package com.ibm.ws.security.auth;

import com.ibm.ISecurityL13SupportImpl.SecurityUIDGenerator;
import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityUtilityImpl.ConfigURLProperties;
import com.ibm.ISecurityUtilityImpl.SSLConfiguration;
import com.ibm.ISecurityUtilityImpl.SecurityConfiguration;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.jsse.IBMJSSEProvider;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.util.AccessController;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.util.Arrays;
import java.util.Enumeration;

/* loaded from: input_file:lib/sas.jar:com/ibm/ws/security/auth/ServerCredSigner.class */
public class ServerCredSigner {
    private KeyStore ks = null;
    private KeyPairGenerator rsaKeyPairGen = null;
    private KeyPair rsaKeyPair = null;
    private Signature sig = null;
    private PublicKey rsaPub = null;
    private PrivateKey rsaPriv = null;
    private MessageDigest md = null;
    boolean init = false;
    private SecurityConfiguration secConfig = null;
    private static final String CRYPTO_ALGORITHM = "RSA";
    private static final String MESSAGE_DIGEST_ALGORITHM = "SHA";
    private static ServerCredSigner scs = null;
    private static final String _uniqueServerID = SecurityUIDGenerator.createUID();
    private static final byte[] _uniqueServerIDBytes = _uniqueServerID.getBytes();
    private static byte[] _uniqueServerCipher = null;
    private static final String _uniqueWSCredID = SecurityUIDGenerator.createUID();
    private static final byte[] _uniqueWSCredIDBytes = _uniqueWSCredID.getBytes();
    private static byte[] _uniqueWSCredCipher = null;
    private static byte[] nullByteArray = new byte[0];
    private static final TraceComponent tc;
    static Class class$com$ibm$ws$security$auth$ServerCredSigner;

    public static ServerCredSigner getInstance() {
        if (scs == null) {
            scs = new ServerCredSigner();
        }
        return scs;
    }

    private ServerCredSigner() {
        try {
            initialize();
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception initializing ServerCredSigner.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.ServerCredSigner.constructor", "87", this);
        }
    }

    private void initialize() throws WSSecurityException {
        SSLConfiguration cSIInboundSSLConfig;
        if (ConfigURLProperties.isSecurityEnabled()) {
            VaultImpl vaultImpl = VaultImpl.getInstance();
            String str = null;
            String str2 = null;
            String str3 = null;
            String str4 = null;
            String str5 = null;
            String str6 = null;
            String str7 = null;
            this.init = false;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Initializing server cred signer.");
            }
            if (vaultImpl != null) {
                this.secConfig = VaultImpl.getSecurityConfiguration();
                if (this.secConfig != null && this.secConfig.processIsServer() && (cSIInboundSSLConfig = this.secConfig.getCSIInboundSSLConfig()) != null) {
                    str5 = cSIInboundSSLConfig.getKeyStoreServerAlias();
                    str2 = cSIInboundSSLConfig.getSSLKeyFile();
                    str3 = cSIInboundSSLConfig.getSSLKeyPassword();
                    cSIInboundSSLConfig.getSSLKeyManager();
                    str4 = cSIInboundSSLConfig.getSSLKeyStoreProvider();
                    cSIInboundSSLConfig.getSSLContextProvider();
                    str = cSIInboundSSLConfig.getSSLKeyStoreType();
                    cSIInboundSSLConfig.getHardwareTokenLibraryFile();
                    str6 = cSIInboundSSLConfig.getHardwareTokenPassword();
                    cSIInboundSSLConfig.getHardwareTokenType();
                    str7 = cSIInboundSSLConfig.getJCEProvider();
                    this.init = true;
                }
            }
            if (!this.init) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "WARNING: Did not successfully load the server cred signer, might be in client-side process.");
                    return;
                }
                return;
            }
            if (Security.getProvider(str4) == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append(str4).append(" was not installed.  Install it now.").toString());
                }
                try {
                    Security.addProvider((Provider) Class.forName(str4).newInstance());
                } catch (Exception e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cannot install provider.", new Object[]{e});
                    }
                    FFDCFilter.processException(e, "com.ibm.ws.security.auth.ServerCredSigner.initialize", "167", this);
                    return;
                }
            }
            try {
                if (str2 == null || str2 == "" || str3 == null || str3 == "") {
                    try {
                        this.rsaKeyPairGen = KeyPairGenerator.getInstance(CRYPTO_ALGORITHM, str7);
                    } catch (NoSuchAlgorithmException e2) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("RSA KeyPair Generator not found in ").append(str7).append(" provider.").toString(), new Object[]{e2});
                        }
                        FFDCFilter.processException(e2, "com.ibm.ws.security.auth.ServerCredSigner.initialize", "247", this);
                    } catch (NoSuchProviderException e3) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("Provider ").append(str7).append(" not found.").toString(), new Object[]{e3});
                        }
                        FFDCFilter.processException(e3, "com.ibm.ws.security.auth.ServerCredSigner.initialize", "252", this);
                    }
                    this.rsaKeyPairGen.initialize(512);
                    this.rsaKeyPair = this.rsaKeyPairGen.generateKeyPair();
                    if (this.rsaKeyPair != null) {
                        this.rsaPub = this.rsaKeyPair.getPublic();
                        this.rsaPriv = this.rsaKeyPair.getPrivate();
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Key generation failure. KeyPair was not generated.");
                    }
                } else {
                    Security.addProvider(new IBMJSSEProvider());
                    this.ks = KeyStore.getInstance(str, str4);
                    try {
                        this.ks.load((FileInputStream) AccessController.doPrivileged(new PrivilegedExceptionAction(this, str2) { // from class: com.ibm.ws.security.auth.ServerCredSigner.1
                            private final String val$namekring;
                            private final ServerCredSigner this$0;

                            {
                                this.this$0 = this;
                                this.val$namekring = str2;
                            }

                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws FileNotFoundException {
                                return new FileInputStream(this.val$namekring);
                            }
                        }), str3 == null ? null : str3.toCharArray());
                        String str8 = null;
                        Enumeration<String> aliases = this.ks.aliases();
                        while (aliases.hasMoreElements()) {
                            str8 = aliases.nextElement();
                            if (str5 != null && str5.equalsIgnoreCase(str8)) {
                                break;
                            }
                        }
                        if (this.ks != null && str8 != null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, new StringBuffer().append("Server alias chosen -> ").append(str8).toString());
                            }
                            if (str3 != null) {
                                this.rsaPriv = (PrivateKey) this.ks.getKey(str8, str3.toCharArray());
                                this.rsaPub = this.ks.getCertificate(str8).getPublicKey();
                            } else {
                                this.rsaPriv = (PrivateKey) this.ks.getKey(str8, str6.toCharArray());
                                this.rsaPub = this.ks.getCertificate(str8).getPublicKey();
                            }
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Error:  Either keystore or alias is null.");
                        }
                    } catch (PrivilegedActionException e4) {
                        FFDCFilter.processException(e4, "com.ibm.ws.security.auth.ServerCredSigner.initialize", "200", this);
                        throw ((FileNotFoundException) e4.getException());
                    }
                }
            } catch (IOException e5) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "IOException while loading keystore.");
                }
                FFDCFilter.processException(e5, "com.ibm.ws.security.auth.ServerCredSigner.initialize", "278", this);
            } catch (KeyStoreException e6) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "JSAS0634E: KeyStoreException - This is the generic KeyStore exception.");
                }
                FFDCFilter.processException(e6, "com.ibm.ws.security.auth.ServerCredSigner.initialize", "292", this);
            } catch (NoSuchAlgorithmException e7) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "JSAS0633E: NoSuchAlgorithmException - This exception is thrown when a particular cryptographic algorithm is requested but is not available in the environment.");
                }
                FFDCFilter.processException(e7, "com.ibm.ws.security.auth.ServerCredSigner.initialize", "285", this);
            } catch (NoSuchProviderException e8) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "JSAS0636E: NoSuchProviderException - This exception is thrown when a particular security provider is requested but is not available in the environment.");
                }
                FFDCFilter.processException(e8, "com.ibm.ws.security.auth.ServerCredSigner.initialize", "306", this);
            } catch (UnrecoverableKeyException e9) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "JSAS0635E: UnrecoverableKeyException - This exception is thrown if a key in the keystore cannot be recovered.");
                }
                FFDCFilter.processException(e9, "com.ibm.ws.security.auth.ServerCredSigner.initialize", "299", this);
            } catch (Exception e10) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "JSAS0011E: java.lang.Exception - This is a generic java exception.");
                }
                FFDCFilter.processException(e10, "com.ibm.ws.security.auth.ServerCredSigner.initialize", "312", this);
            }
            try {
                if (this.rsaPriv == null || this.rsaPub == null) {
                    try {
                        this.rsaKeyPairGen = KeyPairGenerator.getInstance(CRYPTO_ALGORITHM, str7);
                    } catch (NoSuchAlgorithmException e11) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("RSA KeyPair Generator not found in ").append(str7).append(" provider.").toString(), new Object[]{e11});
                        }
                        FFDCFilter.processException(e11, "com.ibm.ws.security.auth.ServerCredSigner.initialize", "209", this);
                    } catch (NoSuchProviderException e12) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("Provider ").append(str7).append(" not found.").toString(), new Object[]{e12});
                        }
                        FFDCFilter.processException(e12, "com.ibm.ws.security.auth.ServerCredSigner.initialize", "214", this);
                    }
                    this.rsaKeyPairGen.initialize(512);
                    this.rsaKeyPair = this.rsaKeyPairGen.generateKeyPair();
                    if (this.rsaKeyPair != null) {
                        this.rsaPub = this.rsaKeyPair.getPublic();
                        this.rsaPriv = this.rsaKeyPair.getPrivate();
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Key generation failure. KeyPair was not generated.");
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("PrivateKey format: ").append(this.rsaPriv.getFormat()).toString());
                    Tr.debug(tc, new StringBuffer().append("PrivateKey algorithm: ").append(this.rsaPriv.getAlgorithm()).toString());
                    Tr.debug(tc, new StringBuffer().append("PublicKey format: ").append(this.rsaPub.getFormat()).toString());
                    Tr.debug(tc, new StringBuffer().append("PublicKey algorithm: ").append(this.rsaPub.getAlgorithm()).toString());
                }
            } catch (Exception e13) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "JSAS0011E: java.lang.Exception - This is a generic java exception.", new Object[]{e13});
                }
                FFDCFilter.processException(e13, "com.ibm.ws.security.auth.ServerCredSigner.initialize", "366", this);
            }
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Loading RSA from ").append(str7).toString());
                }
                this.sig = Signature.getInstance(CRYPTO_ALGORITHM, str7);
            } catch (NoSuchAlgorithmException e14) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("RSA cipher not found in ").append(str7).append(" provider.").toString(), new Object[]{e14});
                }
                FFDCFilter.processException(e14, "com.ibm.ws.security.auth.ServerCredSigner.initialize", "382", this);
            } catch (NoSuchProviderException e15) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Provider ").append(str7).append(" not found.").toString(), new Object[]{e15});
                }
                FFDCFilter.processException(e15, "com.ibm.ws.security.auth.ServerCredSigner.initialize", "389", this);
            } catch (Exception e16) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception: ", new Object[]{e16});
                }
                FFDCFilter.processException(e16, "com.ibm.ws.security.auth.ServerCredSigner.initialize", "405", this);
            }
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Get a SHA message digest instance from ").append(str7).toString());
                }
                this.md = MessageDigest.getInstance("SHA", str7);
            } catch (Exception e17) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Error getting SHA instance. ", new Object[]{e17});
                }
                FFDCFilter.processException(e17, "com.ibm.ws.security.auth.ServerCredSigner.initialize", "421", this);
            }
        }
    }

    public synchronized byte[] encryptString(String str) {
        if (!ConfigURLProperties.isSecurityEnabled() || this.secConfig == null || !this.secConfig.processIsServer()) {
            return nullByteArray;
        }
        if (str == null || str.length() == 0) {
            return nullByteArray;
        }
        try {
            this.sig.initSign(this.rsaPriv);
            this.sig.update(str.getBytes());
            return this.sig.sign();
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error encrypting: ", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.ServerCredSigner.getEncryptedSigner", "456", this);
            return null;
        }
    }

    public synchronized String decryptString(byte[] bArr) {
        if (!ConfigURLProperties.isSecurityEnabled() || this.secConfig == null || !this.secConfig.processIsServer() || bArr == null) {
            return null;
        }
        try {
            this.sig.initVerify(this.rsaPub);
            this.sig.update(bArr);
            return bArr.toString();
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error decrypting: ", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.ServerCredSigner.verify", "486", this);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized byte[] getEncryptedServerSigner() {
        if (!ConfigURLProperties.isSecurityEnabled() || this.secConfig == null || !this.secConfig.processIsServer()) {
            return nullByteArray;
        }
        if (_uniqueServerCipher == null) {
            try {
                this.sig.initSign(this.rsaPriv);
                this.sig.update(_uniqueServerIDBytes);
                _uniqueServerCipher = this.sig.sign();
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Error encrypting: ", new Object[]{e});
                }
                FFDCFilter.processException(e, "com.ibm.ws.security.auth.ServerCredSigner.getEncryptedSigner", "517", this);
                return null;
            }
        }
        return _uniqueServerCipher;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized byte[] getEncryptedWSCredSigner() {
        if (!ConfigURLProperties.isSecurityEnabled() || this.secConfig == null || !this.secConfig.processIsServer()) {
            return nullByteArray;
        }
        if (_uniqueWSCredCipher == null) {
            try {
                this.sig.initSign(this.rsaPriv);
                this.sig.update(_uniqueWSCredIDBytes);
                _uniqueWSCredCipher = this.sig.sign();
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Error encrypting: ", new Object[]{e});
                }
                FFDCFilter.processException(e, "com.ibm.ws.security.auth.ServerCredSigner.getEncryptedSigner", "548", this);
                return null;
            }
        }
        return _uniqueWSCredCipher;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized boolean isServerCred(WSCredential wSCredential) {
        if (!ConfigURLProperties.isSecurityEnabled() || this.secConfig == null || !this.secConfig.processIsServer() || ((WSCredentialImpl) wSCredential).getServerCredCipher() == null || _uniqueServerCipher == null) {
            return false;
        }
        return Arrays.equals(_uniqueServerCipher, ((WSCredentialImpl) wSCredential).getServerCredCipher());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized boolean isWSCred(WSCredential wSCredential) {
        if (!ConfigURLProperties.isSecurityEnabled() || this.secConfig == null || !this.secConfig.processIsServer()) {
            return true;
        }
        if (((WSCredentialImpl) wSCredential).getWSCredCipher() == null || _uniqueWSCredCipher == null) {
            return false;
        }
        return Arrays.equals(_uniqueWSCredCipher, ((WSCredentialImpl) wSCredential).getWSCredCipher());
    }

    protected synchronized byte[] getOneWayHash(String str) {
        if (!ConfigURLProperties.isSecurityEnabled() || this.secConfig == null || !this.secConfig.processIsServer()) {
            return null;
        }
        this.md.reset();
        this.md.update(str.getBytes());
        return this.md.digest();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$auth$ServerCredSigner == null) {
            cls = class$("com.ibm.ws.security.auth.ServerCredSigner");
            class$com$ibm$ws$security$auth$ServerCredSigner = cls;
        } else {
            cls = class$com$ibm$ws$security$auth$ServerCredSigner;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ISecurityL13SupportImpl.sec");
    }
}
