package com.ibm.ws.ssl.config;

import com.ibm.ISecurityUtilityImpl.InvalidPasswordDecodingException;
import com.ibm.ISecurityUtilityImpl.PasswordUtil;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.ffdc.config.FfdcConfigurator;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.ssl.JSSEProviderFactory;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.ssl.utils.SSLConfigFormatter;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Properties;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/ssl/config/SSLConfig.class */
public class SSLConfig extends Properties {
    private static final TraceComponent tc = Tr.register(SSLConfig.class, "SSL", "com.ibm.ws.ssl.resources.ssl");
    private static SSLConfigManager sslConfigManager = SSLConfigManager.getInstance();

    public SSLConfig() {
        initializeDefaults();
    }

    public SSLConfig(Properties properties) {
        if (properties != null) {
            super.putAll(properties);
        }
        initializeDefaults();
    }

    public SSLConfig(String str) {
        loadPropertiesFile(str, false);
        initializeDefaults();
    }

    private void initializeDefaults() {
        String property = getProperty("com.ibm.ssl.keyStoreType");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "keyStoreType: " + property);
        }
        if (property == null && getProperty(Constants.SYSTEM_SSLPROP_KEY_STORE_TYPE) == null) {
            setProperty(Constants.SSLPROP_KEY_STORE_FILE_BASED, "true");
            setProperty("com.ibm.ssl.keyStoreType", "JKS");
            property = "JKS";
        } else if (property == null || property.equals("JKS") || property.equals(Constants.KEYSTORE_TYPE_JCEKS) || property.equals(Constants.KEYSTORE_TYPE_PKCS12)) {
            setProperty(Constants.SSLPROP_KEY_STORE_FILE_BASED, "true");
        } else {
            setProperty(Constants.SSLPROP_KEY_STORE_FILE_BASED, "false");
        }
        String property2 = getProperty("com.ibm.ssl.trustStoreType");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "trustStoreType: " + property2);
        }
        if (property2 == null && getProperty(Constants.SYSTEM_SSLPROP_TRUST_STORE_TYPE) == null) {
            setProperty(Constants.SSLPROP_TRUST_STORE_FILE_BASED, "true");
            setProperty("com.ibm.ssl.trustStoreType", "JKS");
            property2 = "JKS";
        } else if (property2 == null || property2.equals("JKS") || property2.equals(Constants.KEYSTORE_TYPE_JCEKS) || property2.equals(Constants.KEYSTORE_TYPE_PKCS12)) {
            setProperty(Constants.SSLPROP_TRUST_STORE_FILE_BASED, "true");
        } else {
            setProperty(Constants.SSLPROP_TRUST_STORE_FILE_BASED, "false");
        }
        if (getProperty(Constants.SSLPROP_EXPIRED_WARNING) == null) {
            setProperty(Constants.SSLPROP_EXPIRED_WARNING, Constants.DEFAULT_CERT_EXPIRE_WARNING_DAYS);
        }
        if (getProperty("com.ibm.ssl.keyManager") == null) {
            setProperty("com.ibm.ssl.keyManager", JSSEProviderFactory.getKeyManagerFactoryAlgorithm());
        }
        if (getProperty("com.ibm.ssl.keyStoreProvider") == null) {
            setProperty("com.ibm.ssl.keyStoreProvider", "IBMJCE");
        }
        if (getProperty("com.ibm.ssl.protocol") == null) {
            setProperty("com.ibm.ssl.protocol", Constants.SSL_TLSV2);
        }
        if (getProperty("com.ibm.ssl.clientAuthentication") == null) {
            setProperty("com.ibm.ssl.clientAuthentication", "false");
        }
        if (getProperty("com.ibm.ssl.contextProvider") == null) {
            setProperty("com.ibm.ssl.contextProvider", "IBMJSSE2");
        }
        if (getProperty("com.ibm.ssl.securityLevel") == null) {
            setProperty("com.ibm.ssl.securityLevel", Constants.SECURITY_LEVEL_HIGH);
        }
        if (getProperty("com.ibm.ssl.trustManager") == null) {
            setProperty("com.ibm.ssl.trustManager", JSSEProviderFactory.getTrustManagerFactoryAlgorithm());
        }
        if (getProperty("com.ibm.ssl.trustStoreProvider") == null) {
            setProperty("com.ibm.ssl.trustStoreProvider", "IBMJCE");
        }
        if (getProperty(Constants.SSLPROP_VALIDATION_ENABLED) == null) {
            setProperty(Constants.SSLPROP_VALIDATION_ENABLED, "false");
        }
        if (getProperty(Constants.SSLPROP_TOKEN_ENABLED) == null) {
            setProperty(Constants.SSLPROP_TOKEN_ENABLED, "false");
        }
        String property3 = getProperty("com.ibm.ssl.keyStore");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "keyStore: " + property3);
        }
        String property4 = getProperty("com.ibm.ssl.keyStorePassword");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "keyStorePassword: " + SSLConfigManager.mask(property4));
        }
        String property5 = getProperty("com.ibm.ssl.trustStore");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "trustStore: " + property5);
        }
        String property6 = getProperty("com.ibm.ssl.trustStorePassword");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "trustStorePassword: " + SSLConfigManager.mask(property6));
        }
        if (property3 == null && property5 != null && property6 != null && property2 != null) {
            setProperty("com.ibm.ssl.keyStore", property5);
            setProperty("com.ibm.ssl.keyStorePassword", property6);
            setProperty("com.ibm.ssl.keyStoreType", property2);
        } else {
            if (property5 != null || property3 == null || property4 == null || property == null) {
                return;
            }
            setProperty("com.ibm.ssl.trustStore", property3);
            setProperty("com.ibm.ssl.trustStorePassword", property4);
            setProperty("com.ibm.ssl.trustStoreType", property);
        }
    }

    public void validateSSLConfig() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateSSLConfig");
        }
        try {
            if (!getProperty(Constants.SSLPROP_VALIDATION_ENABLED).equals("true")) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "validateSSLConfig not enabled.");
                }
            } else {
                JSSEProviderFactory.getInstance().getSSLContext(null, this);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "validateSSLConfig -> true");
                }
            }
        } catch (Exception e) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validateSSLConfig -> false");
            }
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean requiredPropertiesArePresent() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "requiredPropertiesArePresent");
        }
        boolean z = ((getProperty("com.ibm.ssl.keyStore") == null || getProperty("com.ibm.ssl.keyStore").equals("")) && (getProperty("com.ibm.ssl.trustStore") == null || getProperty("com.ibm.ssl.trustStore").equals("")) && ((getProperty("com.ibm.ssl.tokenLibraryFile") == null || getProperty("com.ibm.ssl.tokenLibraryFile").equals("")) && ((getProperty(Constants.SSLPROP_TRUST_STORE_NAME) == null || getProperty(Constants.SSLPROP_TRUST_STORE_NAME).equals("")) && (getProperty(Constants.SSLPROP_KEY_STORE_NAME) == null || getProperty(Constants.SSLPROP_KEY_STORE_NAME).equals(""))))) ? false : true;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "requiredPropertiesArePresent -> " + z);
        }
        return z;
    }

    @Override // java.util.Hashtable
    public String toString() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "toString");
        }
        Enumeration<?> propertyNames = propertyNames();
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("SSLConfig.toString() {\n");
        while (propertyNames.hasMoreElements()) {
            String str = (String) propertyNames.nextElement();
            String property = getProperty(str);
            if (str.toLowerCase().indexOf("password") != -1) {
                stringBuffer.append(str);
                stringBuffer.append(" = ");
                stringBuffer.append(SSLConfigManager.mask(property));
                stringBuffer.append("\n");
            } else {
                stringBuffer.append(str);
                stringBuffer.append(" = ");
                stringBuffer.append(property);
                stringBuffer.append("\n");
            }
        }
        stringBuffer.append("}");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "toString");
        }
        return stringBuffer.toString();
    }

    public SSLConfig[] loadPropertiesFile(final String str, final boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loadPropertiesFile", new Object[]{str, new Boolean(z)});
        }
        if (str == null) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "loadPropertiesFile (null props file)");
            return null;
        }
        try {
            SSLConfig[] sSLConfigArr = (SSLConfig[]) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.ssl.config.SSLConfig.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    InputStream inputStream = null;
                    try {
                        try {
                            InputStream openStream = new URL(str).openStream();
                            if (!z) {
                                SSLConfig.this.load(openStream);
                                if (openStream == null) {
                                    return null;
                                }
                                openStream.close();
                                return null;
                            }
                            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(openStream));
                            ArrayList arrayList = new ArrayList();
                            SSLConfig sSLConfig = new SSLConfig();
                            sSLConfig.clear();
                            while (true) {
                                String readLine = bufferedReader.readLine();
                                if (readLine == null) {
                                    break;
                                }
                                if (!readLine.trim().startsWith("#") && readLine.trim().length() > 0) {
                                    if (readLine.trim().startsWith("com.ibm.ssl.alias")) {
                                        if (SSLConfig.tc.isDebugEnabled()) {
                                            Tr.debug(SSLConfig.tc, "Saving SSL configuration...");
                                        }
                                        arrayList.add(sSLConfig);
                                        sSLConfig = new SSLConfig();
                                        int indexOf = readLine.indexOf("=");
                                        String substring = readLine.substring(0, indexOf);
                                        String substring2 = readLine.substring(indexOf + 1);
                                        if (SSLConfig.tc.isDebugEnabled()) {
                                            Tr.debug(SSLConfig.tc, "Parsing SSL configuration with alias: " + substring2);
                                        }
                                        sSLConfig.setProperty(substring, substring2.trim(), true);
                                    } else if (readLine.trim().indexOf("=") != -1) {
                                        int indexOf2 = readLine.indexOf("=");
                                        String substring3 = readLine.substring(0, indexOf2);
                                        String str2 = null;
                                        if (substring3 != null) {
                                            str2 = System.getProperty(substring3);
                                        }
                                        if (str2 == null) {
                                            str2 = readLine.substring(indexOf2 + 1);
                                        }
                                        if (SSLConfig.tc.isDebugEnabled()) {
                                            Tr.debug(SSLConfig.tc, "Parsing SSL property: " + substring3 + " = " + str2);
                                        }
                                        sSLConfig.setProperty(substring3, str2.trim(), true);
                                    }
                                }
                            }
                            if (SSLConfig.tc.isDebugEnabled()) {
                                Tr.debug(SSLConfig.tc, "Saving SSL configuration...");
                            }
                            arrayList.add(sSLConfig);
                            Object[] array = arrayList.toArray(new SSLConfig[arrayList.size()]);
                            if (openStream != null) {
                                openStream.close();
                            }
                            return array;
                        } catch (Exception e) {
                            throw e;
                        }
                    } catch (Throwable th) {
                        if (0 != 0) {
                            inputStream.close();
                        }
                        throw th;
                    }
                }
            });
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "loadPropertiesFile");
            }
            return sSLConfigArr;
        } catch (PrivilegedActionException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "loadPropertiesFile exception.", new Object[]{e.getException()});
            }
            Manager.Ffdc.log(e.getException(), this, "com.ibm.ws.ssl.config.SSLConfig.loadPropertiesFile", "394", this);
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "loadPropertiesFile");
            return null;
        }
    }

    public void decodePasswords() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "decodePasswords");
        }
        Enumeration<?> propertyNames = propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str = (String) propertyNames.nextElement();
            String property = getProperty(str);
            if (str.toLowerCase().indexOf("password") != -1) {
                setProperty(str, decodePassword(property));
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "decodePasswords");
        }
    }

    public static String decodePassword(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "decodePassword");
        }
        String str2 = null;
        try {
            str2 = PasswordUtil.decode(str);
            if (str2 != null && !WSKeyStore.defaultKeyStoreWarningIssued && str2.equals(Constants.DEFAULT_KEYSTORE_PASSWORD)) {
                Tr.warning(tc, "ssl.default.password.in.use.CWPKI0041W");
                WSKeyStore.defaultKeyStoreWarningIssued = true;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Successfully decoded the KeyStore password.");
            }
        } catch (InvalidPasswordDecodingException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Password was not decoded.");
            }
            str2 = str;
        } catch (Exception e2) {
            Manager.Ffdc.log(e2, SSLConfig.class, "com.ibm.ws.ssl.config.SSLConfig.decodePassword", "455");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception decoding KeyStore password.", new Object[]{e2});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "decodePassword");
        }
        return str2;
    }

    public static String validateURL(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Existing propertiesURL: " + str);
        }
        int i = 0;
        int indexOf = str.indexOf(58, 0) + 1;
        while (true) {
            if (indexOf < str.length()) {
                if (str.charAt(indexOf) != '/' && str.charAt(indexOf) != '\\') {
                    i = indexOf;
                    break;
                }
                indexOf++;
            } else {
                break;
            }
        }
        stringBuffer.append("file:/");
        stringBuffer.append(str.substring(i));
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "New propertiesURL: " + stringBuffer.toString());
        }
        return stringBuffer.toString();
    }

    public String getDynamicSelectionProperty() {
        return getProperty(Constants.SSLPROP_DYNAMIC_SELECTION_INFO);
    }

    @Override // java.util.Hashtable, java.util.Map
    public boolean equals(Object obj) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "equals");
        }
        if (!(obj instanceof SSLConfig)) {
            if (!tc.isEntryEnabled()) {
                return false;
            }
            Tr.exit(tc, "returning false (not SSLConfig");
            return false;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "thisSize == " + size() + ", otherSize == " + ((SSLConfig) obj).size());
        }
        if (size() != ((SSLConfig) obj).size()) {
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "The two collections are different sizes, they cannot be equal.");
            return false;
        }
        Enumeration<?> propertyNames = propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str = (String) propertyNames.nextElement();
            String property = getProperty(str);
            String property2 = ((SSLConfig) obj).getProperty(str);
            if (property != null && (property2 == null || !property.equals(property2))) {
                if (!tc.isDebugEnabled()) {
                    return false;
                }
                if (str.toLowerCase().indexOf("password") != -1) {
                    Tr.debug(tc, "Value \"" + SSLConfigManager.mask(property) + "\" does not match value \"" + SSLConfigManager.mask(property2) + "\" for property " + str + ", returning false.");
                    return false;
                }
                Tr.debug(tc, "Value \"" + property + "\" does not match value \"" + property2 + "\" for property " + str + ", returning false.");
                return false;
            }
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "All values match, returning true.");
        return true;
    }

    public void expandPaths() {
        String property = getProperty("com.ibm.ssl.keyStore");
        if (property != null && !property.equals("")) {
            setProperty("com.ibm.ssl.keyStore", KeyStoreManager.getInstance().expand(property));
        }
        String property2 = getProperty("com.ibm.ssl.trustStore");
        if (property2 == null || property2.equals("")) {
            return;
        }
        setProperty("com.ibm.ssl.trustStore", KeyStoreManager.getInstance().expand(property2));
    }

    /* JADX WARN: Code restructure failed: missing block: B:38:0x0133, code lost:
    
        r0 = r9.indexOf("\\=");
     */
    /* JADX WARN: Code restructure failed: missing block: B:39:0x013c, code lost:
    
        r10 = r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:40:0x013f, code lost:
    
        if (r10 == (-1)) goto L61;
     */
    /* JADX WARN: Code restructure failed: missing block: B:42:0x0149, code lost:
    
        if (r10 >= r9.length()) goto L60;
     */
    /* JADX WARN: Code restructure failed: missing block: B:43:0x014c, code lost:
    
        r9 = r9.substring(0, r10) + "=" + r9.substring(r10 + 2, r9.length());
        r0 = r9.indexOf("\\=");
     */
    /* JADX WARN: Code restructure failed: missing block: B:45:0x0185, code lost:
    
        r0 = r9.indexOf("\\:");
     */
    /* JADX WARN: Code restructure failed: missing block: B:46:0x018e, code lost:
    
        r10 = r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:47:0x0191, code lost:
    
        if (r10 == (-1)) goto L62;
     */
    /* JADX WARN: Code restructure failed: missing block: B:49:0x019b, code lost:
    
        if (r10 >= r9.length()) goto L63;
     */
    /* JADX WARN: Code restructure failed: missing block: B:50:0x019e, code lost:
    
        r9 = r9.substring(0, r10) + ":" + r9.substring(r10 + 2, r9.length());
        r0 = r9.indexOf("\\:");
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.Object setProperty(java.lang.String r6, java.lang.String r7, boolean r8) {
        /*
            Method dump skipped, instructions count: 527
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.ssl.config.SSLConfig.setProperty(java.lang.String, java.lang.String, boolean):java.lang.Object");
    }

    static {
        FfdcConfigurator.register(new SSLConfigFormatter());
    }
}
