package com.ibm.ws.ssl.channel.impl;

import com.ibm.crypto.pkcs11impl.provider.IBMPKCS11Impl;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.models.config.security.SSLType;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.orbssl.WSPKCSInKeyStore;
import com.ibm.ws.security.orbssl.WSX509KeyManager;
import com.ibm.ws.security.service.SecurityService;
import com.ibm.ws.util.PlatformHelper;
import com.ibm.ws.util.PlatformHelperFactory;
import com.ibm.wsspi.channel.framework.ChannelData;
import com.ibm.wsspi.channel.framework.ChannelFramework;
import com.ibm.wsspi.channel.framework.exception.ChannelException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Enumeration;
import java.util.Map;
import java.util.Properties;
import java.util.prefs.Preferences;
import javax.net.ssl.KeyManager;
import javax.net.ssl.TrustManager;

/* loaded from: input_file:runtime/wsrrJaxrpc.jar:lib/ibm-jaxrpc-client.jar:com/ibm/ws/ssl/channel/impl/WSSSLChannel.class */
public class WSSSLChannel extends SSLChannel {
    private static final TraceComponent tc;
    private static final String CLASS_NAME = "com.ibm.ws.ssl.channel.impl.WSSSLChannel";
    static Class class$com$ibm$ws$ssl$channel$impl$WSSSLChannel;
    static Class class$com$ibm$ws$security$service$SecurityService;
    static Class class$com$ibm$crypto$pkcs11impl$provider$IBMPKCS11Impl;

    /* loaded from: input_file:runtime/wsrrJaxrpc.jar:lib/ibm-jaxrpc-client.jar:com/ibm/ws/ssl/channel/impl/WSSSLChannel$AddHardwareProviderAction.class */
    class AddHardwareProviderAction implements PrivilegedAction {
        private final WSSSLChannel this$0;

        public AddHardwareProviderAction(WSSSLChannel wSSSLChannel) {
            this.this$0 = wSSSLChannel;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            Security.addProvider(new IBMPKCS11Impl());
            return null;
        }
    }

    public WSSSLChannel(ChannelData channelData) {
        super(channelData);
        if (channelData.isInbound()) {
            this.delayInitialization = true;
        }
    }

    @Override // com.ibm.ws.ssl.channel.impl.SSLChannel, com.ibm.wsspi.channel.Channel
    public void init() throws ChannelException {
        Class cls;
        Object obj;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init");
        }
        try {
            Map properties = this.sslConfig.getProperties();
            if (properties == null) {
                throw new ChannelException("SSL channel are null");
            }
            try {
                String str = (String) properties.get(SSLChannelData.ALIAS_KEY);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Found alias in SSL properties, ").append(str).toString());
                }
                if (str != null) {
                    ChannelFramework channelFramework = this.sslConfig.getChannelFramework();
                    if (class$com$ibm$ws$security$service$SecurityService == null) {
                        cls = class$("com.ibm.ws.security.service.SecurityService");
                        class$com$ibm$ws$security$service$SecurityService = cls;
                    } else {
                        cls = class$com$ibm$ws$security$service$SecurityService;
                    }
                    SecurityService securityService = (SecurityService) channelFramework.lookupService(cls);
                    if (securityService != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found security service, extracting security properties");
                        }
                        Properties secureSocketLayer = securityService.getSecureSocketLayer(str);
                        if (secureSocketLayer == null) {
                            String stringBuffer = new StringBuffer().append("Alias not found in security service, ").append(str).toString();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, stringBuffer);
                            }
                            throw new ChannelException(stringBuffer);
                        }
                        if (secureSocketLayer.containsKey("com.ibm.ssl.sslType")) {
                            String str2 = (String) secureSocketLayer.get("com.ibm.ssl.sslType");
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, new StringBuffer().append("SSLConfig type: ").append(str2).toString());
                            }
                            if (null != str2 && str2.equals(SSLType.SSSL_LITERAL.toString())) {
                                throw new ChannelException(new StringBuffer().append("Invalid SSLConfig type: ").append(str2).toString());
                            }
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "com.ibm.ssl.sslType property not found by the security service");
                        }
                        Enumeration keys = secureSocketLayer.keys();
                        while (keys.hasMoreElements()) {
                            Object nextElement = keys.nextElement();
                            if (nextElement != null && (obj = secureSocketLayer.get(nextElement)) != null) {
                                if (!properties.containsKey(nextElement)) {
                                    properties.put(nextElement, obj);
                                    if (tc.isDebugEnabled()) {
                                        if ((obj instanceof String) && (nextElement.equals("com.ibm.ssl.trustStorePassword") || nextElement.equals("com.ibm.ssl.keyStorePassword") || nextElement.equals("com.ibm.ssl.tokenPassword"))) {
                                            Tr.debug(tc, new StringBuffer().append("Put property key: ").append(nextElement).append("  value: *******").toString());
                                        } else {
                                            Tr.debug(tc, new StringBuffer().append("Put property key: ").append(nextElement).append("  value: ").append(obj).toString());
                                        }
                                    }
                                } else if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, new StringBuffer().append("Property key ignored: ").append(nextElement).append("  value: ").append(obj).toString());
                                }
                            }
                        }
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Unable to locate security service.");
                    }
                }
                this.sslConfig.setProperties(properties);
                super.init();
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "init");
                }
            } catch (ClassCastException e) {
                throw new ChannelException(e);
            }
        } catch (NullPointerException e2) {
            throw new ChannelException(e2);
        }
    }

    @Override // com.ibm.ws.ssl.channel.impl.SSLChannel
    protected void initSSLContext() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initSSLContext");
        }
        String keyStoreClientAlias = this.sslConfig.getKeyStoreClientAlias();
        String keyStoreServerAlias = this.sslConfig.getKeyStoreServerAlias();
        TrustManager[] trustManagerArr = null;
        if (this.trustManagerFactory != null) {
            trustManagerArr = this.trustManagerFactory.getTrustManagers();
        }
        char[] cArr = null;
        if (this.sslConfig.getKeyStorePassword() != null) {
            cArr = this.sslConfig.getKeyStorePassword().toCharArray();
        }
        int i = -1;
        if (this.sslConfig.getTokenSlot() != null) {
            try {
                i = Integer.valueOf(this.sslConfig.getTokenSlot()).intValue();
            } catch (NumberFormatException e) {
                i = -1;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Value of tokenSlot is invalid, using default of ").append(-1).toString());
                }
            }
        }
        WSX509KeyManager wSX509KeyManager = new WSX509KeyManager(this.keyStore, cArr, this.keyManagerFactory);
        if (this.sslConfig.isInbound()) {
            if (wSX509KeyManager == null || wSX509KeyManager.getX509KeyManager() == null || (keyStoreServerAlias == null && keyStoreClientAlias == null)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No alias used since either aliases not set or issues with wsKeyManager.");
                }
                this.sslContext.init(this.keyManagerFactory != null ? this.keyManagerFactory.getKeyManagers() : null, trustManagerArr, (SecureRandom) null);
            } else {
                if (keyStoreClientAlias != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Setting client alias");
                    }
                    wSX509KeyManager.setClientAlias(keyStoreClientAlias, i);
                }
                if (keyStoreServerAlias != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Setting server alias");
                    }
                    wSX509KeyManager.setServerAlias(keyStoreServerAlias, i);
                }
                this.sslContext.init(new KeyManager[]{wSX509KeyManager}, trustManagerArr, (SecureRandom) null);
            }
        } else if (wSX509KeyManager == null || wSX509KeyManager.getX509KeyManager() == null || keyStoreClientAlias == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No alias used since either alias not set or issues with wsKeyManager.");
            }
            this.sslContext.init(this.keyManagerFactory != null ? this.keyManagerFactory.getKeyManagers() : null, trustManagerArr, (SecureRandom) null);
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting client alias");
            }
            wSX509KeyManager.setClientAlias(keyStoreClientAlias, i);
            this.sslContext.init(new KeyManager[]{wSX509KeyManager}, trustManagerArr, (SecureRandom) null);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initSSLContext");
        }
    }

    @Override // com.ibm.ws.ssl.channel.impl.SSLChannel
    protected boolean isZOS() {
        boolean z = false;
        PlatformHelper platformHelper = PlatformHelperFactory.getPlatformHelper();
        if (platformHelper != null) {
            z = platformHelper.isZOS();
        }
        return z;
    }

    @Override // com.ibm.ws.ssl.channel.impl.SSLChannel
    protected void enableHardwareProvider() throws ChannelException {
        Class cls;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "enableHardwareProvider");
        }
        try {
            if (!this.XD) {
                String tokenLibraryFile = this.sslConfig.getTokenLibraryFile();
                if (this.sslConfig.getTokenSlot() != null) {
                    tokenLibraryFile = new StringBuffer().append(tokenLibraryFile).append(":").append(this.sslConfig.getTokenSlot()).toString();
                }
                WSPKCSInKeyStore.initializePKCS11ImplProvider(tokenLibraryFile, this.sslConfig.getTokenPassword());
            } else if (Security.getProvider("IBMPKCS11Impl") == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding crypto provider to security.");
                }
                if (class$com$ibm$crypto$pkcs11impl$provider$IBMPKCS11Impl == null) {
                    cls = class$("com.ibm.crypto.pkcs11impl.provider.IBMPKCS11Impl");
                    class$com$ibm$crypto$pkcs11impl$provider$IBMPKCS11Impl = cls;
                } else {
                    cls = class$com$ibm$crypto$pkcs11impl$provider$IBMPKCS11Impl;
                }
                Preferences userNodeForPackage = Preferences.userNodeForPackage(cls);
                userNodeForPackage.put("IBMPKCSImpl DLL", new StringBuffer().append(this.sslConfig.getTokenLibraryFile()).append(":").append(this.sslConfig.getTokenSlot()).toString());
                userNodeForPackage.put("IBMPKCSImpl password", this.sslConfig.getTokenPassword());
                AccessController.doPrivileged(new AddHardwareProviderAction(this));
                userNodeForPackage.remove("IBMPKCSImpl DLL");
                userNodeForPackage.remove("IBMPKCSImpl password");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "enableHardwareProvider");
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Exception caught while enabling hardware provider: ").append(e).toString());
            }
            FFDCFilter.processException(e, CLASS_NAME, "264", e);
            throw new ChannelException(e.getMessage());
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$ssl$channel$impl$WSSSLChannel == null) {
            cls = class$(CLASS_NAME);
            class$com$ibm$ws$ssl$channel$impl$WSSSLChannel = cls;
        } else {
            cls = class$com$ibm$ws$ssl$channel$impl$WSSSLChannel;
        }
        tc = Tr.register(cls, SSLChannelConstants.SSL_TRACE_NAME, SSLChannelConstants.SSL_BUNDLE);
    }
}
