package com.ibm.ws.management.util;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.AdminClient;
import com.ibm.websphere.management.AdminClientFactory;
import com.ibm.websphere.management.ObjectNameHelper;
import com.ibm.websphere.management.filetransfer.client.FileTransferClient;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.rsatoken.RSAPropagationManager;
import com.ibm.ws.security.auth.rsatoken.RSATokenThreadManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Properties;
import java.util.Set;
import javax.management.ObjectName;
import javax.security.auth.Subject;

/* loaded from: input_file:wasJars/com.ibm.ws.admin.client_9.0.jar:com/ibm/ws/management/util/AdminCertificateHelper.class */
public class AdminCertificateHelper {
    private static final TraceComponent tc = Tr.register((Class<?>) AdminCertificateHelper.class);
    private static AdminCertificateHelper cm = null;
    private static HashMap certCache = new HashMap();

    /* loaded from: input_file:wasJars/com.ibm.ws.admin.client_9.0.jar:com/ibm/ws/management/util/AdminCertificateHelper$AdminClientCertificateAction.class */
    public class AdminClientCertificateAction implements PrivilegedExceptionAction {
        Properties props;
        ObjectName sslAdminMBean;

        public AdminClientCertificateAction(Properties properties, ObjectName objectName) {
            this.props = null;
            this.sslAdminMBean = null;
            this.props = properties;
            this.sslAdminMBean = objectName;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws Exception {
            try {
                return AdminClientFactory.createAdminClient(this.props).invoke(this.sslAdminMBean, "getAdminRSAPropagationCertificate", new Object[0], new String[0]);
            } catch (Exception e) {
                Tr.debug(AdminCertificateHelper.tc, "Exception received: ", new Object[]{e});
                FFDCFilter.processException(e, "com.ibm.ws.ssl.utils.AdminCertificateHelper.AdminClientCertificateAction.run", "342", this);
                throw e;
            }
        }
    }

    /* loaded from: input_file:wasJars/com.ibm.ws.admin.client_9.0.jar:com/ibm/ws/management/util/AdminCertificateHelper$AdminClientGetMBeanAction.class */
    public class AdminClientGetMBeanAction implements PrivilegedExceptionAction {
        Properties props;

        public AdminClientGetMBeanAction(Properties properties) {
            this.props = null;
            this.props = properties;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws Exception {
            try {
                AdminClient createAdminClient = AdminClientFactory.createAdminClient(this.props);
                Set queryNames = createAdminClient.queryNames(new ObjectName("WebSphere:type=SSLAdmin,node=" + createAdminClient.getServerMBean().getKeyProperty("node") + ",process=" + getProcessName(createAdminClient) + ",*"), null);
                if (!queryNames.isEmpty()) {
                    return (ObjectName) queryNames.iterator().next();
                }
                if (AdminCertificateHelper.tc.isEntryEnabled()) {
                    Tr.exit(AdminCertificateHelper.tc, "retrieveTargetCertificate (can't get SSLAdmin)");
                }
                throw new Exception("retrieveTargetCertificate can't get SSLAdmin MBean");
            } catch (Exception e) {
                Tr.debug(AdminCertificateHelper.tc, "Exception received: ", new Object[]{e});
                FFDCFilter.processException(e, "com.ibm.ws.ssl.utils.AdminCertificateHelper.AdminClientGetMBeanAction.run", "391", this);
                throw e;
            }
        }

        private String getProcessName(AdminClient adminClient) {
            if (AdminCertificateHelper.tc.isEntryEnabled()) {
                Tr.entry(AdminCertificateHelper.tc, "getProcessName");
            }
            ObjectName objectName = null;
            String str = null;
            try {
                objectName = adminClient.getServerMBean();
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.ssl.utils.AdminCertificateHelper.AdminClientCertificateAction.getProcessName", "412", this);
            }
            if (objectName != null) {
                str = ObjectNameHelper.getProcessName(objectName);
            }
            if (AdminCertificateHelper.tc.isEntryEnabled()) {
                Tr.exit(AdminCertificateHelper.tc, "getProcessName -> " + str);
            }
            return str;
        }
    }

    public boolean isRSAPropagationEnabled() {
        return RSAPropagationManager.getInstance().isRSAPropagationEnabled();
    }

    public static synchronized AdminCertificateHelper getInstance() {
        if (cm == null) {
            cm = new AdminCertificateHelper();
        }
        return cm;
    }

    public void clearCertificateFromCache(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "clearCertificateFromCache");
        }
        String str3 = str + ":" + str2;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Looking up certificate from cacheKey: " + str3);
        }
        if (((X509Certificate) certCache.get(str3)) != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found certificate in cache, removing it.");
            }
            certCache.remove(str3);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "clearCertificateFromCache");
        }
    }

    public X509Certificate checkCacheForCertificate(Properties properties) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkCacheForCertificate", new Object[]{DebugUtils.createPropertiesMaskPlainTextPassword(properties)});
        }
        X509Certificate x509Certificate = null;
        try {
        } catch (Exception e) {
            Tr.debug(tc, "Exception received: ", new Object[]{e});
            FFDCFilter.processException(e, "com.ibm.ws.ssl.utils.AdminCertificateHelper.checkCacheForCertificate", "135", this);
        }
        if (properties == null) {
            throw new IllegalArgumentException("Connector properties specified are null.");
        }
        String property = properties.getProperty("host");
        String property2 = properties.getProperty("port");
        if (property == null || property2 == null) {
            throw new IllegalArgumentException("Connector properties specified do not have a valid \"host\" and \"port\" property.");
        }
        String str = property + ":" + property2;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Looking up certificate from cacheKey: " + str);
        }
        x509Certificate = (X509Certificate) certCache.get(str);
        if (x509Certificate != null && tc.isEntryEnabled()) {
            Tr.exit(tc, "retrieveTargetCertificate (found in cache)");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkCacheForCertificate");
        }
        return x509Certificate;
    }

    public X509Certificate retrieveTargetCertificate(Properties properties) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "retrieveTargetCertificate", new Object[]{DebugUtils.createPropertiesMaskPlainTextPassword(properties)});
        }
        X509Certificate x509Certificate = null;
        try {
            try {
            } catch (Exception e) {
                Tr.debug(tc, "Exception received: ", new Object[]{e});
                FFDCFilter.processException(e, "com.ibm.ws.ssl.utils.AdminCertificateHelper.retrieveTargetCertificate", "225", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Setting the following certificate on the thread for use by security.", new Object[]{null});
                }
                RSATokenThreadManager.getInstance().setTargetCertificate(null);
            }
            if (properties == null) {
                throw new IllegalArgumentException("Connector properties specified are null.");
            }
            String property = properties.getProperty("host");
            String property2 = properties.getProperty("port");
            if (property == null || property2 == null) {
                throw new IllegalArgumentException("Connector properties specified do not have a valid \"host\" and \"port\" property.");
            }
            String str = property + ":" + property2;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Looking up certificate from cacheKey: " + str);
            }
            x509Certificate = (X509Certificate) certCache.get(str);
            if (x509Certificate == null) {
                try {
                    Subject createUnauthenticatedSubject = ContextManagerFactory.getInstance().createUnauthenticatedSubject();
                    x509Certificate = (X509Certificate) ContextManagerFactory.getInstance().runAsSpecified(createUnauthenticatedSubject, new AdminClientCertificateAction(properties, (ObjectName) ContextManagerFactory.getInstance().runAsSpecified(createUnauthenticatedSubject, new AdminClientGetMBeanAction(properties))));
                    if (x509Certificate != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found a cert chain and adding it using cacheKey: " + str);
                        }
                        certCache.put(str, x509Certificate);
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "An attempt to get the target's rsa propagation public certificate failed.");
                    }
                } catch (Exception e2) {
                    Tr.debug(tc, "Exception calling adminClientCertificateAction: " + e2.getMessage());
                    throw e2;
                }
            } else if (tc.isEntryEnabled()) {
                Tr.exit(tc, "retrieveTargetCertificate (cache)");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting the following certificate on the thread for use by security.", new Object[]{x509Certificate});
            }
            RSATokenThreadManager.getInstance().setTargetCertificate(x509Certificate);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "retrieveTargetCertificate (lookup)", new Object[]{x509Certificate});
            }
            return x509Certificate;
        } catch (Throwable th) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting the following certificate on the thread for use by security.", new Object[]{null});
            }
            RSATokenThreadManager.getInstance().setTargetCertificate(null);
            throw th;
        }
    }

    public X509Certificate retrieveTargetCertificateDuringFileTransfer(String str, String str2, FileTransferClient fileTransferClient) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "retrieveTargetCertificateDuringFileTransfer", new Object[]{str, str2});
        }
        X509Certificate x509Certificate = null;
        try {
            try {
            } catch (Exception e) {
                Tr.debug(tc, "Exception received: ", new Object[]{e});
                FFDCFilter.processException(e, "com.ibm.ws.ssl.utils.AdminCertificateHelper.retrieveTargetCertificateDuringFileTransfer", "305", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Setting the following certificate on the thread for use by security.", new Object[]{null});
                }
                RSATokenThreadManager.getInstance().setTargetCertificate(null);
            }
            if (fileTransferClient == null) {
                throw new IllegalArgumentException("File transfer client is null.");
            }
            if (str == null || str2 == null) {
                throw new IllegalArgumentException("File transfer does not have valid \"host\" and \"port\" properties.");
            }
            String str3 = str + ":" + str2;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Looking up certificate from cacheKey: " + str3);
            }
            x509Certificate = (X509Certificate) certCache.get(str3);
            if (x509Certificate == null) {
                try {
                    x509Certificate = fileTransferClient.getCert();
                    if (x509Certificate != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found a cert chain and adding it using cacheKey: " + str3);
                        }
                        certCache.put(str3, x509Certificate);
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "An attempt to get the target's rsa propagation public certificate failed.");
                    }
                } catch (Exception e2) {
                    Tr.debug(tc, "Exception calling FileTransferClient.getCert(): " + e2.getMessage());
                    throw e2;
                }
            } else if (tc.isEntryEnabled()) {
                Tr.exit(tc, "retrieveTargetCertificate (cache)");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting the following certificate on the thread for use by security.", new Object[]{x509Certificate});
            }
            RSATokenThreadManager.getInstance().setTargetCertificate(x509Certificate);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "retrieveTargetCertificateDuringFileTransfer (lookup)", new Object[]{x509Certificate});
            }
            return x509Certificate;
        } catch (Throwable th) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting the following certificate on the thread for use by security.", new Object[]{null});
            }
            RSATokenThreadManager.getInstance().setTargetCertificate(null);
            throw th;
        }
    }

    AdminCertificateHelper() {
    }
}
