package com.ibm.ws.security.sso.common.saml;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Dictionary;
import java.util.List;
import java.util.Map;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.sso.common_1.0.12.jar:com/ibm/ws/security/sso/common/saml/PkixTrustEngineConfig.class */
public abstract class PkixTrustEngineConfig {
    public TraceComponent tcCommon;
    private static final String UTF8 = "UTF-8";
    public static final String KEY_trustedIssuers = "trustedIssuers";
    public static final String KEY_pkixTrustEngine = "pkixTrustEngine";
    public static final String KEY_trustEngine_x509cert = "x509Certificate";
    public static final String KEY_trustEngine_crl = "crl";
    public static final String KEY_trustEngine_trustAnchor = "trustAnchor";
    public static final String KEY_trustEngine_path = "path";
    static final long serialVersionUID = 7609432596937370734L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(PkixTrustEngineConfig.class);
    public static final Object KEY_PROVIDER_ID = "id";
    protected String commonProviderId = null;
    private ConfigurationAdmin commonConfigAdmin = null;
    protected List<String> pkixX509List = Collections.synchronizedList(new ArrayList());
    protected List<String> pkixCrlList = Collections.synchronizedList(new ArrayList());
    protected String trustAnchorName = null;
    protected String[] trustedIssuers = null;
    protected boolean isPkixTrustEngineEnabled = false;

    protected void processPkixTrustEngine(Map<String, Object> map, ConfigurationAdmin configurationAdmin) throws Exception {
        this.commonProviderId = (String) map.get(KEY_PROVIDER_ID);
        this.commonConfigAdmin = configurationAdmin;
        this.pkixX509List = Collections.synchronizedList(new ArrayList());
        this.pkixCrlList = Collections.synchronizedList(new ArrayList());
        this.isPkixTrustEngineEnabled = false;
        String[] strArr = (String[]) map.get(KEY_pkixTrustEngine);
        String str = (strArr == null || strArr.length <= 0) ? null : strArr[0];
        if (TraceComponent.isAnyTracingEnabled() && this.tcCommon.isDebugEnabled()) {
            Tr.debug(this.tcCommon, "pkixTrustEngine pid:" + str + (strArr != null ? "  size:" + strArr.length : "  null"), new Object[0]);
        }
        if (str == null || str.isEmpty()) {
            return;
        }
        this.isPkixTrustEngineEnabled = true;
        processPkixTrustEngineData(str);
    }

    public void processPkixTrustEngineData(String str) {
        try {
            Dictionary properties = this.commonConfigAdmin.getConfiguration(str).getProperties();
            if (properties == null) {
                return;
            }
            this.trustAnchorName = (String) properties.get(KEY_trustEngine_trustAnchor);
            if (TraceComponent.isAnyTracingEnabled() && this.tcCommon.isDebugEnabled()) {
                Tr.debug(this.tcCommon, "trustAnchor = " + this.trustAnchorName, new Object[0]);
            }
            String[] strArr = (String[]) properties.get(KEY_trustEngine_x509cert);
            if (strArr != null && strArr.length != 0) {
                for (String str2 : strArr) {
                    try {
                        Configuration configuration = this.commonConfigAdmin.getConfiguration(str2);
                        if (configuration != null && configuration.getProperties() != null) {
                            String str3 = (String) configuration.getProperties().get("path");
                            this.pkixX509List.add(str3);
                            if (TraceComponent.isAnyTracingEnabled() && this.tcCommon.isDebugEnabled()) {
                                Tr.debug(this.tcCommon, "Added x509 cert path: " + str3, new Object[0]);
                            }
                        } else if (TraceComponent.isAnyTracingEnabled() && this.tcCommon.isDebugEnabled()) {
                            Tr.debug(this.tcCommon, "NULL X509 Certificate configuration", new Object[]{str2});
                        }
                    } catch (IOException e) {
                        FFDCFilter.processException(e, "com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig", "126", this, new Object[]{str});
                        if (TraceComponent.isAnyTracingEnabled() && this.tcCommon.isDebugEnabled()) {
                            Tr.debug(this.tcCommon, "Invalid X509 Certificate configuration", new Object[]{str2});
                        }
                    }
                }
            } else if (TraceComponent.isAnyTracingEnabled() && this.tcCommon.isDebugEnabled()) {
                Tr.debug(this.tcCommon, "No X509Certificates were defined in the trust engine configuration. ", new Object[0]);
            }
            String[] strArr2 = (String[]) properties.get(KEY_trustEngine_crl);
            if (strArr2 != null && strArr2.length != 0) {
                for (String str4 : strArr2) {
                    try {
                        Configuration configuration2 = this.commonConfigAdmin.getConfiguration(str4);
                        if (configuration2 != null && configuration2.getProperties() != null) {
                            String str5 = (String) configuration2.getProperties().get("path");
                            this.pkixCrlList.add(str5);
                            if (TraceComponent.isAnyTracingEnabled() && this.tcCommon.isDebugEnabled()) {
                                Tr.debug(this.tcCommon, "Added crl path: " + str5, new Object[0]);
                            }
                        } else if (TraceComponent.isAnyTracingEnabled() && this.tcCommon.isDebugEnabled()) {
                            Tr.debug(this.tcCommon, "NULL CRL configuration", new Object[]{str4});
                        }
                    } catch (IOException e2) {
                        FFDCFilter.processException(e2, "com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig", "159", this, new Object[]{str});
                        if (TraceComponent.isAnyTracingEnabled() && this.tcCommon.isDebugEnabled()) {
                            Tr.debug(this.tcCommon, "Invalid CRL configuration", new Object[]{str4});
                        }
                    }
                }
            } else if (TraceComponent.isAnyTracingEnabled() && this.tcCommon.isDebugEnabled()) {
                Tr.debug(this.tcCommon, "No CRLs were defined in the trust engine configuration. ", new Object[0]);
            }
            this.trustedIssuers = trim((String[]) properties.get(KEY_trustedIssuers));
            if (this.trustedIssuers != null) {
                for (int i = 0; i < this.trustedIssuers.length; i++) {
                    try {
                        this.trustedIssuers[i] = URLDecoder.decode(this.trustedIssuers[i], "UTF-8");
                        if (TraceComponent.isAnyTracingEnabled() && this.tcCommon.isDebugEnabled()) {
                            Tr.debug(this.tcCommon, "trustedIssuer[" + i + "] = " + this.trustedIssuers[i], new Object[0]);
                        }
                    } catch (UnsupportedEncodingException e3) {
                        FFDCFilter.processException(e3, "com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig", "188", this, new Object[]{str});
                        if (TraceComponent.isAnyTracingEnabled() && this.tcCommon.isDebugEnabled()) {
                            Tr.debug(this.tcCommon, "get an unexected Exception:" + e3, new Object[0]);
                        }
                    }
                }
            }
        } catch (IOException e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig", "97", this, new Object[]{str});
            if (TraceComponent.isAnyTracingEnabled() && this.tcCommon.isDebugEnabled()) {
                Tr.debug(this.tcCommon, "Invalid saml websso trust engine configuration", new Object[]{str});
            }
        }
    }

    public String toString() {
        String str = "\nproviderId:" + this.commonProviderId + "\ntrustedIssuers:" + (this.trustedIssuers == null ? "null" : Integer.valueOf(this.trustedIssuers.length)) + (!this.isPkixTrustEngineEnabled ? ";" : "\npkixTrustEngine enabled\nx509 cert list:" + this.pkixX509List.toString() + "\ncrl list:" + this.pkixCrlList.toString());
        if (this.tcCommon.isDebugEnabled()) {
            Tr.debug(this.tcCommon, str, new Object[0]);
        }
        return str;
    }

    public Collection<X509CRL> getX509Crls() {
        ArrayList arrayList = new ArrayList();
        InputStream inputStream = null;
        try {
            try {
                try {
                    for (final String str : this.pkixCrlList) {
                        try {
                            inputStream = (InputStream) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig.1
                                static final long serialVersionUID = -1509173168855112441L;
                                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

                                @Override // java.security.PrivilegedExceptionAction
                                public Object run() throws FileNotFoundException {
                                    return new FileInputStream(str);
                                }
                            });
                            X509CRL x509crl = (X509CRL) CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCRL(inputStream);
                            if (x509crl != null) {
                                arrayList.add(x509crl);
                            }
                        } catch (PrivilegedActionException e) {
                            FFDCFilter.processException(e, "com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig", "237", this, new Object[0]);
                            throw ((FileNotFoundException) e.getException());
                        }
                    }
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e2) {
                            FFDCFilter.processException(e2, "com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig", "266", this, new Object[0]);
                        }
                    }
                } catch (Throwable th) {
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e3) {
                            FFDCFilter.processException(e3, "com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig", "266", this, new Object[0]);
                        }
                    }
                    throw th;
                }
            } catch (CertificateException e4) {
                FFDCFilter.processException(e4, "com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig", "257", this, new Object[0]);
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e5) {
                        FFDCFilter.processException(e5, "com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig", "266", this, new Object[0]);
                    }
                }
            }
        } catch (FileNotFoundException e6) {
            FFDCFilter.processException(e6, "com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig", "247", this, new Object[0]);
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e7) {
                    FFDCFilter.processException(e7, "com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig", "266", this, new Object[0]);
                }
            }
        } catch (CRLException e8) {
            FFDCFilter.processException(e8, "com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig", "252", this, new Object[0]);
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e9) {
                    FFDCFilter.processException(e9, "com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig", "266", this, new Object[0]);
                }
            }
        }
        return arrayList;
    }

    public void addX509Certs(Collection<X509Certificate> collection) {
        InputStream inputStream = null;
        try {
            try {
                try {
                    for (final String str : this.pkixX509List) {
                        try {
                            inputStream = (InputStream) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig.2
                                static final long serialVersionUID = 6149033063262553166L;
                                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass2.class);

                                @Override // java.security.PrivilegedExceptionAction
                                public Object run() throws FileNotFoundException {
                                    return new FileInputStream(str);
                                }
                            });
                            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificate(inputStream);
                            if (x509Certificate != null) {
                                collection.add(x509Certificate);
                            }
                        } catch (PrivilegedActionException e) {
                            FFDCFilter.processException(e, "com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig", "296", this, new Object[]{collection});
                            throw ((FileNotFoundException) e.getException());
                        }
                    }
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e2) {
                            FFDCFilter.processException(e2, "com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig", "315", this, new Object[]{collection});
                        }
                    }
                } catch (Throwable th) {
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e3) {
                            FFDCFilter.processException(e3, "com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig", "315", this, new Object[]{collection});
                        }
                    }
                    throw th;
                }
            } catch (FileNotFoundException e4) {
                FFDCFilter.processException(e4, "com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig", "307", this, new Object[]{collection});
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e5) {
                        FFDCFilter.processException(e5, "com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig", "315", this, new Object[]{collection});
                    }
                }
            }
        } catch (CertificateException e6) {
            FFDCFilter.processException(e6, "com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig", "309", this, new Object[]{collection});
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e7) {
                    FFDCFilter.processException(e7, "com.ibm.ws.security.sso.common.saml.PkixTrustEngineConfig", "315", this, new Object[]{collection});
                }
            }
        }
    }

    public abstract Collection<X509Certificate> getPkixTrustAnchors();

    public String[] trim(String[] strArr) {
        if (strArr == null || strArr.length == 0) {
            return null;
        }
        String[] strArr2 = new String[strArr.length];
        int i = 0;
        for (String str : strArr) {
            String trim = trim(str);
            if (trim != null) {
                int i2 = i;
                i++;
                strArr2[i2] = trim;
            }
        }
        if (i == 0) {
            return null;
        }
        String[] strArr3 = new String[i];
        System.arraycopy(strArr2, 0, strArr3, 0, i);
        return strArr3;
    }

    public String trim(String str) {
        if (str == null) {
            return null;
        }
        String trim = str.trim();
        if (trim.isEmpty()) {
            return null;
        }
        return trim;
    }

    public String[] getPkixTrustedIssuers() {
        if (this.trustedIssuers == null) {
            return null;
        }
        return (String[]) this.trustedIssuers.clone();
    }
}
