package com.pcbsys.foundation.drivers.jdk.v1_6;

import com.pcbsys.foundation.drivers.configuration.fBaseSSLConfig;
import com.pcbsys.foundation.drivers.jdk.fNSSHelper;
import com.pcbsys.foundation.drivers.jdk.fSSLContextFactory;
import com.pcbsys.foundation.fConstants;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:com/pcbsys/foundation/drivers/jdk/v1_6/fNSSContext.class */
public class fNSSContext implements fSSLContextFactory {
    public Object getSSLEngine(fBaseSSLConfig fbasesslconfig) throws IOException {
        return ((SSLContext) getContext(fbasesslconfig)).createSSLEngine();
    }

    public Object getSSLSocketFactory(fBaseSSLConfig fbasesslconfig) throws IOException {
        return ((SSLContext) getContext(fbasesslconfig)).getServerSocketFactory();
    }

    @Override // com.pcbsys.foundation.drivers.jdk.fSSLContextFactory
    public Object getContext(fBaseSSLConfig fbasesslconfig) throws IOException {
        SSLContext sSLContext;
        if (fbasesslconfig.getKeyStorePassword() == null) {
            throw new IOException("No Keystore password supplied, unable to support SSL");
        }
        fNSSHelper.loadPKCS11NSSFIPSProvider(fbasesslconfig.getPKCS11NSSConfigFile(), fbasesslconfig.getPKCS11NSSName());
        String provider = fbasesslconfig.getProvider();
        try {
            if (provider != null) {
                try {
                    sSLContext = SSLContext.getInstance("TLS", provider);
                } catch (NoSuchProviderException e) {
                    fConstants.logger.info("No such provider found " + provider + " using JVM default");
                    fConstants.logger.fatal(e);
                    sSLContext = SSLContext.getInstance("TLS");
                }
            } else {
                sSLContext = SSLContext.getInstance("TLS");
            }
            if (fConstants.logger.isDebugEnabled()) {
                fConstants.logger.debug("JSSE provider " + sSLContext.getProvider().toString() + " used");
            }
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                KeyStore keyStore = KeyStore.getInstance("PKCS11");
                keyStore.load(null, fbasesslconfig.getKeyStorePassword().toCharArray());
                if (keyStore.size() == 0) {
                    fConstants.logger.fatal("No certificates found in keystore : " + fbasesslconfig.getKeyStore() + ", Alias : " + fbasesslconfig.getAlias());
                    throw new IOException("No certificates found in keystore : " + fbasesslconfig.getKeyStore() + ", Alias : " + fbasesslconfig.getAlias());
                }
                keyManagerFactory.init(keyStore, null);
                try {
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(keyStore);
                    Enumeration<String> aliases = keyStore.aliases();
                    while (aliases.hasMoreElements() && fConstants.logger.isDebugEnabled()) {
                        fConstants.logger.debug("Loaded Certificate " + aliases.nextElement());
                    }
                    sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), loadSecureRandom(fbasesslconfig.getRandomAlgorithm(), fbasesslconfig.getRandomProvider()));
                    fbasesslconfig.getCertRequired();
                    return sSLContext;
                } catch (KeyManagementException e2) {
                    fConstants.logger.fatal("KeyManagement Exception raised during truststore keystore load <" + fbasesslconfig.getTrustStore() + ">");
                    fConstants.logger.fatal(e2);
                    throw new IOException("KeyManagement Exception : " + getMessage(e2));
                } catch (KeyStoreException e3) {
                    fConstants.logger.fatal("KeyStore Exception raised during truststore keystore load <" + fbasesslconfig.getTrustStore() + ">");
                    fConstants.logger.fatal(e3);
                    throw new IOException("Keystore Exception : " + getMessage(e3));
                } catch (NoSuchAlgorithmException e4) {
                    fConstants.logger.fatal("Algorithm not raised during truststore keystore load <" + fbasesslconfig.getTrustStore() + ">");
                    fConstants.logger.fatal(e4);
                    throw new IOException("No such algorithm found : " + getMessage(e4));
                }
            } catch (IOException e5) {
                fConstants.logger.fatal("IOException raised while loading private keystore <" + fbasesslconfig.getKeyStore() + "> : " + getMessage(e5));
                fConstants.logger.fatal(e5);
                throw e5;
            } catch (KeyStoreException e6) {
                fConstants.logger.fatal("KeyStore Exception raised during private keystore load <" + fbasesslconfig.getKeyStore() + ">");
                fConstants.logger.fatal(e6);
                throw new IOException("Keystore Exception : " + getMessage(e6));
            } catch (NoSuchAlgorithmException e7) {
                fConstants.logger.fatal("Algorithm not raised during private keystore load <" + fbasesslconfig.getKeyStore() + ">");
                fConstants.logger.fatal(e7);
                throw new IOException("No such algorithm found : " + getMessage(e7));
            } catch (UnrecoverableKeyException e8) {
                fConstants.logger.fatal("Unrecoverable Key Exception raised during private keystore load <" + fbasesslconfig.getKeyStore() + ">");
                fConstants.logger.fatal(e8);
                throw new IOException("Unrecoverable Key Exception : " + getMessage(e8));
            } catch (CertificateException e9) {
                fConstants.logger.fatal("Certificate error raised during private keystore load <" + fbasesslconfig.getKeyStore() + ">");
                fConstants.logger.fatal(e9);
                throw new IOException("Certificate Exception : " + getMessage(e9));
            }
        } catch (RuntimeException e10) {
            fConstants.logger.fatal("No support for TLS found during initial SSL Context load. Unable to support SSL");
            fConstants.logger.fatal(getMessage(e10));
            throw new IOException("No support for TLS found during initial SSL Context load: " + getMessage(e10));
        } catch (NoSuchAlgorithmException e11) {
            fConstants.logger.fatal("Algorithm not found during initial SSL Context load. Unable to support SSL");
            fConstants.logger.fatal(e11);
            throw new IOException("No such algorithm found during initial SSL Context load : " + getMessage(e11));
        }
    }

    @Override // com.pcbsys.foundation.drivers.jdk.fSSLContextFactory
    public SecureRandom loadSecureRandom(String str, String str2) {
        SecureRandom secureRandom = null;
        if (str != null && str.length() > 1) {
            try {
                if (str2 != null) {
                    secureRandom = SecureRandom.getInstance(str, str2);
                    if (fConstants.logger.isDebugEnabled()) {
                        fConstants.logger.debug("Using secure random generator algoritm : " + str + " provided by " + str2);
                    }
                } else {
                    secureRandom = SecureRandom.getInstance(str);
                    if (fConstants.logger.isDebugEnabled()) {
                        fConstants.logger.debug("Using secure random generator algoritm : " + str);
                    }
                }
            } catch (Exception e) {
                fConstants.logger.log("Unable to load secure random generator algoritm : " + str + " using default");
            }
        } else if (fConstants.logger.isDebugEnabled()) {
            fConstants.logger.debug("Using default SecureRandom generator");
        }
        return secureRandom;
    }

    private static String getMessage(Exception exc) {
        return exc != null ? (exc.getMessage() == null || exc.getMessage().length() <= 0) ? exc.getClass().toString() : exc.getMessage() : "Unknown exception raised, is Null";
    }
}
