package com.ibm.ws.ssl.channel.impl;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.etools.validation.ValidationException;
import com.ibm.websphere.models.config.channelservice.TransportChannel;
import com.ibm.websphere.models.config.channelservice.TransportChannelFactory;
import com.ibm.websphere.models.config.channelservice.channels.SSLInboundChannel;
import com.ibm.websphere.models.config.channelservice.channels.SSLOutboundChannel;
import com.ibm.websphere.models.config.ipc.ssl.CryptoHardwareToken;
import com.ibm.websphere.models.config.ipc.ssl.KeyFileFormatKind;
import com.ibm.websphere.models.config.ipc.ssl.SSLSecurityLevel;
import com.ibm.websphere.models.config.ipc.ssl.SecureSocketLayer;
import com.ibm.websphere.models.config.properties.Property;
import com.ibm.websphere.models.config.security.SSLConfig;
import com.ibm.websphere.models.config.security.SSLType;
import com.ibm.websphere.models.config.security.Security;
import com.ibm.websphere.validation.base.config.MOFValidator;
import com.ibm.websphere.validation.base.config.WorkSpaceHelper;
import com.ibm.wsspi.channel.framework.exception.ChannelException;
import com.ibm.wsspi.channel.impl.BaseChannelTypeValidator;
import java.util.HashMap;
import java.util.Map;
import org.eclipse.emf.common.util.EList;

/* loaded from: input_file:runtime/wsrrJaxrpc.jar:lib/ibm-jaxrpc-client.jar:com/ibm/ws/ssl/channel/impl/SSLChannelValidator.class */
public class SSLChannelValidator extends BaseChannelTypeValidator implements SSLChannelConstants {
    private static final TraceComponent tc;
    public static final String KEY_FILE_FORMAT_JCEK = "JCEKS";
    public static final String KEY_FILE_FORMAT_PKCS12 = "PKCS12";
    public static final String KEY_FILE_FORMAT_JKS = "JKS";
    public static final String SECURITY_LEVEL_LOW = "LOW";
    public static final String SECURITY_LEVEL_MEDIUM = "MEDIUM";
    public static final String SECURITY_LEVEL_HIGH = "HIGH";
    static Class class$com$ibm$ws$ssl$channel$impl$SSLChannelValidator;

    public SSLChannelValidator(MOFValidator mOFValidator) {
        super(mOFValidator);
    }

    public void validate(TransportChannelFactory transportChannelFactory) throws ValidationException {
    }

    @Override // com.ibm.wsspi.channel.impl.BaseChannelTypeValidator, com.ibm.wsspi.channel.ChannelTypeValidator
    public void validate(TransportChannel transportChannel) throws ValidationException {
        EList properties;
        String sslConfigAlias;
        boolean z;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate");
        }
        if (transportChannel instanceof SSLInboundChannel) {
            SSLInboundChannel sSLInboundChannel = (SSLInboundChannel) transportChannel;
            properties = sSLInboundChannel.getProperties();
            sslConfigAlias = sSLInboundChannel.getSslConfigAlias();
            z = true;
        } else {
            SSLOutboundChannel sSLOutboundChannel = (SSLOutboundChannel) transportChannel;
            properties = sSLOutboundChannel.getProperties();
            sslConfigAlias = sSLOutboundChannel.getSslConfigAlias();
            z = false;
        }
        if (sslConfigAlias == null) {
            HashMap hashMap = new HashMap();
            addPropertiesToMap(properties, hashMap);
            validateProperties(hashMap, z, transportChannel);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validate");
        }
    }

    public void crossValidate(TransportChannelFactory transportChannelFactory) throws ValidationException {
    }

    @Override // com.ibm.wsspi.channel.impl.BaseChannelTypeValidator, com.ibm.wsspi.channel.ChannelTypeValidator
    public void crossValidate(TransportChannel transportChannel) throws ValidationException {
        EList properties;
        String sslConfigAlias;
        boolean z;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "crossValidate");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Channel name: ").append(transportChannel.getName()).toString());
        }
        if (transportChannel instanceof SSLInboundChannel) {
            SSLInboundChannel sSLInboundChannel = (SSLInboundChannel) transportChannel;
            properties = sSLInboundChannel.getProperties();
            sslConfigAlias = sSLInboundChannel.getSslConfigAlias();
            z = true;
        } else {
            SSLOutboundChannel sSLOutboundChannel = (SSLOutboundChannel) transportChannel;
            properties = sSLOutboundChannel.getProperties();
            sslConfigAlias = sSLOutboundChannel.getSslConfigAlias();
            z = false;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("configAlias: ").append(sslConfigAlias).toString());
        }
        if (sslConfigAlias == null) {
            Map hashMap = new HashMap();
            addPropertiesToMap(properties, hashMap);
            validateProperties(hashMap, z, transportChannel);
        } else {
            Security cellSecurity = new WorkSpaceHelper(this).getCellSecurity();
            HashMap hashMap2 = new HashMap();
            boolean z2 = false;
            int i = 0;
            while (true) {
                if (i >= cellSecurity.getRepertoire().size()) {
                    break;
                }
                SSLConfig sSLConfig = (SSLConfig) cellSecurity.getRepertoire().get(i);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Considering security repertoire: ").append(sSLConfig.getAlias()).toString());
                }
                if (sSLConfig.getAlias().equals(sslConfigAlias)) {
                    if (sSLConfig.getType().equals(SSLType.SSSL_LITERAL)) {
                        addError(SSLChannelConstants.INVALID_SECURITY_PROPERTIES, new String[]{new StringBuffer().append("SSLConfig type:").append(sSLConfig.getType()).toString()}, transportChannel);
                    }
                    SecureSocketLayer setting = ((SSLConfig) cellSecurity.getRepertoire().get(i)).getSetting();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Found repertoire to match alias, ssl=").append(setting).toString());
                    }
                    if (setting != null) {
                        if (setting.getKeyFileName() != null) {
                            hashMap2.put("com.ibm.ssl.keyStore", setting.getKeyFileName());
                        }
                        if (setting.getTrustFileName() != null) {
                            hashMap2.put("com.ibm.ssl.trustStore", setting.getTrustFileName());
                        }
                        if (setting.getTrustFilePassword() != null) {
                            hashMap2.put("com.ibm.ssl.trustStorePassword", setting.getTrustFilePassword());
                        }
                        if (setting.getKeyFilePassword() != null) {
                            hashMap2.put("com.ibm.ssl.keyStorePassword", setting.getKeyFilePassword());
                        }
                        if (setting.getKeyFileFormat() != null) {
                            hashMap2.put("com.ibm.ssl.keyStoreType", getKeyStoreType(setting.getKeyFileFormat()));
                        }
                        if (setting.getTrustFileFormat() != null) {
                            hashMap2.put("com.ibm.ssl.trustStoreType", getKeyStoreType(setting.getTrustFileFormat()));
                        }
                        hashMap2.put("com.ibm.ssl.clientAuthentication", new Boolean(setting.isClientAuthentication()));
                        hashMap2.put("com.ibm.ssl.securityLevel", getSecurityLevel(setting.getSecurityLevel()));
                        if (setting.isEnableCryptoHardwareSupport()) {
                            CryptoHardwareToken cryptoHardware = setting.getCryptoHardware();
                            hashMap2.put("com.ibm.ssl.tokenType", cryptoHardware.getTokenType());
                            hashMap2.put("com.ibm.ssl.tokenLibraryFile", cryptoHardware.getLibraryFile());
                            hashMap2.put("com.ibm.ssl.tokenPassword", cryptoHardware.getPassword());
                        }
                        for (int i2 = 0; i2 < setting.getProperties().size(); i2++) {
                            Property property = (Property) setting.getProperties().get(i2);
                            if (property != null) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, new StringBuffer().append("Adding property to map, ").append(property.getName()).toString());
                                }
                                hashMap2.put(property.getName(), property.getValue());
                            }
                        }
                    }
                    z2 = true;
                } else {
                    i++;
                }
            }
            if (z2) {
                if (properties != null) {
                    addPropertiesToMap(properties, hashMap2);
                }
                validateProperties(hashMap2, z, transportChannel);
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Unable to find repertoire: ").append(sslConfigAlias).toString());
                }
                addError(SSLChannelConstants.SECURITY_REPERTOIRE_NOT_FOUND, new String[]{sslConfigAlias}, transportChannel);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "crossValidate");
        }
    }

    protected String getLocalBundleID() {
        return SSLChannelConstants.SSL_BUNDLE;
    }

    protected String getLocalTraceName() {
        return "SSL Channel Validator";
    }

    private void addPropertiesToMap(EList eList, Map map) {
        for (int i = 0; i < eList.size(); i++) {
            Property property = (Property) eList.get(i);
            map.put(property.getName(), property.getValue());
        }
    }

    private void validateProperties(Map map, boolean z, TransportChannel transportChannel) {
        SSLChannelData sSLChannelData = new SSLChannelData(map, z);
        try {
            sSLChannelData.readProperties();
        } catch (ChannelException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Error validating SSL channel config: ").append(e.getMessage()).toString());
            }
            addError(SSLChannelConstants.INVALID_SECURITY_PROPERTIES, new String[]{sSLChannelData.getErrors()}, transportChannel);
        }
    }

    public static String getKeyStoreType(KeyFileFormatKind keyFileFormatKind) {
        String str;
        switch (keyFileFormatKind.getValue()) {
            case 0:
            default:
                str = "JKS";
                break;
            case 1:
                str = KEY_FILE_FORMAT_PKCS12;
                break;
            case 2:
                str = KEY_FILE_FORMAT_JCEK;
                break;
        }
        return str;
    }

    public static String getSecurityLevel(SSLSecurityLevel sSLSecurityLevel) {
        String str;
        switch (sSLSecurityLevel.getValue()) {
            case 0:
            default:
                str = SECURITY_LEVEL_HIGH;
                break;
            case 1:
                str = SECURITY_LEVEL_MEDIUM;
                break;
            case 2:
                str = SECURITY_LEVEL_LOW;
                break;
        }
        return str;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$ssl$channel$impl$SSLChannelValidator == null) {
            cls = class$("com.ibm.ws.ssl.channel.impl.SSLChannelValidator");
            class$com$ibm$ws$ssl$channel$impl$SSLChannelValidator = cls;
        } else {
            cls = class$com$ibm$ws$ssl$channel$impl$SSLChannelValidator;
        }
        tc = Tr.register(cls, SSLChannelConstants.SSL_TRACE_NAME, SSLChannelConstants.SSL_BUNDLE);
    }
}
