package com.ibm.ws.security.mp.jwt.impl;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.ManualTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ssl.JSSEHelper;
import com.ibm.websphere.ssl.SSLConfigChangeListener;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.mp.jwt.SslRefInfo;
import com.ibm.ws.security.mp.jwt.error.MpJwtProcessingException;
import com.ibm.ws.ssl.KeyStoreService;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.ssl.SSLSupport;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import javax.crypto.SecretKey;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/mp/jwt/impl/SslRefInfoImpl.class */
public class SslRefInfoImpl implements SslRefInfo {
    public static final TraceComponent tc = Tr.register(SslRefInfoImpl.class, "MPJWT", "com.ibm.ws.security.mp.jwt.resources.MicroProfileJwtMessages");
    SSLSupport sslSupport;
    String sslRef;
    JSSEHelper jsseHelper = null;
    String sslKeyStoreName = null;
    String sslTrustStoreName = null;
    private String keyAliasName;
    AtomicServiceReference<KeyStoreService> keyStoreServiceRef;
    static final long serialVersionUID = -7776680581627730651L;

    @ManualTrace
    public SslRefInfoImpl(SSLSupport sSLSupport, AtomicServiceReference<KeyStoreService> atomicServiceReference, String str, String str2) {
        this.sslSupport = null;
        this.sslRef = null;
        this.keyAliasName = null;
        this.keyStoreServiceRef = null;
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "<init>", new Object[]{sSLSupport, atomicServiceReference, str, str2});
        }
        this.sslSupport = sSLSupport;
        this.sslRef = str;
        this.keyStoreServiceRef = atomicServiceReference;
        this.keyAliasName = str2;
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "<init>");
        }
    }

    @Override // com.ibm.ws.security.mp.jwt.SslRefInfo
    @ManualTrace
    public String getTrustStoreName() throws MpJwtProcessingException {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "getTrustStoreName", new Object[0]);
        }
        if (this.sslTrustStoreName == null) {
            init();
        }
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "getTrustStoreName", this.sslTrustStoreName);
        }
        return this.sslTrustStoreName;
    }

    @Override // com.ibm.ws.security.mp.jwt.SslRefInfo
    @ManualTrace
    public String getKeyStoreName() throws MpJwtProcessingException {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "getKeyStoreName", new Object[0]);
        }
        if (this.sslKeyStoreName == null) {
            init();
        }
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "getKeyStoreName", this.sslKeyStoreName);
        }
        return this.sslKeyStoreName;
    }

    @ManualTrace
    void init() throws MpJwtProcessingException {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "init", new Object[0]);
        }
        setUpJsseHelper();
        if (this.jsseHelper == null) {
            if (tc.isDebugEnabled()) {
                Tr.exit(tc, "init");
                return;
            }
            return;
        }
        try {
            setKeystoreAndTruststoreNames(getSslPropertiesFromJsseHelper());
            if (tc.isDebugEnabled()) {
                Tr.exit(tc, "init");
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.mp.jwt.impl.SslRefInfoImpl", "108", this, new Object[0]);
            String formatMessage = Tr.formatMessage(tc, "ERROR_LOADING_SSL_PROPS", new Object[]{e.getLocalizedMessage()});
            Tr.error(tc, formatMessage, new Object[0]);
            throw new MpJwtProcessingException(formatMessage, e);
        }
    }

    void setUpJsseHelper() {
        if (this.sslSupport == null) {
            return;
        }
        this.jsseHelper = this.sslSupport.getJSSEHelper();
    }

    Properties getSslPropertiesFromJsseHelper() throws SSLException {
        return this.sslRef != null ? getSslPropertiesFromSslRef() : getSslPropertiesFromConnectionInfo();
    }

    Properties getSslPropertiesFromSslRef() throws SSLException {
        return this.jsseHelper.getProperties(this.sslRef);
    }

    @ManualTrace
    Properties getSslPropertiesFromConnectionInfo() throws SSLException {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "getSslPropertiesFromConnectionInfo", new Object[0]);
        }
        HashMap hashMap = new HashMap();
        hashMap.put("com.ibm.ssl.direction", "inbound");
        Properties properties = this.jsseHelper.getProperties((String) null, hashMap, (SSLConfigChangeListener) null, true);
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "getSslPropertiesFromConnectionInfo", properties);
        }
        return properties;
    }

    void setKeystoreAndTruststoreNames(Properties properties) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "sslConfig (" + this.sslRef + ") get: " + properties, new Object[0]);
        }
        if (properties != null) {
            this.sslKeyStoreName = properties.getProperty("com.ibm.ssl.keyStoreName");
            this.sslTrustStoreName = properties.getProperty("com.ibm.ssl.trustStoreName");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "sslTrustStoreName: " + this.sslTrustStoreName, new Object[0]);
        }
    }

    @Override // com.ibm.ws.security.mp.jwt.SslRefInfo
    @ManualTrace
    public HashMap<String, PublicKey> getPublicKeys() throws MpJwtProcessingException {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "getPublicKeys", new Object[0]);
        }
        if (this.jsseHelper == null) {
            init();
        }
        HashMap<String, PublicKey> hashMap = new HashMap<>();
        if (this.sslTrustStoreName == null) {
            if (tc.isDebugEnabled()) {
                Tr.exit(tc, "getPublicKeys", hashMap);
            }
            return hashMap;
        }
        try {
            HashMap<String, PublicKey> publicKeysFromKeystore = getPublicKeysFromKeystore();
            if (tc.isDebugEnabled()) {
                Tr.exit(tc, "getPublicKeys", publicKeysFromKeystore);
            }
            return publicKeysFromKeystore;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.mp.jwt.impl.SslRefInfoImpl", "189", this, new Object[0]);
            String formatMessage = Tr.formatMessage(tc, "FAILED_TO_LOAD_PUBLIC_KEYS", new Object[]{this.sslTrustStoreName, e.getLocalizedMessage()});
            Tr.error(tc, formatMessage, new Object[0]);
            throw new MpJwtProcessingException(formatMessage, e);
        }
    }

    HashMap<String, PublicKey> getPublicKeysFromKeystore() throws MpJwtProcessingException {
        return getPublicKeysFromTrustedCertAliases(getKeyStoreService());
    }

    KeyStoreService getKeyStoreService() throws MpJwtProcessingException {
        KeyStoreService keyStoreService = (KeyStoreService) this.keyStoreServiceRef.getService();
        if (keyStoreService != null) {
            return keyStoreService;
        }
        String formatMessage = Tr.formatMessage(tc, "KEYSTORE_SERVICE_NOT_FOUND", new Object[0]);
        Tr.error(tc, formatMessage, new Object[0]);
        throw new MpJwtProcessingException(formatMessage);
    }

    HashMap<String, PublicKey> getPublicKeysFromTrustedCertAliases(KeyStoreService keyStoreService) throws MpJwtProcessingException {
        Collection<String> trustedCertAliases = getTrustedCertAliases(keyStoreService);
        if (trustedCertAliases != null) {
            return getPublicKeysFromAliasNames(keyStoreService, trustedCertAliases);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Did not find any trusted certificate aliases in the keystore", new Object[0]);
        }
        return new HashMap<>();
    }

    Collection<String> getTrustedCertAliases(KeyStoreService keyStoreService) throws MpJwtProcessingException {
        try {
            return keyStoreService.getTrustedCertEntriesInKeyStore(this.sslTrustStoreName);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.mp.jwt.impl.SslRefInfoImpl", "230", this, new Object[]{keyStoreService});
            String formatMessage = Tr.formatMessage(tc, "ERROR_LOADING_KEYSTORE_CERTIFICATES", new Object[]{this.sslTrustStoreName, e.getLocalizedMessage()});
            Tr.error(tc, formatMessage, new Object[0]);
            throw new MpJwtProcessingException(formatMessage, e);
        }
    }

    @ManualTrace
    HashMap<String, PublicKey> getPublicKeysFromAliasNames(KeyStoreService keyStoreService, Collection<String> collection) throws MpJwtProcessingException {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "getPublicKeysFromAliasNames", new Object[0]);
        }
        HashMap<String, PublicKey> hashMap = new HashMap<>();
        if (collection == null) {
            if (tc.isDebugEnabled()) {
                Tr.exit(tc, "getPublicKeysFromAliasNames", hashMap);
            }
            return hashMap;
        }
        for (String str : collection) {
            hashMap.put(str, getPublicKeyFromAlias(keyStoreService, str));
        }
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "getPublicKeysFromAliasNames", hashMap);
        }
        return hashMap;
    }

    PublicKey getPublicKeyFromAlias(KeyStoreService keyStoreService, String str) throws MpJwtProcessingException {
        try {
            return keyStoreService.getCertificateFromKeyStore(this.sslTrustStoreName, str).getPublicKey();
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.mp.jwt.impl.SslRefInfoImpl", "262", this, new Object[]{keyStoreService, str});
            String formatMessage = Tr.formatMessage(tc, "ERROR_LOADING_CERTIFICATE", new Object[]{str, this.sslTrustStoreName, e.getLocalizedMessage()});
            Tr.error(tc, formatMessage, new Object[0]);
            throw new MpJwtProcessingException(formatMessage, e);
        }
    }

    @Override // com.ibm.ws.security.mp.jwt.SslRefInfo
    @FFDCIgnore({Exception.class})
    @ManualTrace
    public PublicKey getPublicKey() throws MpJwtProcessingException {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "getPublicKey", new Object[0]);
        }
        if (this.jsseHelper == null) {
            init();
        }
        if (this.sslKeyStoreName == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.exit(tc, "getPublicKey", (Object) null);
            return null;
        }
        try {
            PublicKey keyFromKeyAliasOrFirstAvailable = getKeyFromKeyAliasOrFirstAvailable();
            if (tc.isDebugEnabled()) {
                Tr.exit(tc, "getPublicKey", keyFromKeyAliasOrFirstAvailable);
            }
            return keyFromKeyAliasOrFirstAvailable;
        } catch (Exception e) {
            String formatMessage = Tr.formatMessage(tc, "FAILED_TO_LOAD_PUBLIC_KEY", new Object[]{this.sslKeyStoreName, e.getLocalizedMessage()});
            Tr.error(tc, formatMessage, new Object[0]);
            throw new MpJwtProcessingException(formatMessage, e);
        }
    }

    PublicKey getKeyFromKeyAliasOrFirstAvailable() throws MpJwtProcessingException {
        return isKeyAliasConfigured() ? getKeyFromKeyAlias() : getFirstAvailableKey();
    }

    boolean isKeyAliasConfigured() {
        return (this.keyAliasName == null || this.keyAliasName.trim().isEmpty()) ? false : true;
    }

    PublicKey getKeyFromKeyAlias() throws MpJwtProcessingException {
        try {
            return getKeyStoreService().getCertificateFromKeyStore(this.sslKeyStoreName, this.keyAliasName).getPublicKey();
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.mp.jwt.impl.SslRefInfoImpl", "316", this, new Object[0]);
            String formatMessage = Tr.formatMessage(tc, "ERROR_LOADING_CERTIFICATE", new Object[]{this.keyAliasName, this.sslTrustStoreName, e.getLocalizedMessage()});
            Tr.error(tc, formatMessage, new Object[0]);
            throw new MpJwtProcessingException(formatMessage, e);
        }
    }

    @ManualTrace
    PublicKey getFirstAvailableKey() throws MpJwtProcessingException {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "getFirstAvailableKey", new Object[0]);
        }
        try {
            Iterator<Map.Entry<String, PublicKey>> it = getPublicKeys().entrySet().iterator();
            if (it.hasNext()) {
                PublicKey value = it.next().getValue();
                if (tc.isDebugEnabled()) {
                    Tr.exit(tc, "getFirstAvailableKey", value);
                }
                return value;
            }
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.exit(tc, "getFirstAvailableKey", (Object) null);
            return null;
        } catch (MpJwtProcessingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.mp.jwt.impl.SslRefInfoImpl", "332", this, new Object[0]);
            Tr.error(tc, Tr.formatMessage(tc, "FAILED_TO_LOAD_FIRST_AVAILABLE_KEY", new Object[]{this.sslTrustStoreName, e.getLocalizedMessage()}), new Object[0]);
            throw e;
        }
    }

    @Override // com.ibm.ws.security.mp.jwt.SslRefInfo
    public PrivateKey getPrivateKey() throws MpJwtProcessingException {
        return null;
    }

    @Override // com.ibm.ws.security.mp.jwt.SslRefInfo
    public SecretKey getSecretKey() throws MpJwtProcessingException {
        return null;
    }
}
