package com.sun.identity.liberty.ws.soapbinding;

import com.sun.identity.common.HttpURLConnectionManager;
import com.sun.identity.common.SystemConfigurationUtil;
import com.sun.identity.liberty.ws.security.SecurityUtils;
import com.sun.identity.saml.xmlsig.JKSKeyProvider;
import com.sun.identity.shared.configuration.SystemPropertiesManager;
import com.sun.identity.shared.xml.XMLUtils;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.SSLContextBuilder;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:com/sun/identity/liberty/ws/soapbinding/Client.class */
public class Client {
    private static KeyManager[] kms = null;
    private static TrustManager[] tms = null;
    private static X509KeyManager defaultX509km = null;
    private static String defaultCertAlias;
    private static final String SOAP_KEYSTORE_FILE_PROP = "com.sun.identity.liberty.ws.soap.truststore";
    private static final String SOAP_KEYSTORE_PASS_FILE_PROP = "com.sun.identity.liberty.ws.soap.storepass";
    private static final String SOAP_KEYSTORE_TYPE_PROP = "com.sun.identity.liberty.ws.soap.storetype";
    private static final String SOAP_PRIVATE_KEY_PASS_FILE_PROP = "com.sun.identity.liberty.ws.soap.keypass";
    private static final String SOAP_TRUST_MNGR_PROP = "com.sun.identity.liberty.ws.soap.trustmanager";
    private static final String SOAP_TRUST_SECMNGR_ALGO_PROP = "com.sun.identity.liberty.ws.soap.securitymanager.algorithm";

    private Client() {
    }

    public static Message sendRequest(Message message, String str) throws SOAPBindingException, SOAPFaultException {
        return sendRequest(message, str, null, null);
    }

    public static Message sendRequest(Message message, String str, String str2) throws SOAPBindingException, SOAPFaultException {
        return sendRequest(message, str, str2, null);
    }

    /* JADX WARN: Finally extract failed */
    public static Message sendRequest(Message message, String str, String str2, String str3) throws SOAPBindingException, SOAPFaultException {
        Document document;
        try {
            URLConnection connection = getConnection(str, str2);
            if (str3 == null || str3.length() == 0) {
                str3 = "";
            }
            connection.setRequestProperty("SOAPAction", str3);
            int securityProfileType = message.getSecurityProfileType();
            if (securityProfileType == 0 || securityProfileType == 3) {
                document = message.toDocument(true);
            } else {
                Element signMessage = SecurityUtils.signMessage(message);
                if (signMessage == null) {
                    String string = Utils.bundle.getString("cannotSignRequest");
                    Utils.debug.error("Client.sendRequest: " + string);
                    throw new SOAPBindingException(string);
                }
                document = signMessage.getOwnerDocument();
            }
            if (Utils.debug.messageEnabled()) {
                Utils.debug.message("Client.sendRequest: signed request\n" + message);
            }
            OutputStream outputStream = null;
            try {
                try {
                    outputStream = connection.getOutputStream();
                    Transformer newTransformer = XMLUtils.getTransformerFactory().newTransformer();
                    newTransformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
                    newTransformer.transform(new DOMSource(document.getDocumentElement()), new StreamResult(outputStream));
                    if (outputStream != null) {
                        try {
                            outputStream.close();
                        } catch (Exception e) {
                            Utils.debug.error("Client:sendRequest", e);
                        }
                    }
                    InputStream inputStream = null;
                    try {
                        try {
                            InputStream inputStream2 = connection.getInputStream();
                            Message message2 = new Message(inputStream2);
                            if (message2.getSOAPFault() != null) {
                                throw new SOAPFaultException(message2);
                            }
                            Utils.enforceProcessingRules(message2, message.getCorrelationHeader().getMessageID(), false);
                            if (inputStream2 != null) {
                                try {
                                    inputStream2.close();
                                } catch (Exception e2) {
                                    Utils.debug.error("Client:sendRequest", e2);
                                }
                            }
                            message2.setProtocol(connection.getURL().getProtocol());
                            if (message2.getSecurityProfileType() == 0 || SecurityUtils.verifyMessage(message2)) {
                                return message2;
                            }
                            String string2 = Utils.bundle.getString("cannotVerifySignature");
                            Utils.debug.error("Client.sendRequest: " + string2);
                            throw new SOAPBindingException(string2);
                        } catch (Throwable th) {
                            if (0 != 0) {
                                try {
                                    inputStream.close();
                                } catch (Exception e3) {
                                    Utils.debug.error("Client:sendRequest", e3);
                                }
                            }
                            throw th;
                        }
                    } catch (IOException e4) {
                        Utils.debug.error("Client:sendRequest", e4);
                        throw new SOAPBindingException(e4.getMessage());
                    }
                } catch (Throwable th2) {
                    if (outputStream != null) {
                        try {
                            outputStream.close();
                        } catch (Exception e5) {
                            Utils.debug.error("Client:sendRequest", e5);
                        }
                    }
                    throw th2;
                }
            } catch (Exception e6) {
                Utils.debug.error("Client:sendRequest", e6);
                throw new SOAPBindingException(e6.getMessage());
            }
        } catch (Exception e7) {
            Utils.debug.error("Client:sendRequest", e7);
            throw new SOAPBindingException(e7.getMessage());
        }
    }

    private static URLConnection getConnection(String str, String str2) throws Exception {
        HttpURLConnection connection = HttpURLConnectionManager.getConnection(new URL(str));
        if (Utils.debug.messageEnabled()) {
            Utils.debug.message("Client.getConnection: con class = " + connection.getClass());
        }
        if (connection instanceof HttpsURLConnection) {
            if (kms == null) {
                initializeJSSE();
            }
            if (str2 != null) {
                kms[0] = new WSX509KeyManager(defaultX509km, str2);
            } else {
                kms[0] = new WSX509KeyManager(defaultX509km, defaultCertAlias);
            }
            SSLContext sSLContext = SSLContext.getInstance(SSLContextBuilder.PROTOCOL_TLS);
            sSLContext.init(kms, tms, null);
            ((HttpsURLConnection) connection).setSSLSocketFactory(sSLContext.getSocketFactory());
        } else if (Utils.debug.warningEnabled()) {
            Utils.debug.warning("Client.getConnection: not instance of HttpsURLConnection, client cert not selected.");
        }
        connection.setDoInput(true);
        connection.setDoOutput(true);
        connection.setRequestProperty("content-type", "text/xml");
        return connection;
    }

    private static void initializeJSSE() throws Exception {
        Provider provider = Security.getProvider("SunJSSE");
        if (provider != null) {
            Security.removeProvider("SunJSSE");
            Security.insertProviderAt(provider, 1);
        }
        String str = SystemPropertiesManager.get(SOAP_TRUST_SECMNGR_ALGO_PROP);
        if (str == null || str.length() <= 0) {
            str = "SunX509";
        }
        JKSKeyProvider createKeyProvider = createKeyProvider();
        KeyStore keyStore = createKeyProvider.getKeyStore();
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
        keyManagerFactory.init(keyStore, createKeyProvider.getPrivateKeyPass().toCharArray());
        kms = keyManagerFactory.getKeyManagers();
        defaultX509km = (X509KeyManager) kms[0];
        defineTrustManager(keyStore, str);
    }

    private static void defineTrustManager(KeyStore keyStore, String str) throws SOAPBindingException {
        boolean z = false;
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            String str2 = SystemPropertiesManager.get(SOAP_TRUST_MNGR_PROP);
            if (str2 == null || str2.length() <= 0) {
                tms = trustManagers;
            } else {
                tms = new TrustManager[trustManagers.length + 1];
                tms[0] = (TrustManager) Class.forName(str2).newInstance();
                for (int i = 0; i < trustManagers.length; i++) {
                    tms[i + 1] = trustManagers[i];
                }
            }
        } catch (ClassNotFoundException e) {
            Utils.debug.error("Client.defineTrustManager class not found: ", e);
            z = true;
        } catch (IllegalAccessException e2) {
            Utils.debug.error("Client.defineTrustManager illegal access: ", e2);
            z = true;
        } catch (InstantiationException e3) {
            Utils.debug.error("Client.defineTrustManager cannot instantiate: ", e3);
            z = true;
        } catch (KeyStoreException e4) {
            Utils.debug.error("Client.defineTrustManager keystore: ", e4);
            z = true;
        } catch (NoSuchAlgorithmException e5) {
            Utils.debug.error("Client.defineTrustManager no algorithm: ", e5);
            z = true;
        }
        if (z) {
            throw new SOAPBindingException(Utils.bundle.getString("cannotDefineTrustManager"));
        }
    }

    private static boolean useSpecificTrustStore() {
        return (SystemConfigurationUtil.getProperty(SOAP_KEYSTORE_FILE_PROP) == null || SystemConfigurationUtil.getProperty(SOAP_KEYSTORE_PASS_FILE_PROP) == null || SystemConfigurationUtil.getProperty(SOAP_KEYSTORE_TYPE_PROP) == null || SystemConfigurationUtil.getProperty(SOAP_PRIVATE_KEY_PASS_FILE_PROP) == null) ? false : true;
    }

    private static JKSKeyProvider createKeyProvider() {
        return useSpecificTrustStore() ? new JKSKeyProvider(SOAP_KEYSTORE_FILE_PROP, SOAP_KEYSTORE_PASS_FILE_PROP, SOAP_KEYSTORE_TYPE_PROP, SOAP_PRIVATE_KEY_PASS_FILE_PROP) : new JKSKeyProvider();
    }

    static {
        defaultCertAlias = null;
        defaultCertAlias = SystemPropertiesManager.get("com.sun.identity.liberty.ws.soap.certalias");
    }
}
