package com.ibm.ISecurityUtilityImpl;

import com.ibm.CORBA.iiop.ORB;
import com.ibm.ISecurityL13SupportImpl.SecurityLogger;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.management.util.SecurityHelper;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.orbssl.SSLCiphers;
import com.ibm.ws.security.orbssl.SSLDefaults;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.ssl.JSSEProvider;
import com.ibm.ws.ssl.JSSEProviderFactory;
import java.io.FileInputStream;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:lib/sas.jar:com/ibm/ISecurityUtilityImpl/SSLConfiguration.class */
public class SSLConfiguration {
    private boolean SSLClientAuthentication;
    private String SSLEnabledCiphers;
    private String SSLKeyFile;
    private String SSLKeyManager;
    private String SSLKeyPassword;
    private String SSLKeyStoreProvider;
    private String SSLKeyStoreType;
    private String SSLProtocol;
    private String SSLSecurityLevel;
    private String SSLContextProvider;
    private String SSLTrustFile;
    private String SSLTrustManager;
    private String SSLTrustPassword;
    private String SSLTrustStoreProvider;
    private String SSLTrustStoreType;
    private String HardwareTokenSlot;
    private String HardwareTokenLibraryFile;
    private String HardwareTokenPassword;
    private String HardwareTokenType;
    private String SSLClientAlias;
    private String SSLServerAlias;
    private boolean useFIPS;
    private String JCEProvider;
    private final String DefaultHardwareTokenSlot = String.valueOf(0);
    private final String UndefHardwareTokenSlot = String.valueOf(-1);
    private final String DefaultHardwareTokenLibraryFile = "";
    private final String DefaultHardwareTokenPassword = "";
    private final String DefaultHardwareTokenType = "";
    private final String DefaultSSLEnabledCiphers = "";
    private final String DefaultSSLKeyFile = "";
    private final String DefaultSSLKeyManager = "IbmX509";
    private final String DefaultSSLKeyPassword = "WebAS";
    private final String DefaultSSLKeyStoreProvider = "IBMJCE";
    private final String DefaultSSLFIPSKeyStoreProvider = "IBMJCEFIPS";
    private final String DefaultSSLKeyStoreType = "JKS";
    private final String DefaultSSLProtocol = "SSL";
    private final String DefaultSSLSecurityLevel = "high";
    private final String DefaultSSLContextProvider = SSLDefaults.DEFAULT_CONTEXT_PROVIDER;
    private final String DefaultSSLFIPSContextProvider = SSLCiphers.JSSEFIPS_PROVIDER;
    private final String DefaultSSLTrustFile = "";
    private final String DefaultSSLTrustManager = "IbmX509";
    private final String DefaultSSLTrustPassword = "WebAS";
    private final String DefaultSSLTrustStoreProvider = "IBMJCE";
    private final String DefaultSSLFIPSTrustStoreProvider = "IBMJCEFIPS";
    private final String DefaultSSLTrustStoreType = "JKS";
    private final String DefaultSSLClientAlias = "";
    private final String DefaultSSLServerAlias = "";
    private final boolean DefaultSSLClientAuthentication = false;
    private final boolean DefaultValidSSLSecurityLevel = false;
    private final boolean DefaultUseFIPS = false;
    private final String DefaultJCEProvider = "IBMJCE";
    private final String DefaultJCEFIPSProvider = "IBMJCEFIPS";
    private boolean validSSLSecurityLevel = false;

    public SSLConfiguration() {
        this.SSLClientAuthentication = false;
        this.SSLEnabledCiphers = "";
        this.SSLKeyFile = "";
        this.SSLKeyManager = "IbmX509";
        this.SSLKeyPassword = "WebAS";
        this.SSLKeyStoreProvider = "IBMJCE";
        this.SSLKeyStoreType = "JKS";
        this.SSLProtocol = "SSL";
        this.SSLSecurityLevel = "high";
        this.SSLContextProvider = SSLDefaults.DEFAULT_CONTEXT_PROVIDER;
        this.SSLTrustFile = "";
        this.SSLTrustManager = "IbmX509";
        this.SSLTrustPassword = "WebAS";
        this.SSLTrustStoreProvider = "IBMJCE";
        this.SSLTrustStoreType = "JKS";
        this.HardwareTokenSlot = this.DefaultHardwareTokenSlot;
        this.HardwareTokenLibraryFile = "";
        this.HardwareTokenPassword = "";
        this.HardwareTokenType = "";
        this.SSLClientAlias = "";
        this.SSLServerAlias = "";
        this.useFIPS = false;
        this.JCEProvider = "IBMJCE";
        this.SSLClientAuthentication = false;
        this.useFIPS = false;
        this.JCEProvider = "IBMJCE";
        this.SSLEnabledCiphers = "";
        this.SSLKeyFile = "";
        this.SSLKeyManager = "IbmX509";
        this.SSLKeyPassword = "WebAS";
        this.SSLKeyStoreProvider = "IBMJCE";
        this.SSLKeyStoreType = "JKS";
        this.SSLProtocol = "SSL";
        this.SSLSecurityLevel = "high";
        this.SSLTrustFile = "";
        this.SSLTrustManager = "IbmX509";
        this.SSLTrustPassword = "WebAS";
        this.SSLTrustStoreProvider = "IBMJCE";
        this.SSLTrustStoreType = "JKS";
        this.SSLContextProvider = SSLDefaults.DEFAULT_CONTEXT_PROVIDER;
        this.HardwareTokenLibraryFile = "";
        this.HardwareTokenPassword = "";
        this.HardwareTokenType = "";
        this.HardwareTokenSlot = this.DefaultHardwareTokenSlot;
        this.SSLClientAlias = "";
        this.SSLServerAlias = "";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initializeDefault(ConfigURLProperties configURLProperties, ORB orb) {
        String clean = clean(configURLProperties.getProperty(CommonConstants.USE_FIPS));
        if (clean != null && clean.length() > 0) {
            this.useFIPS = clean.equalsIgnoreCase("true");
        }
        if (this.useFIPS) {
            this.JCEProvider = "IBMJCEFIPS";
        } else {
            this.JCEProvider = "IBMJCE";
        }
        String clean2 = clean(configURLProperties.getProperty("com.ibm.ssl.tokenSlot"));
        if (clean2 == null || clean2.length() <= 0) {
            this.HardwareTokenSlot = System.getProperty("javax.net.ssl.tokenSlot", this.HardwareTokenSlot);
        } else {
            this.HardwareTokenSlot = clean2;
        }
        String clean3 = clean(configURLProperties.getProperty("com.ibm.ssl.tokenLibraryFile"));
        if (clean3 == null || clean3.length() <= 0) {
            clean3 = System.getProperty("javax.net.ssl.tokenLibraryFile", clean3);
        }
        if (clean3 != null && clean3.length() > 0) {
            this.HardwareTokenLibraryFile = new StringBuffer().append(clean3).append(":").append(this.HardwareTokenSlot).toString();
        }
        String clean4 = clean((String) AccessController.doPrivileged(new PrivilegedAction(this, configURLProperties) { // from class: com.ibm.ISecurityUtilityImpl.SSLConfiguration.1
            private final ConfigURLProperties val$securityProps_doPriv;
            private final SSLConfiguration this$0;

            {
                this.this$0 = this;
                this.val$securityProps_doPriv = configURLProperties;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return this.val$securityProps_doPriv.getProperty("com.ibm.ssl.tokenPassword");
            }
        }));
        if (clean4 == null || clean4.length() <= 0) {
            this.HardwareTokenPassword = System.getProperty("javax.net.ssl.tokenPassword", this.HardwareTokenPassword);
        } else {
            this.HardwareTokenPassword = clean4;
        }
        if (this.HardwareTokenPassword != null && this.HardwareTokenPassword.length() > 0) {
            try {
                this.HardwareTokenPassword = PasswordUtil.decode(this.HardwareTokenPassword);
            } catch (InvalidPasswordDecodingException e) {
                FFDCFilter.processException((Throwable) e, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.initializeDefault", "152", (Object) this);
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.initializeDefault", "156", this);
                SecurityLogger.logError("security.JSAS0497E", new Object[]{"SSLConfiguration.initializeDefault", e2});
            }
        }
        String clean5 = clean(configURLProperties.getProperty("com.ibm.ssl.tokenType"));
        if (clean5 == null || clean5.length() <= 0) {
            this.HardwareTokenType = System.getProperty("javax.net.ssl.tokenType", this.HardwareTokenType);
        } else {
            this.HardwareTokenType = clean5;
        }
        String clean6 = clean(configURLProperties.getProperty("com.ibm.ssl.clientAuthentication"));
        if (clean6 != null && clean6.length() > 0) {
            this.SSLClientAuthentication = checkTrueOrYes(clean6);
        }
        String clean7 = clean(configURLProperties.getProperty("com.ibm.ssl.enabledCipherSuites"));
        if (clean7 != null && clean7.length() > 0) {
            this.SSLEnabledCiphers = clean7;
        }
        String clean8 = clean(configURLProperties.getProperty("com.ibm.ssl.keyStore"));
        if (clean8 == null || clean8.length() <= 0) {
            this.SSLKeyFile = System.getProperty(SecurityHelper.keyStoreProp, this.SSLKeyFile);
        } else {
            this.SSLKeyFile = clean8;
        }
        String clean9 = clean(configURLProperties.getProperty("com.ibm.ssl.keyManager"));
        if (clean9 != null && clean9.length() > 0) {
            this.SSLKeyManager = clean9;
        }
        String clean10 = clean((String) AccessController.doPrivileged(new PrivilegedAction(this, configURLProperties) { // from class: com.ibm.ISecurityUtilityImpl.SSLConfiguration.2
            private final ConfigURLProperties val$securityProps_doPriv;
            private final SSLConfiguration this$0;

            {
                this.this$0 = this;
                this.val$securityProps_doPriv = configURLProperties;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return this.val$securityProps_doPriv.getProperty("com.ibm.ssl.keyStorePassword");
            }
        }));
        if (clean10 == null || clean10.length() <= 0) {
            this.SSLKeyPassword = System.getProperty(SecurityHelper.keyStorePasswordProp, this.SSLKeyPassword);
        } else {
            this.SSLKeyPassword = clean10;
        }
        if (this.SSLKeyPassword != null && this.SSLKeyPassword.length() > 0) {
            try {
                this.SSLKeyPassword = PasswordUtil.decode(this.SSLKeyPassword);
            } catch (InvalidPasswordDecodingException e3) {
            } catch (Exception e4) {
                FFDCFilter.processException(e4, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.initializeDefault", "211", this);
                SecurityLogger.logError("security.JSAS0485E", new Object[]{"SSLConfiguration.initializeDefault", e4});
            }
        }
        String clean11 = clean(configURLProperties.getProperty("com.ibm.ssl.contextProvider"));
        if (clean11 != null && clean11.length() > 0) {
            this.SSLContextProvider = clean11;
        }
        if (!this.useFIPS && this.SSLContextProvider.equalsIgnoreCase(SSLCiphers.JSSEFIPS_PROVIDER)) {
            this.useFIPS = true;
            this.JCEProvider = "IBMJCEFIPS";
        }
        String clean12 = clean(configURLProperties.getProperty("com.ibm.ssl.keyStoreProvider"));
        if (clean12 != null && clean12.length() > 0) {
            this.SSLKeyStoreProvider = clean12;
        }
        String clean13 = clean(configURLProperties.getProperty("com.ibm.ssl.keyStoreType"));
        if (clean13 == null || clean13.length() <= 0) {
            this.SSLKeyStoreType = System.getProperty("javax.net.ssl.keyStoreType", this.SSLKeyStoreType);
        } else {
            this.SSLKeyStoreType = clean13;
        }
        String clean14 = clean(configURLProperties.getProperty("com.ibm.ssl.protocol"));
        if (clean14 != null && clean14.length() > 0) {
            this.SSLProtocol = clean14;
        }
        String clean15 = clean(configURLProperties.getProperty("com.ibm.ssl.securityLevel"));
        if (clean15 != null && clean15.length() > 0) {
            this.SSLSecurityLevel = clean15;
            String lowerCase = clean15.toLowerCase();
            this.validSSLSecurityLevel = lowerCase.equals("high") || lowerCase.equals("medium") || lowerCase.equals("low");
        }
        String clean16 = clean(configURLProperties.getProperty("com.ibm.ssl.trustStore"));
        if (clean16 == null || clean16.length() <= 0) {
            this.SSLTrustFile = System.getProperty(SecurityHelper.trustStoreProp, this.SSLTrustFile);
        } else {
            this.SSLTrustFile = clean16;
        }
        String clean17 = clean(configURLProperties.getProperty("com.ibm.ssl.trustManager"));
        if (clean17 != null && clean17.length() > 0) {
            this.SSLTrustManager = clean17;
        }
        String clean18 = clean((String) AccessController.doPrivileged(new PrivilegedAction(this, configURLProperties) { // from class: com.ibm.ISecurityUtilityImpl.SSLConfiguration.3
            private final ConfigURLProperties val$securityProps_doPriv;
            private final SSLConfiguration this$0;

            {
                this.this$0 = this;
                this.val$securityProps_doPriv = configURLProperties;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return this.val$securityProps_doPriv.getProperty("com.ibm.ssl.trustStorePassword");
            }
        }));
        if (clean18 == null || clean18.length() <= 0) {
            this.SSLTrustPassword = System.getProperty(SecurityHelper.trustStorePasswordProp, this.SSLTrustPassword);
        } else {
            this.SSLTrustPassword = clean18;
        }
        if (this.SSLTrustPassword != null && this.SSLTrustPassword.length() > 0) {
            try {
                this.SSLTrustPassword = PasswordUtil.decode(this.SSLTrustPassword);
            } catch (InvalidPasswordDecodingException e5) {
            } catch (Exception e6) {
                FFDCFilter.processException(e6, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.initializeDefault", "276", this);
                SecurityLogger.logError("security.JSAS0486E", new Object[]{"SSLConfiguration.initializeDefault", e6});
            }
        }
        String clean19 = clean(configURLProperties.getProperty("com.ibm.ssl.trustStoreProvider"));
        if (clean19 != null && clean19.length() > 0) {
            this.SSLTrustStoreProvider = clean19;
        }
        String clean20 = clean(configURLProperties.getProperty("com.ibm.ssl.trustStoreType"));
        if (clean20 == null || clean20.length() <= 0) {
            this.SSLTrustStoreType = System.getProperty("javax.net.ssl.trustStoreType", this.SSLTrustStoreType);
        } else {
            this.SSLTrustStoreType = clean20;
        }
        String clean21 = clean(configURLProperties.getProperty("com.ibm.ssl.keyStoreClientAlias"));
        if (clean21 == null || clean21.length() <= 0) {
            this.SSLClientAlias = System.getProperty("javax.net.ssl.keyStoreClientAlias", this.SSLClientAlias);
        } else {
            this.SSLClientAlias = clean21;
        }
        String clean22 = clean(configURLProperties.getProperty("com.ibm.ssl.keyStoreServerAlias"));
        if (clean22 == null || clean22.length() <= 0) {
            this.SSLServerAlias = System.getProperty("javax.net.ssl.keyStoreServerAlias", this.SSLServerAlias);
        } else {
            this.SSLServerAlias = clean22;
        }
        toString("SSLConfiguration.initializeDefault");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initializeSASOutbound(ConfigURLProperties configURLProperties, SSLConfiguration sSLConfiguration) {
        String clean = clean(configURLProperties.getProperty(CommonConstants.USE_FIPS));
        if (clean != null && clean.length() > 0) {
            this.useFIPS = clean.equalsIgnoreCase("true");
        }
        if (this.useFIPS) {
            this.JCEProvider = "IBMJCEFIPS";
        } else {
            this.JCEProvider = "IBMJCE";
        }
        String clean2 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.outbound.tokenSlot"));
        if (clean2 != null && clean2.length() > 0) {
            this.HardwareTokenSlot = clean2;
        }
        String clean3 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.outbound.tokenLibraryFile"));
        if (clean3 != null && clean3.length() > 0) {
            this.HardwareTokenLibraryFile = new StringBuffer().append(clean3).append(":").append(this.HardwareTokenSlot).toString();
        }
        String clean4 = clean((String) AccessController.doPrivileged(new PrivilegedAction(this, configURLProperties) { // from class: com.ibm.ISecurityUtilityImpl.SSLConfiguration.4
            private final ConfigURLProperties val$securityProps_doPriv;
            private final SSLConfiguration this$0;

            {
                this.this$0 = this;
                this.val$securityProps_doPriv = configURLProperties;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return this.val$securityProps_doPriv.getProperty("com.ibm.ssl.sas.outbound.tokenPassword");
            }
        }));
        if (clean4 != null && clean4.length() > 0) {
            this.HardwareTokenPassword = clean4;
        }
        if (this.HardwareTokenPassword != null && this.HardwareTokenPassword.length() > 0) {
            try {
                this.HardwareTokenPassword = PasswordUtil.decode(this.HardwareTokenPassword);
            } catch (InvalidPasswordDecodingException e) {
                FFDCFilter.processException((Throwable) e, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.initializeSASOutbound", "336", (Object) this);
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.initializeSASOutbound", "340", this);
                SecurityLogger.logError("security.JSAS0497E", new Object[]{"SSLConfiguration.initializeSASOutbound", e2});
            }
        }
        String clean5 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.outbound.tokenType"));
        if (clean5 != null && clean5.length() > 0) {
            this.HardwareTokenType = clean5;
        }
        String clean6 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.outbound.clientAuthentication"));
        if (clean6 != null && clean6.length() > 0) {
            this.SSLClientAuthentication = checkTrueOrYes(clean6);
        }
        String clean7 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.outbound.enabledCipherSuites"));
        if (clean7 == null || clean7.length() <= 0) {
            sSLConfiguration.getSSLEnabledCiphers();
        } else {
            this.SSLEnabledCiphers = clean7;
        }
        String clean8 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.outbound.keyStore"));
        if (clean8 != null && clean8.length() > 0) {
            this.SSLKeyFile = clean8;
        }
        String clean9 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.outbound.keyManager"));
        if (clean9 != null && clean9.length() > 0) {
            this.SSLKeyManager = clean9;
        }
        String clean10 = clean((String) AccessController.doPrivileged(new PrivilegedAction(this, configURLProperties) { // from class: com.ibm.ISecurityUtilityImpl.SSLConfiguration.5
            private final ConfigURLProperties val$securityProps_doPriv;
            private final SSLConfiguration this$0;

            {
                this.this$0 = this;
                this.val$securityProps_doPriv = configURLProperties;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return this.val$securityProps_doPriv.getProperty("com.ibm.ssl.sas.outbound.keyStorePassword");
            }
        }));
        if (clean10 != null && clean10.length() > 0) {
            this.SSLKeyPassword = clean10;
        }
        if (this.SSLKeyPassword != null && this.SSLKeyPassword.length() > 0) {
            try {
                this.SSLKeyPassword = PasswordUtil.decode(this.SSLKeyPassword);
            } catch (InvalidPasswordDecodingException e3) {
            } catch (Exception e4) {
                FFDCFilter.processException(e4, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.initializeSASOutbound", "407", this);
                SecurityLogger.logError("security.JSAS0485E", new Object[]{"SSLConfiguration.initializeSASOutbound", e4});
            }
        }
        String clean11 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.outbound.contextProvider"));
        if (clean11 == null || clean11.length() <= 0) {
            this.SSLContextProvider = sSLConfiguration.getSSLContextProvider();
        } else {
            this.SSLContextProvider = clean11;
        }
        if (!this.useFIPS && this.SSLContextProvider.equalsIgnoreCase(SSLCiphers.JSSEFIPS_PROVIDER)) {
            this.useFIPS = true;
            this.JCEProvider = "IBMJCEFIPS";
        }
        String clean12 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.outbound.keyStoreProvider"));
        if (clean12 != null && clean12.length() > 0) {
            this.SSLKeyStoreProvider = clean12;
        }
        String clean13 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.outbound.keyStoreType"));
        if (clean13 != null && clean13.length() > 0) {
            this.SSLKeyStoreType = clean13;
        }
        String clean14 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.outbound.protocol"));
        if (clean14 == null || clean14.length() <= 0) {
            this.SSLProtocol = sSLConfiguration.getSSLProtocol();
        } else {
            this.SSLProtocol = clean14;
        }
        String clean15 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.outbound.securityLevel"));
        if (clean15 == null || clean15.length() <= 0) {
            this.SSLSecurityLevel = sSLConfiguration.SSLSecurityLevel;
            this.validSSLSecurityLevel = this.SSLSecurityLevel.equals("high") || this.SSLSecurityLevel.equals("medium") || this.SSLSecurityLevel.equals("low");
        } else {
            this.SSLSecurityLevel = clean15;
            String lowerCase = clean15.toLowerCase();
            this.validSSLSecurityLevel = lowerCase.equals("high") || lowerCase.equals("medium") || lowerCase.equals("low");
        }
        String clean16 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.outbound.trustStore"));
        if (clean16 != null && clean16.length() > 0) {
            this.SSLTrustFile = clean16;
        }
        String clean17 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.outbound.trustManager"));
        if (clean17 != null && clean17.length() > 0) {
            this.SSLTrustManager = clean17;
        }
        String clean18 = clean((String) AccessController.doPrivileged(new PrivilegedAction(this, configURLProperties) { // from class: com.ibm.ISecurityUtilityImpl.SSLConfiguration.6
            private final ConfigURLProperties val$securityProps_doPriv;
            private final SSLConfiguration this$0;

            {
                this.this$0 = this;
                this.val$securityProps_doPriv = configURLProperties;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return this.val$securityProps_doPriv.getProperty("com.ibm.ssl.sas.outbound.trustStorePassword");
            }
        }));
        if (clean18 != null && clean18.length() > 0) {
            this.SSLTrustPassword = clean18;
        }
        if (this.SSLTrustPassword != null && this.SSLTrustPassword.length() > 0) {
            try {
                this.SSLTrustPassword = PasswordUtil.decode(this.SSLTrustPassword);
            } catch (InvalidPasswordDecodingException e5) {
            } catch (Exception e6) {
                FFDCFilter.processException(e6, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.initializeSASOutbound", "489", this);
                SecurityLogger.logError("security.JSAS0486E", new Object[]{"SSLConfiguration.initializeSASOutbound", e6});
            }
        }
        String clean19 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.outbound.trustStoreProvider"));
        if (clean19 != null && clean19.length() > 0) {
            this.SSLTrustStoreProvider = clean19;
        }
        String clean20 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.outbound.trustStoreType"));
        if (clean20 != null && clean20.length() > 0) {
            this.SSLTrustStoreType = clean20;
        }
        String clean21 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.outbound.keyStoreClientAlias"));
        if (clean21 != null && clean21.length() > 0) {
            this.SSLClientAlias = clean21;
        }
        String clean22 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.outbound.keyStoreServerAlias"));
        if (clean22 != null && clean22.length() > 0) {
            this.SSLServerAlias = clean22;
        }
        defaultIfNecessary(sSLConfiguration);
        toString("SSLConfiguration.initializeSASOutbound");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initializeSASInbound(ConfigURLProperties configURLProperties, SSLConfiguration sSLConfiguration) {
        String clean = clean(configURLProperties.getProperty(CommonConstants.USE_FIPS));
        if (clean != null && clean.length() > 0) {
            this.useFIPS = clean.equalsIgnoreCase("true");
        }
        if (this.useFIPS) {
            this.JCEProvider = "IBMJCEFIPS";
        } else {
            this.JCEProvider = "IBMJCE";
        }
        String clean2 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.inbound.tokenSlot"));
        if (clean2 != null && clean2.length() > 0) {
            this.HardwareTokenSlot = clean2;
        }
        String clean3 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.inbound.tokenLibraryFile"));
        if (clean3 != null && clean3.length() > 0) {
            this.HardwareTokenLibraryFile = new StringBuffer().append(clean3).append(":").append(this.HardwareTokenSlot).toString();
        }
        String clean4 = clean((String) AccessController.doPrivileged(new PrivilegedAction(this, configURLProperties) { // from class: com.ibm.ISecurityUtilityImpl.SSLConfiguration.7
            private final ConfigURLProperties val$securityProps_doPriv;
            private final SSLConfiguration this$0;

            {
                this.this$0 = this;
                this.val$securityProps_doPriv = configURLProperties;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return this.val$securityProps_doPriv.getProperty("com.ibm.ssl.sas.inbound.tokenPassword");
            }
        }));
        if (clean4 != null && clean4.length() > 0) {
            this.HardwareTokenPassword = clean4;
        }
        if (this.HardwareTokenPassword != null && this.HardwareTokenPassword.length() > 0) {
            try {
                this.HardwareTokenPassword = PasswordUtil.decode(this.HardwareTokenPassword);
            } catch (InvalidPasswordDecodingException e) {
                FFDCFilter.processException((Throwable) e, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.initializeSASInbound", "553", (Object) this);
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.initializeSASInbound", "557", this);
                SecurityLogger.logError("security.JSAS0497E", new Object[]{"SSLConfiguration.initializeSASInbound", e2});
            }
        }
        String clean5 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.inbound.tokenType"));
        if (clean5 != null && clean5.length() > 0) {
            this.HardwareTokenType = clean5;
        }
        String clean6 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.inbound.clientAuthentication"));
        if (clean6 != null && clean6.length() > 0) {
            this.SSLClientAuthentication = checkTrueOrYes(clean6);
        }
        String clean7 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.inbound.enabledCipherSuites"));
        if (clean7 == null || clean7.length() <= 0) {
            sSLConfiguration.getSSLEnabledCiphers();
        } else {
            this.SSLEnabledCiphers = clean7;
        }
        String clean8 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.inbound.keyStore"));
        if (clean8 != null && clean8.length() > 0) {
            this.SSLKeyFile = clean8;
        }
        String clean9 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.inbound.keyManager"));
        if (clean9 != null && clean9.length() > 0) {
            this.SSLKeyManager = clean9;
        }
        String clean10 = clean((String) AccessController.doPrivileged(new PrivilegedAction(this, configURLProperties) { // from class: com.ibm.ISecurityUtilityImpl.SSLConfiguration.8
            private final ConfigURLProperties val$securityProps_doPriv;
            private final SSLConfiguration this$0;

            {
                this.this$0 = this;
                this.val$securityProps_doPriv = configURLProperties;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return this.val$securityProps_doPriv.getProperty("com.ibm.ssl.sas.inbound.keyStorePassword");
            }
        }));
        if (clean10 != null && clean10.length() > 0) {
            this.SSLKeyPassword = clean10;
        }
        if (this.SSLKeyPassword != null && this.SSLKeyPassword.length() > 0) {
            try {
                this.SSLKeyPassword = PasswordUtil.decode(this.SSLKeyPassword);
            } catch (InvalidPasswordDecodingException e3) {
            } catch (Exception e4) {
                FFDCFilter.processException(e4, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.initializeSASInbound", "624", this);
                SecurityLogger.logError("security.JSAS0485E", new Object[]{"SSLConfiguration.initializeSASInbound", e4});
            }
        }
        String clean11 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.inbound.contextProvider"));
        if (clean11 == null || clean11.length() <= 0) {
            this.SSLContextProvider = sSLConfiguration.getSSLContextProvider();
        } else {
            this.SSLContextProvider = clean11;
        }
        if (!this.useFIPS && this.SSLContextProvider.equalsIgnoreCase(SSLCiphers.JSSEFIPS_PROVIDER)) {
            this.useFIPS = true;
            this.JCEProvider = "IBMJCEFIPS";
        }
        String clean12 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.inbound.keyStoreProvider"));
        if (clean12 != null && clean12.length() > 0) {
            this.SSLKeyStoreProvider = clean12;
        }
        String clean13 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.inbound.keyStoreType"));
        if (clean13 != null && clean13.length() > 0) {
            this.SSLKeyStoreType = clean13;
        }
        String clean14 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.inbound.protocol"));
        if (clean14 == null || clean14.length() <= 0) {
            this.SSLProtocol = sSLConfiguration.getSSLProtocol();
        } else {
            this.SSLProtocol = clean14;
        }
        String clean15 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.inbound.securityLevel"));
        if (clean15 == null || clean15.length() <= 0) {
            this.SSLSecurityLevel = sSLConfiguration.SSLSecurityLevel;
            this.validSSLSecurityLevel = this.SSLSecurityLevel.equals("high") || this.SSLSecurityLevel.equals("medium") || this.SSLSecurityLevel.equals("low");
        } else {
            this.SSLSecurityLevel = clean15;
            String lowerCase = clean15.toLowerCase();
            this.validSSLSecurityLevel = lowerCase.equals("high") || lowerCase.equals("medium") || lowerCase.equals("low");
        }
        String clean16 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.inbound.trustStore"));
        if (clean16 != null && clean16.length() > 0) {
            this.SSLTrustFile = clean16;
        }
        String clean17 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.inbound.trustManager"));
        if (clean17 != null && clean17.length() > 0) {
            this.SSLTrustManager = clean17;
        }
        String clean18 = clean((String) AccessController.doPrivileged(new PrivilegedAction(this, configURLProperties) { // from class: com.ibm.ISecurityUtilityImpl.SSLConfiguration.9
            private final ConfigURLProperties val$securityProps_doPriv;
            private final SSLConfiguration this$0;

            {
                this.this$0 = this;
                this.val$securityProps_doPriv = configURLProperties;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return this.val$securityProps_doPriv.getProperty("com.ibm.ssl.sas.inbound.trustStorePassword");
            }
        }));
        if (clean18 != null && clean18.length() > 0) {
            this.SSLTrustPassword = clean18;
        }
        if (this.SSLTrustPassword != null && this.SSLTrustPassword.length() > 0) {
            try {
                this.SSLTrustPassword = PasswordUtil.decode(this.SSLTrustPassword);
            } catch (InvalidPasswordDecodingException e5) {
            } catch (Exception e6) {
                FFDCFilter.processException(e6, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.initializeSASInbound", "706", this);
                SecurityLogger.logError("security.JSAS0486E", new Object[]{"SSLConfiguration.initializeSASInbound", e6});
            }
        }
        String clean19 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.inbound.trustStoreProvider"));
        if (clean19 != null && clean19.length() > 0) {
            this.SSLTrustStoreProvider = clean19;
        }
        String clean20 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.inbound.trustStoreType"));
        if (clean20 != null && clean20.length() > 0) {
            this.SSLTrustStoreType = clean20;
        }
        String clean21 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.inbound.keyStoreClientAlias"));
        if (clean21 != null && clean21.length() > 0) {
            this.SSLClientAlias = clean21;
        }
        String clean22 = clean(configURLProperties.getProperty("com.ibm.ssl.sas.inbound.keyStoreServerAlias"));
        if (clean22 != null && clean22.length() > 0) {
            this.SSLServerAlias = clean22;
        }
        defaultIfNecessary(sSLConfiguration);
        toString("SSLConfiguration.initializeSASInbound");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initializeCSIOutbound(ConfigURLProperties configURLProperties, SSLConfiguration sSLConfiguration) {
        String clean = clean(configURLProperties.getProperty(CommonConstants.USE_FIPS));
        if (clean != null && clean.length() > 0) {
            this.useFIPS = clean.equalsIgnoreCase("true");
        }
        if (this.useFIPS) {
            this.JCEProvider = "IBMJCEFIPS";
        } else {
            this.JCEProvider = "IBMJCE";
        }
        String clean2 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.outbound.tokenSlot"));
        if (clean2 != null && clean2.length() > 0) {
            this.HardwareTokenSlot = clean2;
        }
        String clean3 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.outbound.tokenLibraryFile"));
        if (clean3 != null && clean3.length() > 0) {
            this.HardwareTokenLibraryFile = new StringBuffer().append(clean3).append(":").append(this.HardwareTokenSlot).toString();
        }
        String clean4 = clean((String) AccessController.doPrivileged(new PrivilegedAction(this, configURLProperties) { // from class: com.ibm.ISecurityUtilityImpl.SSLConfiguration.10
            private final ConfigURLProperties val$securityProps_doPriv;
            private final SSLConfiguration this$0;

            {
                this.this$0 = this;
                this.val$securityProps_doPriv = configURLProperties;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return this.val$securityProps_doPriv.getProperty("com.ibm.ssl.csi.outbound.tokenPassword");
            }
        }));
        if (clean4 != null && clean4.length() > 0) {
            this.HardwareTokenPassword = clean4;
        }
        if (this.HardwareTokenPassword != null && this.HardwareTokenPassword.length() > 0) {
            try {
                this.HardwareTokenPassword = PasswordUtil.decode(this.HardwareTokenPassword);
            } catch (InvalidPasswordDecodingException e) {
                FFDCFilter.processException((Throwable) e, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.initializeCSIOutbound", "770", (Object) this);
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.initializeCSIOutbound", "774", this);
                SecurityLogger.logError("security.JSAS0497E", new Object[]{"SSLConfiguration.initializeCSIOutbound", e2});
            }
        }
        String clean5 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.outbound.tokenType"));
        if (clean5 != null && clean5.length() > 0) {
            this.HardwareTokenType = clean5;
        }
        String clean6 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.outbound.clientAuthentication"));
        if (clean6 != null && clean6.length() > 0) {
            this.SSLClientAuthentication = checkTrueOrYes(clean6);
        }
        String clean7 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.outbound.enabledCipherSuites"));
        if (clean7 == null || clean7.length() <= 0) {
            sSLConfiguration.getSSLEnabledCiphers();
        } else {
            this.SSLEnabledCiphers = clean7;
        }
        String clean8 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.outbound.keyStore"));
        if (clean8 != null && clean8.length() > 0) {
            this.SSLKeyFile = clean8;
        }
        String clean9 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.outbound.keyManager"));
        if (clean9 != null && clean9.length() > 0) {
            this.SSLKeyManager = clean9;
        }
        String clean10 = clean((String) AccessController.doPrivileged(new PrivilegedAction(this, configURLProperties) { // from class: com.ibm.ISecurityUtilityImpl.SSLConfiguration.11
            private final ConfigURLProperties val$securityProps_doPriv;
            private final SSLConfiguration this$0;

            {
                this.this$0 = this;
                this.val$securityProps_doPriv = configURLProperties;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return this.val$securityProps_doPriv.getProperty("com.ibm.ssl.csi.outbound.keyStorePassword");
            }
        }));
        if (clean10 != null && clean10.length() > 0) {
            this.SSLKeyPassword = clean10;
        }
        if (this.SSLKeyPassword != null && this.SSLKeyPassword.length() > 0) {
            try {
                this.SSLKeyPassword = PasswordUtil.decode(this.SSLKeyPassword);
            } catch (InvalidPasswordDecodingException e3) {
            } catch (Exception e4) {
                FFDCFilter.processException(e4, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.initializeCSIOutbound", "841", this);
                SecurityLogger.logError("security.JSAS0485E", new Object[]{"SSLConfiguration.initializeCSIOutbound", e4});
            }
        }
        String clean11 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.outbound.contextProvider"));
        if (clean11 == null || clean11.length() <= 0) {
            this.SSLContextProvider = sSLConfiguration.getSSLContextProvider();
        } else {
            this.SSLContextProvider = clean11;
        }
        if (!this.useFIPS && this.SSLContextProvider.equalsIgnoreCase(SSLCiphers.JSSEFIPS_PROVIDER)) {
            this.useFIPS = true;
            this.JCEProvider = "IBMJCEFIPS";
        }
        String clean12 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.outbound.keyStoreProvider"));
        if (clean12 != null && clean12.length() > 0) {
            this.SSLKeyStoreProvider = clean12;
        }
        String clean13 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.outbound.keyStoreType"));
        if (clean13 != null && clean13.length() > 0) {
            this.SSLKeyStoreType = clean13;
        }
        String clean14 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.outbound.protocol"));
        if (clean14 == null || clean14.length() <= 0) {
            this.SSLProtocol = sSLConfiguration.getSSLProtocol();
        } else {
            this.SSLProtocol = clean14;
        }
        String clean15 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.outbound.securityLevel"));
        if (clean15 == null || clean15.length() <= 0) {
            this.SSLSecurityLevel = sSLConfiguration.SSLSecurityLevel;
            this.validSSLSecurityLevel = this.SSLSecurityLevel.equals("high") || this.SSLSecurityLevel.equals("medium") || this.SSLSecurityLevel.equals("low");
        } else {
            this.SSLSecurityLevel = clean15;
            String lowerCase = clean15.toLowerCase();
            this.validSSLSecurityLevel = lowerCase.equals("high") || lowerCase.equals("medium") || lowerCase.equals("low");
        }
        String clean16 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.outbound.trustStore"));
        if (clean16 != null && clean16.length() > 0) {
            this.SSLTrustFile = clean16;
        }
        String clean17 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.outbound.trustManager"));
        if (clean17 != null && clean17.length() > 0) {
            this.SSLTrustManager = clean17;
        }
        String clean18 = clean((String) AccessController.doPrivileged(new PrivilegedAction(this, configURLProperties) { // from class: com.ibm.ISecurityUtilityImpl.SSLConfiguration.12
            private final ConfigURLProperties val$securityProps_doPriv;
            private final SSLConfiguration this$0;

            {
                this.this$0 = this;
                this.val$securityProps_doPriv = configURLProperties;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return this.val$securityProps_doPriv.getProperty("com.ibm.ssl.csi.outbound.trustStorePassword");
            }
        }));
        if (clean18 != null && clean18.length() > 0) {
            this.SSLTrustPassword = clean18;
        }
        if (this.SSLTrustPassword != null && this.SSLTrustPassword.length() > 0) {
            try {
                this.SSLTrustPassword = PasswordUtil.decode(this.SSLTrustPassword);
            } catch (InvalidPasswordDecodingException e5) {
            } catch (Exception e6) {
                FFDCFilter.processException(e6, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.initializeCSIOutbound", "923", this);
                SecurityLogger.logError("security.JSAS0486E", new Object[]{"SSLConfiguration.initializeCSIOutbound", e6});
            }
        }
        String clean19 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.outbound.trustStoreProvider"));
        if (clean19 != null && clean19.length() > 0) {
            this.SSLTrustStoreProvider = clean19;
        }
        String clean20 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.outbound.trustStoreType"));
        if (clean20 != null && clean20.length() > 0) {
            this.SSLTrustStoreType = clean20;
        }
        String clean21 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.outbound.keyStoreClientAlias"));
        if (clean21 != null && clean21.length() > 0) {
            this.SSLClientAlias = clean21;
        }
        String clean22 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.outbound.keyStoreServerAlias"));
        if (clean22 != null && clean22.length() > 0) {
            this.SSLServerAlias = clean22;
        }
        defaultIfNecessary(sSLConfiguration);
        toString("SSLConfiguration.initializeCSIOutbound");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initializeCSIInbound(ConfigURLProperties configURLProperties, SSLConfiguration sSLConfiguration) {
        String clean = clean(configURLProperties.getProperty(CommonConstants.USE_FIPS));
        if (clean != null && clean.length() > 0) {
            this.useFIPS = clean.equalsIgnoreCase("true");
        }
        if (this.useFIPS) {
            this.JCEProvider = "IBMJCEFIPS";
        } else {
            this.JCEProvider = "IBMJCE";
        }
        String clean2 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.inbound.tokenSlot"));
        if (clean2 != null && clean2.length() > 0) {
            this.HardwareTokenSlot = clean2;
        }
        String clean3 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.inbound.tokenLibraryFile"));
        if (clean3 != null && clean3.length() > 0) {
            this.HardwareTokenLibraryFile = new StringBuffer().append(clean3).append(":").append(this.HardwareTokenSlot).toString();
        }
        String clean4 = clean((String) AccessController.doPrivileged(new PrivilegedAction(this, configURLProperties) { // from class: com.ibm.ISecurityUtilityImpl.SSLConfiguration.13
            private final ConfigURLProperties val$securityProps_doPriv;
            private final SSLConfiguration this$0;

            {
                this.this$0 = this;
                this.val$securityProps_doPriv = configURLProperties;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return this.val$securityProps_doPriv.getProperty("com.ibm.ssl.csi.inbound.tokenPassword");
            }
        }));
        if (clean4 != null && clean4.length() > 0) {
            this.HardwareTokenPassword = clean4;
        }
        if (this.HardwareTokenPassword != null && this.HardwareTokenPassword.length() > 0) {
            try {
                this.HardwareTokenPassword = PasswordUtil.decode(this.HardwareTokenPassword);
            } catch (InvalidPasswordDecodingException e) {
                FFDCFilter.processException((Throwable) e, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.initializeCSIInbound", "986", (Object) this);
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.initializeCSIInbound", "990", this);
                SecurityLogger.logError("security.JSAS0497E", new Object[]{"SSLConfiguration.initializeCSIInbound", e2});
            }
        }
        String clean5 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.inbound.tokenType"));
        if (clean5 != null && clean5.length() > 0) {
            this.HardwareTokenType = clean5;
        }
        String clean6 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.inbound.clientAuthentication"));
        if (clean6 != null && clean6.length() > 0) {
            this.SSLClientAuthentication = checkTrueOrYes(clean6);
        }
        String clean7 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.inbound.enabledCipherSuites"));
        if (clean7 == null || clean7.length() <= 0) {
            sSLConfiguration.getSSLEnabledCiphers();
        } else {
            this.SSLEnabledCiphers = clean7;
        }
        String clean8 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.inbound.keyStore"));
        if (clean8 != null && clean8.length() > 0) {
            this.SSLKeyFile = clean8;
        }
        String clean9 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.inbound.keyManager"));
        if (clean9 != null && clean9.length() > 0) {
            this.SSLKeyManager = clean9;
        }
        String clean10 = clean((String) AccessController.doPrivileged(new PrivilegedAction(this, configURLProperties) { // from class: com.ibm.ISecurityUtilityImpl.SSLConfiguration.14
            private final ConfigURLProperties val$securityProps_doPriv;
            private final SSLConfiguration this$0;

            {
                this.this$0 = this;
                this.val$securityProps_doPriv = configURLProperties;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return this.val$securityProps_doPriv.getProperty("com.ibm.ssl.csi.inbound.keyStorePassword");
            }
        }));
        if (clean10 != null && clean10.length() > 0) {
            this.SSLKeyPassword = clean10;
        }
        if (this.SSLKeyPassword != null && this.SSLKeyPassword.length() > 0) {
            try {
                this.SSLKeyPassword = PasswordUtil.decode(this.SSLKeyPassword);
            } catch (InvalidPasswordDecodingException e3) {
            } catch (Exception e4) {
                FFDCFilter.processException(e4, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.initializeCSIInbound", "1057", this);
                SecurityLogger.logError("security.JSAS0485E", new Object[]{"SSLConfiguration.initializeCSIInbound", e4});
            }
        }
        String clean11 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.inbound.contextProvider"));
        if (clean11 == null || clean11.length() <= 0) {
            this.SSLContextProvider = sSLConfiguration.getSSLContextProvider();
        } else {
            this.SSLContextProvider = clean11;
        }
        if (!this.useFIPS && this.SSLContextProvider.equalsIgnoreCase(SSLCiphers.JSSEFIPS_PROVIDER)) {
            this.useFIPS = true;
            this.JCEProvider = "IBMJCEFIPS";
        }
        String clean12 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.inbound.keyStoreProvider"));
        if (clean12 != null && clean12.length() > 0) {
            this.SSLKeyStoreProvider = clean12;
        }
        String clean13 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.inbound.keyStoreType"));
        if (clean13 != null && clean13.length() > 0) {
            this.SSLKeyStoreType = clean13;
        }
        String clean14 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.inbound.protocol"));
        if (clean14 == null || clean14.length() <= 0) {
            this.SSLProtocol = sSLConfiguration.getSSLProtocol();
        } else {
            this.SSLProtocol = clean14;
        }
        String clean15 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.inbound.securityLevel"));
        if (clean15 == null || clean15.length() <= 0) {
            this.SSLSecurityLevel = sSLConfiguration.SSLSecurityLevel;
            this.validSSLSecurityLevel = this.SSLSecurityLevel.equals("high") || this.SSLSecurityLevel.equals("medium") || this.SSLSecurityLevel.equals("low");
        } else {
            this.SSLSecurityLevel = clean15;
            String lowerCase = clean15.toLowerCase();
            this.validSSLSecurityLevel = lowerCase.equals("high") || lowerCase.equals("medium") || lowerCase.equals("low");
        }
        String clean16 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.inbound.trustStore"));
        if (clean16 != null && clean16.length() > 0) {
            this.SSLTrustFile = clean16;
        }
        String clean17 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.inbound.trustManager"));
        if (clean17 != null && clean17.length() > 0) {
            this.SSLTrustManager = clean17;
        }
        String clean18 = clean((String) AccessController.doPrivileged(new PrivilegedAction(this, configURLProperties) { // from class: com.ibm.ISecurityUtilityImpl.SSLConfiguration.15
            private final ConfigURLProperties val$securityProps_doPriv;
            private final SSLConfiguration this$0;

            {
                this.this$0 = this;
                this.val$securityProps_doPriv = configURLProperties;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return this.val$securityProps_doPriv.getProperty("com.ibm.ssl.csi.inbound.trustStorePassword");
            }
        }));
        if (clean18 != null && clean18.length() > 0) {
            this.SSLTrustPassword = clean18;
        }
        if (this.SSLTrustPassword != null && this.SSLTrustPassword.length() > 0) {
            try {
                this.SSLTrustPassword = PasswordUtil.decode(this.SSLTrustPassword);
            } catch (InvalidPasswordDecodingException e5) {
            } catch (Exception e6) {
                FFDCFilter.processException(e6, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.initializeCSIInbound", "1139", this);
                SecurityLogger.logError("security.JSAS0486E", new Object[]{"SSLConfiguration.initializeCSIInbound", e6});
            }
        }
        String clean19 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.inbound.trustStoreProvider"));
        if (clean19 != null && clean19.length() > 0) {
            this.SSLTrustStoreProvider = clean19;
        }
        String clean20 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.inbound.trustStoreType"));
        if (clean20 != null && clean20.length() > 0) {
            this.SSLTrustStoreType = clean20;
        }
        String clean21 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.inbound.keyStoreClientAlias"));
        if (clean21 != null && clean21.length() > 0) {
            this.SSLClientAlias = clean21;
        }
        String clean22 = clean(configURLProperties.getProperty("com.ibm.ssl.csi.inbound.keyStoreServerAlias"));
        if (clean22 != null && clean22.length() > 0) {
            this.SSLServerAlias = clean22;
        }
        defaultIfNecessary(sSLConfiguration);
        toString("SSLConfiguration.initializeCSIInbound");
    }

    public boolean getSSLClientAuthentication() {
        return this.SSLClientAuthentication;
    }

    public boolean getValidSSLSecurityLevel() {
        return this.validSSLSecurityLevel;
    }

    public String getSSLEnabledCiphers() {
        return this.SSLEnabledCiphers;
    }

    public String getSSLKeyFile() {
        return this.SSLKeyFile;
    }

    public String getSSLKeyManager() {
        return this.SSLKeyManager;
    }

    public String getSSLKeyPassword() {
        return this.SSLKeyPassword;
    }

    public String getSSLKeyStoreProvider() {
        return this.SSLKeyStoreProvider;
    }

    public String getSSLContextProvider() {
        return this.SSLContextProvider;
    }

    public String getSSLKeyStoreType() {
        return this.SSLKeyStoreType;
    }

    public String getSSLProtocol() {
        return this.SSLProtocol;
    }

    public String getSSLSecurityLevel() {
        return this.SSLSecurityLevel;
    }

    public String getSSLTrustFile() {
        return this.SSLTrustFile;
    }

    public String getSSLTrustManager() {
        return this.SSLTrustManager;
    }

    public String getSSLTrustPassword() {
        return this.SSLTrustPassword;
    }

    public String getSSLTrustStoreProvider() {
        return this.SSLTrustStoreProvider;
    }

    public String getSSLTrustStoreType() {
        return this.SSLTrustStoreType;
    }

    public String getHardwareTokenLibraryFile() {
        return this.HardwareTokenLibraryFile;
    }

    public String getHardwareTokenPassword() {
        return this.HardwareTokenPassword;
    }

    public String getHardwareTokenType() {
        return this.HardwareTokenType;
    }

    public String getHardwareTokenSlot() {
        return this.HardwareTokenSlot;
    }

    public String getKeyStoreClientAlias() {
        return this.SSLClientAlias;
    }

    public String getKeyStoreServerAlias() {
        return this.SSLServerAlias;
    }

    public boolean getUseFIPS() {
        return this.useFIPS;
    }

    public String getJCEProvider() {
        return this.JCEProvider;
    }

    private static String clean(String str) {
        String str2 = null;
        if (str != null) {
            str2 = str.trim();
            if ((str2.startsWith("\"") && str2.endsWith("\"")) || (str2.startsWith("'") && str2.endsWith("'"))) {
                str2 = str2.substring(1, str2.length() - 1).trim();
            }
        }
        return str2;
    }

    private boolean checkTrueOrYes(String str) {
        return str.equalsIgnoreCase("true") || str.equalsIgnoreCase("yes");
    }

    public void toString(String str) {
        if (this.SSLKeyStoreType.equalsIgnoreCase("JCEK")) {
            this.SSLKeyStoreType = "JCEKS";
        }
        if (this.SSLTrustStoreType.equalsIgnoreCase("JCEK")) {
            this.SSLTrustStoreType = "JCEKS";
        }
        if (SecurityLogger.debugTraceEnabled) {
            String str2 = "";
            if (str.indexOf("initializeCSIInbound") != -1) {
                str2 = "com.ibm.ssl.csi.inbound.*";
            } else if (str.indexOf("initializeCSIOutbound") != -1) {
                str2 = "com.ibm.ssl.csi.outbound.*";
            } else if (str.indexOf("initializeSASInbound") != -1) {
                str2 = "com.ibm.ssl.sas.inbound.*";
            } else if (str.indexOf("initializeSASOutbound") != -1) {
                str2 = "com.ibm.ssl.sas.outbound.*";
            } else if (str.indexOf("initializeDefault") != -1) {
                str2 = "com.ibm.ssl.*";
            }
            SecurityLogger.debugMessage(str, new StringBuffer().append("SSL Configuration for: ").append(str).append(", property root: ").append(str2).toString());
            SecurityLogger.debugMessage(str, new StringBuffer().append("  use FIPS: ").append(getUseFIPS()).append(", Default JCE Provider: ").append(getJCEProvider()).toString());
            SecurityLogger.debugMessage(str, new StringBuffer().append("  Protocol Name: ").append(getSSLProtocol()).append(", Key Manager Name: ").append(getSSLKeyManager()).append(", Trust Manager Name: ").append(getSSLTrustManager()).toString());
            SecurityLogger.debugMessage(str, new StringBuffer().append("  Key Store Type: ").append(getSSLKeyStoreType()).append(", Key Store Provider: ").append(getSSLKeyStoreProvider()).append(", Trust Store Type: ").append(getSSLTrustStoreType()).append(", Trust Store Provider: ").append(getSSLTrustStoreProvider()).append(", Context Provider: ").append(getSSLContextProvider()).toString());
            SecurityLogger.debugMessage(str, new StringBuffer().append("  Key File: ").append(getSSLKeyFile()).append(", Key File Password: ").append(SecurityConfiguration.mask(this.SSLKeyPassword)).toString());
            SecurityLogger.debugMessage(str, new StringBuffer().append("  Key Store Client Alias: ").append(getKeyStoreClientAlias()).append(", Key Store Server Alias: ").append(getKeyStoreServerAlias()).toString());
            SecurityLogger.debugMessage(str, new StringBuffer().append("  Trust File: ").append(getSSLTrustFile()).append(", Trust File Password: ").append(SecurityConfiguration.mask(this.SSLTrustPassword)).toString());
            SecurityLogger.debugMessage(str, new StringBuffer().append("  Client Authentication Flag: ").append(getSSLClientAuthentication()).append(", Ciphers To Be Enabled: ").append(getSSLEnabledCiphers()).toString());
            SecurityLogger.debugMessage(str, new StringBuffer().append("  Hardware Token Type: ").append(getHardwareTokenType()).append(", Hardware Token Slot: ").append(getHardwareTokenSlot()).append(", Hardware Token Password: ").append(SecurityConfiguration.mask(this.HardwareTokenPassword)).append(", Hardware Token Library File: ").append(getHardwareTokenLibraryFile()).toString());
        }
    }

    public void validateSSLConfig() throws GeneralSecurityException, Exception {
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: com.ibm.ISecurityUtilityImpl.SSLConfiguration.16
                final String SSLKeyStoreType_final;
                final String SSLKeyFile_final;
                final String SSLKeyPassword_final;
                final String SSLProtocol_final;
                final String SSLContextProvider_final;
                final String SSLTrustStoreType_final;
                final String SSLTrustFile_final;
                final String SSLTrustPassword_final;
                private final SSLConfiguration this$0;

                {
                    this.this$0 = this;
                    this.SSLKeyStoreType_final = this.this$0.SSLKeyStoreType;
                    this.SSLKeyFile_final = this.this$0.SSLKeyFile;
                    this.SSLKeyPassword_final = this.this$0.SSLKeyPassword;
                    this.SSLProtocol_final = this.this$0.SSLProtocol;
                    this.SSLContextProvider_final = this.this$0.SSLContextProvider;
                    this.SSLTrustStoreType_final = this.this$0.SSLTrustStoreType;
                    this.SSLTrustFile_final = this.this$0.SSLTrustFile;
                    this.SSLTrustPassword_final = this.this$0.SSLTrustPassword;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws GeneralSecurityException, Exception {
                    if (!ConfigURLProperties.isSecurityEnabled()) {
                        return null;
                    }
                    JSSEProvider jSSEProviderFactory = JSSEProviderFactory.getInstance(this.SSLContextProvider_final);
                    try {
                        KeyStore keyStoreInstance = jSSEProviderFactory.getKeyStoreInstance(this.SSLKeyStoreType_final);
                        if (SSLConfiguration.hasValue(this.SSLKeyFile_final)) {
                            keyStoreInstance.load(new FileInputStream(this.SSLKeyFile_final), this.SSLKeyPassword_final.toCharArray());
                        } else {
                            keyStoreInstance.load(null, null);
                        }
                        KeyManagerFactory keyManagerFactoryInstance = jSSEProviderFactory.getKeyManagerFactoryInstance();
                        keyManagerFactoryInstance.init(keyStoreInstance, this.SSLKeyPassword_final.toCharArray());
                        KeyStore keyStoreInstance2 = jSSEProviderFactory.getKeyStoreInstance(this.SSLTrustStoreType_final);
                        if (SSLConfiguration.hasValue(this.SSLTrustFile_final)) {
                            keyStoreInstance2.load(new FileInputStream(this.SSLTrustFile_final), this.SSLTrustPassword_final.toCharArray());
                        } else {
                            keyStoreInstance2.load(null, null);
                        }
                        TrustManagerFactory trustManagerFactoryInstance = jSSEProviderFactory.getTrustManagerFactoryInstance();
                        trustManagerFactoryInstance.init(keyStoreInstance2);
                        jSSEProviderFactory.getSSLContextInstance(this.SSLProtocol_final).init(keyManagerFactoryInstance.getKeyManagers(), trustManagerFactoryInstance.getTrustManagers(), null);
                        return null;
                    } catch (KeyManagementException e) {
                        SecurityLogger.logError("security.JSAS0637E", new Object[]{"SSLConfiguration.validateSSLConfig", e});
                        FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.validateSSLConfig", "1592", this);
                        throw e;
                    } catch (KeyStoreException e2) {
                        SecurityLogger.logError("security.JSAS0634E", new Object[]{"SSLConfiguration.validateSSLConfig", e2});
                        FFDCFilter.processException(e2, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.validateSSLConfig", "1574", this);
                        throw e2;
                    } catch (NoSuchAlgorithmException e3) {
                        SecurityLogger.logError("security.JSAS0633E", new Object[]{"SSLConfiguration.validateSSLConfig", e3});
                        FFDCFilter.processException(e3, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.validateSSLConfig", "1568", this);
                        throw e3;
                    } catch (NoSuchProviderException e4) {
                        SecurityLogger.logError("security.JSAS0636E", new Object[]{"SSLConfiguration.validateSSLConfig", e4});
                        FFDCFilter.processException(e4, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.validateSSLConfig", "1586", this);
                        throw e4;
                    } catch (UnrecoverableKeyException e5) {
                        SecurityLogger.logError("security.JSAS0635E", new Object[]{"SSLConfiguration.validateSSLConfig", e5});
                        FFDCFilter.processException(e5, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.validateSSLConfig", "1580", this);
                        throw e5;
                    } catch (Exception e6) {
                        SecurityLogger.logError("security.JSAS0011E", new Object[]{"SSLConfiguration.validateSSLConfig", e6});
                        FFDCFilter.processException(e6, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.validateSSLConfig", "1601", this);
                        throw e6;
                    }
                }
            });
        } catch (PrivilegedActionException e) {
            throw e.getException();
        }
    }

    private void defaultIfNecessary(SSLConfiguration sSLConfiguration) {
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        if (!hasValue(this.HardwareTokenLibraryFile) && (!hasValue(this.SSLKeyFile) || !hasValue(this.SSLTrustFile))) {
            z = true;
        }
        if (!hasValue(this.SSLKeyFile) && !hasValue(this.HardwareTokenLibraryFile)) {
            z2 = true;
        }
        if (!hasValue(this.SSLTrustFile) && !hasValue(this.HardwareTokenLibraryFile)) {
            z3 = true;
        }
        if (!hasValue(getKeyStoreClientAlias())) {
            z4 = true;
        }
        if (!hasValue(getKeyStoreServerAlias())) {
            z5 = true;
        }
        if (z) {
            updateHardwareTokenLibraryFile(sSLConfiguration.getHardwareTokenLibraryFile());
            this.HardwareTokenPassword = sSLConfiguration.HardwareTokenPassword;
            this.HardwareTokenType = sSLConfiguration.HardwareTokenType;
            SecurityLogger.debugMessage("SSLConfiguration.defaultIfNecessary", "Using default token configuration.");
        }
        if (z2) {
            this.SSLKeyFile = sSLConfiguration.getSSLKeyFile();
            this.SSLKeyManager = sSLConfiguration.getSSLKeyManager();
            this.SSLKeyPassword = sSLConfiguration.getSSLKeyPassword();
            this.SSLKeyStoreProvider = sSLConfiguration.getSSLKeyStoreProvider();
            this.SSLKeyStoreType = sSLConfiguration.getSSLKeyStoreType();
            SecurityLogger.debugMessage("SSLConfiguration.defaultIfNecessary", "Using default key file configuration.");
        }
        if (z3) {
            this.SSLTrustFile = sSLConfiguration.getSSLTrustFile();
            this.SSLTrustManager = sSLConfiguration.getSSLTrustManager();
            this.SSLTrustPassword = sSLConfiguration.getSSLTrustPassword();
            this.SSLTrustStoreProvider = sSLConfiguration.getSSLTrustStoreProvider();
            this.SSLTrustStoreType = sSLConfiguration.getSSLTrustStoreType();
            SecurityLogger.debugMessage("SSLConfiguration.defaultIfNecessary", "Using default trust file configuration.");
        }
        if (z4) {
            updateKeyStoreClientAlias(sSLConfiguration.getKeyStoreClientAlias());
            SecurityLogger.debugMessage("SSLConfiguration.defaultIfNecessary", "Using default client alias configuration.");
        }
        if (z5) {
            updateKeyStoreServerAlias(sSLConfiguration.getKeyStoreServerAlias());
            SecurityLogger.debugMessage("SSLConfiguration.defaultIfNecessary", "Using default server alias configuration.");
        }
        if (z2 || z3) {
            if (!hasValue(this.SSLEnabledCiphers)) {
                this.SSLEnabledCiphers = sSLConfiguration.SSLEnabledCiphers;
            }
            if (!hasValue(this.SSLProtocol)) {
                this.SSLProtocol = sSLConfiguration.SSLProtocol;
            }
            if (!hasValue(this.SSLSecurityLevel)) {
                this.SSLSecurityLevel = sSLConfiguration.SSLSecurityLevel;
            }
            if (hasValue(this.SSLContextProvider)) {
                return;
            }
            this.SSLContextProvider = sSLConfiguration.SSLContextProvider;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean hasValue(String str) {
        return str != null && str.length() > 0;
    }

    private void updateHardwareTokenLibraryFile(String str) {
        this.HardwareTokenLibraryFile = str;
    }

    private void updateKeyStoreClientAlias(String str) {
        this.SSLClientAlias = str;
    }

    private void updateKeyStoreServerAlias(String str) {
        this.SSLServerAlias = str;
    }

    public void provideExpirationWarnings(String str, int i) throws GeneralSecurityException, Exception {
        Certificate[] certificateChain;
        if (this.SSLKeyFile == null || this.SSLKeyPassword == null) {
            return;
        }
        try {
            KeyStore keyStoreInstance = JSSEProviderFactory.getInstance().getKeyStoreInstance(this.SSLKeyStoreType);
            keyStoreInstance.load(new FileInputStream(this.SSLKeyFile), this.SSLKeyPassword.toCharArray());
            Enumeration<String> aliases = keyStoreInstance.aliases();
            if (aliases != null) {
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (nextElement != null && (certificateChain = keyStoreInstance.getCertificateChain(nextElement)) != null) {
                        for (Certificate certificate : certificateChain) {
                            printWarning(str, i, this.SSLKeyFile, nextElement, (X509Certificate) certificate);
                        }
                    }
                }
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.provideExpirationWarnings", "1769", this);
        }
    }

    public void printWarning(String str, int i, String str2, String str3, X509Certificate x509Certificate) {
        try {
            long j = i * 24 * 60 * 60 * 1000;
            if (x509Certificate != null && x509Certificate.getNotAfter().getTime() < System.currentTimeMillis()) {
                SecurityLogger.logError("security.JSAS0455E", new Object[]{str, str3, str2});
            } else if (x509Certificate != null && x509Certificate.getNotAfter().getTime() - System.currentTimeMillis() < j) {
                SecurityLogger.logWarning("security.JSAS0456W", new Object[]{str, str3, str2, new Long(((((x509Certificate.getNotAfter().getTime() - System.currentTimeMillis()) / 1000) / 60) / 60) / 24)});
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ISecurityUtilityImpl.SSLConfiguration.printWarning", "1799", this);
        }
    }
}
