package com.ibm.ws.websvcs.transport.security;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.ssl.JSSEHelper;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.websphere.wssecurity.admin.PolicyAttributesConstants;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.webservices.admin.serviceindex.ServiceIndexConstants;
import com.ibm.ws.websvcs.Constants;
import com.ibm.ws.websvcs.resources.NLSProvider;
import com.ibm.ws.websvcs.transport.Config;
import com.ibm.ws.websvcs.transport.ConfigProvider;
import com.ibm.ws.websvcs.transport.channel.DefaultHTTPSTransportClientProperties;
import com.ibm.ws.websvcs.transport.channel.WSAddress;
import com.ibm.ws.websvcs.transport.http.HttpChannelAddress;
import com.ibm.ws.websvcs.transport.http.WSHTTPConstants;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Properties;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/websvcs/transport/security/ConfigSSLProvider.class */
public class ConfigSSLProvider implements ConfigProvider {
    protected static final String emptyString = "";
    private static boolean dynamicSSLProxy;
    private static final TraceComponent _tc = Tr.register(ConfigSSLProvider.class, Constants.TR_GROUP, Constants.TR_RESOURCE_BUNDLE);
    private static JSSEHelper _jhlpr = null;
    private static ConfigSSLProvider cfgPvdr = null;
    private static HashMap connInfoTable = null;
    private static boolean SSLOrder = false;

    private ConfigSSLProvider() {
    }

    public static final synchronized ConfigSSLProvider getInstance(DefaultHTTPSTransportClientProperties defaultHTTPSTransportClientProperties, boolean z) throws AxisFault {
        if (_tc.isEntryEnabled()) {
            Tr.entry(_tc, "ConfigSSLProvider.getInstance()");
        }
        SSLOrder = z;
        if (cfgPvdr == null) {
            _jhlpr = JSSEHelper.getInstance();
            String sSLClientPropsName = defaultHTTPSTransportClientProperties.getSSLClientPropsName();
            if (_tc.isEventEnabled()) {
                Tr.event(_tc, "sslClientProps " + sSLClientPropsName);
            }
            if (sSLClientPropsName != null && sSLClientPropsName != "") {
                try {
                    URL url = new URL(ServiceIndexConstants.FILE_PATH, "", sSLClientPropsName);
                    if (_tc.isEventEnabled()) {
                        Tr.event(_tc, "loadSSLClientProps", url.toString());
                    }
                    _jhlpr.loadClientSSLPropertiesFromURL(url.toString(), false);
                } catch (MalformedURLException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.websvcs.transport.security.ConfigSSLProvider.getInstance", "93");
                    throw new AxisFault(NLSProvider.getNLS().getFormattedMessage("sslClientPropsFileNotSpec00", new Object[]{e}, "The Secure Sockets Layer (SSL) client configuration file, ssl.client.props, is not specified due to the following error: {0}"));
                }
            }
            cfgPvdr = new ConfigSSLProvider();
            connInfoTable = new HashMap();
        }
        if (_tc.isEntryEnabled()) {
            Tr.exit(_tc, "ConfigSSLProvider.getInstance()");
        }
        return cfgPvdr;
    }

    @Override // com.ibm.ws.websvcs.transport.ConfigProvider
    public Config getConfig(MessageContext messageContext, WSAddress wSAddress, DefaultHTTPSTransportClientProperties defaultHTTPSTransportClientProperties) throws AxisFault {
        Config configFromDefaultSSLLoading;
        if (_tc.isEntryEnabled()) {
            Tr.entry(_tc, "ConfigSSLProvider.getConfig() : " + wSAddress);
        }
        if (SSLOrder) {
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, "Using prefferd SSL loading mechanism");
            }
            configFromDefaultSSLLoading = getConfigFromPreferredSSLLoading(messageContext, wSAddress, defaultHTTPSTransportClientProperties);
        } else {
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, "Using default SSL loading mechanism");
            }
            configFromDefaultSSLLoading = getConfigFromDefaultSSLLoading(messageContext, wSAddress, defaultHTTPSTransportClientProperties);
        }
        if (_tc.isEntryEnabled()) {
            Tr.exit(_tc, "ConfigSSLProvider.getConfig()");
        }
        return configFromDefaultSSLLoading;
    }

    public Config getConfigFromDefaultSSLLoading(MessageContext messageContext, WSAddress wSAddress, DefaultHTTPSTransportClientProperties defaultHTTPSTransportClientProperties) throws AxisFault {
        ConfigSSL configSSL = null;
        if (_tc.isEntryEnabled()) {
            Tr.entry(_tc, "ConfigSSLProvider.getConfigFromDefaultSSLLoading() : " + wSAddress);
        }
        try {
            boolean z = false;
            WSConfigSSLChangeListener wSConfigSSLChangeListener = new WSConfigSSLChangeListener();
            Properties sSLPropertiesOnThread = _jhlpr.getSSLPropertiesOnThread();
            if (sSLPropertiesOnThread != null) {
                z = true;
                sSLPropertiesOnThread = _jhlpr.getProperties((String) null, getConnInfo(wSAddress), wSConfigSSLChangeListener);
                if (_tc.isEventEnabled()) {
                    Tr.event(_tc, "sslPropertiesProgramSet", new Object[]{sSLPropertiesOnThread.toString(), wSConfigSSLChangeListener.toString()});
                }
                configSSL = new WASConfigSSL();
            } else if (0 == 0) {
                try {
                    String sSLConfigurationName = defaultHTTPSTransportClientProperties.getSSLConfigurationName();
                    String sSLClientPropsName = defaultHTTPSTransportClientProperties.getSSLClientPropsName();
                    if (_tc.isEventEnabled()) {
                        Tr.event(_tc, "sslConfigFromContext", new Object[]{sSLConfigurationName, sSLClientPropsName});
                    }
                    sSLPropertiesOnThread = _jhlpr.getProperties(sSLConfigurationName, getConnInfo(wSAddress), wSConfigSSLChangeListener);
                    if (sSLPropertiesOnThread == null) {
                        if (_tc.isEventEnabled()) {
                            Tr.event(_tc, "sslConfigResolveFailed00");
                        }
                        sSLPropertiesOnThread = _jhlpr.getProperties("DefaultSystemProperties", getConnInfo(wSAddress), wSConfigSSLChangeListener);
                        if (sSLPropertiesOnThread == null) {
                            throw new AxisFault(NLSProvider.getNLS().getFormattedMessage("sslConfigResolveFailed01", new Object[]{wSAddress.toString()}, "No Secure Sockets Layer (SSL) configuration is available for the {0} endpoint."));
                        }
                    }
                    if (_tc.isEventEnabled()) {
                        Tr.event(_tc, "sslPropertiesFromJSSEHelper", new Object[]{sSLPropertiesOnThread.toString(), wSConfigSSLChangeListener.toString()});
                    }
                    if (sSLPropertiesOnThread.getProperty("com.ibm.ssl.alias").equalsIgnoreCase("DefaultSystemProperties")) {
                        if (_tc.isEventEnabled()) {
                            Tr.event(_tc, "invokeMethod00 JSSEConfigSSL " + JSSEConfigSSL.class.getName());
                        }
                        configSSL = new JSSEConfigSSL();
                    } else {
                        if (_tc.isEventEnabled()) {
                            Tr.event(_tc, "invokeMethod00 WASConfigSSL " + WASConfigSSL.class.getName());
                        }
                        configSSL = new WASConfigSSL();
                        String str = sSLConfigurationName;
                        int lastIndexOf = str.lastIndexOf("/");
                        if (lastIndexOf != -1) {
                            str = str.substring(lastIndexOf + 1);
                        }
                        String property = sSLPropertiesOnThread.getProperty("com.ibm.ssl.alias");
                        if (_tc.isDebugEnabled()) {
                            Tr.debug(_tc, "The absolute name for configured SSL Configuration alias is: " + str);
                        }
                        if (_tc.isDebugEnabled()) {
                            Tr.debug(_tc, "The SSL alias name from JSSEHelper properties is: " + property);
                        }
                        if (property.equalsIgnoreCase(str)) {
                        }
                    }
                } catch (ClassCastException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.webservices.engine.transport.security.getConfigSSL", "%C", this);
                    throw e;
                }
            }
            configSSL.putAll(sSLPropertiesOnThread);
            configSSL.setlistener(wSConfigSSLChangeListener);
            if (z) {
                configSSL.setPreConfig(sSLPropertiesOnThread);
                if (_tc.isDebugEnabled()) {
                    Tr.debug(_tc, "Saved previous programmatic SSL configuration: " + sSLPropertiesOnThread.toString());
                }
            } else {
                configSSL.setPreConfig(null);
                if (_tc.isDebugEnabled()) {
                    Tr.debug(_tc, "No previous programmatic SSL configuration to be saved.");
                }
            }
            _jhlpr.setSSLPropertiesOnThread(configSSL);
        } catch (SSLException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.webservices.engine.transport.security.getConfigSSL", "%C", this);
            AxisFault.makeFault(e2);
        }
        if (_tc.isEntryEnabled()) {
            Tr.exit(_tc, "ConfigSSLProvider.getConfigFromDefaultSSLLoading()");
        }
        return configSSL;
    }

    public Config getConfigFromPreferredSSLLoading(MessageContext messageContext, WSAddress wSAddress, DefaultHTTPSTransportClientProperties defaultHTTPSTransportClientProperties) throws AxisFault {
        boolean z;
        WSConfigSSLChangeListener wSConfigSSLChangeListener;
        String sSLConfigurationName;
        Properties properties;
        ConfigSSL configSSL = null;
        if (_tc.isEntryEnabled()) {
            Tr.entry(_tc, "ConfigSSLProvider.getConfigFromPreferredSSLLoading() : " + wSAddress);
        }
        try {
            z = false;
            wSConfigSSLChangeListener = new WSConfigSSLChangeListener();
            try {
                sSLConfigurationName = defaultHTTPSTransportClientProperties.getSSLConfigurationName();
                String sSLClientPropsName = defaultHTTPSTransportClientProperties.getSSLClientPropsName();
                if (_tc.isEventEnabled()) {
                    Tr.event(_tc, "sslConfigFromPolicyBindingFile", new Object[]{sSLConfigurationName, sSLClientPropsName});
                }
                properties = _jhlpr.getProperties(sSLConfigurationName, getConnInfo(wSAddress), wSConfigSSLChangeListener);
                if (properties == null) {
                    properties = _jhlpr.getSSLPropertiesOnThread();
                    if (properties != null) {
                        z = true;
                        properties = _jhlpr.getProperties((String) null, getConnInfo(wSAddress), wSConfigSSLChangeListener);
                        if (_tc.isEventEnabled()) {
                            Tr.event(_tc, "sslPropertiesProgramSet", new Object[]{properties.toString(), wSConfigSSLChangeListener.toString()});
                        }
                        configSSL = new WASConfigSSL();
                        configSSL.setPreConfig(properties);
                        if (_tc.isDebugEnabled()) {
                            Tr.debug(_tc, "Saved previous programmatic SSL configuration: " + _jhlpr.getSSLPropertiesOnThread().toString());
                        }
                    }
                }
                if (properties == null) {
                    if (_tc.isEventEnabled()) {
                        Tr.event(_tc, "sslConfigResolveFailed00");
                    }
                    properties = _jhlpr.getProperties("DefaultSystemProperties", getConnInfo(wSAddress), wSConfigSSLChangeListener);
                    if (properties == null) {
                        throw new AxisFault(NLSProvider.getNLS().getFormattedMessage("sslConfigResolveFailed01", new Object[]{wSAddress.toString()}, "No Secure Sockets Layer (SSL) configuration is available for the {0} endpoint."));
                    }
                }
            } catch (ClassCastException e) {
                FFDCFilter.processException(e, "com.ibm.ws.webservices.engine.transport.security.getConfigSSL", "%C", this);
                throw e;
            }
        } catch (SSLException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.webservices.engine.transport.security.getConfigSSL", "%C", this);
            AxisFault.makeFault(e2);
        }
        if (properties == null) {
            throw new AxisFault(NLSProvider.getNLS().getFormattedMessage("sslConfigResolveFailed01", new Object[]{wSAddress.toString()}, "No Secure Sockets Layer (SSL) configuration is available for the {0} endpoint."));
        }
        if (!z) {
            if (_tc.isEventEnabled()) {
                Tr.event(_tc, "sslPropertiesFromJSSEHelper", new Object[]{properties.toString(), wSConfigSSLChangeListener.toString()});
            }
            if (properties.getProperty("com.ibm.ssl.alias") == null) {
                throw new AxisFault("com.ibm.ssl.alias is not specified in : " + sSLConfigurationName);
            }
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, "com.ibm.ssl.alias : " + properties.getProperty("com.ibm.ssl.alias"));
            }
            if (properties.getProperty("com.ibm.ssl.alias").equalsIgnoreCase("DefaultSystemProperties")) {
                if (_tc.isEventEnabled()) {
                    Tr.event(_tc, "invokeMethod00 JSSEConfigSSL " + JSSEConfigSSL.class.getName());
                }
                configSSL = new JSSEConfigSSL();
            } else {
                if (_tc.isEventEnabled()) {
                    Tr.event(_tc, "invokeMethod00 WASConfigSSL " + WASConfigSSL.class.getName());
                }
                configSSL = new WASConfigSSL();
                String str = sSLConfigurationName;
                int lastIndexOf = str.lastIndexOf("/");
                if (lastIndexOf != -1) {
                    str = str.substring(lastIndexOf + 1);
                }
                String property = properties.getProperty("com.ibm.ssl.alias");
                if (_tc.isDebugEnabled()) {
                    Tr.debug(_tc, "The absolute name for configured SSL Configuration alias is: " + str);
                }
                if (_tc.isDebugEnabled()) {
                    Tr.debug(_tc, "The SSL alias name from JSSEHelper properties is: " + property);
                }
                if (property.equalsIgnoreCase(str)) {
                }
            }
            configSSL.setPreConfig(null);
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, "No previous programmatic SSL configuration to be saved.");
            }
        }
        configSSL.putAll(properties);
        configSSL.setlistener(wSConfigSSLChangeListener);
        _jhlpr.setSSLPropertiesOnThread(configSSL);
        if (_tc.isEntryEnabled()) {
            Tr.exit(_tc, "ConfigSSLProvider.getConfigFromPreferredSSLLoading()");
        }
        return configSSL;
    }

    private HashMap getConnInfo(WSAddress wSAddress) {
        String str;
        String str2;
        int indexOf;
        if (_tc.isEntryEnabled()) {
            Tr.entry(_tc, "getConnInfo outbound  " + wSAddress.getSchemaInString() + " host : " + wSAddress.getHostname() + " port : " + String.valueOf(wSAddress.getPort()));
        }
        String str3 = "";
        String str4 = "";
        try {
            if (dynamicSSLProxy && ((HttpChannelAddress) wSAddress).isProxy()) {
                HashMap infoForTunneling = ((HttpChannelAddress) wSAddress).infoForTunneling();
                if (infoForTunneling != null) {
                    byte[] bArr = (byte[]) infoForTunneling.get("PROXY_TARGET_HOST_PORT");
                    if (bArr != null && (indexOf = (str2 = new String(bArr)).indexOf(":")) >= 0) {
                        str3 = str2.substring(0, indexOf);
                        str4 = str2.substring(indexOf + 1, str2.length());
                    }
                    if (_tc.isDebugEnabled()) {
                        Tr.debug(_tc, "getConnInfo for proxy case: outbound  " + wSAddress.getSchemaInString() + " host : " + str3 + " port : " + String.valueOf(str4));
                    }
                } else if (_tc.isDebugEnabled()) {
                    Tr.debug(_tc, "get no effective endpoint information for proxy address outbound  " + wSAddress.getSchemaInString() + " host : " + wSAddress.getHostname() + " port : " + String.valueOf(wSAddress.getPort()));
                }
            }
        } catch (MalformedURLException e) {
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, "Failed to get effective endpoint information for proxy address outbound  " + wSAddress.getSchemaInString() + " host : " + wSAddress.getHostname() + " port : " + String.valueOf(wSAddress.getPort()) + " with exception " + e.getMessage());
            }
        } catch (Throwable th) {
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, "Failed to get effective endpoint information for proxy address outbound  " + wSAddress.getSchemaInString() + " host : " + wSAddress.getHostname() + " port : " + String.valueOf(wSAddress.getPort()) + " with exception " + th.getMessage());
            }
        }
        if (str3.equals("") || str4.equals("")) {
            str = "outbound" + wSAddress.getSchemaInString() + wSAddress.getHostname() + String.valueOf(wSAddress.getPort());
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, "Using targetKey for cache: " + str);
            }
        } else {
            str = "outbound" + wSAddress.getSchemaInString() + str3 + String.valueOf(str4);
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, "Using targetKey for cache: " + str);
            }
        }
        HashMap hashMap = (HashMap) connInfoTable.get(str);
        if (hashMap == null) {
            hashMap = new HashMap();
            hashMap.put("com.ibm.ssl.direction", "outbound");
            if (wSAddress.getSchema() == 1 || wSAddress.getSchema() == 2) {
                hashMap.put("com.ibm.ssl.endPointName", "WEBSERVICES_HTTP");
            } else {
                hashMap.put("com.ibm.ssl.endPointName", wSAddress.getSchemaInString());
            }
            if (str3.equals("") || str4.equals("")) {
                hashMap.put("com.ibm.ssl.remoteHost", wSAddress.getHostname());
                hashMap.put("com.ibm.ssl.remotePort", String.valueOf(wSAddress.getPort()));
            } else {
                if (_tc.isDebugEnabled()) {
                    Tr.debug(_tc, "Endpoint information is updated to connectionInfo for proxy case: com.ibm.ssl.remoteHost is " + str3 + ", com.ibm.ssl.remotePort is " + str4 + PolicyAttributesConstants.DELIMITER);
                }
                hashMap.put("com.ibm.ssl.remoteHost", str3);
                hashMap.put("com.ibm.ssl.remotePort", String.valueOf(str4));
            }
            connInfoTable.put(str, hashMap);
        }
        if (_tc.isDebugEnabled()) {
            Tr.debug(_tc, "sslConnectionInfo " + hashMap.toString());
        }
        if (_tc.isEntryEnabled()) {
            Tr.exit(_tc, "getConnInfo");
        }
        return hashMap;
    }

    static {
        dynamicSSLProxy = false;
        try {
            dynamicSSLProxy = ((Boolean) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.websvcs.transport.security.ConfigSSLProvider.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    return Boolean.valueOf(System.getProperty(WSHTTPConstants.Dynamic_SSL_For_Proxy));
                }
            })).booleanValue();
        } catch (PrivilegedActionException e) {
            PrivilegedActionException privilegedActionException = e;
            if (e.getException() != null) {
                privilegedActionException = e.getException();
            }
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, "Caught exception: " + privilegedActionException.toString() + " defaulting com.ibm.ws.websvcs.dynamic.ssl.proxy.");
            }
            dynamicSSLProxy = false;
        }
        if (_tc.isDebugEnabled()) {
            Tr.debug(_tc, "com.ibm.ws.websvcs.dynamic.ssl.proxy is set as " + dynamicSSLProxy);
        }
    }
}
