this("kmip.properties");
    }

    public TlsKmipConnection(String str) throws IOException {
        this(Kmip.a(str));
    }

    public TlsKmipConnection(InputStream inputStream) throws IOException {
        this(Kmip.a(inputStream));
    }

    public TlsKmipConnection(Map<String, String> map) {
        this.timeout = 30000;
        this.sslTrustManagerAlg = DEFAULT_SSL_TRUST_MANAGER_ALG;
        this.sslVerify = "true";
        this.sslProtocol = DEFAULT_SSL_PROTOCOL;
        this.sslCipherSuites = DEFAULT_SSL_CIPHER_SUITES;
        this.sslConnectProxyPort = -1;
        this.h = -1;
        init(map);
    }

    public TlsKmipConnection(String str, int i) throws GeneralSecurityException, IOException {
        this(str, i, null, null, null, null);
    }

    public TlsKmipConnection(String str, int i, Integer num, KeyStore keyStore, String str2, KeyStore keyStore2) throws GeneralSecurityException, IOException {
        this.timeout = 30000;
        this.sslTrustManagerAlg = DEFAULT_SSL_TRUST_MANAGER_ALG;
        this.sslVerify = "true";
        this.sslProtocol = DEFAULT_SSL_PROTOCOL;
        this.sslCipherSuites = DEFAULT_SSL_CIPHER_SUITES;
        this.sslConnectProxyPort = -1;
        this.h = -1;
        this.e = str;
        this.f = Integer.valueOf(i);
        this.timeout = num != null ? this.timeout : 30000;
        a(keyStore, str2, keyStore2, DEFAULT_SSL_TRUST_MANAGER_ALG, DEFAULT_SSL_PROTOCOL, "true");
    }

    public TlsKmipConnection(String str, int i, Integer num, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9) throws GeneralSecurityException, IOException {
        this(str, i, num, getKeyStore(str2, str3, str4, str5), str4, getKeyStore(str6, str7, str8, str9));
    }

    @Override // com.datastax.dse.byos.shade.com.cryptsoft.kmip.KmipConnection
    public void init(Map<String, String> map) {
        HashMap hashMap = new HashMap();
        hashMap.put(COM_CRYPTSOFT_KMIP_HOST, System.getProperty(COM_CRYPTSOFT_KMIP_HOST));
        hashMap.put(COM_CRYPTSOFT_KMIP_PORT, System.getProperty(COM_CRYPTSOFT_KMIP_PORT));
        hashMap.put(COM_CRYPTSOFT_KMIP_TIMEOUT, System.getProperty(COM_CRYPTSOFT_KMIP_TIMEOUT));
        hashMap.put(COM_CRYPTSOFT_KMIP_KEY_STORE, System.getProperty(COM_CRYPTSOFT_KMIP_KEY_STORE));
        hashMap.put(COM_CRYPTSOFT_KMIP_KEY_STORE_TYPE, System.getProperty(COM_CRYPTSOFT_KMIP_KEY_STORE_TYPE));
        hashMap.put(COM_CRYPTSOFT_KMIP_KEY_STORE_PASSWORD, System.getProperty(COM_CRYPTSOFT_KMIP_KEY_STORE_PASSWORD));
        hashMap.put(COM_CRYPTSOFT_KMIP_TRUST_STORE, System.getProperty(COM_CRYPTSOFT_KMIP_TRUST_STORE));
        hashMap.put(COM_CRYPTSOFT_KMIP_TRUST_STORE_TYPE, System.getProperty(COM_CRYPTSOFT_KMIP_TRUST_STORE_TYPE));
        hashMap.put(COM_CRYPTSOFT_KMIP_TRUST_STORE_PASSWORD, System.getProperty(COM_CRYPTSOFT_KMIP_TRUST_STORE_PASSWORD));
        hashMap.put(COM_CRYPTSOFT_KMIP_SSL_TRUST_MANAGER_ALG, System.getProperty(COM_CRYPTSOFT_KMIP_SSL_TRUST_MANAGER_ALG));
        hashMap.put(COM_CRYPTSOFT_KMIP_SSL_PROTOCOL, System.getProperty(COM_CRYPTSOFT_KMIP_SSL_PROTOCOL));
        hashMap.put(COM_CRYPTSOFT_KMIP_SSL_CIPHER_SUITES, System.getProperty(COM_CRYPTSOFT_KMIP_SSL_CIPHER_SUITES));
        hashMap.put(COM_CRYPTSOFT_KMIP_SSL_CONNECT_PROXY_HOST, System.getProperty(COM_CRYPTSOFT_KMIP_SSL_CONNECT_PROXY_HOST));
        hashMap.put(COM_CRYPTSOFT_KMIP_SSL_CONNECT_PROXY_PORT, System.getProperty(COM_CRYPTSOFT_KMIP_SSL_CONNECT_PROXY_PORT));
        hashMap.put(COM_CRYPTSOFT_KMIP_SSL_CONNECT_PROXY_USERNAME, System.getProperty(COM_CRYPTSOFT_KMIP_SSL_CONNECT_PROXY_USERNAME));
        hashMap.put(COM_CRYPTSOFT_KMIP_SSL_CONNECT_PROXY_PASSWORD, System.getProperty(COM_CRYPTSOFT_KMIP_SSL_CONNECT_PROXY_PASSWORD));
        HashMap hashMap2 = new HashMap(hashMap);
        if (map != null) {
            hashMap2.putAll(map);
        }
        if (hashMap2.get(COM_CRYPTSOFT_KMIP_HOST) == null || hashMap2.get(COM_CRYPTSOFT_KMIP_PORT) == null) {
            throw new IllegalArgumentException("Properties com.cryptsoft.kmip.host and com.cryptsoft.kmip.port must be set as either System properties or in a user-supplied properties file.  Got system props: " + hashMap + ", user props (higher precedence): " + map);
        }
        this.e = (String) hashMap2.get(COM_CRYPTSOFT_KMIP_HOST);
        try {
            this.f = Integer.valueOf(Integer.parseInt((String) hashMap2.get(COM_CRYPTSOFT_KMIP_PORT)));
            String str = (String) hashMap2.get(COM_CRYPTSOFT_KMIP_TIMEOUT);
            this.timeout = str != null ? Integer.parseInt(str) : 30000;
            String str2 = (String) hashMap2.get(COM_CRYPTSOFT_KMIP_SSL_TRUST_MANAGER_ALG);
            this.sslTrustManagerAlg = str2 != null ? str2 : DEFAULT_SSL_TRUST_MANAGER_ALG;
            String str3 = (String) hashMap2.get(COM_CRYPTSOFT_KMIP_SSL_VERIFY);
            this.sslVerify = str3 != null ? str3 : "true";
            String str4 = (String) hashMap2.get(COM_CRYPTSOFT_KMIP_SSL_PROTOCOL);
            this.sslProtocol = str4 != null ? str4 : DEFAULT_SSL_PROTOCOL;
            String str5 = (String) hashMap2.get(COM_CRYPTSOFT_KMIP_SSL_CIPHER_SUITES);
            this.sslCipherSuites = str5 != null ? str5.split(AnsiRenderer.CODE_LIST_SEPARATOR) : DEFAULT_SSL_CIPHER_SUITES;
            this.sslConnectProxyHost = (String) hashMap2.get(COM_CRYPTSOFT_KMIP_SSL_CONNECT_PROXY_HOST);
            String str6 = (String) hashMap2.get(COM_CRYPTSOFT_KMIP_SSL_CONNECT_PROXY_PORT);
            this.sslConnectProxyPort = str6 == null ? -1 : Integer.parseInt(str6);
            this.sslConnectProxyUsername = (String) hashMap2.get(COM_CRYPTSOFT_KMIP_SSL_CONNECT_PROXY_USERNAME);
            this.sslConnectProxyPassword = (String) hashMap2.get(COM_CRYPTSOFT_KMIP_SSL_CONNECT_PROXY_PASSWORD);
            String str7 = (String) hashMap2.get(COM_CRYPTSOFT_KMIP_KEY_STORE_PASSWORD);
            a(getKeyStore((String) hashMap2.get(COM_CRYPTSOFT_KMIP_KEY_STORE), (String) hashMap2.get(COM_CRYPTSOFT_KMIP_KEY_STORE_TYPE), str7, (String) hashMap2.get(COM_CRYPTSOFT_KMIP_KEY_STORE_PROVIDER)), str7, getKeyStore((String) hashMap2.get(COM_CRYPTSOFT_KMIP_TRUST_STORE), (String) hashMap2.get(COM_CRYPTSOFT_KMIP_TRUST_STORE_TYPE), (String) hashMap2.get(COM_CRYPTSOFT_KMIP_TRUST_STORE_PASSWORD), (String) hashMap2.get(COM_CRYPTSOFT_KMIP_TRUST_STORE_PROVIDER)), this.sslTrustManagerAlg, this.sslProtocol, this.sslVerify);
        } catch (Exception e) {
            throw new KmipException("Error creating kmip from properties.  Got system props: " + hashMap + ", user props (higher precedence): " + map, e);
        }
    }

    private void a(KeyStore keyStore, String str, KeyStore keyStore2, String str2, String str3, String str4) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException {
        KeyManager[] keyManagerArr = null;
        if (keyStore != null && str != null) {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, str.toCharArray());
            keyManagerArr = keyManagerFactory.getKeyManagers();
        }
        TrustManager[] trustManagerArr = null;
        if (!Boolean.parseBoolean(str4)) {
            trustManagerArr = new TrustManager[]{new X509TrustManager(this) { // from class: com.datastax.dse.byos.shade.com.cryptsoft.kmip.TlsKmipConnection.1
                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str5) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str5) {
                }
            }};
        } else if (keyStore2 != null) {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str2);
            trustManagerFactory.init(keyStore2);
            trustManagerArr = trustManagerFactory.getTrustManagers();
        }
        this.i = SSLContext.getInstance(str3);
        this.i.init(keyManagerArr, trustManagerArr, null);
    }

    protected static KeyStore getKeyStore(String str, String str2, String str3, String str4) throws GeneralSecurityException, IOException {
        KeyStore keyStore;
        if (str == null || str2 == null || str3 == null) {
            return null;
        }
        FileInputStream fileInputStream = new FileInputStream(str);
        if (str4 != null) {
            try {
                keyStore = KeyStore.getInstance(str2, str4);
            } catch (Exception unused) {
            }
            keyStore.load(fileInputStream, str3.toCharArray());
            fileInputStream.close();
            return keyStore;
        }
        keyStore = KeyStore.getInstance(str2);
        keyStore.load(fileInputStream, str3.toCharArray());
        fileInputStream.close();
        return keyStore;
    }

    private void a() throws IOException {
        SSLSocketFactory socketFactory = this.i.getSocketFactory();
        if (this.sslConnectProxyHost == null || this.sslConnectProxyPort == -1) {
            this.b = (SSLSocket) socketFactory.createSocket(this.e, this.f.intValue());
        } else {
            String str = "";
            String str2 = "";
            if (this.sslConnectProxyUsername != null && this.sslConnectProxyPassword != null) {
                str = "Proxy-Authorization: Basic " + B64.b2s((this.sslConnectProxyUsername + ":" + this.sslConnectProxyPassword).getBytes()) + "\r\n";
                str2 = " using Basic Auth username: " + this.sslConnectProxyUsername;
            }
            a.info("Using connect proxy: " + this.sslConnectProxyHost + ":" + this.sslConnectProxyPort + " to connect to " + this.e + ":" + this.f + str2);
            Socket socket = new Socket(this.sslConnectProxyHost, this.sslConnectProxyPort);
            socket.getOutputStream().write(("CONNECT " + this.e + ":" + this.f + " HTTP/1.0\r\n" + str + "Proxy-Connection: Keep-Alive\r\n\r\n").getBytes());
            a.info("proxy response: " + new BufferedReader(new InputStreamReader(socket.getInputStream())).readLine());
            this.b = (SSLSocket) socketFactory.createSocket(socket, this.sslConnectProxyHost, this.sslConnectProxyPort, true);
        }
        this.b.setSoTimeout(this.timeout);
        this.b.setEnabledProtocols(new String[]{this.sslProtocol});
        this.b.setEnabledCipherSuites(this.sslCipherSuites);
        this.g = this.b.getLocalAddress().getHostAddress();
        this.h = this.b.getLocalPort();
        this.c = this.b.getInputStream();
        this.d = this.b.getOutputStream();
        this.j = true;
    }

    @Override // com.datastax.dse.byos.shade.com.cryptsoft.kmip.KmipConnection
    public TTLV send(TTLV ttlv) throws IOException {
        if (!this.j) {
            a();
        }
        try {
            byte[] encode = ttlv.encode();
            try {
                this.d.write(encode);
            } catch (SocketException unused) {
                a();
                this.d.write(encode);
            }
            return new TTLV("ResponseMessage", this.c);
        } catch (IOException e) {
            try {
                close();
            } catch (Exception unused2) {
            }
            throw e;
        }
    }

    @Override // com.datastax.dse.byos.shade.com.cryptsoft.kmip.KmipConnection
    public void close() throws IOException {
        if (this.j) {
            this.j = false;
            this.b.close();
            this.h = -1;
        }
    }

    @Override // com.datastax.dse.byos.shade.com.cryptsoft.kmip.KmipConnection
    public String getClientHost() {
        return this.g;
    }

    @Override // com.datastax.dse.byos.shade.com.cryptsoft.kmip.KmipConnection
    public int getClientPort() {
        return this.h;
    }

    @Override // com.datastax.dse.byos.shade.com.cryptsoft.kmip.KmipConnection
    public String getServerHost() {
        return this.e;
    }

    @Override // com.datastax.dse.byos.shade.com.cryptsoft.kmip.KmipConnection
    public int getServerPort() {
        return this.f.intValue();
    }

    public SSLContext getSSLContext() {
        return this.i;
    }

    public void setTimeout(int i) {
        this.timeout = i;
    }
}
