package com.ibm.ws.ssl.config;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ras.RASFormatter;
import com.ibm.websphere.management.AdminClient;
import com.ibm.websphere.management.application.AppConstants;
import com.ibm.websphere.models.config.ipc.ssl.KeyManager;
import com.ibm.websphere.models.config.ipc.ssl.KeyStore;
import com.ibm.websphere.models.config.ipc.ssl.ManagementScope;
import com.ibm.websphere.models.config.ipc.ssl.SSLSecurityLevel;
import com.ibm.websphere.models.config.ipc.ssl.SecureSocketLayer;
import com.ibm.websphere.models.config.ipc.ssl.TrustManager;
import com.ibm.websphere.models.config.orb.securityprotocol.CommonSecureInterop;
import com.ibm.websphere.models.config.orb.securityprotocol.IIOPLayer;
import com.ibm.websphere.models.config.orb.securityprotocol.IIOPSecurityProtocol;
import com.ibm.websphere.models.config.orb.securityprotocol.TransportLayer;
import com.ibm.websphere.models.config.orb.securityprotocol.TransportQOP;
import com.ibm.websphere.models.config.properties.Property;
import com.ibm.websphere.models.config.security.DynamicSSLConfigSelection;
import com.ibm.websphere.models.config.security.Security;
import com.ibm.websphere.ssl.SSLConfigChangeEvent;
import com.ibm.websphere.ssl.SSLConfigChangeListener;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.logging.object.WsLogRecord;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.util.SASPropFile;
import com.ibm.ws.ssl.JSSEProviderFactory;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.webservices.engine.transport.jms.JMSConstants;
import com.ibm.ws.webservices.engine.transport.security.SSLpropertyNames;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.TreeSet;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.eclipse.emf.common.util.EList;

/* loaded from: input_file:lib/com.ibm.ws.webservices.thinclient_6.1.0.jar:com/ibm/ws/ssl/config/SSLConfigManager.class */
public class SSLConfigManager {
    private static final TraceComponent tc;
    private static SSLConfigManager thisClass;
    private boolean isServerProcess = false;
    private boolean clientSSLInitializedOnce = false;
    private KeyStoreManager keyStoreManager = KeyStoreManager.getInstance();
    private Properties globalConfigProperties = new Properties();
    private HashMap sslConfigMap = new HashMap();
    private ArrayList keyManagerArrayList = new ArrayList();
    private ArrayList trustManagerArrayList = new ArrayList();
    private HashMap sslConfigDynamicSelectionMap = new HashMap();
    private TreeSet sslConfigDynamicSelectionCacheMissTreeSet = new TreeSet(new DynamicSSLCacheMissComparator());
    private HashMap sslConfigDynamicLookupCache = new HashMap();
    private HashSet clientFilesAlreadyProcessed = new HashSet();
    private HashMap sslConfigListenerMap = new HashMap();
    private HashMap sslConfigListenerEventMap = new HashMap();
    private static String[][] SystemSSLCiphers;
    static Class class$com$ibm$ws$ssl$config$SSLConfigManager;

    private SSLConfigManager() {
        JSSEProviderFactory.getInstance();
    }

    public static SSLConfigManager getInstance() {
        if (thisClass == null) {
            thisClass = new SSLConfigManager();
        }
        return thisClass;
    }

    public synchronized void initializeServerSSL(Security security, boolean z) throws SSLException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeServerSSL");
        }
        if (security == null) {
            throw new SSLException("Cannot get security object from WCCM.");
        }
        try {
            this.isServerProcess = true;
            loadGlobalProperties(security);
            FIPSManager.getInstance().initializeFIPS();
            KeyStoreManager.getInstance().loadKeyStores(security);
            loadKeyManagers(security);
            loadTrustManagers(security);
            String[] strArr = null;
            HashSet hashSet = null;
            if (z) {
                hashSet = new HashSet();
                strArr = (String[]) this.sslConfigMap.keySet().toArray(new String[0]);
            }
            for (int i = 0; i < security.getRepertoire().size(); i++) {
                com.ibm.websphere.models.config.security.SSLConfig sSLConfig = (com.ibm.websphere.models.config.security.SSLConfig) security.getRepertoire().get(i);
                if (sSLConfig != null) {
                    String alias = sSLConfig.getAlias();
                    SSLConfig parseSSLConfig = parseSSLConfig(sSLConfig, z);
                    if (parseSSLConfig != null && parseSSLConfig.requiredPropertiesArePresent()) {
                        parseSSLConfig.setProperty(Constants.SSLPROP_ALIAS, alias);
                        parseSSLConfig.setProperty(Constants.SSLPROP_CONFIGURL_LOADED_FROM, "security.xml");
                        parseSSLConfig.decodePasswords();
                        if (z) {
                            hashSet.add(alias);
                            SSLConfig sSLConfig2 = (SSLConfig) this.sslConfigMap.get(alias);
                            if (sSLConfig2 == null) {
                                addSSLConfigToMap(alias, parseSSLConfig);
                            } else if (!sSLConfig2.equals(parseSSLConfig)) {
                                removeSSLConfigFromMap(alias, sSLConfig2);
                                addSSLConfigToMap(alias, parseSSLConfig);
                                notifySSLConfigChangeListener(alias, Constants.CONFIG_STATE_CHANGED);
                            } else if (tc.isDebugEnabled()) {
                                Tr.debug(tc, new StringBuffer().append("New SSL config equals old SSL config for alias: ").append(alias).toString());
                            }
                        } else {
                            addSSLConfigToMap(alias, parseSSLConfig);
                        }
                    }
                }
            }
            if (z) {
                for (String str : strArr) {
                    SSLConfig sSLConfig3 = (SSLConfig) this.sslConfigMap.get(str);
                    String property = sSLConfig3.getProperty(Constants.SSLPROP_CONFIGURL_LOADED_FROM);
                    if (sSLConfig3 != null && !hashSet.contains(str) && (property == null || property.equals("security.xml"))) {
                        removeSSLConfigFromMap(str, sSLConfig3);
                        notifySSLConfigChangeListener(str, "deleted");
                    }
                }
            }
            getDefaultSystemProperties(z);
            loadDynamicSSLSelectionInfo(security);
            ManagementScopeManager.getInstance().loadSSLConfigGroups(security, z);
            checkURLHostNameVerificationProperty(z);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Total Number of SSLConfigs: ").append(this.sslConfigMap.size()).toString());
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "initializeServerSSL");
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.ssl.core.SSLConfigManager.initializeServerSSL", "235", this);
            throw new SSLException(e);
        }
    }

    public void initializeClientSSL() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeClientSSL");
        }
        try {
            if (!isServerProcess() && !this.clientSSLInitializedOnce) {
                FIPSManager.getInstance().initializeFIPS();
                String property = System.getProperty("com.ibm.CORBA.ConfigURL");
                if (property != null) {
                    parseConfigURL("IIOP", property, false);
                }
                String property2 = System.getProperty(AdminClient.CONNECTOR_SOAP_CONFIG);
                if (property2 != null) {
                    parseConfigURL("ADMIN_SOAP", property2, false);
                }
                parseSSLConfigURL(System.getProperty(SSLpropertyNames.sslconfigURLProperty), false);
                getDefaultSystemProperties(false);
                checkURLHostNameVerificationProperty(false);
                this.clientSSLInitializedOnce = true;
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception initializing SSL properties from ConfigURL.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.ssl.core.SSLConfigManager.reinitializeClientSSL", "287", this);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeClientSSL");
        }
    }

    public void reinitializeClientSSL() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "reinitializeClientSSL");
        }
        try {
            if (!isServerProcess()) {
                FIPSManager.getInstance().initializeFIPS();
                String property = System.getProperty("com.ibm.CORBA.ConfigURL");
                if (property != null) {
                    parseConfigURL("IIOP", property, true);
                }
                String property2 = System.getProperty(AdminClient.CONNECTOR_SOAP_CONFIG);
                if (property2 != null) {
                    parseConfigURL("ADMIN_SOAP", property2, true);
                }
                parseSSLConfigURL(System.getProperty(SSLpropertyNames.sslconfigURLProperty), true);
                getDefaultSystemProperties(true);
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception reinitializing SSL properties from ConfigURL.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.ssl.core.SSLConfigManager.reinitializeClientSSL", "332", this);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "reinitializeClientSSL");
        }
    }

    public void loadTrustManagers(Security security) {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadTrustManagers");
        }
        this.trustManagerArrayList.clear();
        EList<TrustManager> trustManagers = security.getTrustManagers();
        if (trustManagers != null) {
            for (TrustManager trustManager : trustManagers) {
                ManagementScope managementScope = trustManager.getManagementScope();
                String scopeName = managementScope != null ? managementScope.getScopeName() : ManagementScopeManager.getInstance().getCellScopeName();
                if (ManagementScopeManager.getInstance().currentScopeContained(scopeName)) {
                    String name = trustManager.getName();
                    TrustManagerData trustManagerData = new TrustManagerData(name, trustManager.getProvider(), trustManager.getAlgorithm(), trustManager.getTrustManagerClass(), trustManager.getAdditionalTrustManagerAttrs(), scopeName);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Adding trustManager name: ").append(name).append(" with values: ").append(trustManagerData).toString());
                    }
                    this.trustManagerArrayList.add(trustManagerData);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadTrustManagers");
        }
    }

    public void loadKeyManagers(Security security) {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadKeyManagers");
        }
        this.keyManagerArrayList.clear();
        EList<KeyManager> keyManagers = security.getKeyManagers();
        if (keyManagers != null) {
            for (KeyManager keyManager : keyManagers) {
                ManagementScope managementScope = keyManager.getManagementScope();
                String scopeName = managementScope != null ? managementScope.getScopeName() : ManagementScopeManager.getInstance().getCellScopeName();
                if (ManagementScopeManager.getInstance().currentScopeContained(scopeName)) {
                    String name = keyManager.getName();
                    KeyManagerData keyManagerData = new KeyManagerData(name, keyManager.getProvider(), keyManager.getAlgorithm(), keyManager.getKeyManagerClass(), keyManager.getAdditionalKeyManagerAttrs(), scopeName);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Adding KeyManager name: ").append(name).append(" with values: ").append(keyManagerData).toString());
                    }
                    this.keyManagerArrayList.add(keyManagerData);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadKeyManagers");
        }
    }

    public TrustManagerData getTrustManagerData(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTrustManagerData", new Object[]{str});
        }
        for (int i = 0; i < this.trustManagerArrayList.size(); i++) {
            TrustManagerData trustManagerData = (TrustManagerData) this.trustManagerArrayList.get(i);
            if (trustManagerData != null && trustManagerData.getName().equalsIgnoreCase(str) && ManagementScopeManager.getInstance().currentScopeContained(trustManagerData.getManagementScope())) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, new StringBuffer().append("getTrustManagerData (").append(str).append(")").toString());
                }
                return trustManagerData;
            }
        }
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "getTrustManagerData (null)");
        return null;
    }

    public KeyManagerData getKeyManagerData(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyManagerData", new Object[]{str});
        }
        for (int i = 0; i < this.keyManagerArrayList.size(); i++) {
            KeyManagerData keyManagerData = (KeyManagerData) this.keyManagerArrayList.get(i);
            if (keyManagerData != null && keyManagerData.getName().equalsIgnoreCase(str) && ManagementScopeManager.getInstance().currentScopeContained(keyManagerData.getManagementScope())) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, new StringBuffer().append("getKeyManagerData (").append(str).append(")").toString());
                }
                return keyManagerData;
            }
        }
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "getKeyManagerData (null)");
        return null;
    }

    public synchronized void loadDynamicSSLSelectionInfo(Security security) {
        String scopeName;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loadDynamicSSLSelectionInfo");
        }
        this.sslConfigDynamicSelectionMap.clear();
        this.sslConfigDynamicSelectionCacheMissTreeSet.clear();
        this.sslConfigDynamicLookupCache.clear();
        EList<DynamicSSLConfigSelection> dynamicSSLConfigSelections = security.getDynamicSSLConfigSelections();
        if (dynamicSSLConfigSelections != null) {
            for (DynamicSSLConfigSelection dynamicSSLConfigSelection : dynamicSSLConfigSelections) {
                if (dynamicSSLConfigSelection != null) {
                    if (dynamicSSLConfigSelection.getManagementScope() == null || (scopeName = dynamicSSLConfigSelection.getManagementScope().getScopeName()) == null || scopeName.equals("") || ManagementScopeManager.getInstance().currentScopeContained(scopeName)) {
                        String dynamicSelectionInfo = dynamicSSLConfigSelection.getDynamicSelectionInfo();
                        String alias = dynamicSSLConfigSelection.getSslConfig().getAlias();
                        String certificateAlias = dynamicSSLConfigSelection.getCertificateAlias();
                        if (dynamicSelectionInfo != null && alias != null) {
                            if (certificateAlias != null) {
                                this.sslConfigDynamicSelectionMap.put(dynamicSelectionInfo, new StringBuffer().append(alias).append(":").append(certificateAlias).toString());
                            } else {
                                this.sslConfigDynamicSelectionMap.put(dynamicSelectionInfo, alias);
                            }
                        }
                    } else if (tc.isEntryEnabled()) {
                        Tr.exit(tc, new StringBuffer().append("Scope \"").append(scopeName).append("\" is out of scope for this process.").toString());
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadDynamicSSLSelectionInfo", new Object[]{this.sslConfigDynamicSelectionMap});
        }
    }

    public SSLConfig parseSSLConfig(com.ibm.websphere.models.config.security.SSLConfig sSLConfig, boolean z) throws Exception {
        String scopeName;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "parseSSLConfig");
        }
        if (sSLConfig == null) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "parseSSLConfig -> null");
            return null;
        }
        String alias = sSLConfig.getAlias();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Parsing SSLConfig with alias: ").append(alias).toString());
        }
        if (sSLConfig.getManagementScope() != null && (scopeName = sSLConfig.getManagementScope().getScopeName()) != null && !scopeName.equals("") && !ManagementScopeManager.getInstance().currentScopeContained(scopeName)) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, new StringBuffer().append("SSLConfig with alias \"").append(alias).append("\" and scope (\"").append(scopeName).append("\") is not in the current process scope").toString());
            return null;
        }
        String str = null;
        if (null != sSLConfig.getType()) {
            str = sSLConfig.getType().getName();
        }
        SSLConfig parseSecureSocketLayer = parseSecureSocketLayer(alias, str, sSLConfig.getSetting(), z);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "parseSSLConfig");
        }
        return parseSecureSocketLayer;
    }

    public SSLConfig parseSecureSocketLayer(String str, String str2, SecureSocketLayer secureSocketLayer, boolean z) throws Exception {
        String securityLevel;
        String bool;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "parseSecureSocketLayer");
        }
        SSLConfig sSLConfig = new SSLConfig();
        if (secureSocketLayer != null) {
            KeyStore keyStore = secureSocketLayer.getKeyStore();
            WSKeyStore wSKeyStore = null;
            String str3 = null;
            if (keyStore != null) {
                str3 = keyStore.getName();
                wSKeyStore = KeyStoreManager.getInstance().getKeyStore(str3);
            }
            Certificate certificate = null;
            if (wSKeyStore != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding keystore properties from KeyStore object.");
                }
                sSLConfig.setProperty(Constants.SSLPROP_KEY_STORE_NAME, str3);
                addSSLPropertiesFromKeyStore(wSKeyStore, sSLConfig);
                certificate = KeyStoreManager.getInstance().checkIfKeyStoreExistsAndCreateIfNot(wSKeyStore, sSLConfig);
                wSKeyStore.initializeKeyStore(z);
            }
            KeyStore trustStore = secureSocketLayer.getTrustStore();
            WSKeyStore wSKeyStore2 = null;
            String str4 = null;
            if (trustStore != null) {
                str4 = trustStore.getName();
                wSKeyStore2 = KeyStoreManager.getInstance().getKeyStore(str4);
            }
            if (wSKeyStore2 != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding truststore properties from KeyStore object.");
                }
                sSLConfig.setProperty(Constants.SSLPROP_TRUST_STORE_NAME, str4);
                addSSLPropertiesFromTrustStore(wSKeyStore2, sSLConfig);
                KeyStoreManager.getInstance().checkIfTrustStoreExistsAndCreateIfNot(wSKeyStore2, sSLConfig, certificate);
                wSKeyStore2.initializeKeyStore(z);
            }
        }
        WSKeyStore[] loadOldWCCMKeyStores = KeyStoreManager.getInstance().loadOldWCCMKeyStores(str, str2, secureSocketLayer);
        if (loadOldWCCMKeyStores != null) {
            for (int i = 0; i < loadOldWCCMKeyStores.length; i++) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding key/trust store properties from old attributes.");
                }
                WSKeyStore wSKeyStore3 = loadOldWCCMKeyStores[i];
                if (wSKeyStore3 != null) {
                    String property = wSKeyStore3.getProperty(Constants.SSLPROP_KEY_STORE_NAME);
                    if (property.endsWith("_trust")) {
                        sSLConfig.setProperty(Constants.SSLPROP_TRUST_STORE_NAME, property);
                        addSSLPropertiesFromTrustStore(wSKeyStore3, sSLConfig);
                    }
                    if (property.endsWith("_key")) {
                        sSLConfig.setProperty(Constants.SSLPROP_KEY_STORE_NAME, property);
                        addSSLPropertiesFromKeyStore(wSKeyStore3, sSLConfig);
                    }
                }
                loadOldWCCMKeyStores[i].initializeKeyStore(z);
            }
        }
        KeyManager keyManager = secureSocketLayer != null ? secureSocketLayer.getKeyManager() : null;
        if (keyManager == null) {
            String keyManagerFactoryAlgorithm = JSSEProviderFactory.getKeyManagerFactoryAlgorithm();
            if (keyManagerFactoryAlgorithm != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Setting default KeyManager: ").append(keyManagerFactoryAlgorithm).toString());
                }
                sSLConfig.setProperty("com.ibm.ssl.keyManager", keyManagerFactoryAlgorithm);
            }
        } else if (keyManager.getAlgorithm() != null && (keyManager.getAlgorithm().equalsIgnoreCase("IbmPKIX") || keyManager.getAlgorithm().equalsIgnoreCase("IbmX509"))) {
            String algorithm = (keyManager.getAlgorithm() == null || keyManager.getProvider() == null) ? keyManager.getAlgorithm() : new StringBuffer().append(keyManager.getAlgorithm()).append("|").append(keyManager.getProvider()).toString();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Setting KeyManager: ").append(algorithm).toString());
            }
            sSLConfig.setProperty("com.ibm.ssl.keyManager", algorithm);
        } else if ((keyManager.getAlgorithm() == null || keyManager.getProvider() == null) && keyManager.getKeyManagerClass() == null) {
            String keyManagerFactoryAlgorithm2 = JSSEProviderFactory.getKeyManagerFactoryAlgorithm();
            if (keyManagerFactoryAlgorithm2 != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Setting default KeyManager: ").append(keyManagerFactoryAlgorithm2).toString());
                }
                sSLConfig.setProperty("com.ibm.ssl.keyManager", keyManagerFactoryAlgorithm2);
            }
        } else {
            String name = keyManager.getName();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Setting custom KeyManager: ").append(name).toString());
            }
            sSLConfig.setProperty(Constants.SSLPROP_CUSTOM_KEY_MANAGER, name);
            String keyManagerFactoryAlgorithm3 = JSSEProviderFactory.getKeyManagerFactoryAlgorithm();
            if (keyManagerFactoryAlgorithm3 != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Setting default KeyManager: ").append(keyManagerFactoryAlgorithm3).toString());
                }
                sSLConfig.setProperty("com.ibm.ssl.keyManager", keyManagerFactoryAlgorithm3);
            }
        }
        EList trustManager = secureSocketLayer != null ? secureSocketLayer.getTrustManager() : null;
        if (trustManager == null || trustManager.size() <= 0) {
            String trustManagerFactoryAlgorithm = JSSEProviderFactory.getTrustManagerFactoryAlgorithm();
            if (trustManagerFactoryAlgorithm != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Setting default TrustManager: ").append(trustManagerFactoryAlgorithm).toString());
                }
                sSLConfig.setProperty("com.ibm.ssl.trustManager", trustManagerFactoryAlgorithm);
            }
        } else {
            String str5 = null;
            for (int i2 = 0; i2 < trustManager.size(); i2++) {
                TrustManager trustManager2 = (TrustManager) trustManager.get(i2);
                if (i2 == 0 && trustManager2 != null && trustManager2.getAlgorithm() != null && (trustManager2.getAlgorithm().equalsIgnoreCase("IbmX509") || trustManager2.getAlgorithm().equalsIgnoreCase("IbmPKIX"))) {
                    String stringBuffer = trustManager2.getProvider() != null ? new StringBuffer().append(trustManager2.getAlgorithm()).append("|").append(trustManager2.getProvider()).toString() : trustManager2.getAlgorithm();
                    if (trustManager2.getAlgorithm().equalsIgnoreCase("IbmPKIX")) {
                        AccessController.doPrivileged(new PrivilegedAction(this) { // from class: com.ibm.ws.ssl.config.SSLConfigManager.1
                            private final SSLConfigManager this$0;

                            {
                                this.this$0 = this;
                            }

                            @Override // java.security.PrivilegedAction
                            public Object run() {
                                System.setProperty("com.ibm.jsse2.checkRevocation", "true");
                                System.setProperty("com.ibm.security.enableCRLDP", "true");
                                return null;
                            }
                        });
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Setting TrustManager: ").append(stringBuffer).toString());
                    }
                    sSLConfig.setProperty("com.ibm.ssl.trustManager", stringBuffer);
                } else if (i2 > 0 && trustManager2 != null) {
                    str5 = str5 != null ? new StringBuffer().append(str5).append(",").append(trustManager2.getName()).toString() : trustManager2.getName();
                }
            }
            if (str5 != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Setting custom TrustManager(s): ").append(str5).toString());
                }
                sSLConfig.setProperty(Constants.SSLPROP_CUSTOM_TRUST_MANAGERS, str5);
            }
        }
        if (secureSocketLayer != null) {
            String sslProtocol = secureSocketLayer.getSslProtocol();
            if (sslProtocol != null && !sslProtocol.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.protocol", sslProtocol);
            }
            String jsseProvider = secureSocketLayer.getJsseProvider();
            if (jsseProvider != null && !jsseProvider.equals("")) {
                if (jsseProvider.equalsIgnoreCase(Constants.IBMJSSE_NAME) || jsseProvider.equalsIgnoreCase(Constants.IBMJSSEFIPS_NAME)) {
                    jsseProvider = "IBMJSSE2";
                }
                sSLConfig.setProperty("com.ibm.ssl.contextProvider", jsseProvider);
            }
            if (secureSocketLayer.isSetClientAuthentication() && (bool = Boolean.toString(secureSocketLayer.isClientAuthentication())) != null) {
                sSLConfig.setProperty("com.ibm.ssl.clientAuthentication", bool);
            }
            String bool2 = Boolean.toString(secureSocketLayer.isClientAuthenticationSupported());
            if (bool2 != null) {
                sSLConfig.setProperty(Constants.SSLPROP_CLIENT_AUTHENTICATION_SUPPORTED, bool2);
            }
            if (secureSocketLayer.isSetSecurityLevel() && (securityLevel = getSecurityLevel(secureSocketLayer.getSecurityLevel())) != null && !securityLevel.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.securityLevel", securityLevel);
            }
            String clientKeyAlias = secureSocketLayer.getClientKeyAlias();
            if (clientKeyAlias != null && !clientKeyAlias.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.keyStoreClientAlias", clientKeyAlias);
            }
            String serverKeyAlias = secureSocketLayer.getServerKeyAlias();
            if (serverKeyAlias != null && !serverKeyAlias.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.keyStoreServerAlias", serverKeyAlias);
            }
            String enabledCiphers = secureSocketLayer.getEnabledCiphers();
            if (enabledCiphers != null && !enabledCiphers.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.enabledCipherSuites", enabledCiphers);
            }
            for (int i3 = 0; i3 < secureSocketLayer.getProperties().size(); i3++) {
                Property property2 = (Property) secureSocketLayer.getProperties().get(i3);
                if (property2 != null && property2.getValue() != null && !property2.getValue().equals("")) {
                    String value = property2.getValue();
                    if (property2.getName().equals("com.ibm.ssl.contextProvider") && (value.equalsIgnoreCase(Constants.IBMJSSE_NAME) || value.equalsIgnoreCase(Constants.IBMJSSEFIPS_NAME))) {
                        value = "IBMJSSE2";
                    }
                    sSLConfig.setProperty(property2.getName(), value);
                }
            }
        }
        if (FIPSManager.getInstance().isFIPSEnabled()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "FIPS enabled, setting SSL protocol to TLS.");
            }
            sSLConfig.put("com.ibm.ssl.protocol", Constants.PROTOCOL_TLS);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Saving SSLConfig.");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, sSLConfig.toString());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "parseSecureSocketLayer");
        }
        return sSLConfig;
    }

    public void addSSLPropertiesFromKeyStore(WSKeyStore wSKeyStore, SSLConfig sSLConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addSSLPropertiesFromKeyStore");
        }
        Enumeration<?> propertyNames = wSKeyStore.propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str = (String) propertyNames.nextElement();
            sSLConfig.setProperty(str, wSKeyStore.getProperty(str));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addSSLPropertiesFromKeyStore");
        }
    }

    public void addSSLPropertiesFromTrustStore(WSKeyStore wSKeyStore, SSLConfig sSLConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addSSLPropertiesFromTrustStore");
        }
        Enumeration<?> propertyNames = wSKeyStore.propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str = (String) propertyNames.nextElement();
            String property = wSKeyStore.getProperty(str);
            String str2 = null;
            if (str.startsWith("com.ibm.ssl.keyStore")) {
                int indexOf = str.indexOf("com.ibm.ssl.keyStore");
                String str3 = null;
                if (indexOf + "com.ibm.ssl.keyStore".length() < str.length()) {
                    str3 = str.substring(indexOf + "com.ibm.ssl.keyStore".length());
                }
                str2 = str3 != null ? new StringBuffer().append("com.ibm.ssl.trustStore").append(str3).toString() : "com.ibm.ssl.trustStore";
            }
            if (str2 != null && property != null) {
                sSLConfig.setProperty(str2, property);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addSSLPropertiesFromKeyStore");
        }
    }

    public String[] getSSLConfigAliases() {
        return (String[]) this.sslConfigMap.keySet().toArray(new String[0]);
    }

    public SSLConfig getSSLConfig(String str) throws IllegalArgumentException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSSLConfig", str);
        }
        if (str == null || str.equals("")) {
            return getDefaultSSLConfig();
        }
        SSLConfig sSLConfig = (SSLConfig) this.sslConfigMap.get(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSSLConfig");
        }
        return sSLConfig;
    }

    public void loadGlobalProperties(Security security) throws SSLException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loadGlobalProperties");
        }
        this.globalConfigProperties.clear();
        EList properties = security.getProperties();
        if (this.globalConfigProperties != null && properties != null) {
            for (int i = 0; i < properties.size(); i++) {
                Property property = (Property) properties.get(i);
                if (property.getName().startsWith("com.ibm.ssl") || property.getName().startsWith("com.ibm.security")) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Setting global property: ").append(property.getName()).append(JMSConstants.URL_PROP_VALUE_SEPARATOR).append(property.getValue()).toString());
                    }
                    this.globalConfigProperties.setProperty(property.getName(), property.getValue());
                }
            }
        }
        loadCSIv2SSLProperties(security);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadGlobalProperties");
        }
    }

    public void loadCSIv2SSLProperties(Security security) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loadCSIv2SSLProperties");
        }
        IIOPSecurityProtocol csi = security.getCSI();
        if (csi != null) {
            CommonSecureInterop claims = csi.getClaims();
            TransportLayer transportLayer = null;
            int i = 0;
            while (true) {
                if (i >= claims.getLayers().size()) {
                    break;
                }
                if (((IIOPLayer) claims.getLayers().get(i)) instanceof TransportLayer) {
                    transportLayer = (TransportLayer) claims.getLayers().get(i);
                    break;
                }
                i++;
            }
            if (transportLayer != null) {
                TransportQOP supportedQOP = transportLayer.getSupportedQOP();
                if (supportedQOP.isEnableProtection()) {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.claimTransportAssocSSLTLSSupported", "true");
                } else {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.claimTransportAssocSSLTLSSupported", "false");
                }
                if (supportedQOP.isEstablishTrustInClient()) {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.claimTLClientAuthenticationSupported", "true");
                } else {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.claimTLClientAuthenticationSupported", "false");
                }
                if (supportedQOP.isIntegrity()) {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.claimMessageIntegritySupported", "true");
                } else {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.claimMessageIntegritySupported", "false");
                }
                if (supportedQOP.isConfidentiality()) {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.claimMessageConfidentialitySupported", "true");
                } else {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.claimMessageConfidentialitySupported", "false");
                }
                TransportQOP requiredQOP = transportLayer.getRequiredQOP();
                if (requiredQOP.isEnableProtection()) {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.claimTransportAssocSSLTLSRequired", "true");
                } else {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.claimTransportAssocSSLTLSRequired", "false");
                }
                if (requiredQOP.isEstablishTrustInClient()) {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.claimTLClientAuthenticationRequired", "true");
                } else {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.claimTLClientAuthenticationRequired", "false");
                }
                if (requiredQOP.isIntegrity()) {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.claimMessageIntegrityRequired", "true");
                } else {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.claimMessageIntegrityRequired", "false");
                }
                if (requiredQOP.isConfidentiality()) {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.claimMessageConfidentialityRequired", "true");
                } else {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.claimMessageConfidentialityRequired", "false");
                }
                String sslConfig = transportLayer.getServerAuthentication().getSslConfig();
                if (sslConfig != null) {
                    this.globalConfigProperties.setProperty("com.ibm.ssl.csi.inbound.alias", sslConfig);
                }
            }
            CommonSecureInterop claims2 = csi.getClaims();
            TransportLayer transportLayer2 = null;
            int i2 = 0;
            while (true) {
                if (i2 >= claims2.getLayers().size()) {
                    break;
                }
                if (((IIOPLayer) claims2.getLayers().get(i2)) instanceof TransportLayer) {
                    transportLayer2 = (TransportLayer) claims2.getLayers().get(i2);
                    break;
                }
                i2++;
            }
            if (transportLayer2 != null) {
                TransportQOP supportedQOP2 = transportLayer2.getSupportedQOP();
                if (supportedQOP2.isEnableProtection()) {
                    this.globalConfigProperties.setProperty(SASPropFile.CSI_PERFORM_TRANSPORT_SUP, "true");
                } else {
                    this.globalConfigProperties.setProperty(SASPropFile.CSI_PERFORM_TRANSPORT_SUP, "false");
                }
                if (supportedQOP2.isIntegrity()) {
                    this.globalConfigProperties.setProperty(SASPropFile.CSI_PERFORM_MESSAGE_INT_SUP, "true");
                } else {
                    this.globalConfigProperties.setProperty(SASPropFile.CSI_PERFORM_MESSAGE_INT_SUP, "false");
                }
                if (supportedQOP2.isConfidentiality()) {
                    this.globalConfigProperties.setProperty(SASPropFile.CSI_PERFORM_MESSAGE_CON_SUP, "true");
                } else {
                    this.globalConfigProperties.setProperty(SASPropFile.CSI_PERFORM_MESSAGE_CON_SUP, "false");
                }
                TransportQOP requiredQOP2 = transportLayer2.getRequiredQOP();
                if (requiredQOP2.isEnableProtection()) {
                    this.globalConfigProperties.setProperty(SASPropFile.CSI_PERFORM_TRANSPORT_REQ, "true");
                } else {
                    this.globalConfigProperties.setProperty(SASPropFile.CSI_PERFORM_TRANSPORT_REQ, "false");
                }
                if (requiredQOP2.isIntegrity()) {
                    this.globalConfigProperties.setProperty(SASPropFile.CSI_PERFORM_MESSAGE_INT_REQ, "true");
                } else {
                    this.globalConfigProperties.setProperty(SASPropFile.CSI_PERFORM_MESSAGE_INT_REQ, "false");
                }
                if (requiredQOP2.isConfidentiality()) {
                    this.globalConfigProperties.setProperty(SASPropFile.CSI_PERFORM_MESSAGE_CON_REQ, "true");
                } else {
                    this.globalConfigProperties.setProperty(SASPropFile.CSI_PERFORM_MESSAGE_CON_REQ, "false");
                }
                String sslConfig2 = transportLayer2.getServerAuthentication().getSslConfig();
                if (sslConfig2 != null) {
                    this.globalConfigProperties.setProperty("com.ibm.ssl.csi.outbound.alias", sslConfig2);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loadCSIv2SSLProperties");
        }
    }

    public Properties determineIfCSIv2SettingsApply(Properties properties, Map map) throws SSLException {
        Properties properties2;
        Properties properties3;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "determineIfCSIv2SettingsApply", new Object[]{map});
        }
        Properties properties4 = null;
        if (map != null) {
            String str = (String) map.get("com.ibm.ssl.endPointName");
            String str2 = (String) map.get("com.ibm.ssl.direction");
            if (str != null && ((str.equals(Constants.ENDPOINT_ORB_SSL_LISTENER_ADDRESS) || str.equals(Constants.ENDPOINT_CSIV2_SERVERAUTH) || str.equals(Constants.ENDPOINT_CSIV2_MUTUALAUTH)) && str2 != null && str2.equals("inbound"))) {
                String property = this.globalConfigProperties.getProperty("com.ibm.ssl.csi.inbound.alias");
                if (property != null && property.length() > 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Getting inbound SSL config with alias: ").append(property).toString());
                    }
                    properties4 = getProperties(property);
                }
                if (properties4 != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cloning CSIv2 alias reference configuration.");
                    }
                    properties3 = (Properties) properties4.clone();
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cloning JSSEHelper configuration.");
                    }
                    properties3 = (Properties) properties.clone();
                }
                if (properties3 != null) {
                    String property2 = this.globalConfigProperties.getProperty("com.ibm.CSI.claimTLClientAuthenticationSupported");
                    String property3 = this.globalConfigProperties.getProperty("com.ibm.CSI.claimTLClientAuthenticationRequired");
                    if (property2 != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("Setting client auth supported: ").append(property2).toString());
                        }
                        properties3.setProperty(Constants.SSLPROP_CLIENT_AUTHENTICATION_SUPPORTED, property2);
                    }
                    if (property3 != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("Setting client auth required: ").append(property3).toString());
                        }
                        properties3.setProperty("com.ibm.ssl.clientAuthentication", property3);
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "determineIfCSIv2SettingsApply (settings applied)");
                    }
                    return properties3;
                }
            } else if ("IIOP".equals(str) && "outbound".equals(str2)) {
                String property4 = this.globalConfigProperties.getProperty("com.ibm.ssl.csi.outbound.alias");
                if (property4 != null && property4.length() > 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Getting outbound SSL config with alias: ").append(property4).toString());
                    }
                    properties4 = getProperties(property4);
                }
                if (properties4 != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cloning CSIv2 alias reference configuration.");
                    }
                    properties2 = (Properties) properties4.clone();
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cloning JSSEHelper configuration.");
                    }
                    properties2 = (Properties) properties.clone();
                }
                if (properties2 != null) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "determineIfCSIv2SettingsApply (settings applied)");
                    }
                    return properties2;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "determineIfCSIv2SettingsApply (original settings)");
        }
        return properties;
    }

    public Properties getDefaultSystemProperties(boolean z) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDefaultSystemProperties");
        }
        if (!z && this.sslConfigMap.get(Constants.DEFAULT_SYSTEM_ALIAS) != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getDefaultSystemProperties -> already present.");
            }
            return (Properties) this.sslConfigMap.get(Constants.DEFAULT_SYSTEM_ALIAS);
        }
        SSLConfig parseSecureSocketLayer = parseSecureSocketLayer(Constants.DEFAULT_SYSTEM_ALIAS, Constants.SSLTYPE_JSSE, null, z);
        if (parseSecureSocketLayer == null || !parseSecureSocketLayer.requiredPropertiesArePresent()) {
            setDefaultSystemPropertiesIfNecessary();
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getDefaultSystemProperties -> null");
            return null;
        }
        parseSecureSocketLayer.setProperty(Constants.SSLPROP_ALIAS, Constants.DEFAULT_SYSTEM_ALIAS);
        parseSecureSocketLayer.setProperty(Constants.SSLPROP_CONFIGURL_LOADED_FROM, "System Properties");
        parseSecureSocketLayer.decodePasswords();
        SSLConfig sSLConfig = (SSLConfig) this.sslConfigMap.get(Constants.DEFAULT_SYSTEM_ALIAS);
        if (sSLConfig == null) {
            addSSLConfigToMap(Constants.DEFAULT_SYSTEM_ALIAS, parseSecureSocketLayer);
        } else if (!sSLConfig.equals(parseSecureSocketLayer)) {
            removeSSLConfigFromMap(Constants.DEFAULT_SYSTEM_ALIAS, sSLConfig);
            addSSLConfigToMap(Constants.DEFAULT_SYSTEM_ALIAS, parseSecureSocketLayer);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "New SSL config equals old SSL config for alias: DefaultSystemProperties");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDefaultSystemProperties -> found valid system properties");
        }
        return parseSecureSocketLayer;
    }

    public void setDefaultSystemPropertiesIfNecessary() {
        SSLConfig defaultSSLConfig;
        String defaultSSLSocketFactory = JSSEProviderFactory.getDefaultSSLSocketFactory();
        String defaultSSLServerSocketFactory = JSSEProviderFactory.getDefaultSSLServerSocketFactory();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setDefaultSystemPropertiesIfNecessary", new Object[]{defaultSSLSocketFactory, defaultSSLServerSocketFactory});
        }
        if (((defaultSSLSocketFactory != null && defaultSSLSocketFactory.equals(Constants.SOCKET_FACTORY_JSSE_DEFAULT)) || (defaultSSLServerSocketFactory != null && defaultSSLServerSocketFactory.equals(Constants.SERVER_SOCKET_FACTORY_JSSE_DEFAULT))) && ((SSLConfig) this.sslConfigMap.get(Constants.DEFAULT_SYSTEM_ALIAS)) == null && (defaultSSLConfig = getDefaultSSLConfig()) != null) {
            AccessController.doPrivileged(new PrivilegedAction(this, defaultSSLConfig) { // from class: com.ibm.ws.ssl.config.SSLConfigManager.2
                private final SSLConfig val$systemPropertyConfigFinal;
                private final SSLConfigManager this$0;

                {
                    this.this$0 = this;
                    this.val$systemPropertyConfigFinal = defaultSSLConfig;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    String property = this.val$systemPropertyConfigFinal.getProperty(Constants.SSLPROP_KEY_STORE_NAME);
                    WSKeyStore wSKeyStore = null;
                    if (property != null) {
                        wSKeyStore = KeyStoreManager.getInstance().getKeyStore(property);
                    }
                    if ((wSKeyStore != null && wSKeyStore.getProperty("com.ibm.ssl.keyStore") != null) || this.val$systemPropertyConfigFinal.getProperty("com.ibm.ssl.keyStore") != null) {
                        System.setProperty(Constants.SYSTEM_SSLPROP_KEY_STORE, wSKeyStore != null ? wSKeyStore.getProperty("com.ibm.ssl.keyStore") : this.val$systemPropertyConfigFinal.getProperty("com.ibm.ssl.keyStore"));
                    }
                    if ((wSKeyStore != null && wSKeyStore.getProperty("com.ibm.ssl.keyStorePassword") != null) || this.val$systemPropertyConfigFinal.getProperty("com.ibm.ssl.keyStorePassword") != null) {
                        System.setProperty(Constants.SYSTEM_SSLPROP_KEY_STORE_PASSWORD, wSKeyStore != null ? wSKeyStore.getProperty("com.ibm.ssl.keyStorePassword") : this.val$systemPropertyConfigFinal.getProperty("com.ibm.ssl.keyStorePassword"));
                    }
                    if ((wSKeyStore != null && wSKeyStore.getProperty("com.ibm.ssl.keyStoreType") != null) || this.val$systemPropertyConfigFinal.getProperty("com.ibm.ssl.keyStoreType") != null) {
                        System.setProperty(Constants.SYSTEM_SSLPROP_KEY_STORE_TYPE, wSKeyStore != null ? wSKeyStore.getProperty("com.ibm.ssl.keyStoreType") : this.val$systemPropertyConfigFinal.getProperty("com.ibm.ssl.keyStoreType"));
                    }
                    if ((wSKeyStore != null && wSKeyStore.getProperty("com.ibm.ssl.keyStoreProvider") != null) || this.val$systemPropertyConfigFinal.getProperty("com.ibm.ssl.keyStoreProvider") != null) {
                        System.setProperty(Constants.SYSTEM_SSLPROP_KEY_STORE_PROVIDER, wSKeyStore != null ? wSKeyStore.getProperty("com.ibm.ssl.keyStoreProvider") : this.val$systemPropertyConfigFinal.getProperty("com.ibm.ssl.keyStoreProvider"));
                    }
                    String property2 = this.val$systemPropertyConfigFinal.getProperty(Constants.SSLPROP_TRUST_STORE_NAME);
                    WSKeyStore wSKeyStore2 = null;
                    if (property2 != null) {
                        wSKeyStore2 = KeyStoreManager.getInstance().getKeyStore(property2);
                    }
                    if ((wSKeyStore2 != null && wSKeyStore2.getProperty("com.ibm.ssl.keyStore") != null) || this.val$systemPropertyConfigFinal.getProperty("com.ibm.ssl.trustStore") != null) {
                        System.setProperty(Constants.SYSTEM_SSLPROP_TRUST_STORE, wSKeyStore2 != null ? wSKeyStore2.getProperty("com.ibm.ssl.keyStore") : this.val$systemPropertyConfigFinal.getProperty("com.ibm.ssl.trustStore"));
                    }
                    if ((wSKeyStore2 != null && wSKeyStore2.getProperty("com.ibm.ssl.keyStorePassword") != null) || this.val$systemPropertyConfigFinal.getProperty("com.ibm.ssl.trustStorePassword") != null) {
                        System.setProperty(Constants.SYSTEM_SSLPROP_TRUST_STORE_PASSWORD, wSKeyStore2 != null ? wSKeyStore2.getProperty("com.ibm.ssl.keyStorePassword") : this.val$systemPropertyConfigFinal.getProperty("com.ibm.ssl.trustStorePassword"));
                    }
                    if ((wSKeyStore2 != null && wSKeyStore2.getProperty("com.ibm.ssl.keyStoreType") != null) || this.val$systemPropertyConfigFinal.getProperty("com.ibm.ssl.trustStoreType") != null) {
                        System.setProperty(Constants.SYSTEM_SSLPROP_TRUST_STORE_TYPE, wSKeyStore2 != null ? wSKeyStore2.getProperty("com.ibm.ssl.keyStoreType") : this.val$systemPropertyConfigFinal.getProperty("com.ibm.ssl.trustStoreType"));
                    }
                    if ((wSKeyStore2 == null || wSKeyStore2.getProperty("com.ibm.ssl.keyStoreProvider") == null) && this.val$systemPropertyConfigFinal.getProperty("com.ibm.ssl.trustStoreProvider") == null) {
                        return null;
                    }
                    System.setProperty(Constants.SYSTEM_SSLPROP_TRUST_STORE_PROVIDER, wSKeyStore2 != null ? wSKeyStore2.getProperty("com.ibm.ssl.keyStoreProvider") : this.val$systemPropertyConfigFinal.getProperty("com.ibm.ssl.trustStoreProvider"));
                    return null;
                }
            });
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Set System JSSE properties using the following SSL config: ").append(defaultSSLConfig.toString()).toString());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setDefaultSystemPropertiesIfNecessary");
        }
    }

    public SSLConfig getDefaultSSLConfig() throws IllegalArgumentException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDefaultSSLConfig");
        }
        SSLConfig sSLConfig = null;
        String globalProperty = getGlobalProperty(Constants.SSLPROP_DEFAULT_ALIAS);
        if (globalProperty != null) {
            sSLConfig = (SSLConfig) this.sslConfigMap.get(globalProperty);
            if (sSLConfig != null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, new StringBuffer().append("getDefaultSSLConfig: ").append(globalProperty).toString());
                }
                return sSLConfig;
            }
        }
        if (sSLConfig == null) {
            for (Map.Entry entry : this.sslConfigMap.entrySet()) {
                SSLConfig sSLConfig2 = (SSLConfig) entry.getValue();
                String str = (String) entry.getKey();
                if (sSLConfig2 != null) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, new StringBuffer().append("getDefaultSSLConfig: ").append(str).toString());
                    }
                    return sSLConfig2;
                }
            }
        }
        if (sSLConfig == null) {
            SSLConfig sSLConfig3 = new SSLConfig();
            sSLConfig3.setProperty(Constants.SSLPROP_ALIAS, Constants.DEFAULT_SYSTEM_ALIAS);
            String property = System.getProperty(Constants.SYSTEM_SSLPROP_KEY_STORE);
            if (property != null) {
                sSLConfig3.setProperty("com.ibm.ssl.keyStore", property);
            }
            String property2 = System.getProperty(Constants.SYSTEM_SSLPROP_KEY_STORE_PASSWORD);
            if (property2 != null) {
                sSLConfig3.setProperty("com.ibm.ssl.keyStorePassword", property2);
            }
            String property3 = System.getProperty(Constants.SYSTEM_SSLPROP_KEY_STORE_TYPE);
            if (property3 != null) {
                sSLConfig3.setProperty("com.ibm.ssl.keyStoreType", property3);
            }
            String property4 = System.getProperty(Constants.SYSTEM_SSLPROP_KEY_STORE_PROVIDER);
            if (property4 != null) {
                sSLConfig3.setProperty("com.ibm.ssl.keyStoreProvider", property4);
            }
            String property5 = System.getProperty(Constants.SYSTEM_SSLPROP_TRUST_STORE);
            if (property5 != null) {
                sSLConfig3.setProperty("com.ibm.ssl.trustStore", property5);
            }
            String property6 = System.getProperty(Constants.SYSTEM_SSLPROP_TRUST_STORE_PASSWORD);
            if (property6 != null) {
                sSLConfig3.setProperty("com.ibm.ssl.trustStorePassword", property6);
            }
            String property7 = System.getProperty(Constants.SYSTEM_SSLPROP_TRUST_STORE_TYPE);
            if (property7 != null) {
                sSLConfig3.setProperty("com.ibm.ssl.trustStoreType", property7);
            }
            String property8 = System.getProperty(Constants.SYSTEM_SSLPROP_TRUST_STORE_PROVIDER);
            if (property8 != null) {
                sSLConfig3.setProperty("com.ibm.ssl.trustStoreProvider", property8);
            }
            try {
                if (sSLConfig3.requiredPropertiesArePresent()) {
                    addSSLConfigToMap(Constants.DEFAULT_SYSTEM_ALIAS, sSLConfig3);
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception adding default System properties to configuration.", new Object[]{e});
                }
                FFDCFilter.processException(e, "com.ibm.ws.ssl.core.SSLConfigManager.getDefaultSSLConfig", "1206", this);
            }
        }
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "getDefaultSSLConfig -> null");
        return null;
    }

    public Properties getPropertiesFromDynamicSelectionInfo(Map map) {
        String[] split;
        String property;
        SSLConfig sSLConfig;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPropertiesFromDynamicSelectionInfo", new Object[]{map});
        }
        if (map == null) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo -> null (no connection info)");
            return null;
        }
        if (this.sslConfigDynamicSelectionMap.size() == 0) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo -> null (no dynamic selections configured)");
            return null;
        }
        if (this.sslConfigDynamicSelectionCacheMissTreeSet.contains(map)) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo -> previous cache miss.");
            return null;
        }
        SSLConfig sSLConfig2 = (SSLConfig) this.sslConfigDynamicLookupCache.get(map);
        if (sSLConfig2 != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo -> cached.");
            }
            return sSLConfig2;
        }
        String str = (String) map.get("com.ibm.ssl.direction");
        if (str != null && str.equals("inbound")) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo -> null (direction inbound).");
            return null;
        }
        String str2 = (String) map.get("com.ibm.ssl.endPointName");
        String str3 = (String) map.get(Constants.CONNECTION_INFO_REMOTE_HOST);
        String str4 = (String) map.get(Constants.CONNECTION_INFO_REMOTE_PORT);
        if (str2 != null && str2.equals("ADMIN_SOAP") && (sSLConfig = getSSLConfig("ADMIN_SOAP")) != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo -> returning old soap config.");
            }
            this.sslConfigDynamicLookupCache.put(map, sSLConfig);
            return sSLConfig;
        }
        Set keySet = this.sslConfigDynamicSelectionMap.keySet();
        Iterator it = null;
        if (keySet != null && keySet.size() > 0) {
            it = keySet.iterator();
        }
        if (it != null) {
            while (it.hasNext()) {
                String str5 = (String) it.next();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("SSLConfig dynamic selection info: ").append(str5).toString());
                }
                if (str5 != null && (split = str5.split("\\|")) != null && split.length > 0) {
                    for (int i = 0; i < split.length; i++) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("Parsing entry ").append(i).append(" of ").append(split.length).append(": ").append(split[i]).toString());
                        }
                        String[] split2 = split[i].split(",");
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("This entry has ").append(split2.length).append(" attributes.").toString());
                        }
                        if (split2 != null && split2.length == 3) {
                            String str6 = split2[0];
                            String str7 = split2[1];
                            String str8 = split2[2];
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, new StringBuffer().append("Protocol: ").append(str6).append(", Host: ").append(str7).append(", Port: ").append(str8).toString());
                            }
                            if (str6 == null || str7 == null || str8 == null) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Ending evaluation, one of the values is null.");
                                }
                            } else if (str6.equals("*") || (str2 != null && str6.equalsIgnoreCase(str2))) {
                                if (str7.equals("*") || (str3 != null && str3.equalsIgnoreCase(str7) && str3.endsWith(str7))) {
                                    if (str8.equals("*") || (str4 != null && str8.equalsIgnoreCase(str4))) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Found a dynamic selection match!");
                                        }
                                        String str9 = (String) this.sslConfigDynamicSelectionMap.get(str5);
                                        String str10 = null;
                                        String str11 = null;
                                        if (str9 != null && str9.indexOf(":") != -1) {
                                            String[] split3 = str9.split(":");
                                            if (split3 != null && split3.length == 2) {
                                                str10 = split3[0];
                                                str11 = split3[1];
                                            }
                                        } else if (str9 != null) {
                                            str10 = str9;
                                        }
                                        SSLConfig sSLConfig3 = (SSLConfig) this.sslConfigMap.get(str10);
                                        if (sSLConfig3 != null) {
                                            if (str11 != null && ((property = sSLConfig3.getProperty("com.ibm.ssl.keyStoreClientAlias")) == null || !property.equals(str10))) {
                                                sSLConfig3 = new SSLConfig(sSLConfig3);
                                                sSLConfig3.setProperty("com.ibm.ssl.keyStoreClientAlias", str11);
                                            }
                                            this.sslConfigDynamicLookupCache.put(map, sSLConfig3);
                                            if (tc.isEntryEnabled()) {
                                                Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo -> found.");
                                            }
                                            return sSLConfig3;
                                        }
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Could not find the associated SSL configuration.");
                                        }
                                    } else if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Port does not match.");
                                    }
                                } else if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Host does not match.");
                                }
                            } else if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Protocol does not match.");
                            }
                        }
                    }
                }
            }
        }
        if (this.sslConfigDynamicSelectionCacheMissTreeSet.size() > 50) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cache miss tree set size is > 50, clearing the TreeSet.");
            }
            this.sslConfigDynamicSelectionCacheMissTreeSet.clear();
        }
        this.sslConfigDynamicSelectionCacheMissTreeSet.add(map);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Cache miss tree set size is ").append(this.sslConfigDynamicSelectionCacheMissTreeSet.size()).append(" entries.").toString());
        }
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo -> null (not found).");
        return null;
    }

    public Properties getProperties(String str) throws IllegalArgumentException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getProperties", str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getProperties");
        }
        return getSSLConfig(str);
    }

    public String getGlobalProperty(String str) {
        if (this.globalConfigProperties == null) {
            String property = System.getProperty(str);
            if (tc.isDebugEnabled() && property != null) {
                Tr.debug(tc, new StringBuffer().append("getGlobalProperties -> ").append(property).toString());
            }
            return property;
        }
        String property2 = System.getProperty(str);
        if (property2 == null) {
            property2 = this.globalConfigProperties.getProperty(str);
        }
        if (tc.isDebugEnabled() && property2 != null) {
            Tr.debug(tc, new StringBuffer().append("getGlobalProperties -> ").append(property2).toString());
        }
        return property2;
    }

    public String getGlobalProperty(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGlobalProperty", new Object[]{str, str2});
        }
        String globalProperty = getGlobalProperty(str);
        if (globalProperty == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, new StringBuffer().append("getGlobalProperty -> ").append(str2).toString());
            }
            return str2;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getGlobalProperty -> ").append(globalProperty).toString());
        }
        return globalProperty;
    }

    public String[] parseEnabledCiphers(String str) {
        if (str != null) {
            return str.split("\\s");
        }
        return null;
    }

    public String[] adjustSupportedCiphersToSecurityLevel(String[] strArr, String str) {
        return Constants.adjustSupportedCiphersToSecurityLevel(strArr, str);
    }

    public String convertCipherListToString(String[] strArr) {
        if (strArr == null || strArr.length == 0) {
            return "null";
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (String str : strArr) {
            stringBuffer.append(str);
            stringBuffer.append(RASFormatter.DEFAULT_SEPARATOR);
        }
        return stringBuffer.toString();
    }

    public String getSecurityLevel(SSLSecurityLevel sSLSecurityLevel) {
        String str;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityLevel");
        }
        switch (sSLSecurityLevel.getValue()) {
            case 0:
            default:
                str = Constants.SECURITY_LEVEL_HIGH;
                break;
            case 1:
                str = Constants.SECURITY_LEVEL_MEDIUM;
                break;
            case 2:
                str = Constants.SECURITY_LEVEL_LOW;
                break;
            case 3:
                str = Constants.SECURITY_LEVEL_CUSTOM;
                break;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getSecurityLevel -> ").append(str).toString());
        }
        return str;
    }

    public static String mask(String str) {
        String str2 = null;
        if (str != null) {
            char[] cArr = new char[str.length()];
            for (int i = 0; i < str.length(); i++) {
                cArr[i] = '*';
            }
            str2 = new String(cArr);
        }
        return str2;
    }

    public void parseConfigURL(String str, String str2, boolean z) {
        SSLConfig sSLConfig;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "parseConfigURL", new Object[]{str2});
        }
        if (str2 != null && (!this.clientFilesAlreadyProcessed.contains(str2) || z)) {
            try {
                SSLConfig sSLConfig2 = new SSLConfig(str2);
                String property = sSLConfig2.getProperty(Constants.SSLPROP_ALIAS);
                if (property == null) {
                    property = str;
                    sSLConfig2.setProperty(Constants.SSLPROP_ALIAS, property);
                }
                if (str2.indexOf("soap.client.props") != -1) {
                    if (sSLConfig2.getProperty("com.ibm.ssl.keyStoreType") == null) {
                        sSLConfig2.setProperty("com.ibm.ssl.keyStoreType", "JKS");
                    }
                    if (sSLConfig2.getProperty("com.ibm.ssl.trustStoreType") == null) {
                        sSLConfig2.setProperty("com.ibm.ssl.trustStoreType", "JKS");
                    }
                }
                if (sSLConfig2.requiredPropertiesArePresent()) {
                    sSLConfig2.setProperty(Constants.SSLPROP_CONFIGURL_LOADED_FROM, str2);
                    sSLConfig2.decodePasswords();
                    if (z) {
                        SSLConfig sSLConfig3 = (SSLConfig) this.sslConfigMap.get(property);
                        if (sSLConfig3 == null) {
                            addSSLConfigToMap(property, sSLConfig2);
                        } else if (!sSLConfig3.equals(sSLConfig2)) {
                            removeSSLConfigFromMap(property, sSLConfig2);
                            addSSLConfigToMap(property, sSLConfig2);
                            notifySSLConfigChangeListener(property, Constants.CONFIG_STATE_CHANGED);
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("New SSL config equals old SSL config for alias: ").append(property).toString());
                        }
                    } else {
                        addSSLConfigToMap(property, sSLConfig2);
                    }
                } else if (z && (sSLConfig = (SSLConfig) this.sslConfigMap.get(property)) != null) {
                    removeSSLConfigFromMap(property, sSLConfig);
                    notifySSLConfigChangeListener(property, "deleted");
                }
                this.clientFilesAlreadyProcessed.add(str2);
            } catch (Exception e) {
                Tr.error(tc, "ssl.client.config.parse.CWPKI0019E", new Object[]{str2, e.getMessage()});
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception parsing SSL properties from ConfigURL.", new Object[]{e});
                }
                FFDCFilter.processException(e, "com.ibm.ws.ssl.core.SSLConfigManager.parseConfigURL", "1737", this);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "parseConfigURL");
        }
    }

    public void parseSSLConfigURL(String str, boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "parseSSLConfigURL", new Object[]{str, new Boolean(z)});
        }
        if (str != null && (!this.clientFilesAlreadyProcessed.contains(str) || z)) {
            String[] strArr = null;
            HashSet hashSet = null;
            if (z) {
                try {
                    hashSet = new HashSet();
                    strArr = (String[]) this.sslConfigMap.keySet().toArray(new String[0]);
                } catch (Exception e) {
                    Tr.error(tc, "ssl.client.config.parse.CWPKI0019E", new Object[]{str, e.getMessage()});
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception parsing SSL properties from ssl.client.props.", new Object[]{e});
                    }
                    FFDCFilter.processException(e, "com.ibm.ws.ssl.core.SSLConfigManager.parseSSLConfigURL", "1868", this);
                }
            }
            SSLConfig[] loadPropertiesFile = new SSLConfig().loadPropertiesFile(str, true);
            for (int i = 0; i < loadPropertiesFile.length; i++) {
                if (i == 0 && loadPropertiesFile[0] != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Getting global SSL properties.");
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, loadPropertiesFile[i].toString());
                    }
                    this.globalConfigProperties.putAll(loadPropertiesFile[0]);
                } else if (loadPropertiesFile[i] != null && loadPropertiesFile[i].requiredPropertiesArePresent()) {
                    SSLConfig sSLConfig = loadPropertiesFile[i];
                    String property = sSLConfig.getProperty(Constants.SSLPROP_ALIAS);
                    sSLConfig.setProperty(Constants.SSLPROP_CONFIGURL_LOADED_FROM, str);
                    sSLConfig.decodePasswords();
                    if (z) {
                        hashSet.add(property);
                        SSLConfig sSLConfig2 = (SSLConfig) this.sslConfigMap.get(property);
                        if (sSLConfig2 == null) {
                            addSSLConfigToMap(property, sSLConfig);
                        } else if (!sSLConfig2.equals(sSLConfig)) {
                            removeSSLConfigFromMap(property, sSLConfig);
                            addSSLConfigToMap(property, sSLConfig);
                            notifySSLConfigChangeListener(property, Constants.CONFIG_STATE_CHANGED);
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("New SSL config equals old SSL config for alias: ").append(property).toString());
                        }
                    } else {
                        addSSLConfigToMap(property, sSLConfig);
                    }
                }
            }
            this.clientFilesAlreadyProcessed.add(str);
            if (z) {
                for (String str2 : strArr) {
                    SSLConfig sSLConfig3 = (SSLConfig) this.sslConfigMap.get(str2);
                    String property2 = sSLConfig3.getProperty(Constants.SSLPROP_CONFIGURL_LOADED_FROM);
                    if (sSLConfig3 != null && !hashSet.contains(str2) && property2.equals(str)) {
                        removeSSLConfigFromMap(str2, sSLConfig3);
                        notifySSLConfigChangeListener(str2, "deleted");
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "parseSSLConfigURL");
        }
    }

    private void removeSSLConfigFromMap(String str, SSLConfig sSLConfig) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeSSLConfigFromMap", new Object[]{str});
        }
        String dynamicSelectionProperty = sSLConfig.getDynamicSelectionProperty();
        if (dynamicSelectionProperty != null && !dynamicSelectionProperty.equals("")) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Removing old SSL properties from dynamic selection info list.");
            }
            this.sslConfigDynamicSelectionMap.remove(dynamicSelectionProperty);
        }
        this.sslConfigMap.remove(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeSSLConfigFromMap");
        }
    }

    public void addSSLConfigToMap(String str, SSLConfig sSLConfig) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addSSLConfigToMap");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Adding SSL properties for alias: ").append(str).toString());
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, sSLConfig.toString());
        }
        sSLConfig.expandPaths();
        if (validationEnabled()) {
            sSLConfig.validateSSLConfig();
        }
        if (!this.isServerProcess) {
            KeyStoreManager.getInstance().checkIfClientKeyStoreAndTrustStoreExistsAndCreateIfNot(sSLConfig);
        }
        this.sslConfigMap.put(str, sSLConfig);
        String dynamicSelectionProperty = sSLConfig.getDynamicSelectionProperty();
        if (dynamicSelectionProperty != null && !dynamicSelectionProperty.equals("")) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Adding SSL properties to dynamic selection list with value: ").append(dynamicSelectionProperty).toString());
            }
            this.sslConfigDynamicSelectionMap.put(dynamicSelectionProperty, str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addSSLConfigToMap");
        }
    }

    public String toString() {
        if (this.sslConfigMap.size() <= 0) {
            return "SSLConfigManager does not contain any SSL configurations.";
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("SSLConfigManager configuration: \n");
        for (Map.Entry entry : this.sslConfigMap.entrySet()) {
            SSLConfig sSLConfig = (SSLConfig) entry.getValue();
            stringBuffer.append((String) entry.getKey());
            stringBuffer.append("===");
            stringBuffer.append(sSLConfig.toString());
        }
        return stringBuffer.toString();
    }

    public boolean validationEnabled() {
        String globalProperty = getGlobalProperty(Constants.SSLPROP_VALIDATION_ENABLED);
        if (globalProperty != null) {
            return globalProperty.equalsIgnoreCase("true") || globalProperty.equalsIgnoreCase(WsLogRecord.STR_REQUIRES_LOCALIZATION);
        }
        return false;
    }

    public void checkURLHostNameVerificationProperty(boolean z) {
        String globalProperty = getGlobalProperty(Constants.SSLPROP_URL_HOSTNAME_VERIFICATION);
        if (globalProperty == null || globalProperty.equalsIgnoreCase("false") || globalProperty.equalsIgnoreCase(WsLogRecord.STR_REQUIRES_NO_LOCALIZATION)) {
            HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier(this) { // from class: com.ibm.ws.ssl.config.SSLConfigManager.3
                private final SSLConfigManager this$0;

                {
                    this.this$0 = this;
                }

                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    return true;
                }
            });
            if (z) {
                return;
            }
            Tr.info(tc, "ssl.disable.url.hostname.verification.CWPKI0027I");
        }
    }

    public synchronized void notifySSLConfigChangeListener(String str, String str2) {
        List list;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "notifySSLConfigChangeListener", new Object[]{str, str2});
        }
        if (str != null && (list = (List) this.sslConfigListenerMap.get(str)) != null && list.size() > 0) {
            SSLConfigChangeListener[] sSLConfigChangeListenerArr = (SSLConfigChangeListener[]) list.toArray(new SSLConfigChangeListener[list.size()]);
            for (int i = 0; i < sSLConfigChangeListenerArr.length; i++) {
                SSLConfigChangeEvent sSLConfigChangeEvent = (SSLConfigChangeEvent) this.sslConfigListenerEventMap.get(sSLConfigChangeListenerArr[i]);
                if (sSLConfigChangeEvent != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Notifying listener[").append(i).append("]: ").append(sSLConfigChangeListenerArr[i].getClass().getName()).toString());
                    }
                    sSLConfigChangeEvent.setState(str2);
                    sSLConfigChangeEvent.setChangedSSLConfig((SSLConfig) this.sslConfigMap.get(str));
                    sSLConfigChangeListenerArr[i].stateChanged(sSLConfigChangeEvent);
                    if (str2.equals("deleted")) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Deregistering event for listener.");
                        }
                        this.sslConfigListenerEventMap.remove(sSLConfigChangeListenerArr[i]);
                    }
                }
            }
            if (str2.equals("deleted")) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Deregistering all listeners for this alias due to alias deletion.");
                }
                this.sslConfigListenerMap.remove(str);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "notifySSLConfigChangeListener");
        }
    }

    public synchronized void registerSSLConfigChangeListener(SSLConfigChangeListener sSLConfigChangeListener, SSLConfigChangeEvent sSLConfigChangeEvent) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "registerSSLConfigChangeListener", new Object[]{sSLConfigChangeListener, sSLConfigChangeEvent});
        }
        List list = (List) this.sslConfigListenerMap.get(sSLConfigChangeEvent.getAlias());
        if (list != null) {
            list.add(sSLConfigChangeListener);
            this.sslConfigListenerMap.put(sSLConfigChangeEvent.getAlias(), list);
        } else {
            ArrayList arrayList = new ArrayList();
            arrayList.add(sSLConfigChangeListener);
            this.sslConfigListenerMap.put(sSLConfigChangeEvent.getAlias(), arrayList);
        }
        this.sslConfigListenerEventMap.put(sSLConfigChangeListener, sSLConfigChangeEvent);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "registerSSLConfigChangeListener");
        }
    }

    public synchronized void deregisterSSLConfigChangeListener(SSLConfigChangeListener sSLConfigChangeListener) {
        List list;
        int indexOf;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "deregisterSSLConfigChangeListener", new Object[]{sSLConfigChangeListener});
        }
        SSLConfigChangeEvent sSLConfigChangeEvent = null;
        if (sSLConfigChangeListener != null && this.sslConfigListenerEventMap.containsKey(sSLConfigChangeListener)) {
            sSLConfigChangeEvent = (SSLConfigChangeEvent) this.sslConfigListenerEventMap.get(sSLConfigChangeListener);
        }
        if (sSLConfigChangeEvent != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Removing listener: ").append(sSLConfigChangeListener.getClass().getName()).toString());
            }
            String alias = sSLConfigChangeEvent.getAlias();
            if (this.sslConfigListenerMap.containsKey(alias) && (list = (List) this.sslConfigListenerMap.get(alias)) != null && (indexOf = list.indexOf(sSLConfigChangeListener)) != -1) {
                list.remove(indexOf);
            }
            this.sslConfigListenerEventMap.remove(sSLConfigChangeListener);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "deregisterSSLConfigChangeListener");
        }
    }

    public boolean isServerProcess() {
        return this.isServerProcess;
    }

    public String[] getSystemSSLCiphers() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSystemSSLCiphers");
        }
        ArrayList arrayList = new ArrayList();
        boolean z = isExtendedPolicy();
        for (int i = 0; i < SystemSSLCiphers.length; i++) {
            if (SystemSSLCiphers[i][1].indexOf("AES_256") == -1) {
                arrayList.add(SystemSSLCiphers[i][1]);
            } else if (z) {
                arrayList.add(SystemSSLCiphers[i][1]);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSystemSSLCiphers");
        }
        return (String[]) arrayList.toArray(new String[0]);
    }

    public String convertCiphersList(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "convertCiphersList", new Object[]{str});
        }
        String[] strArr = new String[SystemSSLCiphers.length];
        for (String str2 : str.split(RASFormatter.DEFAULT_SEPARATOR)) {
            int i = 0;
            while (true) {
                if (i >= SystemSSLCiphers.length) {
                    break;
                }
                if (SystemSSLCiphers[i][1].equals(str2)) {
                    strArr[i] = SystemSSLCiphers[i][0];
                    break;
                }
                i++;
            }
        }
        String str3 = "";
        for (int i2 = 0; i2 < strArr.length; i2++) {
            if (strArr[i2] != null) {
                str3 = new StringBuffer().append(str3).append(strArr[i2]).toString();
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "convertCiphersList");
        }
        return str3;
    }

    public String getSystemSSLList(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSystemSSLList", new Object[]{str});
        }
        StringBuffer stringBuffer = new StringBuffer();
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= str.length()) {
                break;
            }
            String substring = str.substring(i2, i2 + 2);
            for (int i3 = 0; i3 < SystemSSLCiphers.length; i3++) {
                if (SystemSSLCiphers[i3][0].equals(substring)) {
                    stringBuffer.append(SystemSSLCiphers[i2][1]);
                    stringBuffer.append(RASFormatter.DEFAULT_SEPARATOR);
                }
            }
            i = i2 + 2;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSystemSSLList");
        }
        return stringBuffer.toString();
    }

    private boolean isExtendedPolicy() {
        boolean z = false;
        try {
            KeyPairGenerator.getInstance("AES").initialize(256);
            z = true;
        } catch (NoSuchAlgorithmException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Extened policy is not availible");
            }
        }
        return z;
    }

    public SSLSocket setCipherListOnSocket(Properties properties, SSLSocket sSLSocket) {
        String[] adjustSupportedCiphersToSecurityLevel;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setCipherListOnSocket");
        }
        String property = properties.getProperty("com.ibm.ssl.enabledCipherSuites");
        if (sSLSocket != null) {
            try {
                if (property != null) {
                    adjustSupportedCiphersToSecurityLevel = property.split("\\s");
                } else {
                    String property2 = properties.getProperty("com.ibm.ssl.securityLevel");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("securityLevel from properties is ").append(property2).toString());
                    }
                    if (property2 == null) {
                        property2 = Constants.SECURITY_LEVEL_HIGH;
                    }
                    adjustSupportedCiphersToSecurityLevel = getInstance().adjustSupportedCiphersToSecurityLevel(sSLSocket.getSupportedCipherSuites(), property2);
                }
                if (adjustSupportedCiphersToSecurityLevel != null) {
                    sSLSocket.setEnabledCipherSuites(adjustSupportedCiphersToSecurityLevel);
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception setting ciphers in SSL Socket Factory.", new Object[]{e});
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setCipherListOnSocket");
        }
        return sSLSocket;
    }

    public SSLServerSocket setCipherListOnServerSocket(Properties properties, SSLServerSocket sSLServerSocket) {
        String[] adjustSupportedCiphersToSecurityLevel;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setCipherListOnServerSocket");
        }
        String property = properties.getProperty("com.ibm.ssl.enabledCipherSuites");
        if (sSLServerSocket != null) {
            try {
                if (property != null) {
                    adjustSupportedCiphersToSecurityLevel = property.split("\\s");
                } else {
                    String property2 = properties.getProperty("com.ibm.ssl.securityLevel");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("securityLevel from properties is ").append(property2).toString());
                    }
                    if (property2 == null) {
                        property2 = Constants.SECURITY_LEVEL_HIGH;
                    }
                    adjustSupportedCiphersToSecurityLevel = getInstance().adjustSupportedCiphersToSecurityLevel(sSLServerSocket.getSupportedCipherSuites(), property2);
                }
                if (adjustSupportedCiphersToSecurityLevel != null) {
                    sSLServerSocket.setEnabledCipherSuites(adjustSupportedCiphersToSecurityLevel);
                }
                String property3 = properties.getProperty(Constants.SSLPROP_CLIENT_AUTHENTICATION_SUPPORTED);
                if (property3 != null && property3.equals("true")) {
                    sSLServerSocket.setWantClientAuth(true);
                }
                String property4 = properties.getProperty("com.ibm.ssl.clientAuthentication");
                if (property4 != null && property4.equals("true")) {
                    sSLServerSocket.setNeedClientAuth(true);
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception setting ciphers in SSL Socket Factory.", new Object[]{e});
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setCipherListOnServerSocket");
        }
        return sSLServerSocket;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    /* JADX WARN: Type inference failed for: r0v6, types: [java.lang.String[], java.lang.String[][]] */
    static {
        Class cls;
        if (class$com$ibm$ws$ssl$config$SSLConfigManager == null) {
            cls = class$("com.ibm.ws.ssl.config.SSLConfigManager");
            class$com$ibm$ws$ssl$config$SSLConfigManager = cls;
        } else {
            cls = class$com$ibm$ws$ssl$config$SSLConfigManager;
        }
        tc = Tr.register(cls, "SSL", "com.ibm.ws.ssl.resources.ssl");
        thisClass = null;
        SystemSSLCiphers = new String[]{new String[]{"05", Constants.SSL_RSA_WITH_RC4_128_SHA}, new String[]{"04", Constants.SSL_RSA_WITH_RC4_128_MD5}, new String[]{"35", Constants.SSL_RSA_WITH_AES_256_CBC_SHA}, new String[]{"36", Constants.SSL_DH_DSS_WITH_AES_256_CBC_SHA}, new String[]{"37", Constants.SSL_DH_RSA_WITH_AES_256_CBC_SHA}, new String[]{"38", Constants.SSL_DHE_DSS_WITH_AES_256_CBC_SHA}, new String[]{"39", Constants.SSL_DHE_RSA_WITH_AES_256_CBC_SHA}, new String[]{"2F", Constants.SSL_RSA_WITH_AES_128_CBC_SHA}, new String[]{"30", Constants.SSL_DH_DSS_WITH_AES_128_CBC_SHA}, new String[]{"31", Constants.SSL_DH_RSA_WITH_AES_128_CBC_SHA}, new String[]{"32", Constants.SSL_DHE_DSS_WITH_AES_128_CBC_SHA}, new String[]{"33", Constants.SSL_DHE_RSA_WITH_AES_128_CBC_SHA}, new String[]{"0A", Constants.SSL_RSA_WITH_3DES_EDE_CBC_SHA}, new String[]{"16", Constants.SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA}, new String[]{AppConstants.APPDEPL_PRECMPJSP_SOURCELEVEL_DEFAULT, Constants.SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA}, new String[]{"10", Constants.SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA}, new String[]{"0D", "SSL_HD_DSS_WITH_3DES_EDE_CBC_SHA"}, new String[]{"09", Constants.SSL_RSA_WITH_DES_CBC_SHA}, new String[]{"15", Constants.SSL_DHE_RSA_WITH_DES_CBC_SHA}, new String[]{"12", Constants.SSL_DHE_DSS_WITH_DES_CBC_SHA}, new String[]{"0F", Constants.SSL_DH_RSA_WITH_DES_CBC_SHA}, new String[]{"0C", Constants.SSL_DH_DSS_WITH_DES_CBC_SHA}, new String[]{"03", Constants.SSL_RSA_EXPORT_WITH_RC4_40_MD5}, new String[]{"06", Constants.SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5}, new String[]{"02", "SSL_RSA_NULL_SHA"}, new String[]{"01", "SSL_RSA_NULL_MD5"}, new String[]{"00", Constants.SSL_NULL_WITH_NULL_NULL}};
    }
}
