package net.jxta.impl.endpoint.tls;

import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.MissingResourceException;
import java.util.ResourceBundle;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import net.jxta.credential.Credential;
import net.jxta.document.Advertisement;
import net.jxta.endpoint.EndpointAddress;
import net.jxta.endpoint.EndpointService;
import net.jxta.endpoint.Message;
import net.jxta.endpoint.MessageReceiver;
import net.jxta.endpoint.MessageSender;
import net.jxta.endpoint.Messenger;
import net.jxta.exception.PeerGroupException;
import net.jxta.id.ID;
import net.jxta.id.IDFactory;
import net.jxta.impl.endpoint.LoopbackMessenger;
import net.jxta.impl.membership.pse.PSECredential;
import net.jxta.impl.membership.pse.PSEMembershipService;
import net.jxta.impl.peergroup.GenericPeerGroup;
import net.jxta.impl.rendezvous.rdv.RdvPeerRdvService;
import net.jxta.impl.util.TimeUtils;
import net.jxta.logging.Logging;
import net.jxta.membership.MembershipService;
import net.jxta.peer.PeerID;
import net.jxta.peergroup.PeerGroup;
import net.jxta.platform.Module;
import net.jxta.protocol.ModuleImplAdvertisement;

/* loaded from: input_file:META-INF/lib/shoal-jxta-1.1_12142008.jar:net/jxta/impl/endpoint/tls/TlsTransport.class */
public class TlsTransport implements Module, MessageSender, MessageReceiver {
    private static final transient Logger LOG = Logger.getLogger(TlsTransport.class.getName());
    static final boolean ACT_AS_SERVER = true;
    long MIN_IDLE_RECONNECT;
    long CONNECTION_IDLE_TIMEOUT;
    long RETRMAXAGE;
    private PeerGroup group = null;
    ID assignedID = null;
    ModuleImplAdvertisement implAdvertisement = null;
    EndpointService endpoint = null;
    PSEMembershipService membership = null;
    private membershipPCL membershipListener = null;
    X509Certificate[] serviceCert = null;
    PSECredential credential = null;
    private credentialPCL credentialListener = null;
    EndpointAddress localPeerAddr = null;
    EndpointAddress localTlsPeerAddr = null;
    PeerID localPeerId = null;
    private TlsManager manager = null;
    ThreadGroup myThreadGroup = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:META-INF/lib/shoal-jxta-1.1_12142008.jar:net/jxta/impl/endpoint/tls/TlsTransport$TlsLoopbackMessenger.class */
    public class TlsLoopbackMessenger extends LoopbackMessenger {
        TlsLoopbackMessenger(EndpointService endpointService, EndpointAddress endpointAddress, EndpointAddress endpointAddress2, EndpointAddress endpointAddress3) {
            super(TlsTransport.this.group, endpointService, endpointAddress, endpointAddress2, endpointAddress3);
        }

        @Override // net.jxta.impl.endpoint.LoopbackMessenger, net.jxta.impl.endpoint.BlockingMessenger
        public void sendMessageBImpl(Message message, String str, String str2) throws IOException {
            message.setMessageProperty(TlsTransport.class, TlsTransport.this);
            super.sendMessageBImpl(message, str, str2);
        }
    }

    /* loaded from: input_file:META-INF/lib/shoal-jxta-1.1_12142008.jar:net/jxta/impl/endpoint/tls/TlsTransport$credentialPCL.class */
    class credentialPCL implements PropertyChangeListener {
        credentialPCL() {
        }

        @Override // java.beans.PropertyChangeListener
        public synchronized void propertyChange(PropertyChangeEvent propertyChangeEvent) {
            if (TlsTransport.this.credential != propertyChangeEvent.getSource() || TlsTransport.this.credential.isValid()) {
                return;
            }
            if (Logging.SHOW_INFO && TlsTransport.LOG.isLoggable(Level.INFO)) {
                TlsTransport.LOG.info("Clearing credential/certfile ");
            }
            TlsTransport.this.credential.removePropertyChangeListener(this);
            TlsTransport.this.credential = null;
        }
    }

    /* loaded from: input_file:META-INF/lib/shoal-jxta-1.1_12142008.jar:net/jxta/impl/endpoint/tls/TlsTransport$membershipPCL.class */
    class membershipPCL implements PropertyChangeListener {
        membershipPCL() {
        }

        @Override // java.beans.PropertyChangeListener
        public synchronized void propertyChange(PropertyChangeEvent propertyChangeEvent) {
            String propertyName = propertyChangeEvent.getPropertyName();
            PSECredential pSECredential = (PSECredential) propertyChangeEvent.getNewValue();
            boolean z = true;
            if (null != TlsTransport.this.serviceCert) {
                try {
                    TlsTransport.this.serviceCert[0].checkValidity();
                } catch (Exception e) {
                    z = false;
                }
            }
            if (MembershipService.ADD_CREDENTIAL_PROPERTY.equals(propertyName) && (null == TlsTransport.this.serviceCert || !z)) {
                Throwable th = null;
                try {
                    X509Certificate trustedCertificate = TlsTransport.this.membership.getPSEConfig().getTrustedCertificate(TlsTransport.this.group.getPeerID());
                    X500Principal subjectX500Principal = pSECredential.getCertificate().getSubjectX500Principal();
                    X500Principal subjectX500Principal2 = trustedCertificate.getSubjectX500Principal();
                    if (Logging.SHOW_FINE && TlsTransport.LOG.isLoggable(Level.FINE)) {
                        TlsTransport.LOG.fine("Checking credential cert for match to peer cert\n\tcred subject=" + subjectX500Principal + "\n\tpeer subject=" + subjectX500Principal2);
                    }
                    if (subjectX500Principal2.equals(subjectX500Principal)) {
                        TlsTransport.this.serviceCert = pSECredential.generateServiceCertificate(TlsTransport.this.assignedID);
                    }
                } catch (IOException e2) {
                    th = e2;
                } catch (InvalidKeyException e3) {
                    th = e3;
                } catch (KeyStoreException e4) {
                    th = e4;
                } catch (SignatureException e5) {
                    th = e5;
                }
                if (null != th) {
                    if (Logging.SHOW_SEVERE && TlsTransport.LOG.isLoggable(Level.SEVERE)) {
                        TlsTransport.LOG.log(Level.SEVERE, "Failure building service certificate", th);
                        return;
                    }
                    return;
                }
            }
            if (MembershipService.ADD_CREDENTIAL_PROPERTY.equals(propertyName)) {
                Throwable th2 = null;
                try {
                    X500Principal subjectX500Principal3 = pSECredential.getCertificate().getSubjectX500Principal();
                    X500Principal issuerX500Principal = TlsTransport.this.serviceCert[0].getIssuerX500Principal();
                    if (Logging.SHOW_FINE && TlsTransport.LOG.isLoggable(Level.FINE)) {
                        TlsTransport.LOG.fine("Checking credential cert for match to service issuer cert\n\tcred subject=" + subjectX500Principal3 + "\n\t  svc issuer=" + issuerX500Principal);
                    }
                    if (subjectX500Principal3.equals(issuerX500Principal)) {
                        if (Logging.SHOW_INFO && TlsTransport.LOG.isLoggable(Level.INFO)) {
                            TlsTransport.LOG.info("Setting credential/certfile ");
                        }
                        TlsTransport.this.credential = pSECredential.getServiceCredential(TlsTransport.this.assignedID);
                        if (null != TlsTransport.this.credential) {
                            TlsTransport.this.credentialListener = new credentialPCL();
                            TlsTransport.this.credential.addPropertyChangeListener(TlsTransport.this.credentialListener);
                        }
                    }
                } catch (IOException e6) {
                    th2 = e6;
                } catch (InvalidKeyException e7) {
                    th2 = e7;
                } catch (SignatureException e8) {
                    th2 = e8;
                } catch (PeerGroupException e9) {
                    th2 = e9;
                }
                if (null != th2 && Logging.SHOW_SEVERE && TlsTransport.LOG.isLoggable(Level.SEVERE)) {
                    TlsTransport.LOG.log(Level.SEVERE, "Failure building service credential", th2);
                }
            }
        }
    }

    public TlsTransport() {
        this.MIN_IDLE_RECONNECT = TimeUtils.AMINUTE;
        this.CONNECTION_IDLE_TIMEOUT = 300000L;
        this.RETRMAXAGE = RdvPeerRdvService.GC_INTERVAL;
        try {
            ResourceBundle bundle = ResourceBundle.getBundle("net.jxta.user");
            try {
                String string = bundle.getString("impl.endpoint.tls.connection.idletimeout");
                if (null != string) {
                    long parseLong = Long.parseLong(string.trim());
                    if (parseLong >= 1) {
                        this.CONNECTION_IDLE_TIMEOUT = parseLong * TimeUtils.AMINUTE;
                        if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
                            LOG.info("Adjusting TLS connection idle timeout to " + this.CONNECTION_IDLE_TIMEOUT + " millis.");
                        }
                    }
                }
            } catch (NumberFormatException e) {
            }
            try {
                String string2 = bundle.getString("impl.endpoint.tls.connection.minidlereconnect");
                if (null != string2) {
                    long parseLong2 = Long.parseLong(string2.trim());
                    if (parseLong2 >= 1) {
                        this.MIN_IDLE_RECONNECT = parseLong2 * TimeUtils.AMINUTE;
                        if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
                            LOG.info("Adjusting TLS min reconnection idle to " + this.MIN_IDLE_RECONNECT + " millis.");
                        }
                    }
                }
            } catch (NumberFormatException e2) {
            }
            try {
                String string3 = bundle.getString("impl.endpoint.tls.connection.maxretryage");
                if (null != string3) {
                    long parseLong3 = Long.parseLong(string3.trim());
                    if (parseLong3 >= 1) {
                        this.RETRMAXAGE = parseLong3 * TimeUtils.AMINUTE;
                        if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
                            LOG.info("Adjusting TLS maximum retry queue age to " + this.RETRMAXAGE + " millis.");
                        }
                    }
                }
            } catch (NumberFormatException e3) {
            }
            this.MIN_IDLE_RECONNECT = Math.min(this.MIN_IDLE_RECONNECT, this.CONNECTION_IDLE_TIMEOUT);
            this.RETRMAXAGE = Math.min(this.RETRMAXAGE, this.CONNECTION_IDLE_TIMEOUT);
        } catch (MissingResourceException e4) {
        }
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (null == obj || !(obj instanceof TlsTransport)) {
            return false;
        }
        TlsTransport tlsTransport = (TlsTransport) obj;
        if (getProtocolName().equals(tlsTransport.getProtocolName())) {
            return this.localTlsPeerAddr.equals(tlsTransport.localTlsPeerAddr);
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PeerGroup getPeerGroup() {
        return this.group;
    }

    @Override // net.jxta.platform.Module
    public void init(PeerGroup peerGroup, ID id, Advertisement advertisement) throws PeerGroupException {
        this.group = peerGroup;
        this.assignedID = id;
        this.implAdvertisement = (ModuleImplAdvertisement) advertisement;
        this.localPeerId = peerGroup.getPeerID();
        this.localPeerAddr = mkAddress(peerGroup.getPeerID(), (String) null, (String) null);
        this.localTlsPeerAddr = new EndpointAddress(JTlsDefs.tlsPName, this.localPeerId.getUniqueValue().toString(), null, null);
        this.myThreadGroup = new ThreadGroup(peerGroup.getHomeThreadGroup(), "TLSTransport " + this.localTlsPeerAddr);
        if (Logging.SHOW_CONFIG && LOG.isLoggable(Level.CONFIG)) {
            StringBuilder sb = new StringBuilder("Configuring TLS Transport : " + id);
            if (null != this.implAdvertisement) {
                sb.append("\n\tImplementation:");
                sb.append("\n\t\tModule Spec ID: ").append(this.implAdvertisement.getModuleSpecID());
                sb.append("\n\t\tImpl Description : ").append(this.implAdvertisement.getDescription());
                sb.append("\n\t\tImpl URI : ").append(this.implAdvertisement.getUri());
                sb.append("\n\t\tImpl Code : ").append(this.implAdvertisement.getCode());
            }
            sb.append("\n\tGroup Params:");
            sb.append("\n\t\tGroup: ").append(peerGroup.getPeerGroupName());
            sb.append("\n\t\tGroup ID: ").append(peerGroup.getPeerGroupID());
            sb.append("\n\t\tPeer ID: ").append(peerGroup.getPeerID());
            sb.append("\n\tConfiguration :");
            sb.append("\n\t\tProtocol: ").append(JTlsDefs.tlsPName);
            sb.append("\n\t\tOutgoing Connections Enabled: ").append(Boolean.TRUE);
            sb.append("\n\t\tIncoming Connections Enabled: true");
            sb.append("\n\t\tMinimum idle for reconnect : ").append(this.MIN_IDLE_RECONNECT).append("ms");
            sb.append("\n\t\tConnection idle timeout : ").append(this.CONNECTION_IDLE_TIMEOUT).append("ms");
            sb.append("\n\t\tRetry queue maximum age : ").append(this.RETRMAXAGE).append("ms");
            sb.append("\n\t\tPeerID : ").append(this.localPeerId);
            sb.append("\n\t\tRoute through : ").append(this.localPeerAddr);
            sb.append("\n\t\tPublic Address : ").append(this.localTlsPeerAddr);
            LOG.config(sb.toString());
        }
    }

    @Override // net.jxta.platform.Module
    public synchronized int startApp(String[] strArr) {
        this.endpoint = this.group.getEndpointService();
        if (null == this.endpoint) {
            if (!Logging.SHOW_WARNING || !LOG.isLoggable(Level.WARNING)) {
                return 2;
            }
            LOG.warning("Stalled until there is an endpoint service");
            return 2;
        }
        MembershipService membershipService = this.group.getMembershipService();
        if (null == membershipService) {
            if (!Logging.SHOW_WARNING || !LOG.isLoggable(Level.WARNING)) {
                return 2;
            }
            LOG.warning("Stalled until there is a membership service");
            return 2;
        }
        if (!(membershipService instanceof PSEMembershipService)) {
            if (!Logging.SHOW_SEVERE || !LOG.isLoggable(Level.SEVERE)) {
                return -1;
            }
            LOG.severe("TLS Transport requires PSE Membership Service");
            return -1;
        }
        if (this.endpoint.addMessageTransport(this) == null) {
            if (!Logging.SHOW_SEVERE || !LOG.isLoggable(Level.SEVERE)) {
                return -1;
            }
            LOG.severe("Transport registration refused");
            return -1;
        }
        this.membership = (PSEMembershipService) membershipService;
        membershipPCL membershippcl = new membershipPCL();
        this.membership.addPropertyChangeListener(membershippcl);
        try {
            this.serviceCert = this.membership.getPSEConfig().getTrustedCertificateChain(this.assignedID);
            Enumeration<Credential> currentCredentials = this.membership.getCurrentCredentials();
            while (currentCredentials.hasMoreElements()) {
                membershippcl.propertyChange(new PropertyChangeEvent(this.membership, MembershipService.ADD_CREDENTIAL_PROPERTY, null, (PSECredential) currentCredentials.nextElement()));
            }
        } catch (IOException e) {
            this.serviceCert = null;
        } catch (KeyStoreException e2) {
            this.serviceCert = null;
        }
        this.manager = new TlsManager(this);
        try {
            this.endpoint.addIncomingMessageListener(this.manager, "TlsTransport", null);
            return 0;
        } catch (Throwable th) {
            if (!Logging.SHOW_SEVERE || !LOG.isLoggable(Level.SEVERE)) {
                return -1;
            }
            LOG.log(Level.SEVERE, "TLS could not register listener...as good as dead", th);
            return -1;
        }
    }

    @Override // net.jxta.platform.Module
    public synchronized void stopApp() {
        if (null != this.endpoint) {
            this.endpoint.removeIncomingMessageListener("TlsTransport", null);
            this.endpoint.removeMessageTransport(this);
            this.endpoint = null;
        }
        if (null != this.manager) {
            this.manager.close();
            this.manager = null;
        }
        if (null != this.membership) {
            this.membership.removePropertyChangeListener(this.membershipListener);
            this.membershipListener = null;
            this.membership = null;
        }
        PSECredential pSECredential = this.credential;
        if (null != pSECredential) {
            pSECredential.removePropertyChangeListener(this.credentialListener);
            this.credentialListener = null;
            this.credential = null;
        }
    }

    @Override // net.jxta.endpoint.MessageSender
    public boolean isConnectionOriented() {
        return true;
    }

    @Override // net.jxta.endpoint.MessageSender
    public boolean allowsRouting() {
        return false;
    }

    @Override // net.jxta.endpoint.MessageTransport
    public Object transportControl(Object obj, Object obj2) {
        return null;
    }

    @Override // net.jxta.endpoint.MessageSender
    public EndpointAddress getPublicAddress() {
        return this.localTlsPeerAddr;
    }

    @Override // net.jxta.endpoint.MessageTransport
    public EndpointService getEndpointService() {
        return this.endpoint;
    }

    @Override // net.jxta.endpoint.MessageReceiver
    public Iterator<EndpointAddress> getPublicAddresses() {
        return Collections.singletonList(getPublicAddress()).iterator();
    }

    @Override // net.jxta.endpoint.MessageTransport
    public String getProtocolName() {
        return JTlsDefs.tlsPName;
    }

    @Override // net.jxta.endpoint.MessageSender
    public boolean ping(EndpointAddress endpointAddress) {
        return null != getMessenger(endpointAddress, null);
    }

    @Override // net.jxta.endpoint.MessageSender
    public Messenger getMessenger(EndpointAddress endpointAddress, Object obj) {
        if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) {
            LOG.fine("getMessenger for " + endpointAddress);
        }
        EndpointAddress endpointAddress2 = new EndpointAddress(endpointAddress, (String) null, (String) null);
        if (endpointAddress2.equals(this.localTlsPeerAddr)) {
            if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) {
                LOG.fine("returning LoopbackMessenger");
            }
            return new TlsLoopbackMessenger(this.endpoint, endpointAddress2, endpointAddress, this.localPeerAddr);
        }
        EndpointAddress mkAddress = mkAddress("urn:jxta:" + endpointAddress.getProtocolAddress(), (String) null, (String) null);
        TlsConn tlsConn = this.manager.getTlsConn(mkAddress);
        if (tlsConn != null) {
            if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) {
                LOG.fine("TlsMessanger with TlsConn DONE");
            }
            return new TlsMessenger(endpointAddress, tlsConn, this);
        }
        if (!Logging.SHOW_SEVERE || !LOG.isLoggable(Level.SEVERE)) {
            return null;
        }
        LOG.severe("Cannot get a TLS connection for " + mkAddress);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void processReceivedMessage(final Message message) {
        if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) {
            LOG.fine("processReceivedMessage starts");
        }
        message.setMessageProperty(TlsTransport.class, this);
        try {
            ((GenericPeerGroup) this.group).getExecutor().execute(new Runnable() { // from class: net.jxta.impl.endpoint.tls.TlsTransport.1
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        TlsTransport.this.endpoint.demux(message);
                    } catch (Throwable th) {
                        if (Logging.SHOW_WARNING && TlsTransport.LOG.isLoggable(Level.WARNING)) {
                            TlsTransport.LOG.log(Level.WARNING, "Failure demuxing an incoming message", th);
                        }
                    }
                }
            });
        } catch (Throwable th) {
            if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) {
                LOG.log(Level.WARNING, "Failure demuxing an incoming message", th);
            }
        }
    }

    private static EndpointAddress mkAddress(String str, String str2, String str3) {
        try {
            return mkAddress(IDFactory.fromURI(new URI(str)), str2, str3);
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException(e.getMessage());
        }
    }

    private static final EndpointAddress mkAddress(ID id, String str, String str2) {
        return new EndpointAddress("jxta", id.getUniqueValue().toString(), str, str2);
    }
}
