package com.ibm.ws.ssl;

import com.ibm.crypto.fips.provider.IBMJCEFIPS;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.ssl.channel.impl.SSLChannelConstants;
import com.ibm.ws.ssl.channel.impl.SSLChannelData;
import com.ibm.ws.ssl.provider.IBMJSSE2Provider;
import com.ibm.ws.ssl.provider.IBMJSSEProvider;
import com.ibm.ws.ssl.provider.SunJSSEProvider;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.List;

/* JADX WARN: Classes with same name are omitted:
  input_file:runtime/ibm-jaxrpc-client.jar:com/ibm/ws/ssl/JSSEProviderFactory.class
 */
/* loaded from: input_file:runtime/wsrrJaxrpc.jar:lib/ibm-jaxrpc-client.jar:com/ibm/ws/ssl/JSSEProviderFactory.class */
public class JSSEProviderFactory {
    private static TraceComponent tc;
    private static JSSEProvider cachedProvider;
    private static Boolean USE_FIPS_FLAG;
    private static Hashtable providerCache;
    private static String IBMJSSEFIPS_PROVIDER;
    private static String IBMJSSE_PROVIDER;
    private static String IBMJSSE2_PROVIDER;
    private static String SUNJSSE_PROVIDER;
    private static String DEFAULT_PROVIDER;
    private static String trustManagerFactoryAlgorithm;
    private static String keyManagerFactoryAlgorithm;
    private static String isFipsEnabled;
    private static boolean fipsInitialized;
    private static List fipsJCEProvidersObjectList;
    private static List fipsJSSEProvidersObjectList;
    static Class class$com$ibm$ws$ssl$JSSEProviderFactory;

    public static JSSEProvider getInstance() {
        return getInstance(DEFAULT_PROVIDER);
    }

    public static JSSEProvider getInstance(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("getInstance: ").append(str).toString());
        }
        if (str == null) {
            str = DEFAULT_PROVIDER;
        }
        if (str != null) {
            if (isFipsEnabled() || str.equalsIgnoreCase(IBMJSSEFIPS_PROVIDER)) {
                str = IBMJSSE2_PROVIDER;
            }
            cachedProvider = (JSSEProvider) providerCache.get(str);
            if (cachedProvider != null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, new StringBuffer().append("getInstance returning cached provider: ").append(cachedProvider).toString());
                }
                return cachedProvider;
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "cachedProvider is null, proceeding to determine the provider.");
            }
        }
        AccessController.doPrivileged(new PrivilegedAction(str) { // from class: com.ibm.ws.ssl.JSSEProviderFactory.1
            private final String val$contextProviderPriv;

            {
                this.val$contextProviderPriv = str;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                Provider provider = Security.getProvider(this.val$contextProviderPriv);
                if (provider != null) {
                    return null;
                }
                if (JSSEProviderFactory.isFipsEnabled() || this.val$contextProviderPriv.equalsIgnoreCase(JSSEProviderFactory.IBMJSSE2_PROVIDER)) {
                    try {
                        provider = (Provider) Class.forName("com.ibm.jsse2.IBMJSSEProvider2").newInstance();
                    } catch (Exception e) {
                        if (JSSEProviderFactory.tc.isDebugEnabled()) {
                            Tr.debug(JSSEProviderFactory.tc, new StringBuffer().append("Exception loading provider: ").append(this.val$contextProviderPriv).toString());
                        }
                    }
                } else if (this.val$contextProviderPriv.equalsIgnoreCase(JSSEProviderFactory.IBMJSSE_PROVIDER)) {
                    try {
                        provider = (Provider) Class.forName("com.ibm.jsse.IBMJSSEProvider").newInstance();
                    } catch (Exception e2) {
                        if (JSSEProviderFactory.tc.isDebugEnabled()) {
                            Tr.debug(JSSEProviderFactory.tc, new StringBuffer().append("Exception loading provider: ").append(this.val$contextProviderPriv).toString());
                        }
                    }
                } else if (this.val$contextProviderPriv.equalsIgnoreCase(JSSEProviderFactory.SUNJSSE_PROVIDER)) {
                    try {
                        provider = (Provider) Class.forName("com.sun.net.ssl.internal.ssl.Provider").newInstance();
                    } catch (Exception e3) {
                        if (JSSEProviderFactory.tc.isDebugEnabled()) {
                            Tr.debug(JSSEProviderFactory.tc, new StringBuffer().append("Exception loading provider: ").append(this.val$contextProviderPriv).toString());
                        }
                    }
                } else {
                    try {
                        provider = (Provider) Class.forName("com.ibm.jsse2.IBMJSSEProvider2").newInstance();
                    } catch (Exception e4) {
                        if (JSSEProviderFactory.tc.isDebugEnabled()) {
                            Tr.debug(JSSEProviderFactory.tc, new StringBuffer().append("Exception loading provider: ").append(this.val$contextProviderPriv).toString());
                        }
                    }
                }
                if (provider == null || !(provider instanceof Provider)) {
                    return null;
                }
                Security.addProvider(provider);
                return null;
            }
        });
        Provider[] providers = Security.getProviders();
        for (int i = 0; i < providers.length; i++) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Provider name [").append(i).append("]: ").append(providers[i].getName()).toString());
            }
            if (cachedProvider == null && providers[i].getName().equalsIgnoreCase(str)) {
                if (str.equalsIgnoreCase(IBMJSSE2_PROVIDER) && validateProvider(IBMJSSE2_PROVIDER)) {
                    cachedProvider = new IBMJSSE2Provider();
                    providerCache.put(IBMJSSE2_PROVIDER, cachedProvider);
                    providerCache.put(str, cachedProvider);
                } else if (str.equalsIgnoreCase(IBMJSSE_PROVIDER) && validateProvider(IBMJSSE_PROVIDER)) {
                    cachedProvider = new IBMJSSEProvider();
                    providerCache.put(IBMJSSE_PROVIDER, cachedProvider);
                    providerCache.put(str, cachedProvider);
                    if (isFipsEnabled()) {
                        Tr.warning(tc, "UseFIPS is enabled but the SSL Configuration is not using FIPS approved JSSE Provider. FIPS approved cryptographic algorithms will not be used in this case.");
                    }
                } else if (str.equalsIgnoreCase(SUNJSSE_PROVIDER) && validateProvider(SUNJSSE_PROVIDER)) {
                    cachedProvider = new SunJSSEProvider();
                    providerCache.put(SUNJSSE_PROVIDER, cachedProvider);
                    providerCache.put(str, cachedProvider);
                    if (isFipsEnabled()) {
                        Tr.warning(tc, "UseFIPS is enabled but the SSL Configuration is not using FIPS approved JSSE Provider. FIPS approved cryptographic algorithms will not be used in this case.");
                    }
                } else {
                    cachedProvider = new IBMJSSE2Provider();
                    providerCache.put(IBMJSSE2_PROVIDER, cachedProvider);
                    providerCache.put(str, cachedProvider);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getInstance provider = ").append(cachedProvider).toString());
        }
        return cachedProvider;
    }

    private static boolean validateProvider(String str) {
        boolean z = true;
        try {
            try {
            } catch (PrivilegedActionException e) {
                Exception exception = e.getException();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Error validating provider: ").append(str).append(", Exception: ").append(exception.getMessage()).toString(), new Object[]{exception});
                }
                z = false;
            }
        } catch (Throwable th) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Error validating provider: ").append(str).append(", Exception: ").append(th.getMessage()).toString(), new Object[]{th});
            }
            z = false;
        }
        return z;
    }

    public static String getKeyManagerFactoryAlgorithm() {
        if (keyManagerFactoryAlgorithm == null) {
            keyManagerFactoryAlgorithm = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.ssl.JSSEProviderFactory.3
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return Security.getProperty("ssl.KeyManagerFactory.algorithm");
                }
            });
        }
        return keyManagerFactoryAlgorithm;
    }

    public static String getTrustManagerFactoryAlgorithm() {
        if (trustManagerFactoryAlgorithm == null) {
            trustManagerFactoryAlgorithm = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.ssl.JSSEProviderFactory.4
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return Security.getProperty("ssl.TrustManagerFactory.algorithm");
                }
            });
        }
        return trustManagerFactoryAlgorithm;
    }

    public static boolean isFipsEnabled() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isFipsEnabled");
        }
        if (isFipsEnabled == null) {
            isFipsEnabled = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.ssl.JSSEProviderFactory.5
                @Override // java.security.PrivilegedAction
                public Object run() {
                    String property = System.getProperty("com.ibm.jsse2.JSSEFIPS");
                    if (property == null) {
                        property = System.getProperty("com.ibm.security.useFIPS");
                    }
                    if (property == null) {
                        property = Security.getProperty(SSLChannelConstants.USEFIPS_ENABLED);
                    }
                    if (property == null) {
                        property = Security.getProperty("com.ibm.websphere.security.fips.enabled");
                    }
                    return property;
                }
            });
        }
        if (isFipsEnabled != null && isFipsEnabled.equalsIgnoreCase("true")) {
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "isFipsEnabled -> true");
            return true;
        }
        isFipsEnabled = "false";
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "isFipsEnabled -> false");
        return false;
    }

    public static void initializeFips() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeFips");
        }
        if (!fipsInitialized) {
            Provider provider = null;
            try {
                System.setProperty("com.ibm.jsse2.JSSEFIPS", "true");
                Provider[] providers = Security.getProviders();
                for (int i = 0; i < providers.length; i++) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Provider[").append(i).append("]: ").append(providers[i].getName()).toString());
                    }
                    if (providers[i].getName().equals("IBMJCE")) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("IBMJCE provider at position ").append(i).toString());
                        }
                        Provider provider2 = providers[i];
                    } else if (providers[i].getName().equals(SSLChannelData.DEFAULT_JCE_FIPS_PROVIDER)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("IBMJCEFIPS provider at position ").append(i).toString());
                        }
                        provider = providers[i];
                    }
                }
                if (provider == null) {
                    Provider[] providers2 = Security.getProviders();
                    int insertProviderAt = Security.insertProviderAt(new IBMJCEFIPS(), 0);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("IBMJCEFIPS provider added at ").append(insertProviderAt).toString());
                    }
                    for (int i2 = 0; i2 < providers2.length; i2++) {
                        Security.removeProvider(providers2[i2].getName());
                        Security.addProvider(providers2[i2]);
                    }
                }
                Provider[] providers3 = Security.getProviders();
                for (int i3 = 0; i3 < providers3.length; i3++) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Provider[").append(i3).append("]: ").append(providers3[i3].getName()).append(", info: ").append(providers3[i3].getInfo()).toString());
                    }
                }
                Security.setProperty(SSLConfig.SOCKET_FACTORY, SSLConfig.IBMJSSE2_SOCKET_FACTORY);
                Security.setProperty("ssl.ServerSocketFactory.provider", "com.ibm.jsse2.SSLServerSocketFactoryImpl");
                fipsInitialized = true;
            } catch (Exception e) {
                Tr.warning(tc, "security.addprovider.error", new Object[]{e});
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception caught adding IBMJCEFIPS provider.", new Object[]{e});
                }
                throw e;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeFips");
        }
    }

    public static List fipsJCEProviders() {
        String[] strArr = {SSLChannelData.DEFAULT_JCE_FIPS_PROVIDER};
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "fipsJCEProviders");
        }
        if (fipsJCEProvidersObjectList == null) {
            fipsJCEProvidersObjectList = new ArrayList(strArr.length);
            if (isFipsEnabled()) {
                for (String str : strArr) {
                    fipsJCEProvidersObjectList.add(str);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("fipsJCEProviders: ").append(fipsJCEProvidersObjectList).toString());
        }
        return fipsJCEProvidersObjectList;
    }

    public static List fipsJSSEProviders() {
        String[] strArr = {"IBMJSSE2"};
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "fipsJSSEProviders");
        }
        if (fipsJSSEProvidersObjectList == null) {
            fipsJSSEProvidersObjectList = new ArrayList(strArr.length);
            if (isFipsEnabled()) {
                for (String str : strArr) {
                    fipsJSSEProvidersObjectList.add(str);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("fipsJCEProviders: ").append(fipsJSSEProvidersObjectList).toString());
        }
        return fipsJSSEProvidersObjectList;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$ssl$JSSEProviderFactory == null) {
            cls = class$("com.ibm.ws.ssl.JSSEProviderFactory");
            class$com$ibm$ws$ssl$JSSEProviderFactory = cls;
        } else {
            cls = class$com$ibm$ws$ssl$JSSEProviderFactory;
        }
        tc = Tr.register(cls.getName(), "SSL");
        cachedProvider = null;
        USE_FIPS_FLAG = new Boolean(false);
        providerCache = new Hashtable();
        IBMJSSEFIPS_PROVIDER = "IBMJSSEFIPS";
        IBMJSSE_PROVIDER = "IBMJSSE";
        IBMJSSE2_PROVIDER = "IBMJSSE2";
        SUNJSSE_PROVIDER = "SunJSSE";
        DEFAULT_PROVIDER = "IBMJSSE2";
        trustManagerFactoryAlgorithm = null;
        keyManagerFactoryAlgorithm = null;
        isFipsEnabled = null;
        fipsInitialized = false;
        fipsJCEProvidersObjectList = null;
        fipsJSSEProvidersObjectList = null;
    }
}
