package com.ibm.ws.ssl.config;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ssl.Constants;
import com.ibm.websphere.ssl.SSLConfig;
import com.ibm.ws.config.xml.internal.nester.Nester;
import com.ibm.ws.ssl.internal.LibertyConstants;
import com.ibm.ws.ssl.internal.TraceConstants;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.TreeSet;

/* loaded from: input_file:com/ibm/ws/ssl/config/OutboundSSLSelections.class */
public class OutboundSSLSelections {
    private static final TraceComponent tc = Tr.register(OutboundSSLSelections.class, "SSL", TraceConstants.MESSAGE_BUNDLE);
    private static boolean warningIssued = false;
    private final Map<String, String> dynamicHostPortSelections = new HashMap();
    private final Map<String, String> dynamicHostSelections = new HashMap();
    private final Map<String, String> dynamicSelections = new HashMap();
    private final Map<Map<String, Object>, SSLConfig> dynamicLookupCache = new HashMap();
    private final Set<Map<String, Object>> dynamicLookupMisses = new TreeSet(new DynamicSSLCacheMissComparator());

    public Map<String, String> getDynamicSelections() {
        return this.dynamicSelections;
    }

    public void removeDynamicSelection(String str) {
        if (this.dynamicSelections.containsKey(str)) {
            this.dynamicSelections.remove(str);
        }
        if (this.dynamicHostSelections.containsKey(str)) {
            this.dynamicHostSelections.remove(str);
        }
        if (this.dynamicHostPortSelections.containsKey(str)) {
            this.dynamicHostPortSelections.remove(str);
        }
    }

    public synchronized void loadOutboundConnectionInfo(String str, Map<String, Object> map, Set<String> set) {
        String str2;
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "loadOutboundConnectionInfo", new Object[0]);
        }
        List<Map<String, Object>> nest = Nester.nest("outboundConnection", map);
        if (!nest.isEmpty()) {
            for (Map<String, Object> map2 : nest) {
                String str3 = (String) map2.get("host");
                String str4 = (String) map2.get("clientCertificate");
                if (str4 != null) {
                    str = str + ":" + str4;
                }
                String str5 = (String) map2.get("port");
                if (str5 != null) {
                    str2 = str3 + "," + str5.toString();
                    if (!this.dynamicHostPortSelections.containsKey(str2)) {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "loadOutboundConnectionInfo", new Object[]{"Adding " + str2 + " to the host port list, sslCfgAlias " + str});
                        }
                        this.dynamicHostPortSelections.put(str2, str);
                    } else if (!this.dynamicHostPortSelections.get(str2).equals(str)) {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "loadOutboundConnectionInfo", new Object[]{"Existing " + str2 + " : " + this.dynamicHostPortSelections.get(str2) + ",  trying to add " + str});
                        }
                        issueConflictWarning(str3, str5, this.dynamicHostPortSelections.get(str2));
                    }
                } else if (!str3.equals("*") || warningIssued || !isDefaultOutboundRefSet(str)) {
                    str2 = str3 + ",*";
                    if (!this.dynamicHostSelections.containsKey(str2)) {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "loadOutboundConnectionInfo", new Object[]{"Adding " + str2 + " to the host list"});
                        }
                        this.dynamicHostSelections.put(str2, str);
                    } else if (!this.dynamicHostSelections.get(str2).equals(str)) {
                        issueConflictWarning(str3, "*", this.dynamicHostSelections.get(str2));
                    }
                }
                set.add(str2);
                this.dynamicSelections.put(str2, str);
            }
        }
        this.dynamicLookupCache.clear();
        synchronized (this.dynamicLookupMisses) {
            this.dynamicLookupMisses.clear();
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "loadOutboundConnectionInfo");
        }
    }

    private boolean isDefaultOutboundRefSet(String str) {
        String globalProperty = SSLConfigManager.getInstance().getGlobalProperty(LibertyConstants.SSLPROP_OUTBOUND_DEFAULT_ALIAS);
        if (globalProperty == null) {
            return false;
        }
        Tr.warning(tc, "ssl.defaultOutbound.conflict.CWPKI0816W", new Object[]{str, globalProperty});
        warningIssued = true;
        return true;
    }

    private void issueConflictWarning(String str, String str2, String str3) {
        Tr.warning(tc, "ssl.dynamicSelection.conflict.CWPKI0815W", new Object[]{str, str2, str3});
    }

    public Properties getPropertiesFromDynamicSelectionInfo(Map<String, Object> map) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getPropertiesFromDynamicSelectionInfo", new Object[]{map});
        }
        if (map == null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "No connection information provided.", new Object[0]);
            }
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo");
            return null;
        }
        if (this.dynamicSelections.isEmpty()) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "There are no dynamic outbound selections configured.", new Object[0]);
            }
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo");
            return null;
        }
        synchronized (this.dynamicLookupMisses) {
            if (this.dynamicLookupMisses.contains(map)) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "This connectionInfo was checked before, found in the lookup misses cache.", new Object[0]);
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo");
                }
                return null;
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Dynamic outbound lookup cache size is " + this.dynamicLookupCache.size(), new Object[0]);
            }
            SSLConfig sSLConfig = this.dynamicLookupCache.get(map);
            if (sSLConfig != null) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Found in cache.", new Object[0]);
                }
                if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                    Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo", sSLConfig);
                }
                return sSLConfig;
            }
            String str = (String) map.get("com.ibm.ssl.direction");
            if (str != null && str.equals("inbound")) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Connection information is for an inbound connection return null.", new Object[0]);
                }
                if (!TraceComponent.isAnyTracingEnabled() || !tc.isEntryEnabled()) {
                    return null;
                }
                Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo");
                return null;
            }
            String str2 = (String) map.get("com.ibm.ssl.remoteHost");
            String str3 = (String) map.get("com.ibm.ssl.remotePort");
            Tr.debug(tc, "Host from connectionInfo is " + str2 + " and port from connectionInfo is " + str3, new Object[0]);
            if (str2 != null) {
                SSLConfig lookForMatchInList = lookForMatchInList(this.dynamicHostPortSelections, str2, str3);
                if (lookForMatchInList != null) {
                    this.dynamicLookupCache.put(map, lookForMatchInList);
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found in the host and port list.", new Object[0]);
                    }
                    if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                        Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo", lookForMatchInList);
                    }
                    return lookForMatchInList;
                }
                SSLConfig lookForMatchInList2 = lookForMatchInList(this.dynamicHostSelections, str2, str3);
                if (lookForMatchInList2 != null) {
                    this.dynamicLookupCache.put(map, lookForMatchInList2);
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found in the host list.", new Object[0]);
                    }
                    if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                        Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo", lookForMatchInList2);
                    }
                    return lookForMatchInList2;
                }
            }
            synchronized (this.dynamicLookupMisses) {
                if (this.dynamicLookupMisses.size() > 50) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cache miss tree set size is > 50, clearing the TreeSet.", new Object[0]);
                    }
                    this.dynamicLookupMisses.clear();
                }
                this.dynamicLookupMisses.add(map);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Cache miss tree set size is " + this.dynamicLookupMisses.size() + " entries.", new Object[0]);
                }
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "No match found in host or host and port list.", new Object[0]);
            }
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo");
            return null;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:60:0x0244  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected com.ibm.websphere.ssl.SSLConfig lookForMatchInList(java.util.Map<java.lang.String, java.lang.String> r8, java.lang.String r9, java.lang.String r10) {
        /*
            Method dump skipped, instructions count: 718
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.ssl.config.OutboundSSLSelections.lookForMatchInList(java.util.Map, java.lang.String, java.lang.String):com.ibm.websphere.ssl.SSLConfig");
    }

    private SSLConfig getSSLConfigForAlias(String str) {
        String property;
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getSSLConfigForAlias", new Object[]{str});
        }
        String str2 = null;
        String str3 = null;
        if (str != null && str.indexOf(":") != -1) {
            String[] split = str.split(":");
            if (split != null && split.length == 2) {
                str2 = split[0];
                str3 = split[1];
            }
        } else if (str != null) {
            str2 = str;
        }
        SSLConfig sSLConfig = SSLConfigManager.getInstance().getSSLConfig(str2);
        if (sSLConfig == null) {
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getSSLConfigForAlias");
            return null;
        }
        if (str3 != null && ((property = sSLConfig.getProperty(Constants.SSLPROP_KEY_STORE_CLIENT_ALIAS)) == null || !property.equals(str2))) {
            sSLConfig = new SSLConfig(sSLConfig);
            sSLConfig.setProperty(Constants.SSLPROP_KEY_STORE_CLIENT_ALIAS, str3);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "getSSLConfigForAlias", new Object[]{sSLConfig});
        }
        return sSLConfig;
    }

    private boolean doesHostMatch(String str, String str2) {
        boolean z = false;
        if (str2.equalsIgnoreCase(str)) {
            z = true;
        }
        return z;
    }

    private boolean doesHostDomainMatch(String str, String str2) {
        boolean z = false;
        if (str.startsWith("*.")) {
            if (str2.toLowerCase().endsWith(str.substring(1).toLowerCase())) {
                z = true;
            }
        }
        return z;
    }

    private boolean doesPortMatch(String str, String str2) {
        boolean z = false;
        if (str2.equalsIgnoreCase(str)) {
            z = true;
        }
        return z;
    }
}
