package com.ibm.wmqfte.connect.impl;

import com.ibm.wmqfte.jni.FilePermissionsException;
import com.ibm.wmqfte.jni.NativeJNI;
import com.ibm.wmqfte.ras.NLS;
import com.ibm.wmqfte.ras.RasDescriptor;
import com.ibm.wmqfte.ras.Trace;
import com.ibm.wmqfte.ras.TraceLevel;
import com.ibm.wmqfte.utils.ContainerRuntime;
import com.ibm.wmqfte.utils.CredentialsFileException;
import com.ibm.wmqfte.utils.FTEPlatformUtils;
import com.ibm.wmqfte.utils.FTEPropConstant;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:lib/com.ibm.wmqfte.common.jar:com/ibm/wmqfte/connect/impl/SSLConnectionData.class */
public class SSLConnectionData {
    private static final RasDescriptor rd = RasDescriptor.create((Class<?>) SSLConnectionData.class, "com.ibm.wmqfte.connect.impl.BFGCIMessages");
    private final String cipherSpec;
    private final String cipherSuite;
    private final String peerName;
    private SSLSocketFactory sslSocketFactory;
    private SSLContext context;
    private final boolean fipsEnabled;
    private final CertStore trustCertStore;
    private final CertStore keyCertStore;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/com.ibm.wmqfte.common.jar:com/ibm/wmqfte/connect/impl/SSLConnectionData$CertStore.class */
    public interface CertStore {
        String getStoreType();

        String toString();

        KeyManager[] getKeyManagers();

        TrustManager[] getTrustManagers();
    }

    /* loaded from: input_file:lib/com.ibm.wmqfte.common.jar:com/ibm/wmqfte/connect/impl/SSLConnectionData$CertStoreUse.class */
    public enum CertStoreUse {
        KEY,
        TRUST,
        KEYANDTRUST;

        public boolean isKeyStore() {
            return this == KEY || this == KEYANDTRUST;
        }

        public boolean isTrustStore() {
            return this == TRUST || this == KEYANDTRUST;
        }
    }

    /* loaded from: input_file:lib/com.ibm.wmqfte.common.jar:com/ibm/wmqfte/connect/impl/SSLConnectionData$FileCertStore.class */
    private static class FileCertStore implements CertStore {
        private final String type;
        private final String filePath;
        private final KeyStore keyStore;
        private final KeyManager[] keyManagers;
        private final TrustManager[] trustManagers;
        private CertStoreUse initUse;

        public FileCertStore(String str, String str2, boolean z, CertStoreUse certStoreUse) throws GeneralSecurityException, CredentialsFileException {
            this(str, str2, z, certStoreUse, null);
        }

        @Override // com.ibm.wmqfte.connect.impl.SSLConnectionData.CertStore
        public KeyManager[] getKeyManagers() {
            if (SSLConnectionData.rd.isFlowOn()) {
                Trace.entry(SSLConnectionData.rd, this, "getKeyManagers", new Object[0]);
            }
            if (SSLConnectionData.rd.isFlowOn()) {
                Trace.exit(SSLConnectionData.rd, this, "getKeyManagers", this.keyManagers);
            }
            return this.keyManagers;
        }

        @Override // com.ibm.wmqfte.connect.impl.SSLConnectionData.CertStore
        public TrustManager[] getTrustManagers() {
            if (SSLConnectionData.rd.isFlowOn()) {
                Trace.entry(SSLConnectionData.rd, this, "getTrustManagers", new Object[0]);
            }
            if (SSLConnectionData.rd.isFlowOn()) {
                Trace.exit(SSLConnectionData.rd, this, "getTrustManagers", this.trustManagers);
            }
            return this.trustManagers;
        }

        @Override // com.ibm.wmqfte.connect.impl.SSLConnectionData.CertStore
        public String toString() {
            return this.filePath;
        }

        @Override // com.ibm.wmqfte.connect.impl.SSLConnectionData.CertStore
        public String getStoreType() {
            return this.type;
        }

        public FileCertStore(String str, String str2, boolean z, CertStoreUse certStoreUse, String str3) throws GeneralSecurityException, CredentialsFileException {
            if (SSLConnectionData.rd.isFlowOn()) {
                Trace.entry(SSLConnectionData.rd, this, "<init>", str, str2, Boolean.valueOf(z), certStoreUse, SSLConnectionData.hidePassword(str3));
            }
            this.filePath = (str == null || str.length() != 0) ? str : null;
            this.type = str2;
            this.initUse = certStoreUse;
            if ((this.filePath == null && z) || (this.filePath != null && !new File(str).exists())) {
                CredentialsFileException credentialsFileException = new CredentialsFileException(certStoreUse.isKeyStore() ? "BFGPR0100_KEY_STORE_NOT_FOUND" : "BFGPR0099_TRUST_STORE_NOT_FOUND", str == null ? "null" : str);
                if (SSLConnectionData.rd.isFlowOn()) {
                    Trace.throwing(SSLConnectionData.rd, "<init>", credentialsFileException);
                }
                throw credentialsFileException;
            }
            if (this.filePath != null && NativeJNI.isAvailable()) {
                try {
                    if (!ContainerRuntime.getInstance().isAgentRunningInContainer().booleanValue()) {
                        NativeJNI.checkFilePermissions(str);
                    }
                } catch (FilePermissionsException e) {
                    CredentialsFileException credentialsFileException2 = new CredentialsFileException(certStoreUse.isKeyStore() ? "BFGPR0101_KEY_STORE_FILE_PERMISSION_ERROR" : "BFGPR0102_TRUST_STORE_FILE_PERMISSION_ERROR", str, e);
                    if (SSLConnectionData.rd.isFlowOn()) {
                        Trace.throwing(SSLConnectionData.rd, "<init>", credentialsFileException2);
                    }
                    throw credentialsFileException2;
                }
            }
            if (this.filePath == null) {
                this.keyStore = null;
                this.keyManagers = new KeyManager[0];
                this.trustManagers = new TrustManager[0];
            } else {
                if (str3 == null || str3.length() == 0) {
                    GeneralSecurityException generalSecurityException = new GeneralSecurityException(NLS.format(SSLConnectionData.rd, certStoreUse.isKeyStore() ? "UNDEFINED_SSL_KEY_STORE_PASSWORD_BFGCI0010" : "UNDEFINED_SSL_TRUST_STORE_PASSWORD_BFGCI0009", str));
                    if (SSLConnectionData.rd.isFlowOn()) {
                        Trace.throwing(SSLConnectionData.rd, "<init>", generalSecurityException);
                    }
                    throw generalSecurityException;
                }
                InputStream inputStream = null;
                try {
                    try {
                        try {
                            this.keyStore = KeyStore.getInstance(this.type);
                            inputStream = FTEPlatformUtils.newFileInputStream(this.filePath);
                            this.keyStore.load(inputStream, str3.toCharArray());
                            if (inputStream != null) {
                                try {
                                    inputStream.close();
                                } catch (IOException e2) {
                                }
                            }
                            if (certStoreUse.isKeyStore()) {
                                try {
                                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                                    keyManagerFactory.init(this.keyStore, str3.toCharArray());
                                    this.keyManagers = keyManagerFactory.getKeyManagers();
                                } catch (GeneralSecurityException e3) {
                                    GeneralSecurityException generalSecurityException2 = new GeneralSecurityException(NLS.format(SSLConnectionData.rd, "ERROR_CREATING_SSL_KEY_STORE_BFGCI0007", this.type, e3.getLocalizedMessage()));
                                    if (SSLConnectionData.rd.isFlowOn()) {
                                        Trace.throwing(SSLConnectionData.rd, "<init>", generalSecurityException2);
                                    }
                                    throw generalSecurityException2;
                                }
                            } else {
                                this.keyManagers = new KeyManager[0];
                            }
                            if (certStoreUse.isTrustStore()) {
                                try {
                                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                                    trustManagerFactory.init(this.keyStore);
                                    this.trustManagers = trustManagerFactory.getTrustManagers();
                                } catch (GeneralSecurityException e4) {
                                    GeneralSecurityException generalSecurityException3 = new GeneralSecurityException(NLS.format(SSLConnectionData.rd, "ERROR_CREATING_SSL_TRUST_STORE_BFGCI0011", this.type, e4.getLocalizedMessage()));
                                    if (SSLConnectionData.rd.isFlowOn()) {
                                        Trace.throwing(SSLConnectionData.rd, "<init>", generalSecurityException3);
                                    }
                                    throw generalSecurityException3;
                                }
                            } else {
                                this.trustManagers = new TrustManager[0];
                            }
                        } catch (Throwable th) {
                            if (inputStream != null) {
                                try {
                                    inputStream.close();
                                } catch (IOException e5) {
                                }
                            }
                            throw th;
                        }
                    } catch (IOException e6) {
                        String localizedMessage = e6.getLocalizedMessage();
                        GeneralSecurityException generalSecurityException4 = new GeneralSecurityException(NLS.format(SSLConnectionData.rd, "ERROR_LOADING_SSL_CERTIFICATE_STORE_BFGCI0006", this.filePath, localizedMessage == null ? e6.toString() : localizedMessage));
                        if (SSLConnectionData.rd.isFlowOn()) {
                            Trace.throwing(SSLConnectionData.rd, "<init>", generalSecurityException4);
                        }
                        throw generalSecurityException4;
                    }
                } catch (GeneralSecurityException e7) {
                    String localizedMessage2 = e7.getLocalizedMessage();
                    GeneralSecurityException generalSecurityException5 = new GeneralSecurityException(NLS.format(SSLConnectionData.rd, "ERROR_LOADING_SSL_CERTIFICATE_STORE_BFGCI0006", this.filePath, localizedMessage2 == null ? e7.toString() : localizedMessage2));
                    if (SSLConnectionData.rd.isFlowOn()) {
                        Trace.throwing(SSLConnectionData.rd, "<init>", generalSecurityException5);
                    }
                    throw generalSecurityException5;
                }
            }
            if (SSLConnectionData.rd.isFlowOn()) {
                Trace.exit(SSLConnectionData.rd, this, "<init>", this.keyStore);
            }
        }
    }

    /* loaded from: input_file:lib/com.ibm.wmqfte.common.jar:com/ibm/wmqfte/connect/impl/SSLConnectionData$GenericCertStore.class */
    private static class GenericCertStore implements CertStore {
        private final CertStore store;

        public GenericCertStore(String str, String str2, boolean z, CertStoreUse certStoreUse) throws GeneralSecurityException, CredentialsFileException {
            this(str, str2, z, certStoreUse, null);
        }

        public GenericCertStore(String str, String str2, boolean z, CertStoreUse certStoreUse, String str3) throws GeneralSecurityException, CredentialsFileException {
            if (str2.equalsIgnoreCase("JCERACFKS")) {
                this.store = new RACFCertStore(str, str2, z, certStoreUse, str3);
            } else {
                this.store = new FileCertStore(str, str2, z, certStoreUse, str3);
            }
        }

        @Override // com.ibm.wmqfte.connect.impl.SSLConnectionData.CertStore
        public String getStoreType() {
            return this.store.getStoreType();
        }

        @Override // com.ibm.wmqfte.connect.impl.SSLConnectionData.CertStore
        public String toString() {
            return this.store.toString();
        }

        @Override // com.ibm.wmqfte.connect.impl.SSLConnectionData.CertStore
        public KeyManager[] getKeyManagers() {
            return this.store.getKeyManagers();
        }

        @Override // com.ibm.wmqfte.connect.impl.SSLConnectionData.CertStore
        public TrustManager[] getTrustManagers() {
            return this.store.getTrustManagers();
        }
    }

    /* loaded from: input_file:lib/com.ibm.wmqfte.common.jar:com/ibm/wmqfte/connect/impl/SSLConnectionData$RACFCertStore.class */
    private static class RACFCertStore implements CertStore {
        private final String type;
        private final String uri;
        private final String user;
        private final String keyRingName;
        private final KeyStore keyStore;
        private final KeyManager[] keyManagers;
        private final TrustManager[] trustManagers;
        private CertStoreUse initUse;

        public RACFCertStore(String str, String str2, boolean z, CertStoreUse certStoreUse, String str3) throws GeneralSecurityException {
            this(str, str2, z, certStoreUse);
        }

        @Override // com.ibm.wmqfte.connect.impl.SSLConnectionData.CertStore
        public KeyManager[] getKeyManagers() {
            if (SSLConnectionData.rd.isFlowOn()) {
                Trace.entry(SSLConnectionData.rd, this, "getKeyManagers", new Object[0]);
            }
            if (SSLConnectionData.rd.isFlowOn()) {
                Trace.exit(SSLConnectionData.rd, this, "getKeyManagers", this.keyManagers);
            }
            return this.keyManagers;
        }

        @Override // com.ibm.wmqfte.connect.impl.SSLConnectionData.CertStore
        public TrustManager[] getTrustManagers() {
            if (SSLConnectionData.rd.isFlowOn()) {
                Trace.entry(SSLConnectionData.rd, this, "getTrustManagers", new Object[0]);
            }
            if (SSLConnectionData.rd.isFlowOn()) {
                Trace.exit(SSLConnectionData.rd, this, "getTrustManagers", this.trustManagers);
            }
            return this.trustManagers;
        }

        @Override // com.ibm.wmqfte.connect.impl.SSLConnectionData.CertStore
        public String toString() {
            return this.uri;
        }

        @Override // com.ibm.wmqfte.connect.impl.SSLConnectionData.CertStore
        public String getStoreType() {
            return this.type;
        }

        private Constructor<?> getRACFInputStreamConstructor() throws GeneralSecurityException {
            try {
                Constructor<?> declaredConstructor = Class.forName("com.ibm.crypto.provider.RACFInputStream").getDeclaredConstructor(String.class, String.class, char[].class);
                declaredConstructor.setAccessible(true);
                return declaredConstructor;
            } catch (ReflectiveOperationException e) {
                RasDescriptor rasDescriptor = SSLConnectionData.rd;
                String[] strArr = new String[2];
                strArr[0] = this.uri;
                strArr[1] = e.getLocalizedMessage() != null ? e.getLocalizedMessage() : e.toString();
                GeneralSecurityException generalSecurityException = new GeneralSecurityException(NLS.format(rasDescriptor, "BFGCI0015_RACF_KEYRING_INIT_FAILURE", strArr), e);
                if (SSLConnectionData.rd.isFlowOn()) {
                    Trace.throwing(SSLConnectionData.rd, "<init>", generalSecurityException);
                }
                throw generalSecurityException;
            }
        }

        private void loadKeyRing(Constructor<?> constructor) throws GeneralSecurityException {
            InputStream inputStream = null;
            try {
                try {
                    try {
                        try {
                            inputStream = (InputStream) constructor.newInstance(this.user, this.keyRingName, null);
                            this.keyStore.load(inputStream, null);
                            if (inputStream != null) {
                                try {
                                    inputStream.close();
                                } catch (IOException e) {
                                }
                            }
                        } catch (Throwable th) {
                            if (inputStream != null) {
                                try {
                                    inputStream.close();
                                } catch (IOException e2) {
                                }
                            }
                            throw th;
                        }
                    } catch (ReflectiveOperationException e3) {
                        RasDescriptor rasDescriptor = SSLConnectionData.rd;
                        String[] strArr = new String[2];
                        strArr[0] = this.uri;
                        strArr[1] = e3.getLocalizedMessage() != null ? e3.getLocalizedMessage() : e3.toString();
                        GeneralSecurityException generalSecurityException = new GeneralSecurityException(NLS.format(rasDescriptor, "BFGCI0015_RACF_KEYRING_INIT_FAILURE", strArr), e3);
                        if (SSLConnectionData.rd.isFlowOn()) {
                            Trace.throwing(SSLConnectionData.rd, "<init>", generalSecurityException);
                        }
                        throw generalSecurityException;
                    }
                } catch (InvocationTargetException e4) {
                    Throwable cause = e4.getCause() != null ? e4.getCause() : e4;
                    RasDescriptor rasDescriptor2 = SSLConnectionData.rd;
                    String[] strArr2 = new String[2];
                    strArr2[0] = this.uri;
                    strArr2[1] = cause.getLocalizedMessage() != null ? cause.getLocalizedMessage() : cause.toString();
                    GeneralSecurityException generalSecurityException2 = new GeneralSecurityException(NLS.format(rasDescriptor2, "BFGCI0014_RACF_KEYRING_ACCESS_FAILURE", strArr2), e4);
                    if (SSLConnectionData.rd.isFlowOn()) {
                        Trace.throwing(SSLConnectionData.rd, "<init>", generalSecurityException2);
                    }
                    throw generalSecurityException2;
                }
            } catch (IOException e5) {
                RasDescriptor rasDescriptor3 = SSLConnectionData.rd;
                String[] strArr3 = new String[2];
                strArr3[0] = this.uri;
                strArr3[1] = e5.getLocalizedMessage() != null ? e5.getLocalizedMessage() : e5.toString();
                GeneralSecurityException generalSecurityException3 = new GeneralSecurityException(NLS.format(rasDescriptor3, "BFGCI0014_RACF_KEYRING_ACCESS_FAILURE", strArr3), e5);
                if (SSLConnectionData.rd.isFlowOn()) {
                    Trace.throwing(SSLConnectionData.rd, "<init>", generalSecurityException3);
                }
                throw generalSecurityException3;
            } catch (GeneralSecurityException e6) {
                RasDescriptor rasDescriptor4 = SSLConnectionData.rd;
                String[] strArr4 = new String[2];
                strArr4[0] = this.uri;
                strArr4[1] = e6.getLocalizedMessage() != null ? e6.getLocalizedMessage() : e6.toString();
                GeneralSecurityException generalSecurityException4 = new GeneralSecurityException(NLS.format(rasDescriptor4, "BFGCI0014_RACF_KEYRING_ACCESS_FAILURE", strArr4), e6);
                if (SSLConnectionData.rd.isFlowOn()) {
                    Trace.throwing(SSLConnectionData.rd, "<init>", generalSecurityException4);
                }
                throw generalSecurityException4;
            }
        }

        public RACFCertStore(String str, String str2, boolean z, CertStoreUse certStoreUse) throws GeneralSecurityException {
            if (SSLConnectionData.rd.isFlowOn()) {
                Trace.entry(SSLConnectionData.rd, this, "<init>", str, str2, Boolean.valueOf(z), certStoreUse);
            }
            this.type = str2;
            this.initUse = certStoreUse;
            if ((str == null || str.length() == 0) && z) {
                RasDescriptor rasDescriptor = SSLConnectionData.rd;
                String str3 = certStoreUse.isKeyStore() ? "UNDEFINED_SSL_KEY_STORE_BFGCI0016" : "UNDEFINED_SSL_TRUST_STORE_BFGCI0008";
                String[] strArr = new String[1];
                strArr[0] = str == null ? "null" : str;
                GeneralSecurityException generalSecurityException = new GeneralSecurityException(NLS.format(rasDescriptor, str3, strArr));
                if (SSLConnectionData.rd.isFlowOn()) {
                    Trace.throwing(SSLConnectionData.rd, "<init>", generalSecurityException);
                }
                throw generalSecurityException;
            }
            if (str == null || str.length() == 0) {
                this.uri = null;
                this.user = null;
                this.keyRingName = null;
                this.keyStore = null;
                this.keyManagers = new KeyManager[0];
                this.trustManagers = new TrustManager[0];
                return;
            }
            this.uri = str;
            String[] split = this.uri.split("://");
            if (split.length != 2 || !split[0].equalsIgnoreCase("safkeyring")) {
                GeneralSecurityException generalSecurityException2 = new GeneralSecurityException(NLS.format(SSLConnectionData.rd, certStoreUse.isKeyStore() ? "BFGCI0012_KEY_STORE_RACF_NAME_ERROR" : "BFGCI0013_TRUST_STORE_RACF_NAME_ERROR", str));
                if (SSLConnectionData.rd.isFlowOn()) {
                    Trace.throwing(SSLConnectionData.rd, "<init>", generalSecurityException2);
                }
                throw generalSecurityException2;
            }
            String[] split2 = split[1].split("/", 3);
            if (split2.length != 2) {
                GeneralSecurityException generalSecurityException3 = new GeneralSecurityException(NLS.format(SSLConnectionData.rd, certStoreUse.isKeyStore() ? "BFGCI0012_KEY_STORE_RACF_NAME_ERROR" : "BFGCI0013_TRUST_STORE_RACF_NAME_ERROR", str));
                if (SSLConnectionData.rd.isFlowOn()) {
                    Trace.throwing(SSLConnectionData.rd, "<init>", generalSecurityException3);
                }
                throw generalSecurityException3;
            }
            this.user = split2[0];
            this.keyRingName = split2[1];
            Constructor<?> rACFInputStreamConstructor = getRACFInputStreamConstructor();
            try {
                this.keyStore = KeyStore.getInstance(this.type, "IBMJCE");
                loadKeyRing(rACFInputStreamConstructor);
                if (certStoreUse.isKeyStore()) {
                    try {
                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                        keyManagerFactory.init(this.keyStore, null);
                        this.keyManagers = keyManagerFactory.getKeyManagers();
                    } catch (GeneralSecurityException e) {
                        GeneralSecurityException generalSecurityException4 = new GeneralSecurityException(NLS.format(SSLConnectionData.rd, "ERROR_CREATING_SSL_KEY_STORE_BFGCI0007", this.type, e.getLocalizedMessage()));
                        if (SSLConnectionData.rd.isFlowOn()) {
                            Trace.throwing(SSLConnectionData.rd, "<init>", generalSecurityException4);
                        }
                        throw generalSecurityException4;
                    }
                } else {
                    this.keyManagers = new KeyManager[0];
                }
                if (!certStoreUse.isTrustStore()) {
                    this.trustManagers = new TrustManager[0];
                    return;
                }
                try {
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(this.keyStore);
                    this.trustManagers = trustManagerFactory.getTrustManagers();
                } catch (GeneralSecurityException e2) {
                    GeneralSecurityException generalSecurityException5 = new GeneralSecurityException(NLS.format(SSLConnectionData.rd, "ERROR_CREATING_SSL_TRUST_STORE_BFGCI0011", this.type, e2.getLocalizedMessage()));
                    if (SSLConnectionData.rd.isFlowOn()) {
                        Trace.throwing(SSLConnectionData.rd, "<init>", generalSecurityException5);
                    }
                    throw generalSecurityException5;
                }
            } catch (GeneralSecurityException e3) {
                RasDescriptor rasDescriptor2 = SSLConnectionData.rd;
                String[] strArr2 = new String[2];
                strArr2[0] = str;
                strArr2[1] = e3.getLocalizedMessage() != null ? e3.getLocalizedMessage() : e3.toString();
                GeneralSecurityException generalSecurityException6 = new GeneralSecurityException(NLS.format(rasDescriptor2, "BFGCI0015_RACF_KEYRING_INIT_FAILURE", strArr2), e3);
                if (SSLConnectionData.rd.isFlowOn()) {
                    Trace.throwing(SSLConnectionData.rd, "<init>", generalSecurityException6);
                }
                throw generalSecurityException6;
            }
        }
    }

    public static boolean isFipsEnabled(boolean z) {
        if (rd.isFlowOn()) {
            Trace.entry(rd, "isFipsEnabled", Boolean.valueOf(z));
        }
        boolean isFipsEnabled = SSLFips.getInstance(z).isFipsEnabled();
        if (rd.isFlowOn()) {
            Trace.exit(rd, "isFipsEnabled", Boolean.valueOf(isFipsEnabled));
        }
        return isFipsEnabled;
    }

    public SSLConnectionData(String str, String str2, String str3, String str4, String str5, String str6, String str7, boolean z) throws IOException, GeneralSecurityException, CredentialsFileException {
        this(str, str2, str3, str4, str5, "jks", str6, str7, "jks", z);
    }

    public KeyManager[] getKeyManagers() {
        if (this.keyCertStore == null) {
            return null;
        }
        return this.keyCertStore.getKeyManagers();
    }

    public TrustManager[] getTrustManagers() {
        if (this.trustCertStore == null) {
            return null;
        }
        return this.trustCertStore.getTrustManagers();
    }

    public SSLConnectionData(String str, String str2, String str3, String str4, String str5, String str6, boolean z) throws IOException, GeneralSecurityException, CredentialsFileException {
        this("", "", "", str, str2, str3, str4, str5, str6, z);
    }

    public SSLConnectionData(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9, boolean z) throws IOException, GeneralSecurityException, CredentialsFileException {
        this.sslSocketFactory = null;
        this.context = null;
        if (rd.isFlowOn()) {
            Trace.entry(rd, this, "<init>", str, str2, str3, str4, hidePassword(str5), str6, str7, hidePassword(str8), str9, Boolean.valueOf(z));
        }
        this.cipherSpec = str;
        this.cipherSuite = str2;
        this.peerName = str3;
        this.fipsEnabled = isFipsEnabled(z);
        this.trustCertStore = new GenericCertStore(str7, str9, true, CertStoreUse.TRUST, str8);
        this.keyCertStore = new GenericCertStore(str4, str6, false, CertStoreUse.KEY, str5);
        if (rd.isFlowOn()) {
            Trace.exit(rd, this, "<init>");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String hidePassword(String str) {
        return (str == null || str.equals("")) ? str : FTEPropConstant.hiddenPropertyString;
    }

    public String getCipherSpec() {
        return this.cipherSpec;
    }

    public String getCipherSuite() {
        return this.cipherSuite;
    }

    public String getPeerName() {
        return this.peerName;
    }

    public SSLContext getSSLContext() throws GeneralSecurityException {
        if (rd.isFlowOn()) {
            Trace.entry(rd, this, "getSSLContext", new Object[0]);
        }
        if (this.context == null) {
            setSSLContext();
        }
        if (rd.isFlowOn()) {
            Trace.exit(rd, this, "getSSLContext", this.context);
        }
        return this.context;
    }

    private synchronized void setSSLContext() throws GeneralSecurityException {
        if (rd.isFlowOn()) {
            Trace.entry(rd, this, "setSSLContext", new Object[0]);
        }
        if (this.context == null) {
            if (rd.isOn(TraceLevel.MODERATE)) {
                Trace.data(rd, TraceLevel.MODERATE, this, "setSSLContext", "Initializing SSLContext. fipsEnabled? " + this.fipsEnabled);
            }
            if (this.fipsEnabled) {
                if (System.getProperty("os.name").equals("z/OS")) {
                    throw new GeneralSecurityException(NLS.format(rd, "SSL_FIPS_PLATFORM_UNSUPPORTED_BFGCI0001", new String[0]));
                }
                this.context = initializeFips();
            }
            try {
                if (this.context == null) {
                    this.context = SSLContext.getInstance("TLS");
                }
                try {
                    this.context.init(getKeyManagers(), getTrustManagers(), null);
                } catch (KeyManagementException e) {
                    throw new GeneralSecurityException(NLS.format(rd, "SSL_CONTEXT_INITIALIZATION_FAILED_BFGCI0005", e.getLocalizedMessage()));
                }
            } catch (NoSuchAlgorithmException e2) {
                throw new GeneralSecurityException(NLS.format(rd, "SSL_CONTEXT_CREATION_FAILED_BFGCI0004", e2.getLocalizedMessage()));
            }
        }
        if (rd.isFlowOn()) {
            Trace.exit(rd, this, "setSSLContext");
        }
    }

    public static synchronized SSLContext initializeFips() throws GeneralSecurityException {
        if (rd.isFlowOn()) {
            Trace.entry(rd, "initializeFips", new Object[0]);
        }
        try {
            if (rd.isOn(TraceLevel.MODERATE)) {
                Trace.data(rd, TraceLevel.MODERATE, "initializeFips", "Creating a new instance of com.ibm.jsse2.IBMJSSEProvider2");
            }
            Provider provider = (Provider) Class.forName("com.ibm.jsse2.IBMJSSEProvider2").newInstance();
            System.setProperty("com.ibm.jsse2.usefipsprovider", "true");
            if (Security.getProvider("IBMJCEPlusFIPS") != null) {
                if (rd.isOn(TraceLevel.MODERATE)) {
                    Trace.data(rd, TraceLevel.MODERATE, "initializeFips", "using IBMJCEPlusFIPS as JSSE2 FIPS provider");
                }
                System.setProperty("com.ibm.jsse2.usefipsProviderName", "IBMJCEPlusFIPS");
            }
            boolean z = false;
            boolean z2 = false;
            for (Provider provider2 : Security.getProviders()) {
                if (rd.isOn(TraceLevel.MODERATE)) {
                    Trace.data(rd, TraceLevel.MODERATE, "initializeFips", "Provider name: " + provider2.getName());
                }
                if ("IBMJCEFIPS".equals(provider2.getName())) {
                    z = true;
                }
                if ("IBMJCEPlusFIPS".equals(provider2.getName())) {
                    z2 = true;
                }
            }
            if (z2) {
                if (rd.isOn(TraceLevel.MODERATE)) {
                    Trace.data(rd, TraceLevel.MODERATE, "initializeFips", "using IBMJCEPlusFIPS");
                }
            } else if (!z && !z2) {
                Security.insertProviderAt((Provider) ClassLoader.getSystemClassLoader().loadClass("com.ibm.crypto.fips.provider.IBMJCEFIPS").newInstance(), 1);
                if (rd.isOn(TraceLevel.MODERATE)) {
                    Trace.data(rd, TraceLevel.MODERATE, "initializeFips", "added IBMJCEFIPS");
                }
            }
            try {
                if (rd.isOn(TraceLevel.MODERATE)) {
                    Trace.data(rd, TraceLevel.MODERATE, "initializeFips", "Getting TLS Context");
                }
                SSLContext sSLContext = SSLContext.getInstance("TLSv1.2", provider);
                if (rd.isFlowOn()) {
                    Trace.exit(rd, "initializeFips", sSLContext);
                }
                return sSLContext;
            } catch (NoSuchAlgorithmException e) {
                throw new GeneralSecurityException(NLS.format(rd, "SSL_FIPS_CONTEXT_CREATION_FAILED_BFGCI0003", e.getLocalizedMessage()));
            }
        } catch (Exception e2) {
            GeneralSecurityException generalSecurityException = new GeneralSecurityException(NLS.format(rd, "SSL_FIPS_JVM_CONFIGURATION_ERROR_BFGCI0002", e2.getLocalizedMessage()), e2);
            if (rd.isFlowOn()) {
                Trace.throwing(rd, "initializeFips", generalSecurityException);
            }
            throw generalSecurityException;
        }
    }

    public SSLSocketFactory getSSLSocketFactory() throws GeneralSecurityException {
        if (rd.isFlowOn()) {
            Trace.entry(rd, this, "getSSLSocketFactory", new Object[0]);
        }
        if (this.sslSocketFactory == null) {
            this.sslSocketFactory = getSSLContext().getSocketFactory();
        }
        if (rd.isFlowOn()) {
            Trace.exit(rd, this, "getSSLSocketFactory", this.sslSocketFactory);
        }
        return this.sslSocketFactory;
    }

    public String[] getAllowedCipherSuites(String[] strArr) {
        if (rd.isFlowOn()) {
            Trace.entry(rd, this, "getAllowedCipherSuites", strArr);
        }
        ArrayList arrayList = new ArrayList();
        String[] strArr2 = new String[0];
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add("SSL_RSA_WITH_AES_128_CBC_SHA");
        arrayList2.add("SSL_RSA_WITH_AES_256_CBC_SHA");
        arrayList2.add("SSL_RSA_WITH_3DES_EDE_CBC_SHA");
        arrayList2.add("SSL_RSA_WITH_NULL_SHA256");
        arrayList2.add("SSL_RSA_WITH_AES_128_CBC_SHA256");
        arrayList2.add("SSL_RSA_WITH_AES_256_CBC_SHA256");
        if (strArr == null) {
            try {
                if (rd.isOn(TraceLevel.MODERATE)) {
                    Trace.data(rd, TraceLevel.MODERATE, this, "getAllowedCipherSuites", "No cipher suites provided, generating our own list");
                }
                strArr = getSSLSocketFactory().getSupportedCipherSuites();
                if (rd.isOn(TraceLevel.MODERATE)) {
                    Trace.data(rd, TraceLevel.MODERATE, this, "getAllowedCipherSuites", "Cipher suites found: " + strArr);
                }
            } catch (GeneralSecurityException e) {
            }
        }
        if (this.fipsEnabled) {
            for (String str : strArr) {
                if (arrayList2.contains(str)) {
                    arrayList.add(str);
                }
            }
            if (!arrayList.isEmpty()) {
                strArr2 = (String[]) arrayList.toArray(new String[arrayList.size()]);
            } else if (rd.isOn(TraceLevel.MODERATE)) {
                Trace.data(rd, TraceLevel.MODERATE, this, "getAllowedCipherSuites", "No FIPS compliant cipher suites found");
            }
        } else {
            if (rd.isOn(TraceLevel.MODERATE)) {
                Trace.data(rd, TraceLevel.MODERATE, this, "getAllowedCipherSuites", "FIPS is not set, allowing all currently enabled Cipher Suites");
            }
            strArr2 = strArr;
        }
        if (rd.isFlowOn()) {
            Trace.exit(rd, this, "getAllowedCipherSuites", strArr2);
        }
        return strArr2;
    }

    public String toString() {
        return "SSLConnectionData [cipherSpec=" + this.cipherSpec + ", cipherSuite=" + this.cipherSuite + ", peerName=" + this.peerName + ", sslSocketFactory=" + this.sslSocketFactory + ", trustStore=" + this.trustCertStore.toString() + " keyStore=" + this.keyCertStore.toString() + "fipsEnabled=" + new Boolean(this.fipsEnabled).toString() + "]";
    }

    public boolean isFipsEnabled() {
        return this.fipsEnabled;
    }
}
