package com.ibm.ws.objectgrid.security;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.objectgrid.security.config.SSLConfiguration;
import com.ibm.ws.objectgrid.Constants;
import com.ibm.ws.objectgrid.ObjectGridManagerImpl;
import com.ibm.ws.objectgrid.security.access.X509KeyManagerWrapper;
import com.ibm.ws.xs.util.dopriv.DoPrivUtil;
import java.io.FileInputStream;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.PrivilegedAction;
import java.security.Security;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.rmi.ssl.SslRMIClientSocketFactory;
import javax.rmi.ssl.SslRMIServerSocketFactory;

/* loaded from: input_file:com/ibm/ws/objectgrid/security/SSLEnvironmentCreator.class */
public class SSLEnvironmentCreator implements EnvironmentCreator {
    private static final TraceComponent tc = Tr.register(SSLEnvironmentCreator.class, Constants.TR_SECURITY_GROUP_NAME, "com.ibm.ws.objectgrid.resources.ObjectGridMessages");
    protected final boolean isSSLEnabled;
    private final boolean isSecurityEnabled;
    private final SSLConfiguration sslConfig;

    protected SSLEnvironmentCreator(boolean z) {
        this.isSSLEnabled = z;
        this.isSecurityEnabled = false;
        this.sslConfig = null;
    }

    public SSLEnvironmentCreator(boolean z, boolean z2, SSLConfiguration sSLConfiguration) {
        this.isSSLEnabled = z;
        this.isSecurityEnabled = z2;
        this.sslConfig = sSLConfiguration;
    }

    @Override // com.ibm.ws.objectgrid.security.EnvironmentCreator
    public final boolean isSSLEnabled() {
        return this.isSSLEnabled;
    }

    @Override // com.ibm.ws.objectgrid.security.EnvironmentCreator
    public Map createEnvironment() throws Exception {
        Map map = null;
        if (this.isSecurityEnabled) {
            CredPropagateAuthenticator credPropagateAuthenticator = new CredPropagateAuthenticator();
            map = new HashMap();
            map.put("jmx.remote.authenticator", credPropagateAuthenticator);
        }
        if (this.isSSLEnabled) {
            map = addSSLContext(map, this.sslConfig);
        }
        return map;
    }

    protected Map addSSLContext(Map map, SSLConfiguration sSLConfiguration) throws Exception {
        if (sSLConfiguration == null) {
            return map;
        }
        SSLContext createSSLContext = createSSLContext(sSLConfiguration);
        if (map == null) {
            map = new HashMap();
        }
        DoPrivUtil.setProperty(com.ibm.ws.ssl.core.Constants.SYSTEM_SSLPROP_KEY_STORE, sSLConfiguration.getKeyStore());
        DoPrivUtil.setProperty(com.ibm.ws.ssl.core.Constants.SYSTEM_SSLPROP_KEY_STORE_PASSWORD, sSLConfiguration.getKeyStorePassword());
        DoPrivUtil.setProperty(com.ibm.ws.ssl.core.Constants.SYSTEM_SSLPROP_KEY_STORE_TYPE, sSLConfiguration.getKeyStoreType());
        DoPrivUtil.setProperty(com.ibm.ws.ssl.core.Constants.SYSTEM_SSLPROP_TRUST_STORE, sSLConfiguration.getTrustStore());
        DoPrivUtil.setProperty(com.ibm.ws.ssl.core.Constants.SYSTEM_SSLPROP_TRUST_STORE_PASSWORD, sSLConfiguration.getTrustStorePassword());
        DoPrivUtil.setProperty(com.ibm.ws.ssl.core.Constants.SYSTEM_SSLPROP_TRUST_STORE_TYPE, sSLConfiguration.getTrustStoreType());
        SslRMIClientSocketFactory sslRMIClientSocketFactory = new SslRMIClientSocketFactory();
        String property = DoPrivUtil.getProperty("javax.rmi.ssl.client.enabledCipherSuites");
        String[] strArr = null;
        if (property != null) {
            strArr = property.split("\\s*(,)\\s*");
        }
        SslRMIServerSocketFactory sslRMIServerSocketFactory = new SslRMIServerSocketFactory(strArr, new String[]{createSSLContext.getProtocol()}, false);
        map.put("jmx.remote.rmi.client.socket.factory", sslRMIClientSocketFactory);
        map.put("jmx.remote.rmi.server.socket.factory", sslRMIServerSocketFactory);
        return map;
    }

    /* JADX WARN: Finally extract failed */
    public static SSLContext createSSLContext(SSLConfiguration sSLConfiguration) throws Exception {
        FileInputStream fileInputStream = null;
        FileInputStream fileInputStream2 = null;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance((String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.objectgrid.security.SSLEnvironmentCreator.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                return Security.getProperty(SecurityConstants.TRUST_MANAGER_FACTORY_ALG_KEY);
            }
        }));
        KeyStore keyStore = KeyStore.getInstance(sSLConfiguration.getTrustStoreType());
        try {
            FileInputStream fileInputStream3 = new FileInputStream(sSLConfiguration.getTrustStore());
            fileInputStream = fileInputStream3;
            keyStore.load(fileInputStream3, sSLConfiguration.getTrustStorePassword().toCharArray());
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (Exception e) {
                }
            }
            if (sSLConfiguration.getTrustStore() != null) {
                trustManagerFactory.init(keyStore);
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance((String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.objectgrid.security.SSLEnvironmentCreator.2
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return Security.getProperty(SecurityConstants.KEY_MANAGER_FACTORY_ALG_KEY);
                }
            }));
            KeyStore keyStore2 = KeyStore.getInstance(sSLConfiguration.getKeyStoreType());
            try {
                FileInputStream fileInputStream4 = new FileInputStream(sSLConfiguration.getKeyStore());
                fileInputStream2 = fileInputStream4;
                keyStore2.load(fileInputStream4, sSLConfiguration.getKeyStorePassword().toCharArray());
                try {
                    fileInputStream2.close();
                } catch (Exception e2) {
                }
                keyManagerFactory.init(keyStore2, sSLConfiguration.getKeyStorePassword().toCharArray());
                KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
                if (ObjectGridManagerImpl.isTraceEnabled && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Number of key managers: " + keyManagers.length);
                }
                KeyManager[] keyManagerArr = new KeyManager[keyManagers.length];
                for (int i = 0; i < keyManagers.length; i++) {
                    if (keyManagers[i] instanceof X509KeyManager) {
                        keyManagerArr[i] = new X509KeyManagerWrapper((X509KeyManager) keyManagers[i], sSLConfiguration.getAlias());
                        if (ObjectGridManagerImpl.isTraceEnabled && tc.isDebugEnabled()) {
                            Tr.debug(tc, "convert " + keyManagers[i] + " to " + keyManagerArr[i]);
                        }
                    } else {
                        if (ObjectGridManagerImpl.isTraceEnabled && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Keep " + keyManagers[i] + " as it is");
                        }
                        keyManagerArr[i] = keyManagers[i];
                    }
                }
                return CoreSecurityUtil.getSSLContext(keyManagerArr, trustManagerFactory.getTrustManagers(), sSLConfiguration.getProtocol(), sSLConfiguration.getContextProvider(), true);
            } catch (Throwable th) {
                try {
                    fileInputStream2.close();
                } catch (Exception e3) {
                }
                throw th;
            }
        } catch (Throwable th2) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (Exception e4) {
                }
            }
            throw th2;
        }
    }
}
