package com.ibm.ws.ssl.channel.engine;

import com.ibm.crypto.fips.provider.IBMJCEFIPS;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.ssl.channel.exception.SSLConfigException;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.StringTokenizer;

/* loaded from: input_file:wwcc/web.httptransport.jar:com/ibm/ws/ssl/channel/engine/SSLFactoryConfig.class */
public class SSLFactoryConfig {
    protected static final TraceComponent tc;
    public static final String ENCRYPT_BUFFERS_DIRECT = "encryptBuffersDirect";
    public static final String DECRYPT_BUFFERS_DIRECT = "decryptBuffersDirect";
    public static final String PROTOCOL = "com.ibm.ssl.protocol";
    public static final String KEY_MANAGER = "com.ibm.ssl.keyManager";
    public static final String KEY_STORE_TYPE = "com.ibm.ssl.keyStoreType";
    public static final String KEY_STORE_PROVIDER = "com.ibm.ssl.keyStoreProvider";
    public static final String KEY_FILE_NAME = "com.ibm.ssl.keyStore";
    public static final String KEY_FILE_PASSWORD = "com.ibm.ssl.keyStorePassword";
    public static final String TRUST_MANAGER = "com.ibm.ssl.trustManager";
    public static final String TRUST_STORE_TYPE = "com.ibm.ssl.trustStoreType";
    public static final String TRUST_STORE_PROVIDER = "com.ibm.ssl.trustStoreProvider";
    public static final String TRUST_FILE_NAME = "com.ibm.ssl.trustStore";
    public static final String TRUST_FILE_PASSWORD = "com.ibm.ssl.trustStorePassword";
    public static final String ENABLED_CIPHER_SUITES = "com.ibm.ssl.enabledCipherSuites";
    public static final String CLIENT_AUTH = "com.ibm.ssl.clientAuthentication";
    public static final String SECURITY_LEVEL = "com.ibm.ssl.securityLevel";
    public static final String TOKEN_TYPE = "com.ibm.ssl.tokenType";
    public static final String TOKEN_SLOT = "com.ibm.ssl.tokenSlot";
    public static final String TOKEN_LIBRARY_FILE = "com.ibm.ssl.tokenLibraryFile";
    public static final String TOKEN_PASSWORD = "com.ibm.ssl.tokenPassword";
    public static final String CONTEXT_PROVIDER = "com.ibm.ssl.contextProvider";
    public static final String CLIENT_KEY_ALIAS = "com.ibm.ssl.keyStoreClientAlias";
    public static final String SERVER_KEY_ALIAS = "com.ibm.ssl.keyStoreServerAlias";
    public static final String CRYPTO_ENABLED = "cryptoenabled";
    public static final String JAVAX_KEY_STORE_TYPE = "javax.net.ssl.keyStoreType";
    public static final String JAVAX_KEY_FILE_NAME = "javax.net.ssl.keyStore";
    public static final String JAVAX_KEY_FILE_PASSWORD = "javax.net.ssl.keyStorePassword";
    public static final String JAVAX_TRUST_STORE_TYPE = "javax.net.ssl.trustStoreType";
    public static final String JAVAX_TRUST_FILE_NAME = "javax.net.ssl.trustStore";
    public static final String JAVAX_TRUST_FILE_PASSWORD = "javax.net.ssl.trustStorePassword";
    public static final String JAVAX_TOKEN_TYPE = "javax.net.ssl.tokenType";
    public static final String JAVAX_TOKEN_LIBRARY_FILE = "javax.net.ssl.tokenLibraryFile";
    public static final String JAVAX_TOKEN_PASSWORD = "javax.net.ssl.tokenPassword";
    public static final String DEFAULT_KEY_MANAGER;
    public static final String DEFAULT_KEY_STORE_TYPE;
    public static final String DEFAULT_KEY_STORE_PROVIDER = "IBMJCE";
    public static final String DEFAULT_KEY_FILE_NAME;
    public static final String DEFAULT_KEY_FILE_PASSWORD;
    public static final String DEFAULT_TRUST_MANAGER;
    public static final String DEFAULT_TRUST_STORE_PROVIDER = "IBMJCE";
    public static final String DEFAULT_TRUST_FILE_NAME;
    public static final String DEFAULT_TRUST_FILE_PASSWORD;
    public static final String DEFAULT_PROTOCOL = "SSL";
    public static final String DEFAULT_JSSE_PROVIDER = "IBMJSSE2";
    public static final String DEFAULT_JCE_FIPS_PROVIDER = "IBMJCEFIPS";
    public static final String DEFAULT_CLIENT_KEY_ALIAS;
    public static final String DEFAULT_SERVER_KEY_ALIAS;
    public static final String DEFAULT_TOKEN_SLOT = "0";
    public static final String DEFAULT_TOKEN_LIBRARY_FILE;
    public static final String DEFAULT_SECURITY_LEVEL;
    private static final String DEFAULT_ENCRYPT_BUFFERS_DIRECT = "true";
    private static final String DEFAULT_DECRYPT_BUFFERS_DIRECT = "false";
    private static final String DEFAULT_CRYPTO_ENABLED = "false";
    public static final String[] HIGH_CIPHER_SUITES;
    public static final String[] MEDIUM_CIPHER_SUITES;
    public static final String[] LOW_SERVER_CIPHER_SUITES;
    private static final String[] FIPS_CIPHER_SUITES;
    public static final String[] LOW_CLIENT_CIPHER_SUITES;
    public static final String[] CONFIDENTIALITY_CIPHER_SUITES;
    public static final String[] INTEGRITY_CIPHER_SUITES;
    public static final String[] AUTHENTICITY_CIPHER_SUITES;
    public static final String ALIAS_KEY = "alias";
    private boolean encryptBuffersDirect;
    private boolean decryptBuffersDirect;
    private boolean cryptoEnabled;
    private boolean clientAuthentication;
    private Map properties;
    private boolean fipsRequested;
    private static String isFipsEnabled;
    protected static boolean fipsInitialized;
    private static String keyManagerFactoryAlgorithm;
    private static String trustManagerFactoryAlgorithm;
    static Class class$com$ibm$ws$ssl$channel$engine$SSLFactoryConfig;
    StringBuffer errors = null;
    private String keyManager = null;
    private String trustManager = null;
    private String protocol = null;
    private String keyStore = null;
    private String keyStorePassword = null;
    private String keyStoreType = null;
    private String keyStoreProvider = null;
    private String tokenType = null;
    private String tokenSlot = null;
    private String tokenLibraryFile = null;
    private String tokenPassword = null;
    private String keyStoreClientAlias = null;
    private String keyStoreServerAlias = null;
    private String contextProvider = null;
    private String trustStoreType = null;
    private String trustStore = null;
    private String trustStorePassword = null;
    private String trustStoreProvider = null;
    private String[] enabledCipherSuites = null;
    private String securityLevel = null;

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("\n\tencryptBuffersDirect = ");
        stringBuffer.append(this.encryptBuffersDirect);
        stringBuffer.append("\n\tdecryptBuffersDirect = ");
        stringBuffer.append(this.decryptBuffersDirect);
        stringBuffer.append("\n\tcryptoEnabled = ");
        stringBuffer.append(this.cryptoEnabled);
        stringBuffer.append("\n\tkeyManager = ");
        stringBuffer.append(this.keyManager);
        stringBuffer.append("\n\ttrustManager = ");
        stringBuffer.append(this.trustManager);
        stringBuffer.append("\n\tkeyStore = ");
        stringBuffer.append(this.keyStore);
        stringBuffer.append("\n\tkeyStorePassword = ");
        stringBuffer.append(this.keyStorePassword);
        stringBuffer.append("\n\tkeyStoreType = ");
        stringBuffer.append(this.keyStoreType);
        stringBuffer.append("\n\tkeyStoreProvider = ");
        stringBuffer.append(this.keyStoreProvider);
        stringBuffer.append("\n\ttokenType = ");
        stringBuffer.append(this.tokenType);
        stringBuffer.append("\n\ttokenSlot = ");
        stringBuffer.append(this.tokenSlot);
        stringBuffer.append("\n\ttokenLibraryFile = ");
        stringBuffer.append(this.tokenLibraryFile);
        stringBuffer.append("\n\ttokenPassword = ");
        stringBuffer.append(this.tokenPassword);
        stringBuffer.append("\n\tkeyStoreClientAlias = ");
        stringBuffer.append(this.keyStoreClientAlias);
        stringBuffer.append("\n\tkeyStoreServerAlias = ");
        stringBuffer.append(this.keyStoreServerAlias);
        stringBuffer.append("\n\tcontextProvider = ");
        stringBuffer.append(this.contextProvider);
        stringBuffer.append("\n\ttrustStore = ");
        stringBuffer.append(this.trustStore);
        stringBuffer.append("\n\ttrustStoreType = ");
        stringBuffer.append(this.trustStoreType);
        stringBuffer.append("\n\ttrustStorePassword = ");
        stringBuffer.append(this.trustStorePassword);
        stringBuffer.append("\n\ttrustStoreProvider = ");
        stringBuffer.append(this.trustStoreProvider);
        stringBuffer.append("\n\tsecurityLevel = ");
        stringBuffer.append(this.securityLevel);
        stringBuffer.append("\n\tenabledCipherSuites = ");
        for (int i = 0; i < this.enabledCipherSuites.length; i++) {
            stringBuffer.append("\n\t\t");
            stringBuffer.append(this.enabledCipherSuites[i]);
        }
        stringBuffer.append("\n\tclientAuthentication = ");
        stringBuffer.append(this.clientAuthentication);
        stringBuffer.append("\n\tfipsRequested = ");
        stringBuffer.append(this.fipsRequested);
        stringBuffer.append("\n\tProviders in Security:");
        for (Provider provider : Security.getProviders()) {
            stringBuffer.append("\n\t\t");
            stringBuffer.append(provider.getName());
        }
        return stringBuffer.toString();
    }

    public SSLFactoryConfig(Map map) throws SSLConfigException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "constructor: SSLFactoryConfig");
        }
        this.properties = new HashMap();
        for (String str : map.keySet()) {
            this.properties.put(str, map.get(str));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "constructor: SSLFactoryConfig");
        }
    }

    public String getErrors() {
        return this.errors.toString();
    }

    public boolean getEncryptBuffersDirect() {
        return this.encryptBuffersDirect;
    }

    public boolean getDecryptBuffersDirect() {
        return this.decryptBuffersDirect;
    }

    public boolean getCryptoEnabled() {
        return this.cryptoEnabled;
    }

    public void setEncryptBuffersDirect(boolean z) {
        this.encryptBuffersDirect = z;
    }

    public void setDecryptBuffersDirect(boolean z) {
        this.decryptBuffersDirect = z;
    }

    public String getKeyManager() {
        return this.keyManager;
    }

    public String getTrustManager() {
        return this.trustManager;
    }

    public String getProtocol() {
        return this.protocol;
    }

    public String getKeyStore() {
        return this.keyStore;
    }

    public String getKeyStorePassword() {
        return this.keyStorePassword;
    }

    public String getKeyStoreProvider() {
        return this.keyStoreProvider;
    }

    public String getKeyStoreType() {
        return this.keyStoreType;
    }

    public String getTrustStoreType() {
        return this.trustStoreType;
    }

    public String getTrustStore() {
        return this.trustStore;
    }

    public String getTrustStorePassword() {
        return this.trustStorePassword;
    }

    public String getTrustStoreProvider() {
        return this.trustStoreProvider;
    }

    public boolean getClientAuthentication() {
        return this.clientAuthentication;
    }

    public Map getProperties() {
        return this.properties;
    }

    public void setProperties(Map map) {
        this.properties = map;
    }

    public String getTokenType() {
        return this.tokenType;
    }

    public String getTokenSlot() {
        return this.tokenSlot;
    }

    public String getTokenLibraryFile() {
        return this.tokenLibraryFile;
    }

    public String getTokenPassword() {
        return this.tokenPassword;
    }

    public String[] getEnabledCipherSuites() {
        return this.enabledCipherSuites;
    }

    public String getContextProvider() {
        return this.contextProvider;
    }

    public void setContextProvider(String str) {
        this.contextProvider = str;
    }

    public String getKeyStoreClientAlias() {
        return this.keyStoreClientAlias;
    }

    public String getKeyStoreServerAlias() {
        return this.keyStoreServerAlias;
    }

    public boolean isFIPSRequested() {
        return this.fipsRequested;
    }

    public void readProperties() throws SSLConfigException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "readProperties");
        }
        this.errors = new StringBuffer();
        this.contextProvider = getStringProperty("com.ibm.ssl.contextProvider", null, true, DEFAULT_JSSE_PROVIDER, this.errors);
        if (isFipsEnabled() || (this.contextProvider != null && this.contextProvider.equals("IBMJSSEFIPS"))) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "FIPS is enabled.");
            }
            initializeFips();
            this.fipsRequested = true;
        }
        this.contextProvider = DEFAULT_JSSE_PROVIDER;
        this.encryptBuffersDirect = getBooleanProperty(ENCRYPT_BUFFERS_DIRECT, "true", this.errors);
        this.decryptBuffersDirect = getBooleanProperty(DECRYPT_BUFFERS_DIRECT, "false", this.errors);
        this.cryptoEnabled = getBooleanProperty("cryptoenabled", "false", this.errors);
        this.keyManager = getStringProperty("com.ibm.ssl.keyManager", null, true, DEFAULT_KEY_MANAGER, this.errors);
        this.keyStoreType = getStringProperty("com.ibm.ssl.keyStoreType", JAVAX_KEY_STORE_TYPE, true, DEFAULT_KEY_STORE_TYPE, this.errors);
        this.keyStoreProvider = getStringProperty("com.ibm.ssl.keyStoreProvider", null, true, "IBMJCE", this.errors);
        this.keyStore = getStringProperty("com.ibm.ssl.keyStore", JAVAX_KEY_FILE_NAME, true, DEFAULT_KEY_FILE_NAME, this.errors);
        this.keyStorePassword = getStringProperty("com.ibm.ssl.keyStorePassword", JAVAX_KEY_FILE_PASSWORD, true, DEFAULT_KEY_FILE_PASSWORD, this.errors);
        this.trustManager = getStringProperty("com.ibm.ssl.trustManager", null, true, DEFAULT_TRUST_MANAGER, this.errors);
        this.trustStoreType = getStringProperty("com.ibm.ssl.trustStoreType", JAVAX_TRUST_STORE_TYPE, true, this.keyStoreType, this.errors);
        this.trustStore = getStringProperty("com.ibm.ssl.trustStore", JAVAX_TRUST_FILE_NAME, true, DEFAULT_TRUST_FILE_NAME, this.errors);
        this.trustStorePassword = getStringProperty("com.ibm.ssl.trustStorePassword", JAVAX_TRUST_FILE_PASSWORD, true, DEFAULT_TRUST_FILE_PASSWORD, this.errors);
        this.trustStoreProvider = getStringProperty("com.ibm.ssl.trustStoreProvider", null, true, "IBMJCE", this.errors);
        this.protocol = getStringProperty("com.ibm.ssl.protocol", null, true, "SSL", this.errors);
        if (this.fipsRequested) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "FIPS was requested.  Setting protocol to TLS");
            }
            this.protocol = "TLS";
        }
        this.keyStoreClientAlias = getStringProperty("com.ibm.ssl.keyStoreClientAlias", null, true, DEFAULT_CLIENT_KEY_ALIAS, this.errors);
        this.keyStoreServerAlias = getStringProperty("com.ibm.ssl.keyStoreServerAlias", null, true, DEFAULT_SERVER_KEY_ALIAS, this.errors);
        this.tokenLibraryFile = getStringProperty("com.ibm.ssl.tokenLibraryFile", null, true, DEFAULT_TOKEN_LIBRARY_FILE, this.errors);
        if (this.tokenLibraryFile == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Hardware crypto is not enabled.");
            }
            if (true == this.clientAuthentication) {
                if (this.trustStore == null) {
                    this.errors.append("com.ibm.ssl.trustStore");
                    this.errors.append(":null \n");
                }
                if (this.trustStorePassword == null) {
                    this.errors.append("com.ibm.ssl.trustStorePassword");
                    this.errors.append(":null \n");
                }
            }
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Hardware crypto is enabled.");
            }
            this.tokenType = getStringProperty("com.ibm.ssl.tokenType", JAVAX_TOKEN_TYPE, false, null, this.errors);
            this.tokenSlot = getStringProperty("com.ibm.ssl.tokenSlot", null, true, DEFAULT_TOKEN_SLOT, this.errors);
            this.tokenPassword = getStringProperty("com.ibm.ssl.tokenPassword", JAVAX_TOKEN_PASSWORD, false, null, this.errors);
        }
        this.clientAuthentication = getBooleanProperty("com.ibm.ssl.clientAuthentication", null, this.errors);
        this.enabledCipherSuites = getStringArrayProperty("com.ibm.ssl.enabledCipherSuites", null);
        if (this.enabledCipherSuites == null) {
            this.securityLevel = getStringProperty("com.ibm.ssl.securityLevel", null, true, DEFAULT_SECURITY_LEVEL, this.errors);
            determineEnabledCipherSuites();
        }
        if (this.errors.length() != 0) {
            Tr.error(tc, SSLChannelConstants.INVALID_SECURITY_PROPERTIES, this.errors.toString());
            throw new SSLConfigException(new StringBuffer().append("Invalid property values found:\n").append(this.errors.toString()).toString());
        }
        handlePrivateProperties();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "readProperties");
        }
    }

    private void handlePrivateProperties() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handlePrivateProperties");
        }
        HashMap hashMap = new HashMap();
        Object remove = this.properties.remove("com.ibm.ssl.trustStorePassword");
        if (remove != null) {
            hashMap.put("com.ibm.ssl.trustStorePassword", remove);
        }
        Object remove2 = this.properties.remove("com.ibm.ssl.keyStorePassword");
        if (remove2 != null) {
            hashMap.put("com.ibm.ssl.keyStorePassword", remove2);
        }
        Object remove3 = this.properties.remove("com.ibm.ssl.tokenPassword");
        if (remove3 != null) {
            hashMap.put("com.ibm.ssl.tokenPassword", remove3);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "handlePrivateProperties");
        }
    }

    private void determineEnabledCipherSuites() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Use default set of Cipher Suites of level ").append(this.securityLevel).toString());
        }
        if (this.securityLevel == null || this.fipsRequested || this.securityLevel.equalsIgnoreCase("high") || this.securityLevel.equalsIgnoreCase("confidentiality")) {
            if (this.fipsRequested) {
                this.enabledCipherSuites = FIPS_CIPHER_SUITES;
            } else {
                this.enabledCipherSuites = HIGH_CIPHER_SUITES;
            }
        } else if (this.securityLevel.equalsIgnoreCase("medium")) {
            this.enabledCipherSuites = MEDIUM_CIPHER_SUITES;
        } else if (this.securityLevel.equalsIgnoreCase("low")) {
            this.enabledCipherSuites = LOW_SERVER_CIPHER_SUITES;
        } else if (this.securityLevel.equalsIgnoreCase("integrity")) {
            this.enabledCipherSuites = INTEGRITY_CIPHER_SUITES;
        } else if (this.securityLevel.equalsIgnoreCase("authenticity")) {
            this.enabledCipherSuites = AUTHENTICITY_CIPHER_SUITES;
        } else {
            Tr.warning(tc, SSLChannelConstants.WARNING_BAD_SECURITY_LEVEL, this.securityLevel);
            this.enabledCipherSuites = HIGH_CIPHER_SUITES;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "enabledCipherSuites\n ");
            for (int i = 0; i < this.enabledCipherSuites.length; i++) {
                Tr.debug(tc, new StringBuffer().append("\t").append(this.enabledCipherSuites[i]).append("\n").toString());
            }
        }
    }

    protected void setSupportedCipherSuitesFromSocketFactory(String[] strArr) {
        if (getStringArrayProperty("com.ibm.ssl.enabledCipherSuites", null) == null) {
            if (this.securityLevel == null || this.fipsRequested || this.securityLevel.equalsIgnoreCase("high") || this.securityLevel.equalsIgnoreCase("confidentiality")) {
                ArrayList arrayList = new ArrayList(Arrays.asList(strArr));
                ArrayList arrayList2 = new ArrayList(Arrays.asList(MEDIUM_CIPHER_SUITES));
                ArrayList arrayList3 = new ArrayList(Arrays.asList(LOW_SERVER_CIPHER_SUITES));
                arrayList.removeAll(arrayList2);
                arrayList.removeAll(arrayList3);
                this.enabledCipherSuites = (String[]) arrayList.toArray(new String[arrayList.size()]);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "enabledCipherSuites\n ");
                    for (int i = 0; i < this.enabledCipherSuites.length; i++) {
                        Tr.debug(tc, new StringBuffer().append("\t").append(this.enabledCipherSuites[i]).append("\n").toString());
                    }
                }
            }
        }
    }

    private boolean getBooleanProperty(String str, String str2, StringBuffer stringBuffer) {
        boolean z = false;
        String str3 = null;
        boolean z2 = false;
        Object obj = this.properties.get(str);
        if (obj != null) {
            if (obj instanceof Boolean) {
                boolean booleanValue = ((Boolean) obj).booleanValue();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Property ").append(str).append(" set to ").append(booleanValue).toString());
                }
                return booleanValue;
            }
            if (obj instanceof String) {
                str3 = (String) obj;
            }
        } else {
            if (str2 == null) {
                stringBuffer.append(str);
                stringBuffer.append(":");
                stringBuffer.append((String) null);
                stringBuffer.append(" \n");
                return false;
            }
            str3 = str2;
        }
        if (str3 != null) {
            if (str3.equals("true")) {
                z = true;
                z2 = true;
            } else if (str3.equals("false")) {
                z = false;
                z2 = true;
            }
        }
        if (!z2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Property ").append(str).append(" has invalid value ").append(str3).toString());
            }
            stringBuffer.append(str);
            stringBuffer.append(":");
            stringBuffer.append(str3);
            stringBuffer.append(" \n");
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Property ").append(str).append(" set to ").append(z).toString());
        }
        return z;
    }

    private String getStringProperty(String str, String str2, boolean z, String str3, StringBuffer stringBuffer) {
        String str4 = (String) this.properties.get(str);
        if (str4 != null) {
            if (tc.isDebugEnabled()) {
                String str5 = str4;
                if (str.equals("com.ibm.ssl.trustStorePassword") || str.equals("com.ibm.ssl.keyStorePassword") || str.equals("com.ibm.ssl.tokenPassword")) {
                    str5 = "*******";
                }
                Tr.debug(tc, new StringBuffer().append("Property ").append(str).append(" set to ").append(str5).toString());
            }
        } else if (str2 != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Property ").append(str).append(" not found.  Checking available system property ").append(str2).toString());
            }
            str4 = System.getProperty(str2);
            if (str4 == null) {
                if (z) {
                    str4 = str3;
                    if (tc.isDebugEnabled()) {
                        String str6 = str4;
                        if (str.equals("com.ibm.ssl.trustStorePassword") || str.equals("com.ibm.ssl.keyStorePassword") || str.equals("com.ibm.ssl.tokenPassword")) {
                            str6 = "*******";
                        }
                        Tr.debug(tc, new StringBuffer().append("Property ").append(str).append(" set to ").append(str6).toString());
                    }
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Property ").append(str2).append(" not found.  Error being tallied.").toString());
                    }
                    stringBuffer.append(str);
                    stringBuffer.append(":null \n");
                    stringBuffer.append(str2);
                    stringBuffer.append(":null \n");
                }
            }
        } else if (z) {
            str4 = str3;
            if (tc.isDebugEnabled()) {
                String str7 = str4;
                if (str.equals("com.ibm.ssl.trustStorePassword") || str.equals("com.ibm.ssl.keyStorePassword") || str.equals("com.ibm.ssl.tokenPassword")) {
                    str7 = "*******";
                }
                Tr.debug(tc, new StringBuffer().append("Property ").append(str).append(" set to ").append(str7).toString());
            }
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Property ").append(str).append(" has invalid value of null and no default system key or default specified").toString());
            }
            stringBuffer.append(str);
            stringBuffer.append(":null \n");
        }
        return str4;
    }

    private String[] getStringArrayProperty(String str, String[] strArr) {
        String[] strArr2;
        Object obj = this.properties.get(str);
        if (obj == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Property ").append(str).append(" not found in map, defaulted to ").append(strArr).toString());
                if (strArr != null) {
                    for (String str2 : strArr) {
                        Tr.debug(tc, new StringBuffer().append("\t").append(str2).append("\n").toString());
                    }
                }
            }
            return strArr;
        }
        if (obj instanceof String[]) {
            strArr2 = (String[]) obj;
        } else {
            String str3 = (String) obj;
            if (-1 == str3.indexOf(" ")) {
                strArr2 = new String[]{(String) obj};
            } else {
                StringTokenizer stringTokenizer = new StringTokenizer(str3, " ");
                strArr2 = new String[stringTokenizer.countTokens()];
                for (int i = 0; i < strArr2.length; i++) {
                    strArr2[i] = stringTokenizer.nextToken();
                }
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Property ").append(str).append(" set to ...\n").toString());
            for (String str4 : strArr2) {
                Tr.debug(tc, new StringBuffer().append("\t").append(str4).toString());
            }
        }
        return strArr2;
    }

    public static String getKeyManagerFactoryAlgorithm() {
        if (keyManagerFactoryAlgorithm == null) {
            keyManagerFactoryAlgorithm = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.ssl.channel.engine.SSLFactoryConfig.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return Security.getProperty("ssl.KeyManagerFactory.algorithm");
                }
            });
        }
        return keyManagerFactoryAlgorithm;
    }

    public static String getTrustManagerFactoryAlgorithm() {
        if (trustManagerFactoryAlgorithm == null) {
            trustManagerFactoryAlgorithm = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.ssl.channel.engine.SSLFactoryConfig.2
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return Security.getProperty("ssl.TrustManagerFactory.algorithm");
                }
            });
        }
        return trustManagerFactoryAlgorithm;
    }

    public static boolean isFipsEnabled() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isFipsEnabled");
        }
        if (isFipsEnabled == null) {
            isFipsEnabled = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.ssl.channel.engine.SSLFactoryConfig.3
                @Override // java.security.PrivilegedAction
                public Object run() {
                    String property = System.getProperty("com.ibm.jsse2.JSSEFIPS");
                    if (property == null) {
                        property = System.getProperty("com.ibm.security.useFIPS");
                    }
                    if (property == null) {
                        property = Security.getProperty(SSLChannelConstants.USEFIPS_ENABLED);
                    }
                    return property;
                }
            });
        }
        if (isFipsEnabled != null && isFipsEnabled.equalsIgnoreCase("true")) {
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "isFipsEnabled -> true");
            return true;
        }
        isFipsEnabled = "false";
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "isFipsEnabled -> false");
        return false;
    }

    public static void initializeFips() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeFips");
        }
        if (!fipsInitialized) {
            AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.ssl.channel.engine.SSLFactoryConfig.4
                @Override // java.security.PrivilegedAction
                public Object run() {
                    Provider provider = null;
                    try {
                        System.setProperty("com.ibm.jsse2.JSSEFIPS", "true");
                        Provider[] providers = Security.getProviders();
                        for (int i = 0; i < providers.length; i++) {
                            if (SSLFactoryConfig.tc.isDebugEnabled()) {
                                Tr.debug(SSLFactoryConfig.tc, new StringBuffer().append("Provider[").append(i).append("]: ").append(providers[i].getName()).toString());
                            }
                            if (providers[i].getName().equals("IBMJCE")) {
                                if (SSLFactoryConfig.tc.isDebugEnabled()) {
                                    Tr.debug(SSLFactoryConfig.tc, new StringBuffer().append("IBMJCE provider at position ").append(i).toString());
                                }
                            } else if (providers[i].getName().equals(SSLFactoryConfig.DEFAULT_JCE_FIPS_PROVIDER)) {
                                if (SSLFactoryConfig.tc.isDebugEnabled()) {
                                    Tr.debug(SSLFactoryConfig.tc, new StringBuffer().append("IBMJCEFIPS provider at position ").append(i).toString());
                                }
                                provider = providers[i];
                            }
                        }
                        if (provider == null) {
                            Provider[] providers2 = Security.getProviders();
                            int insertProviderAt = Security.insertProviderAt(new IBMJCEFIPS(), 0);
                            if (SSLFactoryConfig.tc.isDebugEnabled()) {
                                Tr.debug(SSLFactoryConfig.tc, new StringBuffer().append("IBMJCEFIPS provider added at ").append(insertProviderAt).toString());
                            }
                            for (int i2 = 0; i2 < providers2.length; i2++) {
                                Security.removeProvider(providers2[i2].getName());
                                Security.addProvider(providers2[i2]);
                            }
                        }
                        Provider[] providers3 = Security.getProviders();
                        for (int i3 = 0; i3 < providers3.length; i3++) {
                            if (SSLFactoryConfig.tc.isDebugEnabled()) {
                                Tr.debug(SSLFactoryConfig.tc, new StringBuffer().append("Provider[").append(i3).append("]: ").append(providers3[i3].getName()).append(", info: ").append(providers3[i3].getInfo()).toString());
                            }
                        }
                        Security.setProperty(SSLConfig.SOCKET_FACTORY, SSLConfig.IBMJSSE2_SOCKET_FACTORY);
                        Security.setProperty("ssl.ServerSocketFactory.provider", "com.ibm.jsse2.SSLServerSocketFactoryImpl");
                        SSLFactoryConfig.fipsInitialized = true;
                        return null;
                    } catch (Exception e) {
                        Tr.warning(SSLFactoryConfig.tc, "security.addprovider.error", new Object[]{e});
                        if (!SSLFactoryConfig.tc.isDebugEnabled()) {
                            return null;
                        }
                        Tr.debug(SSLFactoryConfig.tc, "Exception caught adding IBMJCEFIPS provider.", new Object[]{e});
                        return null;
                    }
                }
            });
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeFips");
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$ssl$channel$engine$SSLFactoryConfig == null) {
            cls = class$("com.ibm.ws.ssl.channel.engine.SSLFactoryConfig");
            class$com$ibm$ws$ssl$channel$engine$SSLFactoryConfig = cls;
        } else {
            cls = class$com$ibm$ws$ssl$channel$engine$SSLFactoryConfig;
        }
        tc = Tr.register(cls, SSLChannelConstants.SSL_TRACE_NAME, SSLChannelConstants.SSL_BUNDLE);
        DEFAULT_KEY_MANAGER = getKeyManagerFactoryAlgorithm();
        DEFAULT_KEY_STORE_TYPE = KeyStore.getDefaultType();
        DEFAULT_KEY_FILE_NAME = null;
        DEFAULT_KEY_FILE_PASSWORD = null;
        DEFAULT_TRUST_MANAGER = getTrustManagerFactoryAlgorithm();
        DEFAULT_TRUST_FILE_NAME = null;
        DEFAULT_TRUST_FILE_PASSWORD = null;
        DEFAULT_CLIENT_KEY_ALIAS = null;
        DEFAULT_SERVER_KEY_ALIAS = null;
        DEFAULT_TOKEN_LIBRARY_FILE = null;
        DEFAULT_SECURITY_LEVEL = null;
        HIGH_CIPHER_SUITES = new String[]{SSLConfig.SSL_RSA_WITH_RC4_128_MD5, SSLConfig.SSL_RSA_WITH_RC4_128_SHA, SSLConfig.SSL_RSA_WITH_DES_CBC_SHA, SSLConfig.SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSLConfig.SSL_DHE_RSA_WITH_DES_CBC_SHA, SSLConfig.SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSLConfig.SSL_DHE_DSS_WITH_DES_CBC_SHA, SSLConfig.SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSLConfig.SSL_RSA_WITH_AES_128_CBC_SHA, SSLConfig.SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSLConfig.SSL_DHE_DSS_WITH_AES_128_CBC_SHA, SSLConfig.SSL_DHE_DSS_WITH_RC4_128_SHA};
        MEDIUM_CIPHER_SUITES = new String[]{SSLConfig.SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSLConfig.SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSLConfig.SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSLConfig.SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSLConfig.SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA};
        LOW_SERVER_CIPHER_SUITES = new String[]{SSLConfig.SSL_RSA_WITH_NULL_MD5, SSLConfig.SSL_RSA_WITH_NULL_SHA, SSLConfig.SSL_DH_anon_WITH_AES_128_CBC_SHA, SSLConfig.SSL_DH_anon_WITH_RC4_128_MD5, SSLConfig.SSL_DH_anon_WITH_DES_CBC_SHA, SSLConfig.SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSLConfig.SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, SSLConfig.SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA};
        FIPS_CIPHER_SUITES = new String[]{SSLConfig.SSL_RSA_WITH_AES_128_CBC_SHA, SSLConfig.SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSLConfig.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSLConfig.SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSLConfig.SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSLConfig.SSL_DHE_DSS_WITH_AES_128_CBC_SHA, SSLConfig.SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSLConfig.SSL_DH_anon_WITH_AES_128_CBC_SHA, SSLConfig.SSL_DH_anon_WITH_3DES_EDE_CBC_SHA};
        LOW_CLIENT_CIPHER_SUITES = new String[]{SSLConfig.SSL_RSA_WITH_NULL_MD5, SSLConfig.SSL_RSA_WITH_NULL_SHA};
        CONFIDENTIALITY_CIPHER_SUITES = new String[]{SSLConfig.SSL_RSA_WITH_RC4_128_MD5, SSLConfig.SSL_RSA_WITH_RC4_128_SHA, SSLConfig.SSL_RSA_WITH_DES_CBC_SHA, SSLConfig.SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSLConfig.SSL_DHE_RSA_WITH_DES_CBC_SHA, SSLConfig.SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSLConfig.SSL_DHE_DSS_WITH_DES_CBC_SHA, SSLConfig.SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSLConfig.SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSLConfig.SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSLConfig.SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSLConfig.SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSLConfig.SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA};
        INTEGRITY_CIPHER_SUITES = new String[]{SSLConfig.SSL_RSA_WITH_NULL_MD5, SSLConfig.SSL_RSA_WITH_NULL_SHA};
        AUTHENTICITY_CIPHER_SUITES = new String[]{SSLConfig.SSL_NULL_WITH_NULL_NULL};
        isFipsEnabled = null;
        fipsInitialized = false;
        keyManagerFactoryAlgorithm = null;
        trustManagerFactoryAlgorithm = null;
    }
}
