package com.ibm.ws.security.config;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.security.web.inbound.saml.Constants;
import com.ibm.ws.ssl.channel.impl.SSLChannelData;
import com.ibm.wsspi.runtime.config.ConfigObject;
import java.util.List;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/security/config/SSLConfigCompare.class */
public class SSLConfigCompare {
    private static TraceComponent tc = Tr.register(SSLConfigCompare.class, "SecurityConfigManager", "com.ibm.ejs.resources.security");
    private static String[] repertoireStrings = {SSLChannelData.ALIAS_KEY, "type"};
    private static String[] settingsStrings = {"securityLevel", "enabledCiphers", "jsseProvider", "sslProtocol", Constants.KEY_STORE, Constants.TRUST_STORE, "serverKeyAlias", "clientKeyAlias", "trustManager", "keyManager", "keyFileName", "keyFileFormat", "keyFilePassword", "trustFileName", "trustFileFormat", "trustFilePassword"};
    private static String[] settingsBooleans = {"clientAuthentication", "clientAuthenticationSupported"};
    private static String[] sslConfigGroupsStrings = {"certificateAlias", UserRegistryConfig.SSL_CONFIG};
    private static String[] keyStoresStrings = {"password", "provider", "location", "type", "hostList", "description", "usage"};
    private static String[] keyStoresBooleans = {"fileBased", "readOnly", "initializeAtStartup", "createStashFileForCMS", "useForAcceleration"};
    private static String[] dynamicSSLConfigSelectionsStrings = {"description", "dynamicSelectionInfo", "certificateAlias", UserRegistryConfig.SSL_CONFIG};
    private static String[] keyManagersStrings = {"provider", "algorithm", "keyManagerClass"};
    private static String[] trustManagersStrings = {"provider", "algorithm", "trustManagerClass"};
    private static String[] keySetsStrings = {"aliasPrefix", "password", "maxKeyReferences", "keyGenerationClass", Constants.KEY_STORE};
    private static String[] keySetsBooleans = {"deleteOldKeys", "isKeyPair"};
    private static String[] keySetGroupsStrings = {"wsSchedule", "keySet"};
    private static String[] keySetGroupsBooleans = {"autoGenerate"};
    private static String[] sslConfigObjs = {"repertoire", "keyStores", "sslConfigGroups", "dynamicSSLConfigSelections", "keyManagers", "trustManagers", "keySets", "keySetGroups", "properties"};

    public static boolean sslConfigChanged() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "sslConfigChanged");
        }
        boolean sslConfigObjChanged = sslConfigObjChanged(SecurityObjectLocator.getSecurityConfigManager().getObject("security"), RCSHelper.loadTopLevelObjectFromRCS("security.xml", "cell"));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "sslConfigChanged: " + sslConfigObjChanged);
        }
        return sslConfigObjChanged;
    }

    public static boolean sslConfigObjChanged(SecurityConfigObject securityConfigObject, ConfigObject configObject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "sslConfigObjChanged");
        }
        for (int i = 0; i < sslConfigObjs.length; i++) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Checking for changes in the  " + sslConfigObjs[i] + " object.");
            }
            SecurityConfigObjectList objectList = securityConfigObject.getObjectList(sslConfigObjs[i]);
            List objectList2 = configObject.getObjectList(sslConfigObjs[i]);
            if (sslConfigObjs[i].equals("repertoire")) {
                if (repertoireChanged(objectList, objectList2)) {
                    if (!tc.isDebugEnabled()) {
                        return true;
                    }
                    Tr.debug(tc, "The " + sslConfigObjs[i] + " object of the SSL Configuration changed.");
                    return true;
                }
            } else if (sslConfigObjs[i].equals("keyStores")) {
                if (attrsChanged(objectList, objectList2, sslConfigObjs[i], keyStoresStrings, keyStoresBooleans, null)) {
                    if (!tc.isDebugEnabled()) {
                        return true;
                    }
                    Tr.debug(tc, "The " + sslConfigObjs[i] + " object of the SSL Configuration changed.");
                    return true;
                }
            } else if (sslConfigObjs[i].equals("sslConfigGroups")) {
                if (sslCfgGroupsChanged(objectList, objectList2)) {
                    if (!tc.isDebugEnabled()) {
                        return true;
                    }
                    Tr.debug(tc, "The " + sslConfigObjs[i] + " object of the SSL Configuration changed.");
                    return true;
                }
            } else if (sslConfigObjs[i].equals("dynamicSSLConfigSelections")) {
                if (attrsChanged(objectList, objectList2, sslConfigObjs[i], dynamicSSLConfigSelectionsStrings, null, null)) {
                    if (!tc.isDebugEnabled()) {
                        return true;
                    }
                    Tr.debug(tc, "The " + sslConfigObjs[i] + " part of the SSL Configuration changed.");
                    return true;
                }
            } else if (sslConfigObjs[i].equals("keyManagers")) {
                if (attrsChanged(objectList, objectList2, sslConfigObjs[i], keyManagersStrings, null, "additionalKeyManagerAttrs")) {
                    if (!tc.isDebugEnabled()) {
                        return true;
                    }
                    Tr.debug(tc, "The " + sslConfigObjs[i] + " part of the SSL Configuration changed.");
                    return true;
                }
            } else if (sslConfigObjs[i].equals("trustManagers")) {
                if (attrsChanged(objectList, objectList2, sslConfigObjs[i], trustManagersStrings, null, "additionalTrustManagerAttrs")) {
                    if (!tc.isDebugEnabled()) {
                        return true;
                    }
                    Tr.debug(tc, "The " + sslConfigObjs[i] + " part of the SSL Configuration changed.");
                    return true;
                }
            } else if (sslConfigObjs[i].equals("keySets")) {
                if (keySetChanged(objectList, objectList2)) {
                    if (!tc.isDebugEnabled()) {
                        return true;
                    }
                    Tr.debug(tc, "The " + sslConfigObjs[i] + " part of the SSL Configuration changed.");
                    return true;
                }
            } else if (sslConfigObjs[i].equals("keySetGroups")) {
                if (attrsChanged(objectList, objectList2, sslConfigObjs[i], keySetGroupsStrings, keySetGroupsBooleans, null)) {
                    if (!tc.isDebugEnabled()) {
                        return true;
                    }
                    Tr.debug(tc, "The " + sslConfigObjs[i] + " part of the SSL Configuration changed.");
                    return true;
                }
            } else if (sslConfigObjs[i].equals("properties") && sslConfigPropertiesChanged(securityConfigObject, configObject)) {
                if (!tc.isDebugEnabled()) {
                    return true;
                }
                Tr.debug(tc, "Custom properties of the SSL Configuration changed.");
                return true;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "sslConfigObjChangedfalse");
        }
        return false;
    }

    protected static boolean repertoireChanged(SecurityConfigObjectList securityConfigObjectList, List list) {
        if (securityConfigObjectList.size() != list.size()) {
            if (!tc.isDebugEnabled()) {
                return true;
            }
            Tr.debug(tc, "There is a different number of repertiores between the cache and the configuration");
            return true;
        }
        for (int i = 0; i < securityConfigObjectList.size(); i++) {
            SecurityConfigObject securityConfigObject = securityConfigObjectList.get(i);
            ConfigObject objectFromConfig = getObjectFromConfig(list, securityConfigObject.getString(SSLChannelData.ALIAS_KEY), securityConfigObject.getString("managementScope", null), SSLChannelData.ALIAS_KEY);
            if (objectFromConfig == null || !areStringsValuesTheSame(securityConfigObject, objectFromConfig, "type")) {
                return true;
            }
            SecurityConfigObject object = securityConfigObject.getObject("setting");
            ConfigObject object2 = objectFromConfig.getObject("setting");
            for (int i2 = 0; i2 < settingsStrings.length; i2++) {
                if (!areStringsValuesTheSame(object, object2, settingsStrings[i2])) {
                    return true;
                }
            }
            for (int i3 = 0; i3 < settingsBooleans.length; i3++) {
                if (!areBooleansValuesTheSame(object, object2, settingsBooleans[i3])) {
                    return true;
                }
            }
            if (!arePropertiesTheSame(object.getObjectList("properties"), object2.getObjectList("properties"))) {
                return true;
            }
        }
        return false;
    }

    protected static boolean sslCfgGroupsChanged(SecurityConfigObjectList securityConfigObjectList, List list) {
        if (securityConfigObjectList.size() != list.size()) {
            if (!tc.isDebugEnabled()) {
                return true;
            }
            Tr.debug(tc, "There is a different number of sslConfigGroups between the cache and the configuration");
            return true;
        }
        for (int i = 0; i < securityConfigObjectList.size(); i++) {
            SecurityConfigObject securityConfigObject = securityConfigObjectList.get(i);
            ConfigObject sSLConfigGrpFromConfig = getSSLConfigGrpFromConfig(list, securityConfigObject.getString("name"), securityConfigObject.getString("managementScope"), securityConfigObject.getString("direction"));
            if (sSLConfigGrpFromConfig == null) {
                return true;
            }
            for (int i2 = 0; i2 < sslConfigGroupsStrings.length; i2++) {
                if (!areStringsValuesTheSame(securityConfigObject, sSLConfigGrpFromConfig, sslConfigGroupsStrings[i2])) {
                    return true;
                }
            }
        }
        return false;
    }

    protected static boolean keySetChanged(SecurityConfigObjectList securityConfigObjectList, List list) {
        if (securityConfigObjectList.size() != list.size()) {
            if (!tc.isDebugEnabled()) {
                return true;
            }
            Tr.debug(tc, "The number of keySets objects has changed.");
            return true;
        }
        for (int i = 0; i < securityConfigObjectList.size(); i++) {
            SecurityConfigObject securityConfigObject = securityConfigObjectList.get(i);
            String string = securityConfigObject.getString("name");
            ConfigObject objectFromConfig = getObjectFromConfig(list, string, securityConfigObject.isSet("managementScope") ? securityConfigObject.getString("managementScope") : null, "name");
            if (objectFromConfig == null) {
                return true;
            }
            for (int i2 = 0; i2 < keySetsStrings.length; i2++) {
                if (!areStringsValuesTheSame(securityConfigObject, objectFromConfig, keySetsStrings[i2])) {
                    return true;
                }
            }
            for (int i3 = 0; i3 < keySetsBooleans.length; i3++) {
                if (!areBooleansValuesTheSame(securityConfigObject, objectFromConfig, keySetsBooleans[i3])) {
                    return true;
                }
            }
            SecurityConfigObjectList objectList = securityConfigObject.getObjectList("keyReference");
            List objectList2 = objectFromConfig.getObjectList("keyReference");
            if (objectList.size() != objectList2.size()) {
                if (!tc.isDebugEnabled()) {
                    return true;
                }
                Tr.debug(tc, "The number of keyReferences on the " + string + " object has changed.");
                return true;
            }
            for (int i4 = 0; i4 < objectList.size(); i4++) {
                SecurityConfigObject securityConfigObject2 = objectList.get(i4);
                String string2 = securityConfigObject2.getString("keyAlias");
                Integer integer = securityConfigObject2.getInteger("version");
                ConfigObject objectFromConfig2 = getObjectFromConfig(objectList2, string2, "keyAlias");
                if (objectFromConfig2 == null || !objectFromConfig2.getString("version", "defaultValue").equals(integer.toString())) {
                    return true;
                }
            }
        }
        return false;
    }

    protected static boolean attrsChanged(SecurityConfigObjectList securityConfigObjectList, List list, String str, String[] strArr, String[] strArr2, String str2) {
        if (securityConfigObjectList.size() != list.size()) {
            if (!tc.isDebugEnabled()) {
                return true;
            }
            Tr.debug(tc, "The number of " + str + " objects has changed.");
            return true;
        }
        for (int i = 0; i < securityConfigObjectList.size(); i++) {
            SecurityConfigObject securityConfigObject = securityConfigObjectList.get(i);
            ConfigObject objectFromConfig = getObjectFromConfig(list, securityConfigObject.getString("name"), securityConfigObject.getString("managementScope"), "name");
            if (objectFromConfig == null) {
                return true;
            }
            if (strArr != null) {
                for (String str3 : strArr) {
                    if (!areStringsValuesTheSame(securityConfigObject, objectFromConfig, str3)) {
                        return true;
                    }
                }
            }
            if (strArr2 != null) {
                for (String str4 : strArr2) {
                    if (!areBooleansValuesTheSame(securityConfigObject, objectFromConfig, str4)) {
                        return true;
                    }
                }
            }
            if (str2 != null && !arePropertiesTheSame(securityConfigObject.getObjectList(str2), objectFromConfig.getObjectList(str2))) {
                return true;
            }
        }
        return false;
    }

    protected static ConfigObject getObjectFromConfig(List list, String str, String str2, String str3) {
        for (int i = 0; i < list.size(); i++) {
            ConfigObject configObject = (ConfigObject) list.get(i);
            if (configObject.getString(str3, null).equals(str)) {
                if (configObject.isSet("managementScope")) {
                    if (configObject.getString("managementScope", null).equals(str2)) {
                        return configObject;
                    }
                } else if (str2 == null) {
                    return configObject;
                }
            }
        }
        return null;
    }

    protected static ConfigObject getObjectFromConfig(List list, String str, String str2) {
        for (int i = 0; i < list.size(); i++) {
            ConfigObject configObject = (ConfigObject) list.get(i);
            if (configObject.getString(str2, null).equals(str)) {
                return configObject;
            }
        }
        return null;
    }

    protected static ConfigObject getSSLConfigGrpFromConfig(List list, String str, String str2, String str3) {
        ConfigObject configObject = null;
        for (int i = 0; i < list.size(); i++) {
            configObject = (ConfigObject) list.get(i);
            if (configObject.getString("name", null).equals(str)) {
                if (configObject.isSet("managementScope")) {
                    String string = configObject.getString("managementScope", null);
                    String string2 = configObject.getString("direction", null);
                    if (string.equals(str2) && string2.equals(str3)) {
                        return configObject;
                    }
                } else if (str2 == null) {
                    return configObject;
                }
            }
        }
        return configObject;
    }

    protected static boolean areStringsValuesTheSame(SecurityConfigObject securityConfigObject, ConfigObject configObject, String str) {
        boolean isSet = securityConfigObject.isSet(str);
        boolean isSet2 = configObject.isSet(str);
        if (!isSet2 && !isSet) {
            return true;
        }
        if (isSet2 && isSet) {
            if (configObject.getUnexpandedString(str, "defaultValue").equals(securityConfigObject.getUnexpandedString(str))) {
                return true;
            }
        }
        if (!tc.isDebugEnabled()) {
            return false;
        }
        Tr.debug(tc, "The " + str + " attribute has changed.");
        return false;
    }

    protected static boolean areBooleansValuesTheSame(SecurityConfigObject securityConfigObject, ConfigObject configObject, String str) {
        boolean isSet = securityConfigObject.isSet(str);
        boolean isSet2 = configObject.isSet(str);
        if (!isSet2 && !isSet) {
            return true;
        }
        if (isSet2 && isSet) {
            if (Boolean.valueOf(configObject.getBoolean(str, false)).equals(securityConfigObject.getBoolean(str))) {
                return true;
            }
        }
        if (!tc.isDebugEnabled()) {
            return false;
        }
        Tr.debug(tc, "The " + str + " attribute has changed.");
        return false;
    }

    protected static boolean arePropertiesTheSame(SecurityConfigObjectList securityConfigObjectList, List list) {
        if (securityConfigObjectList.size() != list.size()) {
            return false;
        }
        for (int i = 0; i < securityConfigObjectList.size(); i++) {
            SecurityConfigObject securityConfigObject = securityConfigObjectList.get(i);
            String string = securityConfigObject.getString("name");
            String string2 = securityConfigObject.getString("value");
            ConfigObject propObjFromConfigList = getPropObjFromConfigList(list, string);
            if (propObjFromConfigList == null || !string2.equals(propObjFromConfigList.getString("value", "defaultValue"))) {
                return false;
            }
        }
        return true;
    }

    protected static ConfigObject getPropObjFromConfigList(List list, String str) {
        for (int i = 0; i < list.size(); i++) {
            ConfigObject configObject = (ConfigObject) list.get(i);
            if (configObject.getString("name", "defaultValue").equals(str)) {
                return configObject;
            }
        }
        return null;
    }

    protected static boolean sslConfigPropertiesChanged(SecurityConfigObject securityConfigObject, ConfigObject configObject) {
        ConfigObject propObjFromConfigList;
        SecurityConfigObjectList objectList = securityConfigObject.getObjectList("properties");
        List objectList2 = configObject.getObjectList("properties");
        for (int i = 0; i < objectList.size(); i++) {
            SecurityConfigObject securityConfigObject2 = objectList.get(i);
            String string = securityConfigObject2.getString("name");
            String string2 = securityConfigObject2.getString("value");
            if ((string.startsWith("com.ibm.ssl") || string.startsWith("com.ibm.security") || string.startsWith("was.com.ibm.websphere.security.zos.csiv2")) && ((propObjFromConfigList = getPropObjFromConfigList(objectList2, string)) == null || !string2.equals(propObjFromConfigList.getString("value", "defaultValue")))) {
                return true;
            }
        }
        return false;
    }
}
