package com.ibm.ws.ssl;

import com.ibm.ISecurityUtilityImpl.InvalidPasswordDecodingException;
import com.ibm.ISecurityUtilityImpl.PasswordUtil;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.models.config.ipc.ssl.CryptoHardwareToken;
import com.ibm.websphere.models.config.ipc.ssl.SecureSocketLayer;
import com.ibm.websphere.models.config.properties.Property;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.management.util.SecurityHelper;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.orbssl.SSLCiphers;
import com.ibm.ws.security.orbssl.SSLDefaults;
import com.ibm.ws.security.orbssl.WSPKCSInKeyStore;
import com.ibm.ws.security.orbssl.WSPKCSInKeyStoreList;
import com.ibm.ws.security.orbssl.WSX509KeyManager;
import com.ibm.ws.security.util.SASPropFile;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Properties;
import java.util.StringTokenizer;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.eclipse.emf.common.util.EList;

/* loaded from: input_file:lib/utils.jar:com/ibm/ws/ssl/SSLConfig.class */
public class SSLConfig {
    private static TraceComponent tc;
    private static WSPKCSInKeyStoreList pKSL;
    public static final String PROTOCOL = "com.ibm.ssl.protocol";
    public static final String KEY_MANAGER = "com.ibm.ssl.keyManager";
    public static final String KEY_STORE_TYPE = "com.ibm.ssl.keyStoreType";
    public static final String KEY_STORE_PROVIDER = "com.ibm.ssl.keyStoreProvider";
    public static final String KEY_FILE_NAME = "com.ibm.ssl.keyStore";
    public static final String KEY_FILE_PASSWORD = "com.ibm.ssl.keyStorePassword";
    public static final String TRUST_MANAGER = "com.ibm.ssl.trustManager";
    public static final String TRUST_STORE_TYPE = "com.ibm.ssl.trustStoreType";
    public static final String TRUST_STORE_PROVIDER = "com.ibm.ssl.trustStoreProvider";
    public static final String TRUST_FILE_NAME = "com.ibm.ssl.trustStore";
    public static final String TRUST_FILE_PASSWORD = "com.ibm.ssl.trustStorePassword";
    public static final String ENABLED_CIPHER_SUITES = "com.ibm.ssl.enabledCipherSuites";
    public static final String CLIENT_AUTH = "com.ibm.ssl.clientAuthentication";
    public static final String CONTEXT_PROVIDER = "com.ibm.ssl.contextProvider";
    public static final String SECURITY_LEVEL = "com.ibm.ssl.securityLevel";
    public static final String TOKEN_TYPE = "com.ibm.ssl.tokenType";
    public static final String TOKEN_LIBRARY_FILE = "com.ibm.ssl.tokenLibraryFile";
    public static final String TOKEN_PASSWORD = "com.ibm.ssl.tokenPassword";
    public static final String TOKEN_SLOT = "com.ibm.ssl.tokenSlot";
    public static final String CLIENT_KEY_ALIAS = "com.ibm.ssl.keyStoreClientAlias";
    public static final String SERVER_KEY_ALIAS = "com.ibm.ssl.keyStoreServerAlias";
    public static final String CLIENT_SIDE = "client";
    public static final String SERVER_SIDE = "server";
    public static final String SOCKET_FACTORY = "ssl.SocketFactory.provider";
    public static final String IBMJSSEFIPS_SOCKET_FACTORY = "com.ibm.fips.jsse.JSSESocketFactory";
    public static final String IBMJSSE_SOCKET_FACTORY = "com.ibm.jsse.JSSESocketFactory";
    public static final String[] PROP_NAMES;
    private static final SSLConfig defaultServerConfig;
    private static final SSLConfig defaultClientConfig;
    private static JSSEProvider jsseProvider;
    private boolean isServer;
    private String prefix;
    private SSLConfig parent;
    private javax.net.ssl.SSLSocketFactory socketFactory;
    private javax.net.ssl.SSLServerSocketFactory serverSocketFactory;
    private final HashMap myProps;
    static Class class$com$ibm$ws$ssl$SSLConfig;

    public static SSLConfig getDefaultClientConfig() {
        return defaultClientConfig;
    }

    public static SSLConfig getDefaultServerConfig() {
        return defaultServerConfig;
    }

    public SSLConfig(boolean z) {
        this.socketFactory = null;
        this.serverSocketFactory = null;
        this.myProps = new HashMap();
        this.parent = null;
        this.prefix = "";
        this.isServer = z;
        if (z) {
            setProtocol("SSL");
        } else {
            setProtocol("SSLv3");
        }
        setKeyManager("IbmX509");
        setKeyStoreType("JKS");
        setTrustManager("IbmX509");
        setTrustStoreType("JKS");
        setSecurityLevel("high");
        setTokenType("PKCS#11");
        setContextProvider(SSLDefaults.DEFAULT_CONTEXT_PROVIDER);
        setEnabledCipherSuites(null);
    }

    public SSLConfig(SSLConfig sSLConfig, String str) {
        this.socketFactory = null;
        this.serverSocketFactory = null;
        this.myProps = new HashMap();
        this.parent = sSLConfig;
        this.prefix = str;
    }

    public void init(Properties properties) throws IllegalArgumentException {
        boolean z = false;
        boolean z2 = false;
        String str = null;
        Enumeration<?> propertyNames = properties.propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str2 = (String) propertyNames.nextElement();
            Object obj = properties.get(str2);
            String substring = str2.substring(this.prefix.length());
            setValue(substring, obj);
            if ("ssl.SocketFactory.provider".equals(substring)) {
                z = true;
            } else if ("com.ibm.ssl.contextProvider".equals(substring)) {
                z2 = true;
                str = (String) obj;
            }
        }
        if (!z) {
            if (!z2) {
                setValue("ssl.SocketFactory.provider", IBMJSSE_SOCKET_FACTORY);
            } else if (SSLDefaults.DEFAULT_CONTEXT_PROVIDER.equals(str)) {
                setValue("ssl.SocketFactory.provider", IBMJSSE_SOCKET_FACTORY);
            } else if (SSLCiphers.JSSEFIPS_PROVIDER.equals(str)) {
                setValue("ssl.SocketFactory.provider", IBMJSSEFIPS_SOCKET_FACTORY);
            } else {
                Tr.warning(tc, "ContextProvider defined but SocketFactory not defined, Soap connector might fail.");
            }
        }
        jsseProvider = JSSEProviderFactory.getInstance(str);
    }

    public void init(SecureSocketLayer secureSocketLayer) {
        if (secureSocketLayer == null) {
            return;
        }
        String checkKeyStoreType = checkKeyStoreType(secureSocketLayer.getKeyFileFormat().toString());
        if (!hasValue(checkKeyStoreType)) {
            checkKeyStoreType = System.getProperty("javax.net.ssl.keyStoreType", checkKeyStoreType);
        }
        if (hasValue(checkKeyStoreType)) {
            setKeyStoreType(checkKeyStoreType);
        }
        String keyFileName = secureSocketLayer.getKeyFileName();
        if (!hasValue(keyFileName)) {
            keyFileName = System.getProperty(SecurityHelper.keyStoreProp, keyFileName);
        }
        if (hasValue(keyFileName)) {
            setKeyFileName(keyFileName);
        }
        String keyFilePassword = secureSocketLayer.getKeyFilePassword();
        if (!hasValue(keyFilePassword)) {
            keyFilePassword = System.getProperty(SecurityHelper.keyStorePasswordProp, keyFilePassword);
        }
        if (hasValue(keyFilePassword)) {
            setKeyFilePassword(keyFilePassword);
        }
        String checkKeyStoreType2 = checkKeyStoreType(secureSocketLayer.getTrustFileFormat().toString());
        if (!hasValue(checkKeyStoreType2)) {
            checkKeyStoreType2 = System.getProperty("javax.net.ssl.trustStoreType", checkKeyStoreType2);
        }
        if (hasValue(checkKeyStoreType2)) {
            setTrustStoreType(checkKeyStoreType2);
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "TrustFileFormat was not specified, defualt to KeyFileFormat value");
            }
            setTrustStoreType(checkKeyStoreType);
        }
        String trustFileName = secureSocketLayer.getTrustFileName();
        if (!hasValue(trustFileName)) {
            trustFileName = System.getProperty(SecurityHelper.trustStoreProp, trustFileName);
        }
        if (hasValue(trustFileName)) {
            setTrustFileName(trustFileName);
        }
        String trustFilePassword = secureSocketLayer.getTrustFilePassword();
        if (!hasValue(trustFilePassword)) {
            trustFilePassword = System.getProperty(SecurityHelper.trustStorePasswordProp, trustFilePassword);
        }
        if (hasValue(trustFilePassword)) {
            setTrustFilePassword(trustFilePassword);
        }
        String sSLSecurityLevel = secureSocketLayer.getSecurityLevel().toString();
        if (hasValue(sSLSecurityLevel)) {
            setSecurityLevel(sSLSecurityLevel);
        }
        setClientAuthentication(new Boolean(secureSocketLayer.isClientAuthentication()));
        if (secureSocketLayer.isEnableCryptoHardwareSupport()) {
            CryptoHardwareToken cryptoHardware = secureSocketLayer.getCryptoHardware();
            if (cryptoHardware.getTokenType() != null) {
                setTokenType(cryptoHardware.getTokenType());
            } else {
                setTokenType(System.getProperty("javax.net.ssl.tokenType", ""));
            }
            if (cryptoHardware.getLibraryFile() != null) {
                setTokenLibraryFile(cryptoHardware.getLibraryFile());
            } else {
                setTokenLibraryFile(System.getProperty("javax.net.ssl.tokenLibraryFile", ""));
            }
            if (cryptoHardware.getPassword() != null) {
                setTokenPassword(cryptoHardware.getPassword());
            } else {
                setTokenPassword(System.getProperty("javax.net.ssl.tokenPassword", ""));
            }
        }
        boolean z = false;
        boolean z2 = false;
        String str = null;
        EList properties = secureSocketLayer.getProperties();
        if (properties != null) {
            for (int i = 0; i < properties.size(); i++) {
                Property property = (Property) properties.get(i);
                String value = property.getValue();
                String name = property.getName();
                if (hasValue(value)) {
                    setValue(name, value);
                    if ("ssl.SocketFactory.provider".equals(name)) {
                        z = true;
                    } else if ("com.ibm.ssl.contextProvider".equals(name)) {
                        z2 = true;
                        str = value;
                    }
                } else if (name.equals("com.ibm.ssl.keyStoreClientAlias") || name.equals("com.ibm.ssl.keyStoreServerAlias") || name.equals("com.ibm.ssl.tokenSlot")) {
                    setValue(name, System.getProperty(new StringBuffer().append("javax.net.ssl").append(name.substring(name.lastIndexOf(46))).toString(), ""));
                }
            }
        }
        if (z) {
            return;
        }
        if (!z2) {
            setValue("ssl.SocketFactory.provider", IBMJSSE_SOCKET_FACTORY);
            return;
        }
        if (SSLDefaults.DEFAULT_CONTEXT_PROVIDER.equals(str)) {
            setValue("ssl.SocketFactory.provider", IBMJSSE_SOCKET_FACTORY);
        } else if (SSLCiphers.JSSEFIPS_PROVIDER.equals(str)) {
            setValue("ssl.SocketFactory.provider", IBMJSSEFIPS_SOCKET_FACTORY);
        } else {
            Tr.warning(tc, "ContextProvider defined but SocketFactory not defined, Soap connector might fail.");
        }
    }

    public String getProperty(String str) {
        if (!"com.ibm.ssl.keyStorePassword".equals(str) && !"com.ibm.ssl.trustStorePassword".equals(str) && !"com.ibm.ssl.tokenPassword".equals(str)) {
            return ("com.ibm.ssl.enabledCipherSuites".equals(str) || "com.ibm.ssl.clientAuthentication".equals(str)) ? "com.ibm.ssl.enabledCipherSuites".equals(str) ? makeString((String[]) getValue(str)) : ((Boolean) getValue(str)).toString() : (String) getValue(str);
        }
        String str2 = (String) getValue(str);
        try {
            str2 = PasswordUtil.decode(str2);
        } catch (InvalidPasswordDecodingException e) {
            FFDCFilter.processException((Throwable) e, "com.ibm.ws.ssl.SSLConfig.getProperty", "426", (Object) this);
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.ssl.SSLConfig.getProperty", "430", this);
        }
        return str2;
    }

    public void setProperty(String str, String str2) throws IllegalArgumentException {
        setValue(str, str2);
    }

    private Object getValue(String str) {
        Object obj = this.myProps.get(str);
        return (obj != null || this.parent == null) ? obj : this.parent.getValue(str);
    }

    private void setValue(String str, Object obj) throws IllegalArgumentException {
        if (str.equals("com.ibm.ssl.clientAuthentication") && (obj instanceof String)) {
            obj = new Boolean((String) obj);
        } else if (str.equals("com.ibm.ssl.enabledCipherSuites") && (obj instanceof String)) {
            obj = makeStringArray((String) obj);
        }
        iSetValue(str, obj);
    }

    private void iSetValue(String str, Object obj) {
        Object obj2 = this.myProps.get(str);
        if ((obj2 == null || !obj2.equals(obj)) && obj != null) {
            if ((obj instanceof String) && ((String) obj).length() == 0) {
                return;
            }
            if (tc.isDebugEnabled()) {
                if (str.indexOf("Password") != -1) {
                    Tr.debug(tc, new StringBuffer().append("SSL property: name=").append(str).append("; value=").append("*****").toString());
                } else {
                    Tr.debug(tc, new StringBuffer().append("SSL property: name=").append(str).append("; value=").append(obj).toString());
                }
            }
            this.myProps.put(str, obj);
            this.socketFactory = null;
            this.serverSocketFactory = null;
        }
    }

    public boolean isServer() {
        return this.isServer;
    }

    public boolean isClient() {
        return !this.isServer;
    }

    public String getProtocol() {
        return getProperty("com.ibm.ssl.protocol");
    }

    public void setProtocol(String str) {
        iSetValue("com.ibm.ssl.protocol", str);
    }

    public String getKeyManager() {
        return getProperty("com.ibm.ssl.keyManager");
    }

    public void setKeyManager(String str) {
        iSetValue("com.ibm.ssl.keyManager", str);
    }

    public String getKeyStoreType() {
        return getProperty("com.ibm.ssl.keyStoreType");
    }

    public void setKeyStoreType(String str) {
        iSetValue("com.ibm.ssl.keyStoreType", str);
    }

    public String getKeyStoreProvider() {
        return getProperty("com.ibm.ssl.keyStoreProvider");
    }

    public void setKeyStoreProvider(String str) {
        iSetValue("com.ibm.ssl.keyStoreProvider", str);
    }

    public String getContextProvider() {
        return getProperty("com.ibm.ssl.contextProvider");
    }

    public void setContextProvider(String str) {
        iSetValue("com.ibm.ssl.contextProvider", str);
    }

    public String getSocketfactory() {
        return getProperty("ssl.SocketFactory.provider");
    }

    public void setSocketFactory(String str) {
        iSetValue("ssl.SocketFactory.provider", str);
    }

    public String getKeyFileName() {
        return getProperty("com.ibm.ssl.keyStore");
    }

    public void setKeyFileName(String str) {
        iSetValue("com.ibm.ssl.keyStore", str);
    }

    public String getKeyFilePassword() {
        return getProperty("com.ibm.ssl.keyStorePassword");
    }

    public void setKeyFilePassword(String str) {
        iSetValue("com.ibm.ssl.keyStorePassword", str);
    }

    public String getTrustManager() {
        return getProperty("com.ibm.ssl.trustManager");
    }

    public void setTrustManager(String str) {
        iSetValue("com.ibm.ssl.trustManager", str);
    }

    public String getTrustStoreType() {
        return getProperty("com.ibm.ssl.trustStoreType");
    }

    public void setTrustStoreType(String str) {
        iSetValue("com.ibm.ssl.trustStoreType", str);
    }

    public String getTrustStoreProvider() {
        return getProperty("com.ibm.ssl.trustStoreProvider");
    }

    public void setTrustStoreProvider(String str) {
        iSetValue("com.ibm.ssl.trustStoreProvider", str);
    }

    public String getTrustFileName() {
        return getProperty("com.ibm.ssl.trustStore");
    }

    public void setTrustFileName(String str) {
        iSetValue("com.ibm.ssl.trustStore", str);
    }

    public String getTrustFilePassword() {
        return getProperty("com.ibm.ssl.trustStorePassword");
    }

    public void setTrustFilePassword(String str) {
        iSetValue("com.ibm.ssl.trustStorePassword", str);
    }

    public Boolean getClientAuthentication() {
        return (Boolean) getValue("com.ibm.ssl.clientAuthentication");
    }

    public void setClientAuthentication(Boolean bool) {
        iSetValue("com.ibm.ssl.clientAuthentication", bool);
    }

    public String getKeyStoreClientAlias() {
        return (String) getValue("com.ibm.ssl.keyStoreClientAlias");
    }

    public void setKeyStoreClientAlias(String str) {
        iSetValue("com.ibm.ssl.keyStoreClientAlias", str);
    }

    public String getKeyStoreServerAlias() {
        return (String) getValue("com.ibm.ssl.keyStoreServerAlias");
    }

    public void setKeyStoreServerAlias(String str) {
        iSetValue("com.ibm.ssl.keyStoreServerAlias", str);
    }

    public String[] getEnabledCipherSuites() {
        String securityLevel = getSecurityLevel();
        String[] strArr = (String[]) getValue("com.ibm.ssl.enabledCipherSuites");
        if (strArr != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("enabledCipherSuites ").append(strArr).toString());
            }
            return strArr;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Use default set of cipher suites for securityLevel ").append(securityLevel).toString());
        }
        String[] ciphersForSecurityLevel = getJSSEProvider().getCiphersForSecurityLevel(isClient(), securityLevel);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("defaultCipherSuites ").append(ciphersForSecurityLevel).toString());
        }
        return ciphersForSecurityLevel;
    }

    public void setEnabledCipherSuites(String[] strArr) {
        iSetValue("com.ibm.ssl.enabledCipherSuites", strArr);
    }

    public String getSecurityLevel() {
        return getProperty("com.ibm.ssl.securityLevel");
    }

    public void setSecurityLevel(String str) {
        iSetValue("com.ibm.ssl.securityLevel", str);
    }

    public String getTokenType() {
        return getProperty("com.ibm.ssl.tokenType");
    }

    public void setTokenType(String str) {
        iSetValue("com.ibm.ssl.tokenType", str);
    }

    public String getTokenLibraryFile() {
        return getProperty("com.ibm.ssl.tokenLibraryFile");
    }

    public void setTokenLibraryFile(String str) {
        iSetValue("com.ibm.ssl.tokenLibraryFile", str);
    }

    public String getTokenPassword() {
        return getProperty("com.ibm.ssl.tokenPassword");
    }

    public void setTokenPassword(String str) {
        iSetValue("com.ibm.ssl.tokenPassword", str);
    }

    public javax.net.ssl.SSLSocketFactory getSocketFactory() throws Exception {
        if (this.socketFactory == null) {
            synchronized (this) {
                if (this.socketFactory == null) {
                    this.socketFactory = getSSLContext("client").getSocketFactory();
                }
            }
        }
        return this.socketFactory;
    }

    public javax.net.ssl.SSLServerSocketFactory getServerSocketFactory() throws Exception {
        if (this.serverSocketFactory == null) {
            synchronized (this) {
                if (this.serverSocketFactory == null) {
                    this.serverSocketFactory = getSSLContext("server").getServerSocketFactory();
                }
            }
        }
        return this.serverSocketFactory;
    }

    public SSLSocket configure(Socket socket) {
        SSLSocket sSLSocket = (SSLSocket) socket;
        String[] enabledCipherSuites = getEnabledCipherSuites();
        if (enabledCipherSuites != null) {
            sSLSocket.setEnabledCipherSuites(enabledCipherSuites);
        }
        return sSLSocket;
    }

    public SSLServerSocket configure(ServerSocket serverSocket) {
        SSLServerSocket sSLServerSocket = (SSLServerSocket) serverSocket;
        String[] enabledCipherSuites = getEnabledCipherSuites();
        if (enabledCipherSuites != null) {
            sSLServerSocket.setEnabledCipherSuites(enabledCipherSuites);
        }
        Boolean clientAuthentication = getClientAuthentication();
        if (clientAuthentication != null) {
            sSLServerSocket.setNeedClientAuth(clientAuthentication.booleanValue());
        }
        return sSLServerSocket;
    }

    private SSLContext getSSLContext(String str) throws Exception {
        try {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("getting sslContext with protocol: ").append(getProtocol()).toString());
            }
            SSLContext sSLContextInstance = getJSSEProvider().getSSLContextInstance(getProtocol());
            String property = !hasValue(getProperty("com.ibm.ssl.tokenSlot")) ? "0" : getProperty("com.ibm.ssl.tokenSlot");
            String tokenLibraryFile = getTokenLibraryFile();
            String str2 = "";
            String str3 = "";
            int i = -1;
            int i2 = -1;
            if (hasValue(tokenLibraryFile)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Using cryptographic token.");
                }
                tokenLibraryFile = new StringBuffer().append(tokenLibraryFile).append(":").append(property).toString();
                if (str.equalsIgnoreCase("client")) {
                    str2 = getKeyStoreClientAlias();
                    i = Integer.valueOf(property).intValue();
                }
                if (str.equalsIgnoreCase("server")) {
                    str3 = getKeyStoreServerAlias();
                    i2 = Integer.valueOf(property).intValue();
                    str2 = getKeyStoreClientAlias();
                    i = Integer.valueOf(property).intValue();
                }
            }
            TrustManagerFactory trustManagerFactory = null;
            TrustManager[] trustManagerArr = null;
            if (hasValue(getTrustFileName()) && hasValue(getTrustFilePassword())) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Using trust store: ").append(getTrustFileName()).toString());
                }
                KeyStore keyStore = getKeyStore(getTrustStoreType(), getTrustStoreProvider(), getTrustFileName(), getTrustFilePassword());
                trustManagerFactory = getJSSEProvider().getTrustManagerFactoryInstance();
                trustManagerFactory.init(keyStore);
            } else if (hasValue(tokenLibraryFile)) {
                WSPKCSInKeyStore insert = pKSL.insert(getTokenType(), tokenLibraryFile, getTokenPassword(), false);
                if (insert != null) {
                    insert.getTS();
                    trustManagerFactory = insert.getTMF();
                } else {
                    Tr.error(tc, "Unable to get a PKCS keystore.");
                }
            }
            if (trustManagerFactory != null) {
                trustManagerArr = trustManagerFactory.getTrustManagers();
            }
            KeyStore keyStore2 = null;
            char[] cArr = null;
            KeyManagerFactory keyManagerFactory = null;
            if (hasValue(getKeyFileName()) && hasValue(getKeyFilePassword())) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Using software keystore: ").append(getKeyFileName()).toString());
                }
                keyStore2 = getKeyStore(getKeyStoreType(), getKeyStoreProvider(), getKeyFileName(), getKeyFilePassword());
                keyManagerFactory = getJSSEProvider().getKeyManagerFactoryInstance();
                if (hasValue(getKeyFilePassword())) {
                    cArr = getKeyFilePassword().toCharArray();
                }
                try {
                    keyManagerFactory.init(keyStore2, cArr);
                    keyManagerFactory.getKeyManagers();
                } catch (UnrecoverableKeyException e) {
                    if (cArr == null) {
                        throw new UnrecoverableKeyException(new StringBuffer().append(e.getMessage()).append(": unspecified password for file '").append(getKeyFileName()).append("'").toString());
                    }
                    throw new UnrecoverableKeyException(new StringBuffer().append(e.getMessage()).append(": invalid password for file '").append(getKeyFileName()).append("'").toString());
                }
            } else if (hasValue(tokenLibraryFile)) {
                WSPKCSInKeyStore insert2 = pKSL.insert(getTokenType(), tokenLibraryFile, getTokenPassword(), true);
                if (insert2 != null) {
                    keyStore2 = insert2.getKS();
                    keyManagerFactory = insert2.getKMF();
                } else {
                    Tr.error(tc, "Unable to get a PKCS keystore.");
                }
            }
            if (str.equalsIgnoreCase("client")) {
                WSX509KeyManager wSX509KeyManager = new WSX509KeyManager(keyStore2, cArr, keyManagerFactory);
                if (wSX509KeyManager == null || wSX509KeyManager.getX509KeyManager() == null || !hasValue(str2)) {
                    sSLContextInstance.init(keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null, trustManagerArr, null);
                } else {
                    wSX509KeyManager.setClientAlias(str2, i);
                    sSLContextInstance.init(new KeyManager[]{wSX509KeyManager}, trustManagerArr, null);
                }
            } else if (str.equalsIgnoreCase("server")) {
                WSX509KeyManager wSX509KeyManager2 = new WSX509KeyManager(keyStore2, cArr, keyManagerFactory);
                if (wSX509KeyManager2 == null || wSX509KeyManager2.getX509KeyManager() == null || !(hasValue(str3) || hasValue(str2))) {
                    sSLContextInstance.init(keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null, trustManagerArr, null);
                } else {
                    if (hasValue(str2)) {
                        wSX509KeyManager2.setClientAlias(str2, i);
                    }
                    if (hasValue(str3)) {
                        wSX509KeyManager2.setServerAlias(str3, i2);
                    }
                    sSLContextInstance.init(new KeyManager[]{wSX509KeyManager2}, trustManagerArr, null);
                }
            }
            return sSLContextInstance;
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Exception getting SSL context: ").append(e2.getMessage()).toString(), new Object[]{e2});
            }
            Tr.error(tc, "Unable to get SSL context: ", e2.getLocalizedMessage());
            throw e2;
        }
    }

    private KeyStore getKeyStore(String str, String str2, String str3, String str4) throws Exception {
        KeyStore keyStore = null;
        boolean z = true;
        int i = 0;
        while (z) {
            keyStore = getJSSEProvider().getKeyStoreInstance(str);
            FileInputStream fileInputStream = new FileInputStream(str3);
            char[] cArr = null;
            if (hasValue(str4)) {
                cArr = str4.toCharArray();
            }
            try {
                keyStore.load(fileInputStream, cArr);
                z = false;
            } catch (IOException e) {
                if (!e.getMessage().equalsIgnoreCase("Invalid keystore format") && e.getMessage().indexOf("DerInputStream.getLength()") == -1) {
                    throw e;
                }
                Tr.warning(tc, "security.ssl.config.initialization.warning.invalidkeystoretype");
                if (str.equalsIgnoreCase("JKS")) {
                    str = "JCEKS";
                } else if (str.equalsIgnoreCase("JCEKS")) {
                    str = "PKCS12";
                } else if (str.equalsIgnoreCase("PKCS12")) {
                    str = "JCEKS";
                }
                int i2 = i;
                i++;
                if (i2 > 1) {
                    throw e;
                }
            }
        }
        return keyStore;
    }

    private boolean hasValue(String str) {
        return str != null && str.length() > 0;
    }

    private String[] makeStringArray(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str);
        int i = 0;
        while (stringTokenizer.hasMoreTokens()) {
            stringTokenizer.nextToken();
            i++;
        }
        String[] strArr = new String[i];
        StringTokenizer stringTokenizer2 = new StringTokenizer(str);
        for (int i2 = 0; i2 < i; i2++) {
            strArr[i2] = stringTokenizer2.nextToken();
        }
        return strArr;
    }

    private String makeString(String[] strArr) {
        if (strArr == null || strArr.length == 0) {
            return null;
        }
        String str = strArr[0];
        for (int i = 1; i < strArr.length; i++) {
            str = new StringBuffer().append(new StringBuffer().append(str).append(" ").toString()).append(strArr[i]).toString();
        }
        return str;
    }

    private JSSEProvider getJSSEProvider() {
        if (jsseProvider == null) {
            jsseProvider = JSSEProviderFactory.getInstance();
        }
        return jsseProvider;
    }

    public void print() {
        if (tc.isDebugEnabled()) {
            for (int i = 0; i < PROP_NAMES.length; i++) {
                if (!PROP_NAMES[i].equals("com.ibm.ssl.keyStorePassword") && !PROP_NAMES[i].equals("com.ibm.ssl.trustStorePassword") && !PROP_NAMES[i].equals("com.ibm.ssl.tokenPassword")) {
                    Tr.debug(tc, new StringBuffer().append(PROP_NAMES[i]).append(" = ").append(getValue(PROP_NAMES[i])).toString());
                }
            }
        }
    }

    private String checkKeyStoreType(String str) {
        return (str == null || !str.equalsIgnoreCase("JCEK")) ? str : "JCEKS";
    }

    private boolean checkProvider(String str) {
        Provider provider = null;
        if (!hasValue(str)) {
            return false;
        }
        try {
            provider = Security.getProvider(str);
        } catch (Throwable th) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("getProvider(").append(str).append(") exception caught: ").toString(), th);
            }
            FFDCFilter.processException(th, "com.ibm.ws.ssl.SSLConfig.checkProvider", "1171", this);
        }
        if (provider != null) {
            return true;
        }
        try {
            String str2 = null;
            if (str.equalsIgnoreCase(SSLDefaults.DEFAULT_CONTEXT_PROVIDER) || str.equalsIgnoreCase("JSSE")) {
                str2 = CommonConstants.IBMJSSE;
            } else if (str.equalsIgnoreCase(SSLCiphers.JSSEFIPS_PROVIDER)) {
                str2 = CommonConstants.IBMJSSEFIPS;
            }
            if (str2 == null) {
                return false;
            }
            Security.addProvider((Provider) Class.forName(str2).newInstance());
            return true;
        } catch (Exception e) {
            Tr.warning(tc, "security.addprovider.error", new Object[]{e});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Exception caught adding provider: ").append(str).append(", exception caught: ").toString(), e);
            }
            FFDCFilter.processException(e, "com.ibm.ws.ssl.SSLConfig.checkProvider", "1206", this);
            return false;
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$ssl$SSLConfig == null) {
            cls = class$("com.ibm.ws.ssl.SSLConfig");
            class$com$ibm$ws$ssl$SSLConfig = cls;
        } else {
            cls = class$com$ibm$ws$ssl$SSLConfig;
        }
        tc = Tr.register(cls.getName(), "SSL");
        pKSL = new WSPKCSInKeyStoreList();
        PROP_NAMES = SASPropFile.SSL_PROP_NAMES;
        defaultServerConfig = new SSLConfig(true);
        defaultClientConfig = new SSLConfig(false);
        jsseProvider = null;
    }
}
